pepr
pepr copied to clipboard
Background Enforcement/Existing Resource Scans
Is your feature request related to a problem? Please describe.
Periodic scans against existing resources against policy. Should probably use Pepr's watch
The primary risk - if there are existing resources in the cluster that violate policy. An admission-only policy engine won't ever see create/update events for them, they've already been created.
Should support changes in policy, when a policy is updated, re-evaluate existing resources.
Should have an "audit" node that will allow objects into cluster that are failing.
Describe the solution you'd like
- Given there is a need to run policy against existing resources
- When the user runs background enforcement
- Then existing resources are reported against
Describe alternatives you've considered
Might be called something like ValidateAndBackgroundWatch
or ValidateAndWatch
Additional context
Add any other context or screenshots about the feature request here.