When OPA Gatekeeper policies (Constraints & Constraint Templates) are defined and deployed to clusters, resources are validated during:
- Admission Requests: whenever a resource in the cluster is created, updated or deleted
- Audit Runs: periodic evaluation of already deployed resources
The controller captures detailed audit logs for both Admission requests and Audit Runs making it easier for customers to orchestrate new policies.
Violations - Admission Requests¶
Users can view violations for Admission requests either by navigating to SYSTEM -> Audit Logs -> OPA Tab or through the Dashboard.
Violations - Audit Runs¶
Users can view the list of violations against resources in a project, based on cluster and/or namespace. Click Policy Violations under OPA Gatekeeper in the controller.
Policy Violation(s) on Cluster¶
The Cluster tab shows the list of violations in the cluster and the number of policy violations on each cluster.
Click View Details of the required cluster and this displays the list of resource(s), and Namespace(s) deployed on the selected cluster(s) with policy violation(s)
View the violation details like Kind, Constraint Name, Constraints Template, Enforcement Action, and Message for the applied enforcement action
Policy Violation(s) on Namespace¶
The Namespace tab shows the list of violations present in the namespace(s) and the count of violations on each namespace. Click View Details of the required namespace and this displays the list of resource(s) against the namespace with policy violation(s)
View the violation details like Resource Name, Cluster Name, Kind, Constraint Name, Constraints Template, Enforcement Action, and Message for the applied enforcement action
To know more about the Policies or set policies, refer Policies