Matthew Ebeweber09/12/2022, 4:06 PM
Charith (Cerbos)09/12/2022, 4:38 PM
driver to load policies from there. Alternatively, if you're on Kubernetes, you could configure an init container to do the sparse checkout for Cerbos and deploy a job to periodically refresh it.
Matthew Ebeweber09/12/2022, 5:36 PM
Charith (Cerbos)09/12/2022, 5:41 PM
for shallow clones. We need to be able to
to grab updates from the remote repo so that's why we don't shallow clone at the moment. There's an open issue for it upstream and hopefully it will get resolved soon. They have also recently merged a fix for sparse clones but it's not yet released. As soon as those upstream issues are resolved, we'll update our implementation. Until then, I am afraid the choices are limited to either tolerating the full clone on startup or using one of the workarounds I suggested above.