Skip to content

Commit

Permalink
add docs for needing operation audit and chunk size flag (#1097)
Browse files Browse the repository at this point in the history 
Signed-off-by: Michael Grosser <michael@grosser.it>

Co-authored-by: Rita Zhang <rita.z.zhang@gmail.com>
  • Loading branch information
@grosser @ritazh
grosser and ritazh committed Jan 29, 2021
1 parent be2f5b4 commit df6c9b4
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -341,8 +341,10 @@ status:
name: kube-system
```

- Run a gatekeeper `Deployment` with `--operation audit`
- Audit interval: set `--audit-interval=123` (defaults to every `60` seconds)
- Audit violations per constraint: set `--constraint-violations-limit=123` (defaults to `20`)
- Audit chunk size: set `--audit-chunk-size=500` (defaults to `0` = infinite) to limit memory consumption of the auditing `Pod`
- Disable: set `--audit-interval=0`

By default, the audit will request each resource from the Kubernetes API during each cycle of the audit. To instead rely on the OPA cache, use the flag `--audit-from-cache=true`. Note that this requires replication of Kubernetes resources into OPA before they can be evaluated against the enforced policies. Refer to the [Replicating data](#replicating-data) section for more information.
Expand Down

0 comments on commit df6c9b4

Please sign in to comment.