Ian Rudie

In the past we'd talked about a gRPC-based sidecar service to enable offloading of the alerting work from the primary MagTape. 1. create a protocol buffer definition for message/alert "type"...

Ideas: ``` - manifests - test-deploy01.yaml - create:"kubectl create blah blah" - delete:test-deploy01.yaml ``` ``` - kind: deployments desired: fail script: manifests: - test-deploy02.yaml singletons: - "kubectl create something" ```...

Where does the doc belong? Some ideas in no particular order: - docs/policies.md - add a new section on writing rego/policy. Likely would want to nest the existing descriptions of...

Contributing is actually maybe a word to avoid here. Some folks may just want to write some policy for their own use and not contribute it. It's possible they wouldn't...

FWIW I lean towards some implementation that would not allow a misbehaving user who is clever to exempt themselves by altering their namespace. For that reason of the two ideas...

Could we just store the operating mode (i.e. if magtape enforces by default and exempts versus permitting by default and enforcing selectively), plus a list of name spaces that you...

This seems good to me.

Would it make sense to record the full detail of the swap? ```yaml annotations: imageswap-webhook-swaps: [{"original": "image1", "swap": "my.example.com/mirror-docker.io/image1"}, {"original": "quay.io/image2", "swap": "my.example.com/mirror-quay.io/image2"}] ```

It looks like the way to do this might be to add new functionality to our generation tooling to support a flag like "pasgwstatus". ``` // +cue-gen:VirtualService:subresource:pasgwstatus ```

Thanks John. The intent was to find a way to selectively add it. Are we OK with all the Istio resources getting these fields and we'll just ignore them if...