Activating policy preset

Written by

Updated at April 8, 2026

Using the CLI
Using the management console

Stackland allows you to activate policy presets and apply them to cluster resources. To activate a preset, create the ClusterPolicySet resource.

Note

By default, the baseline preset is applied to the cluster.

Using the CLI

Create a file of the ClusterPolicySet resource, e.g., using the touch clusterpolicyset.yaml command.

Open the file and paste the configuration below into it:

Baseline

Restricted

Restricted and Baseline

apiVersion: policy.stackland.yandex.cloud/v1alpha1
kind: ClusterPolicySet
metadata:
  name: test-policyset
spec:
  engines:
    kyverno:
      presets:
        - baseline # Platform preset

apiVersion: policy.stackland.yandex.cloud/v1alpha1
kind: ClusterPolicySet
metadata:
  name: test-policyset
spec:
  engines:
    kyverno:
      presets:
        - restricted  # Additional platform preset

apiVersion: policy.stackland.yandex.cloud/v1alpha1
kind: ClusterPolicySet
metadata:
  name: test-policyset
spec:
  engines:
    kyverno:
      presets:
        - baseline      # Platform preset
        - restricted    # Platform preset

Apply the manifest: kubectl apply -f clusterpolicyset.yaml.

Using the management console

In the left-hand menu, select Security policies.
Go to the Settings tab.
Toggle Policy check on.
Under Kyverno, select the policy presets:
- Baseline: Basic protection against misconfiguration.
- Restricted: Strict adherence to the principle of least privilege.
You can select one or both presets at the same time.

Click Open YAML editor to view or edit the ClusterPolicySet resource configuration.

This is it. Now Policy Manager will start sending notifications about policy violations.

Activating policy preset

Using the CLIUsing the CLI

Using the management consoleUsing the management console

Was the article helpful?

Using the CLI

Using the management console