You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When configured to load policies or data from ConfigMaps, kube-mgmt listens for changes in ConfigMaps, updates OPA, and annotates the ConfigMap with openpolicyagent.org/policy-status = {"status":"ok"} or {status="error", "error":"..."}.
But annotating the ConfigMap actually triggers a new update, if the annotation was not already present, or has changed. This has the risk of errors introducing infinite loops, if the error message changes from one update to the next.
It may be worth computing some checksum of the information in the ConfigMap (labels and data, which are the only things used by kube-mgmt), and only updating OPA if this checksum changes.
The text was updated successfully, but these errors were encountered:
When configured to load policies or data from ConfigMaps, kube-mgmt listens for changes in ConfigMaps, updates OPA, and annotates the ConfigMap with
openpolicyagent.org/policy-status={"status":"ok"}or{status="error", "error":"..."}.But annotating the ConfigMap actually triggers a new update, if the annotation was not already present, or has changed. This has the risk of errors introducing infinite loops, if the error message changes from one update to the next.
It may be worth computing some checksum of the information in the ConfigMap (labels and data, which are the only things used by kube-mgmt), and only updating OPA if this checksum changes.
The text was updated successfully, but these errors were encountered: