Cluster Auditorπ
Overviewπ
Cluster Auditor (CA) monitors OPA objects in the cluster and exposes violations as metrics to Prometheus/Grafana. Cluster auditor will βauto-detectβ all OPA Gatekeeper Constraint resources.
Dependenciesπ
Cluster Auditor depends on the opa-gatekeeper and monitoring Big Bang packages.
High Availabilityπ
Cluster Auditor is hard-coded to 1 replica in the Deployment as further testing needs to be done if CA can work with multiple replicas. You can still rely on native Kubernetes functionality to restart and/or redeploy the CA Pod if it enters a bad state.
...
spec:
strategy:
type: RollingUpdate
selector:
matchLabels:
app: opa-exporter
replicas: 1
...
Storageπ
Cluster Auditor has no storage requirements on its own. Storage requirements of Prometheus/Grafana should be considered.
Licensingπ
CA is based off of the OPA Scorecard which used the Apache License 2.0.