Update violations page info #91288
Update violations page info #91288
Conversation
openshift-ci
bot
added
the
size/S
|
🤖 Thu Apr 03 14:32:34 - Prow CI generated the docs preview: https://91288--ocpdocs-pr.netlify.app/openshift-acs/latest/operating/respond-to-violations.html |
kcarmichael08
force-pushed
the
ROX-27693-violations-page-updates
branch
from
c49fa08 to
bfb37dc
Compare
| *** Violations in the build and deploy stages for workloads that were removed or modified to be compliant | ||
| *** Manually resolved runtime violations | ||
| *** Violations in all stages that were generated before a policy exclusion was added | ||
| ** *Attempted*: Displays violations for deployment actions that were attempted but blocked by a pre-check of {product-title-short} policies by the {product-title-short} admission controller. For example, the deployment action that was attempted would have triggered a violation if it had been allowed to succeed, but the policy enforcement behavior did not allow it to succeed. |
There was a problem hiding this comment.
blocked by evaluation of enforced policies
... but the admission controller enforcement did not allow the operation to be admitted to the cluster.
|
LGTM |
kcarmichael08
force-pushed
the
ROX-27693-violations-page-updates
branch
from
bfb37dc to
1dc0457
Compare
kcarmichael08
added
RHACS
kcarmichael08
added
peer-review-needed
|
/label peer-review-in-progress |
openshift-ci
bot
added
peer-review-in-progress
There was a problem hiding this comment.
Left a few suggestions.
Requesting @snarayan-redhat for another round of peer review.
Thanks!
| ** To display the findings for platform components in {ocp}, select *Platform view*. | ||
| ** To display the findings for application workloads and platform components simultaneously, select *Full view*. | ||
| . Optional: Choose the appropriate method to re-organize the information in the *Violations* page: | ||
| . Click the tab to view violations for the following categories: |
There was a problem hiding this comment.
| . Click the tab to view violations for the following categories: | |
| . Click one of the following tabs to view violations by category: |
To maintain consistency with other parts of the doc.
| . Click the tab to view violations for the following categories: | ||
| ** *User Workloads*: Displays violations for user-managed workloads. | ||
| ** *Platform*: Displays violations for workloads used by {ocp} and layered services. | ||
| ** *All violations*: Displays violations for user workload and platform components, and audit log violations for cluster resources. |
There was a problem hiding this comment.
| ** *All violations*: Displays violations for user workload and platform components, and audit log violations for cluster resources. | |
| ** *All violations*: Displays violations for user workloads and the platform component. It also displays audit log violations for cluster resources. |
| ** *User Workloads*: Displays violations for user-managed workloads. | ||
| ** *Platform*: Displays violations for workloads used by {ocp} and layered services. | ||
| ** *All violations*: Displays violations for user workload and platform components, and audit log violations for cluster resources. | ||
| . To view different types of violations, click one of the following tabs: |
There was a problem hiding this comment.
| . To view different types of violations, click one of the following tabs: | |
| . Click one of the following tabs to view violations by type: |
| ** *Resolved*: Displays the following violations: | ||
| *** Violations in the build and deploy stages for workloads that were removed or modified to be compliant | ||
| *** Manually resolved runtime violations | ||
| *** Violations in all stages that were generated before a policy exclusion was added |
There was a problem hiding this comment.
| *** Violations in all stages that were generated before a policy exclusion was added | |
| *** Violations that were generated before a policy exclusion was added |
I think "in all stages" is redundant.
| *** Manually resolved runtime violations | ||
| *** Violations in all stages that were generated before a policy exclusion was added | ||
| ** *Attempted*: Displays violations for deployment actions that were attempted but blocked by the evaluation of enforced policies. For example, the admission controller found that the attempted deployment action, such as a deployment create, update, or scale, would have triggered a violation. The admission controller enforcement then did not allow the operation to be admitted to the cluster. | ||
| . Optional: Choose the appropriate method to reorganize or filter information in the *Violations* page: |
There was a problem hiding this comment.
| . Optional: Choose the appropriate method to reorganize or filter information in the *Violations* page: | |
| . Optional: Choose a method to reorganize or filter information on the *Violations* page: |
| *** Violations in the build and deploy stages for workloads that were removed or modified to be compliant | ||
| *** Manually resolved runtime violations | ||
| *** Violations in all stages that were generated before a policy exclusion was added | ||
| ** *Attempted*: Displays violations for deployment actions that were attempted but blocked by the evaluation of enforced policies. For example, the admission controller found that the attempted deployment action, such as a deployment create, update, or scale, would have triggered a violation. The admission controller enforcement then did not allow the operation to be admitted to the cluster. |
There was a problem hiding this comment.
| ** *Attempted*: Displays violations for deployment actions that were attempted but blocked by the evaluation of enforced policies. For example, the admission controller found that the attempted deployment action, such as a deployment create, update, or scale, would have triggered a violation. The admission controller enforcement then did not allow the operation to be admitted to the cluster. | |
| ** *Attempted*: Displays violations for deployment actions that were attempted but blocked by enforced policies. For example, if the admission controller detected that creating, updating, or scaling a deployment would trigger a violation, it prevents the operation from running in the cluster. |
Feel free to disagree. :)
There was a problem hiding this comment.
Good suggestion - am keeping the examples because I think there could be other actions that might trigger a violation other than these?
There was a problem hiding this comment.
Agreed! I was thinking that all the actions were mentioned. If there are more actions then the examples can be kept.
snarayan-redhat
added
peer-review-done
kcarmichael08
force-pushed
the
ROX-27693-violations-page-updates
branch
from
1dc0457 to
65b76d2
Compare
|
@kcarmichael08: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
/cherrypick rhacs-docs-4.7 |
|
/cherrypick rhacs-docs-4.8 |
|
@kcarmichael08: new pull request created: #91591 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@kcarmichael08: new pull request created: #91592 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Version(s):
4.7+
Issue
Link to docs preview
QE review: ACS has no QE, approved by SME
Additional information: