Azure / AKS

Azure Kubernetes Service
https://azure.github.io/AKS/
1.97k stars 306 forks source link

[Feature]: Include a dashboard to surface audits/denials from guardrails policies #3078

Open seenu433 opened 2 years ago

seenu433 commented 2 years ago

**Is your feature request related to a problem? Since Guardrails policies may include both audit and deny actions, it is important to surface both audit and denials for the cluster admin to understand/visualize the enforcement of the action. Though the gate keeper logs may have these details, it is extremely cumbersome to skim through the host of logs to understand if the guardrail is effective and attempts if any to violate the policy.

Describe the solution you'd like Provide a dashboard with the details on the audit/denial instances so that admins can

  1. Confirm the enforcement of the policies
  2. Analyze any attempts to violate the policies

Describe alternatives you've considered Need to run through the gatekeeper pod logs and create custom workbooks to surface the detail required.

Since Azure policy cannot surface the denials, a such feature for Guardrails can be a differentiator.

olsenme commented 2 years ago

@qpetraroia

nehakulkarni123 commented 2 years ago

Hi @seenu433, I just wanted to share that today, you can view the compliance/non-compliance status on Azure Policy's Portal. We are also actively investing in a feature that will expose Gatekeeper violation messages (for both audit and denials) on Azure Policy's aggregated compliance dashboard, as well as surfacing component compliance status in Azure Resource Graph for users to create custom reports.

Happy to share more about our investments to see if it meets the needs mentioned above. Feel free to contact policypm@microsoft.com.

ghost commented 1 year ago

Action required from @Azure/aks-pm

ghost commented 1 year ago

Issue needing attention of @Azure/aks-leads

ghost commented 1 year ago

Issue needing attention of @Azure/aks-leads

nehakulkarni123 commented 1 year ago

@seenu433 does this answer your question?

microsoft-github-policy-service[bot] commented 8 months ago

Action required from @Azure/aks-pm

microsoft-github-policy-service[bot] commented 8 months ago

Issue needing attention of @Azure/aks-leads

microsoft-github-policy-service[bot] commented 7 months ago

Issue needing attention of @Azure/aks-leads

microsoft-github-policy-service[bot] commented 7 months ago

Issue needing attention of @Azure/aks-leads

microsoft-github-policy-service[bot] commented 6 months ago

Issue needing attention of @Azure/aks-leads

microsoft-github-policy-service[bot] commented 6 months ago

Issue needing attention of @Azure/aks-leads

microsoft-github-policy-service[bot] commented 5 months ago

Issue needing attention of @Azure/aks-leads

microsoft-github-policy-service[bot] commented 5 months ago

Issue needing attention of @Azure/aks-leads

microsoft-github-policy-service[bot] commented 4 months ago

Issue needing attention of @Azure/aks-leads

microsoft-github-policy-service[bot] commented 4 months ago

Issue needing attention of @Azure/aks-leads

microsoft-github-policy-service[bot] commented 3 months ago

Issue needing attention of @Azure/aks-leads

microsoft-github-policy-service[bot] commented 3 months ago

Issue needing attention of @Azure/aks-leads

microsoft-github-policy-service[bot] commented 2 months ago

Issue needing attention of @Azure/aks-leads

microsoft-github-policy-service[bot] commented 2 months ago

Issue needing attention of @Azure/aks-leads

microsoft-github-policy-service[bot] commented 1 month ago

Issue needing attention of @Azure/aks-leads

microsoft-github-policy-service[bot] commented 1 month ago

Issue needing attention of @Azure/aks-leads

microsoft-github-policy-service[bot] commented 2 weeks ago

Issue needing attention of @Azure/aks-leads

microsoft-github-policy-service[bot] commented 5 days ago

Issue needing attention of @Azure/aks-leads