Policy Exception Governance Pack

Purpose: this page stays as a Kubernetes-facing entry point so reviewers looking for admission-policy exceptions do not hit an empty redirect.

When to use this page

Use this page when a team asks for an exception to admission or runtime policy and you need to decide:

• whether the exception belongs in platform policy or in normal product backlog;
• how narrowly the exception should be scoped;
• what expiry, owner, and compensating controls are required.

Current source of truth

The main governance guidance lives here:

• Policy Exception Governance Pack

Kubernetes-specific companion pages

• Kyverno Deep Pages
• OPA and Policy Enforcement
• Kubernetes Security Baseline

Minimum rule

Never create broad cluster exceptions without an explicit owner, scope, expiry, and review path.