From 112a94196ae9a49c545a82e86d32e5f553218088 Mon Sep 17 00:00:00 2001
From: Jim Bugwadia <jim@nirmata.com>
Date: Fri, 7 Feb 2020 12:33:57 -0800
Subject: [PATCH] add doc for policy violations

---
 README.md                          |  1 +
 documentation/policy-violations.md | 24 ++++++++++++++++++++++++
 documentation/testing-policies.md  |  2 ++
 3 files changed, 27 insertions(+)
 create mode 100644 documentation/policy-violations.md

diff --git a/README.md b/README.md
index bbc6721e1d..dee9298ba0 100644
--- a/README.md
+++ b/README.md
@@ -128,6 +128,7 @@ Refer to a list of curated of ***[sample policies](/samples/README.md)*** that c
   * [Auto-Generation of Pod Controller Policies](documentation/writing-policies-autogen.md)
   * [Background Processing](documentation/writing-policies-background.md)
 * [Testing Policies](documentation/testing-policies.md)
+* [Policy Violations](documentation/policy-violations.md)
 * [Sample Policies](/samples/README.md)
 
 ## License
diff --git a/documentation/policy-violations.md b/documentation/policy-violations.md
new file mode 100644
index 0000000000..94fb7afae4
--- /dev/null
+++ b/documentation/policy-violations.md
@@ -0,0 +1,24 @@
+<small>*[documentation](/README.md#documentation) / Policy Violations*</small>
+
+# Policy Violayions
+
+Policy Violations are created to:
+1. Report resources that do not comply with validation rules with `validationFailureAction` set to `audit`.
+2. Report existing resources (i.e. resources created before the policy was created) that do not comply with validation or mutation rules.
+
+Policy Violation objects are created in the resource namespace. You can view all existing policy violations as shown below:
+
+````
+λ kubectl get polv --all-namespaces
+NAMESPACE   NAME                        POLICY                RESOURCEKIND   RESOURCENAME                  AGE
+default     disallow-root-user-56j4t    disallow-root-user    Deployment     nginx-deployment              5m7s
+default     validation-example2-7snmh   validation-example2   Deployment     nginx-deployment              5m7s
+docker      disallow-root-user-2kl4m    disallow-root-user    Pod            compose-api-dbbf7c5db-kpnvk   43m
+docker      disallow-root-user-hfxzn    disallow-root-user    Pod            compose-7b7c5cbbcc-xj8f6      43m
+docker      disallow-root-user-s5rjp    disallow-root-user    Deployment     compose                       43m
+docker      disallow-root-user-w58kp    disallow-root-user    Deployment     compose-api                   43m
+docker      validation-example2-dgj9j   validation-example2   Deployment     compose                       5m28s
+docker      validation-example2-gzfdf   validation-example2   Deployment     compose-api                   5m27s
+````
+
+
diff --git a/documentation/testing-policies.md b/documentation/testing-policies.md
index aa24f95836..b8fa8c62b8 100644
--- a/documentation/testing-policies.md
+++ b/documentation/testing-policies.md
@@ -21,3 +21,5 @@ Then compare the original resource definition in CM.yaml with the actual one:
 ````bash
 kubectl get -f CM.yaml -o yaml
 ````
+
+<small>*Read Next >> [Policy Violations](/documentation/policy-violations.md)*</small>