Skip to content

Cluster Auditor💣

Overview💣

Cluster Auditor (CA) monitors OPA objects in the cluster and exposes violations as metrics to Prometheus/Grafana. Cluster auditor will “auto-detect” all OPA Gatekeeper Constraint resources.

Dependencies💣

Cluster Auditor depends on the opa-gatekeeper and monitoring Big Bang packages.

High Availability💣

Cluster Auditor is hard-coded to 1 replica in the Deployment as further testing needs to be done if CA can work with multiple replicas. You can still rely on native Kubernetes functionality to restart and/or redeploy the CA Pod if it enters a bad state.

...
spec:
  strategy:
    type: RollingUpdate
  selector:
    matchLabels:
      app: opa-exporter
  replicas: 1
...

Storage💣

Cluster Auditor has no storage requirements on its own. Storage requirements of Prometheus/Grafana should be considered.

Licensing💣

CA is based off of the OPA Scorecard which used the Apache License 2.0.

Last update: 2022-01-25 by Micah Nagel