-
Feature
-
Resolution: Unresolved
-
Critical
-
None
-
False
-
None
-
False
-
Not Selected
Feature Overview
The policy generator can accept remote Kustomize manifests, which can generate a Policy larger than Kubernetes can handle. While detecting the size of a manifest may be unnecessarily complex, implementing a feature to split these manifests by API group or a configurable integer value representing the number of policies to generate for a particular policy would be a beneficial enhancement to enable these large manifests to be deployed via policy. Additionally, a new error could be thrown from the generator for policies that are definitely too large (this error may not be necessary if the message from Kustomize/ArgoCD/AppSub is clear as to the name of the policy and the fact it's too large when the manifest is applied, though having our configurations supplied to the user could be beneficial regardless).
Goals
- Allow users to split up large manifests into multiple policies to permit deployment through the policy generator without having to manually split them up.
Requirements
Requirement | Notes | isMvp? |
---|---|---|
CI - MUST be running successfully with test automation | This is a requirement for ALL features. |
YES |
Release Technical Enablement | Provide necessary release enablement details and documents. |
YES |
Background, and strategic fit
Policy generator repo: https://github.com/open-cluster-management-io/policy-generator-plugin
This new configuration might look something like:
apiVersion: policy.open-cluster-management.io/v1 kind: PolicyGenerator policyDefaults: policiesSplitByApiGroup: false numPoliciesPerInput: 1 policies: - name: ... policiesSplitByApiGroup: false numPoliciesPerInput: 1 manifests: - ...
And, if these configurations aren't used, an error like this could be thrown for a generated policy that's too large (this error may not be necessary if the message from Kustomize/ArgoCD/AppSub is clear as to the name of the policy and the fact it's too large when the manifest is applied, though having our configurations supplied to the user could be beneficial regardless):
policy %s exceeds the maximum size for a Kubernetes object. Split up the manifests, or use policiesSplitByApiGroup or numPoliciesPerInput to split it into multiple policies.
Documentation Considerations
Both the in-repo documentation and the product documentation would need to be updated with the new generator configuration values.