You can review violations when you create or update a Kubernetes hardening policy and you can reduce the number of violations by creating rule exceptions. Creating exceptions omits workloads from the rule action.

Important: Carbon Black recommends that you only create exceptions to exclude specific workloads that exhibit known behaviors. Remediate as many violations as possible before considering an exception.
Tip: You can deactivate a rule if it triggers too many violations until the issues in your environment are resolved. To exclude the rule from the policy, toggle the state of the rule to Off.

Procedure

  1. On the left navigation pane, click Enforce > K8s Policies.
  2. Click the Hardening Policies tab.
  3. Click the policy name to edit it.
  4. Click Next two times to go to the Review Violations page.
  5. Select a rule that has an Alert or Enforce action and click the Exceptions tab.
  6. Click Add Criteria.
  7. Define the exception criteria in the Resource name dropdown menu. Your options are:
    • Resource name: Set to is equal to, starts with, or ends with. Type in the name criteria.

      You can specify either a particular workload or criteria that matches multiple workloads — for example, workloads that have the same prefix or the same suffix.

    • Workload label: Define the key value pair.
    • Username: is equal to the entered name.

    Screenshot showing how to create an exception to a hardening rule

    The exception criteria match current and future workloads that are part of the policy scope.

  8. Click Add.
    Note: You can remove an exception by clicking the trash can icon trash can icon next to the exception criteria.

Results

The total count of violations decreases. The workloads that are excluded from the rules violations show in the Exceptions tab.