pepr icon indicating copy to clipboard operation
pepr copied to clipboard

Published 20 hours ago verified publisher icon defenseunicorns

Background Enforcement/Existing Resource Scans

Open cmwylie19 opened this issue 6 months ago • 1 comments

Is your feature request related to a problem? Please describe.

Periodic scans against existing resources against policy. Should probably use Pepr's watch

The primary risk - if there are existing resources in the cluster that violate policy. An admission-only policy engine won't ever see create/update events for them, they've already been created.

Should support changes in policy, when a policy is updated, re-evaluate existing resources.

Should have an "audit" node that will allow objects into cluster that are failing.

Describe the solution you'd like

  • Given there is a need to run policy against existing resources
  • When the user runs background enforcement
  • Then existing resources are reported against

Describe alternatives you've considered

Might be called something like ValidateAndBackgroundWatch or ValidateAndWatch

Additional context

Add any other context or screenshots about the feature request here.

cmwylie19 avatar Dec 08 '23 19:12 cmwylie19