Note: lists.cncf.io will be down for maintenance on Monday, September 26th, starting at 9AM Pacific Time (4PM Monday September 26, 2022 UTC), for approximately one hour.
Thanks Brendan for the information. I gave a look at the project this week, and agree on most of the feedbacks azure engineers provided.
Since you mentioned the gatekeeper project, do you know if it is part of OPA (the sandbox project) or a separate project?
I took a look at OPA Kubernetes example (https://www.openpolicyagent.org/docs/kubernetes-admission-control.html), and found some potential issues:
1. require cache Kubernetes resources into OPA agent, which can be pretty expensive. Is there a cheaper way to do it? Can the agent obtain the base JSON data on demand?
2. the policy agent runs on the eventual consistent cache. This might cause wrong evaluation if previous change has not yet propagated back.