Violation Metrics Export Sidecar for Gatekeeper

[mlarrousse]

At T-Mobile we use this sidecar to scrape the gatekeeper audit-loop logs from the audit container and then expose them on a prometheus metrics endpoint, we'd like to contribute it back for anyone who is looking to use this or a similar pattern for getting audited violation details out of Gatekeeper.

Contained in this PR is:

A Dockerfile for building the mtail image
Mtail code largely written by @ghsbhatia
a kustomization.yaml and patches to deploy gatekeeper with the sidecar.

[anderseknert]

Awesome! A few nits but looks great 👍 When comments have been addressed (or dismissed :D), please also squash all commits into one. Thanks for contributing!

[maxsmythe]

This is cool!

One thought about the potential for the JSON to change.

[maxsmythe]

It looks like Golang's built in JSON marshaler does have stably sorted map keys:

https://golang.org/pkg/encoding/json/#Marshal

So this looks like it should work. Care should be taken here though, as adding new fields will break this scraper.

If it's possible to semantically process the JSON (e.g. actually convert this string to a JSON object and pull out values of interest), then this would be less brittle against the adding of new fields to the log line (which would be considered a backwards compatible change).

[mlarrousse]

Mtail is an unstructured parser, so no semantic JSON processing.

If you add a new field, these should still be sorted and it will just ignore your new field as it does today with constraint_action.

That said I think it would be better to break out each of these fields into their own const & not rely on the sorting. Does this work for now for you & we can break apart this VIOLATION parse the next time we update this program?