add doc for policy violations

2025-03-28 18:38:40 +00:00 · 2020-02-07 12:33:57 -08:00 · 2020-02-07 12:33:57 -08:00 · 112a94196a
commit 112a94196a
parent 3c65845c28
3 changed files with 27 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -128,6 +128,7 @@ Refer to a list of curated of ***[sample policies](/samples/README.md)*** that c
  * [Auto-Generation of Pod Controller Policies](documentation/writing-policies-autogen.md)
  * [Background Processing](documentation/writing-policies-background.md)
 * [Testing Policies](documentation/testing-policies.md)
+* [Policy Violations](documentation/policy-violations.md)
 * [Sample Policies](/samples/README.md)

 ## License
--- a/documentation/policy-violations.md
+++ b/documentation/policy-violations.md
@ -0,0 +1,24 @@
+<small>*[documentation](/README.md#documentation) / Policy Violations*</small>
+
+# Policy Violayions
+
+Policy Violations are created to:
+1. Report resources that do not comply with validation rules with `validationFailureAction` set to `audit`.
+2. Report existing resources (i.e. resources created before the policy was created) that do not comply with validation or mutation rules.
+
+Policy Violation objects are created in the resource namespace. You can view all existing policy violations as shown below:
+
+````
+λ kubectl get polv --all-namespaces
+NAMESPACE   NAME                        POLICY                RESOURCEKIND   RESOURCENAME                  AGE
+default     disallow-root-user-56j4t    disallow-root-user    Deployment     nginx-deployment              5m7s
+default     validation-example2-7snmh   validation-example2   Deployment     nginx-deployment              5m7s
+docker      disallow-root-user-2kl4m    disallow-root-user    Pod            compose-api-dbbf7c5db-kpnvk   43m
+docker      disallow-root-user-hfxzn    disallow-root-user    Pod            compose-7b7c5cbbcc-xj8f6      43m
+docker      disallow-root-user-s5rjp    disallow-root-user    Deployment     compose                       43m
+docker      disallow-root-user-w58kp    disallow-root-user    Deployment     compose-api                   43m
+docker      validation-example2-dgj9j   validation-example2   Deployment     compose                       5m28s
+docker      validation-example2-gzfdf   validation-example2   Deployment     compose-api                   5m27s
+````
+
+
--- a/documentation/testing-policies.md
+++ b/documentation/testing-policies.md
@ -21,3 +21,5 @@ Then compare the original resource definition in CM.yaml with the actual one:
 ````bash
 kubectl get -f CM.yaml -o yaml
 ````
+
+<small>*Read Next >> [Policy Violations](/documentation/policy-violations.md)*</small>