Policy Reports are automatically generated for clusters and namespaces. There is no additional configuration required for this functionality.
When accessing Policy Reports from the main menu (when using NPM) or from NDP, by accessing the Main Menu>Policies>Policy Reports, it will display the currently configured clusters. It will also display a general Grade of the overall cluster and a numeric breakdown of number of Grade, Fail, Warn, Pass, Error and Skip.
To access the Policy Reports:
- Go to Menu>Policy Reports. The Policy Reports page is displayed. On this page, you will see the reports for the basic policies (Best Practices, Pod Security Standards-Baseline, and Pod Security Standards-Restricted).
- Click on Clusters or Namespaces button to view the Policy Report for Clusters or Namespaces.
- Click on the Category - Best Practices link. You will see the Policy Report under this category. This page will have the details such as Policy, Rule, Type (cluster or namespace), Source, Cluster, Namespace, Resources, and Status.
- Click on any Rule link to view the Policy Rule Index. On this page, you will see the Policy Rule details, the Status, a Message on the action to be taken, the Properties such as Reason and Remediation, the Actual value, and the Expected value.
Click on the Scheduled Reports button to receive the periodic email on the policy violations. To do so:
a. Click on the + symbol. The Schedule Email page opens.
b. Select a cluster and click Next.
c. Select the scope by clicking on the radio button either Cluster or Namespaces.
d. In the Sender field, enter the sender’s email address.
e. In the Recipients field, enter the recipient’s email address.
f. In the Subject field, enter the subject for the report.
g. In the Message field, enter the email message.
h. Click the checkbox Schedule and in the Schedule field, select the schedule option. The options available are: daily, weekly, and monthly.
i. Select day and time.
j. Click Save.
Click on the Kebab Menu at the right corner of the screen. The Enable CIS Benchmarks option is displayed.
Click on the Enable CIS Benchmarks option. A window to install kube-bench adapter is displayed. In this window you will see the instructions to execute commands to install the helm chart and run the cron job to see policy violations immediately.
NOTE: Installing kube-bench adapter prompts the user to check policy reports and report CIS Benchmark violations on a weekly schedule.
- Click OK.