Cluster Auditorπ£
Overviewπ£
Cluster Auditor (CA) monitors OPA objects in the cluster and exposes violations as metrics to Prometheus/Grafana. Cluster auditor will βauto-detectβ all OPA Gatekeeper Constraint
resources.
Dependenciesπ£
Cluster Auditor depends on the opa-gatekeeper and monitoring Big Bang packages.
High Availabilityπ£
Cluster Auditor is hard-coded to 1 replica in the Deployment as further testing needs to be done if CA can work with multiple replicas. You can still rely on native Kubernetes functionality to restart and/or redeploy the CA Pod if it enters a bad state.
...
spec:
strategy:
type: RollingUpdate
selector:
matchLabels:
app: opa-exporter
replicas: 1
...
Storageπ£
Cluster Auditor has no storage requirements on its own. Storage requirements of Prometheus/Grafana should be considered.
Licensingπ£
CA is based off of the OPA Scorecard which used the Apache License 2.0.
Last update:
2022-01-25 by Micah Nagel