Skip to main content

Compliance for Kubernetes System

The Kubernetes system allows you to continually monitor the resources of a Kubernetes cluster and enumerate all those resources that violate a particular policy.

Within the Validating policy, any rule you put into Monitor mode is run periodically against all the resources on the cluster. Any resources that violate one of the monitoring rules is displayed in a Compliance report. Now, this compliance report is used to create a time series graph, so that you can see how the violations in your cluster are changing over time.

  • The Compliance report is located by clicking on your system name in the left-hand navigation panel, and selecting the Compliance tab on the right-hand side.

  • The Compliance time-series graph is displayed by clicking on your system name in the left-hand navigation panel, and selecting the Dashboard tab.

The capabilities of the search filter for the Compliance report are applicable only for the Kubernetes systems and stacks. Use Regex to filter the search in the Compliance report. If the filter is not valid Regex, then it will check if the literal string is present inside a violation.

To test the capabilities of the search filter in the Compliance report:

  1. Go to styra-das-id.styra.com.
  2. Navigate and click on your Kubernetes system or stack.
  3. Click the Compliance button to see the Compliance report.
  4. In the Compliance report, click the expand/collapse icon on a Violation to see more details about the violation.
  5. From the violation details, make sure to select, copy, and paste a string or use a valid Regex in the search filter to check if there are any matching violations. For example, make sure to select, copy, and paste f:pod-template-hash in the search filter to filter out any violations that do not contain f:pod-template-hash.
info

The search filter for the compliance view is disabled when there are no violations.