feat: add support for emit k8s events for allowed requests #3439
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
[ v ] Emit K8s events in gatekeeper namespace (or involved namespace if corresponding flag is on).
[ v ] Update helm flag name of
emitAdmissionEvents
toemitDenyAdmissionEvents
[ v ] Update e2e to get events with the
AllowedAdmission
reason[ v ] Update deployment yaml and chart default
emit-allow-admission-events
andemit-deny-admission-events
to false[ v ] Update Makefile to enable
emit-allow-admission-events
and updatedemit-admission-events
toemit-deny-admission-events
[ v ] Update docs with a new
AllowedAdmission
reasonWhich issue this PR fixes:
This is functionality I want as someone deploying GK with Helm. This helps me monitor the admissions and validate my policies in a similar manner to how OPA decision-logs work.
Special notes for your reviewer:
The idea for the PR derived from #739 and plenty of issues asking about decision logs (such as #1037 )
Sample event outputs for reason
AllowedAdmission