You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, Admitik validates or modifies Kubernetes resources based on conditions defined through Helm templates. However, we need to extend functionality to ensure policies are audited and supervised on already deployed resources before validating any new deployments.
Requirements:
Develop a feature to allow Admitik to audit and evaluate policies on existing resources within the Kubernetes cluster.
Ensure this audit happens prior to validating new resources to maintain consistency and compliance across the environment.
Provide detailed reports or logs highlighting policy compliance status, including any violations or improvement areas.
This enhancement will enable more proactive and comprehensive policy management across both existing and future resources in the cluster.
The text was updated successfully, but these errors were encountered:
How are your expectations on this feature? (the expected behavior, etc)
Currently, the ClusterAdmissionPolicy supports two modes: Enforce and Permissive, and for each captured watched resource, it triggers a request against a webserver that process the conditions, and decides if it's accepted or not to enter
During the conditions evaluation, several useful things are injected, such as .object or .oldObject (in case of updates), so this allows you to compare it against even the rest of all the resources of the same kind.
Let's talk about your request. From my POV, if it needs to run in the background periodically or so, we can not inject mentioned objects, as they don't exist. That being said, we could inject the .sources in the same way, so you should iterate on them, and perform actions to have such a report, or similar as an output.
May be it should be a different resource, something as ClusterPeriodicReviewPolicy or something similar.
It that what you expect or covering your needs? what is the use case you detected?
Currently, Admitik validates or modifies Kubernetes resources based on conditions defined through Helm templates. However, we need to extend functionality to ensure policies are audited and supervised on already deployed resources before validating any new deployments.
Requirements:
This enhancement will enable more proactive and comprehensive policy management across both existing and future resources in the cluster.
The text was updated successfully, but these errors were encountered: