Policy Violations

When OPA Gatekeeper policies (Constraints & Constraint Templates) are defined and deployed to clusters, resources are validated during:

• Admission Requests: whenever a resource in the cluster is created, updated or deleted
• Audit Runs: periodic evaluation of already deployed resources

The controller captures detailed audit logs for both Admission requests and Audit Runs making it easier for customers to orchestrate new policies.

Violations - Admission Requests

Users can view violations for Admission requests either by navigating to SYSTEM -> Audit Logs -> OPA Tab or through the Dashboard.

---

Violations - Audit Runs

Users can view the list of violations against resources in a project, based on cluster and/or namespace. Click Policy Violations under OPA Gatekeeper in the controller.

Policy Violation(s) on Cluster

The Cluster tab shows the list of violations in the cluster and the number of policy violations on each cluster.

Click View Details of the required cluster and this displays the list of resource(s), and Namespace(s) deployed on the selected cluster(s) with policy violation(s)

View the violation details like Kind, Constraint Name, Constraints Template, Enforcement Action, and Message for the applied enforcement action

---

Policy Violation(s) on Namespace

The Namespace tab shows the list of violations present in the namespace(s) and the count of violations on each namespace. Click View Details of the required namespace and this displays the list of resource(s) against the namespace with policy violation(s)

View the violation details like Resource Name, Cluster Name, Kind, Constraint Name, Constraints Template, Enforcement Action, and Message for the applied enforcement action

To know more about the Policies or set policies, refer Policies

---