Open cmwylie19 opened 10 months ago
I don't think watch fits this scenario, I'd much rather see a rolling schedule every X hrs (user-configurable) to get resources and stagger that so you're not loading the cluster all at once. E.g. If you have 3 policies that validate 3 different kinds of resources, evenly distribute those across the rescan interval.
Is your feature request related to a problem? Please describe.
Periodic scans against existing resources against policy. Should probably use Pepr's
watch
The primary risk - if there are existing resources in the cluster that violate policy. An admission-only policy engine won't ever see create/update events for them, they've already been created.
Should support changes in policy, when a policy is updated, re-evaluate existing resources.
Should have an "audit" node that will allow objects into cluster that are failing.
Describe the solution you'd like
Describe alternatives you've considered
Might be called something like
ValidateAndBackgroundWatch
orValidateAndWatch
Additional context
Add any other context or screenshots about the feature request here.