Policy Reporter watches for PolicyReport Resources. It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord

Policy Reporter watches for PolicyReport Resources. It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord

Policy Reporter watches for PolicyReport Resources. It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord

• Policy Reporter
  • New AWS SecurityHub push target - See values.yaml for available configurations
  • External DB support (PostgreSQL, MySQL, MariaDB) - See values.yaml for available configurations
    • HA Mode support - only leader write into the DB
    • Versioned Schema, autoupdated when another version is detected
    • Configurable over values and secrets
  • Cache improvements to reduce duplicated pushes
  • Split Category API into namespaced scoped and cluster scoped API
  • Support search for contained words in the results API
• Policy Reporter UI
  • Update API requests

• Policy Reporter
  • new value to add priorityClassName to pods [#283 by boniek83]
  • fixed syntax error for policy reporter config.yaml [#295 by nikolay-o]
  • fixed customFields for kinesis targets [#295 by nikolay-o]
  • image signing and sbom generation for new Policy Reporter images

Policy Reporter watches for PolicyReport Resources. It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord

• Policy Reporter

  • New channel property for Slack targets to define the Slack channel to send the results too
  • New mountedSecret property to read target configs from a mounted secret [#282 by rromic]
  • AWS KMS support for S3 target with new properties bucketKeyEnabled, kmsKeyId and serverSideEncryption [#282 by rromic]
    • Mountet secret needs to be in json format with keys defined in kubernetes/secrets Values struct.

• Monitoring

  • Add namespaceSelector to serviceMonitor values

• Policy Reporter
  • Improved logging configuration
    • Support JSON logging
    • Support log level
  • optional API access logging with api.logging set to true
  • New aggregation table for API performance improvements
  • Helm Ingress template
  • New Google Cloud Storage Target
    • Requires credentials as JSON String and the bucket name
    • Added in the helm values under target.gcs
  • Support for property metric labels in custom mode
    • Use the property: prefix in your customLabels list to define a property value as metric label
• Policy Reporter KyvernoPlugin
  • Helm Ingress template
  • Improved logging configuration
    • Support JSON logging
    • Support log level
• Policy Reporter UI
  • Improved logging configuration
    • Support JSON logging
    • Support log level
    • Proxy Logging

2.17.0

• Policy Reporter

  • Use metaclient to reduce informer memory usage
  • Use workerqueue to control concurrent processing of PolicyReports
  • Remove internal PolicyReport structures
  • Make sqlite volume configurable [#255 by monotek]
  • use defer to unlock when possible [#259 by eddycharly]
  • New value workers to define the amount of queue workers for PolicyReport resource processing, default 5
  • Support for global resource definition via the scope property in (Cluster)PolicyReports

• Policy Reporter UI

  • New SSL configs for external clusters
    • skipTLS to disable SSL verification
    • certificate to configure a path to a custom CA for self signed URLs
  • New Helm values ui.volumes and ui.volumeMounts to add your custom CAs as mounts to the UI deployment.

Policy Reporter watches for PolicyReport Resources. It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord

Policy Reporter watches for PolicyReport Resources. It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord

Policy Reporter

• Fix generate multiple custom metrics

• Policy Reporter
  • Persist also PolicyReport labels
  • API
    • New API to get available labels for PolicyReports: /v1/namespaced-resources/report-labels
    • New API to get available labels for ClusterPolicyReports: /v1/cluster-resources/report-labels
  • Metrics
    • special syntax to add (Custer)PolicyReport labels to metric labels: label:report-label-name, special characters like -, /, ., : will be transformed to _ in metrics
  • New Target Filter reportLabel to, filter results based on labels of the related (Cluster)PolicyReport
• Monitoring
  • New values to disable dedicated Grafana Dashboards:
    • grafana.dashboards.enable.overview, default true
    • grafana.dashboards.enable.policyReportDetails, default true
    • grafana.dashboards.enable.clusterPolicyReportDetails, default true
  • New values to configure the Grafana Dashboard datasource label, pluginName, pluginId
    • grafana.datasource.label, default Prometheus
    • grafana.datasource.pluginName, default Prometheus
    • grafana.datasource.pluginId, default prometheus
  • New value grafana.dashboards.labelFilter to add custom report labels as dashboard filter, default []. Label has to be a valid
  • New values grafana.dashboards.multicluster.enabled and grafana.dashboards.multicluster.label to add an optional cluster label.
• Kyverno Plugin
  • New HTML Compliance Reports
    • Grouped by Policy with Details per Namespace and Resource
    • Grouped by Namespace with Details per Policy and Resource
  • Go update to 1.19
• UI
  • Integrate new Compliance Reports
  • New PolicyReport label based filter, use ui.labelFilter to define a list of labels to add
  • Go update to 1.19

Policy Reporter watches for PolicyReport Resources. It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord

Policy Reporter

• Fix customFields mapping in TargetFactory

Policy Reporter

• Fix customFields property in values.yaml
• Fix PolicyReporter image.tag version

Policy Reporter watches for PolicyReport Resources. It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord

Policy Reporter watches for PolicyReport Resources. It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord

• Policy Reporter
  • New certificate config for loki, elasticsearch, teams, webhook and ui, to set the path to your custom certificate for the related client.
  • New skipTLS config for loki, elasticsearch, teams, webhook and ui, to skip tls if needed for the given target.
  • New secretRef for targets to reference a secret with the related username, password, webhook, host, accessKeyID, secretAccessKey information of the given target, instead of configure your credentials directly.
• Policy Reporter UI
  • New value refreshInterval to configure the default refresh interval for API polling. Set 0 to disable polling.
• Policy Reporter Kyverno Plugin
  • Fix the creation of duplicated results for PolicyReportResults.

• Policy Reporter
  • New Helm Chart value to add extra volumes to PolicyReporter deployment [#186 by preved911]
  • HTTP Basic authentication for Elasticsearch targets with username and password configuration fields
  • target.slack.customFields map property for Slack pushes to add additional metadata to notifications like clustername
  • Add timestamp to Result REST APIs
  • Overwrite the installation target namespace via the new global.namespace value.