Menu Close
Settings Close

Language and Page Formatting Options

Chapter 11. Responding to violations

Using Red Hat Advanced Cluster Security for Kubernetes you can view policy violations, drill down to the actual cause of the violation, and take corrective actions.

Red Hat Advanced Cluster Security for Kubernetes built-in policies identify a variety of security findings, including vulnerabilities (CVEs), violations of DevOps best practices, high-risk build and deployment practices, and suspicious runtime behaviors. Whether you use the default out-of-box security policies or use your own custom policies, Red Hat Advanced Cluster Security for Kubernetes reports a violation when an enabled policy fails.

11.1. Violations view

You can analyze all violations in the Violations view and take corrective action.

To see discovered violations, select Violations from the left-hand navigation menu on the RHACS portal.

The Violations view shows a list of violations with the following attributes for each row:

  • Deployment: The name of the deployment.
  • Cluster: The name of the cluster.
  • Namespace: The namespace for the deployment.
  • Policy: The name of the violated policy.
  • Enforced: Indicates if the policy was enforced when the violation occurred.
  • Severity: Indicates the severity as Low, Medium, High, or Critical.
  • Categories: The policy categories.
  • Lifecycle: The lifecycle stages to which the policy applies, Build, Deploy, or Runtime.
  • Time - The date and time when the violation occurred.

Similar to other views:

  • You can select a column heading to sort the violations in ascending or descending order.
  • Use the filter bar to filter violations. See the Searching and filtering section for more information.
  • Select a violation in the Violations view to see more details about the violation.

11.2. Viewing violation details

When you select a violation in the Violations view, the Violation Details panel opens on the right.

The Violation Details panel shows detailed information grouped by multiple tabs.

11.2.1. Violation tab

The Violation tab of the Violation Details panel explains how the policy was violated. If the policy targets deploy-phase attributes, you can view the specific values that violated the policies, such as violation names. If the policy targets runtime activity, you can view detailed information about the process that violated the policy, including its arguments and the ancestor processes that created it.

11.2.2. Enforcement tab

The Enforcement tab of the Details panel displays an explanation of the type of enforcement action that was taken in response to the selected policy violation

11.2.3. Deployment tab

The Deployment tab of the Details panel displays details of the deployment to which the violation applies.

Overview section

The overview section lists the following information:

  • Deployment ID: The alphanumeric identifier for the deployment.
  • Deployment name: The name of the deployment.
  • Deployment Type: The type of the deployment.
  • Cluster: The name of the cluster where the container is deployed.
  • Replicas: The number of the replicated deployments.
  • Namespace: The unique identifier for the deployed cluster.
  • Updated: The time and date when the deployment was updated.
  • Labels: The labels that apply to the selected deployment.
  • Annotations: The annotations that apply to the selected deployment.
  • Service Account: The name of the service account for the selected deployment.
Container configuration section

The container configuration section lists the following information:

  • Image Name: The name of the image for the selected deployment.
  • Resources:

    • CPU Request (cores): The number of cores requested by the container.
    • Memory Request (MB): The memory size requested by the container.
  • Volumes:

    • Name: The name of the location where the service will be mounted.
    • Source: The data source path.
    • Destination: The path where the data is stored.
    • Type: The type of the volume.
  • Secrets: Secrets associated with the selected deployment.
Security context section

Lists whether the container is running as a privileged container.

  • Privileged:

    • true if it is privileged.
    • false if it is not privileged.
Network policy section

Lists all network policies in the namespace containing the violation.

11.2.4. Policy tab

The Policy tab of the Details panel displays details of the policy that caused the violation.

Policy Details section

The policy details section lists the following information:

  • Id: The numerical identifier for the policy.
  • Name: The name of the policy.
  • Description: A detailed explanation of what the policy alert is about.
  • Rationale: Information about the reasoning behind the establishment of the policy and why it matters.
  • Remediation: Suggestions on how to fix the violation.
  • Enabled: Indicates if the policy is enabled.
  • Categories: The policy category of the policy.
  • Lifecycle Stage: Lifecycle stages that the policy belongs to, Build, Deploy, or Runtime.
  • Severity - The risk level for the violation.
Policy Criteria section

Lists the policy criteria for the policy.