Max Smythe
Max Smythe
Can we register a default value in the CRD? https://github.com/open-policy-agent/frameworks/blob/0684e78d7c329118a2edb2c2e46e4a077f269abf/constraint/pkg/apis/templates/v1/constrainttemplate_types.go#L52
Oh, except constraint CRDs are generated from the CF, so we'd need to code the default directly into the JSONSchema, I think?
@sozercan Do we know how this might interact with the design you're working on for per-target enforcement actions?
+1 to having multiple bundles. Might be worth figuring out a way to gradually roll out the cert across processes too.
@acpana This could be interesting work.
Good question. I suppose there is no reason the following go routines need to be launched by the manager calling Start(): https://github.com/open-policy-agent/cert-controller/blob/71c4f4ea52d5d8b1f1d89462065535ec7a41a99f/pkg/rotator/rotator.go#L212-L214 Since they are purely passive, though the exponential...
There are a number of possible causes for increased RAM usage. What is your constraints and constraint template count? (you mention 87 for constraints, but not clear if/how that relates...
"context canceled" can mean the caller's context was canceled (usually due to request timeout). I think it usually says something different than "serving context canceled", though maybe the framework changed...
I'm confused as to how this improves UX. If a customer doesn't specify the flags, won't they get the default values, which is an equivalent effort on the users part?...
Also, we probably want to ensure pubsub can still be disabled for those who do not want to use it.