Updated to reflect fail close model

Author: nehakulkarni123

articles/governance/policy/troubleshoot/general.md

@@ -437,6 +437,22 @@ $def = Get-AzPolicyDefinition -id '/providers/Microsoft.Authorization/policyDefi
 New-AzPolicyDefinition -name (new-guid).guid -DisplayName "$($def.DisplayName) (Copy)" -Description $def.Description -Metadata ($def.Metadata | convertto-json) -Parameter ($def.Parameters | convertto-json) -Policy ($def.PolicyRule | convertto-json -depth 15)
 ```
 
+### Scenario: Non-compliant Kubernetes resource gets created unexpectedly 
+
+#### Issue
+
+In the event of a Kubernetes cluster connectivity failure, evaluation for newly created or updated resources may be bypassed due to Gatekeeper's fail-open behavior.
+ 
+#### Cause
+
+The GK fail-open model is by design and based on community feedback. Gatekeeper documentation expands on these reasons here: https://open-policy-agent.github.io/gatekeeper/website/docs/failing-closed#considerations.
+
+#### Resolution
+
+In the above event, the error case will be found in logs. And even if evaluation is bypassed at creation time and an object is created, it will still be reported on Azure Policy compliance as non-compliant as a flag to customers.
+
+IRegardless of the above, in such a scenario, Azure policy will still retain the last known policy on the cluster and keep the guardrails in place. See more about this behavior here: https://docs.microsoft.com/en-us/azure/governance/policy/how-to/determine-non-compliance#aks-resource-provider-mode-compliance-reasons.
+
 ## Next steps
 
 If your problem isn't listed in this article or you can't resolve it, get support by visiting one of