You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
a mechanism to scan and alert on kubernetes resources that are already deployed in the cluster (ie. past the initial admission control workflow).
Probably needs to run in a configurable interval
Could be background daemon or sidecar, or a completely separate pod.
Could be a good thing to look at doing in Golang
Maybe think through the possibility of an enforcement action in addition to alerts (ie. Scale to 0 pods on Deploymebt with privileged pod spec)
not sure if we'd want a separate severity/deny level for the background scanning vs. the admission response flow
Why is this needed:
This would cover brownfield environments or scenarios where new policies are added/policy severity changes and resources may be long-lived/deployed infrequently
The text was updated successfully, but these errors were encountered:
What would you like to be added:
a mechanism to scan and alert on kubernetes resources that are already deployed in the cluster (ie. past the initial admission control workflow).
Why is this needed:
This would cover brownfield environments or scenarios where new policies are added/policy severity changes and resources may be long-lived/deployed infrequently
The text was updated successfully, but these errors were encountered: