Skip to main content

Compliance for Kubernetes Systems

The Kubernetes system type allows you to continually monitor the resources of a Kubernetes cluster and enumerate all those resources that violate a particular policy.

Within the Validating policy, any rule you put into Monitor mode is run periodically against all the resources on the cluster. Any resources that violate one of the monitoring rules is displayed in a Compliance report. Now, this compliance report is used to create a time series graph, so that you can see how the violations in your cluster are changing over time.

  • The Compliance report can be found by clicking on your system in the left-hand navigation panel and choosing the Compliance tab.

  • The Compliance time-series graph is shown by clicking on your system in the left-hand navigation panel and choosing the Dashboard tab.

The capabilities of the search filter for the Compliance report are applicable only for the Kubernetes systems and stacks. Use Regex to filter the search in the Compliance report. If the filter is not valid Regex, then it will check if the literal string is present inside a violation.

To test the capabilities of the search filter in the Compliance report:

  1. Go to <das-id>
  2. Navigate and click on your Kubernetes system or stack.
  3. Select the Compliance tab to see the Compliance report.
  4. In the Compliance report, click the expand/collapse icon on a Violation to see more details about the violation.
  5. From the violation details, you can copy a text fragment and paste it into the search filter (or use a regular expression) to display similar violations. For example, enter f:pod-template-hash in the search filter to filter out any violations which do not contain f:pod-template-hash.

The search filter for the compliance view is disabled when there are no violations.