kove
kove copied to clipboard
cmacrae
Watch your in cluster Kubernetes manifests for OPA policy violations and export them as Prometheus metrics
In order to support `kafka.strimzi.io/v1beta2` we need to reference the CRD structs in the WithResource call. This changes add support for this.
When creating an object of a kind that's being monitored, since 1.20.0 the manifest changes enough in its initial lifecycle that we reevaluate several times, almost immediately.
Even in an "empty" cluster, when watching all object kinds, informers can get a bit too enthusiastic and start getting throttled. Implement a work queue.
Use of the [Constraint framework](https://github.com/open-policy-agent/frameworks/tree/master/constraint) would simplify the implementation of policies and present a more native feeling experience for kubernetes