Policy Reporter watches for PolicyReport Resources. It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord

Policy Reporter watches for PolicyReport Resources. It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord

Policy Reporter

• Fix generate multiple custom metrics

• Policy Reporter
  • Persist also PolicyReport labels
  • API
    • New API to get available labels for PolicyReports: /v1/namespaced-resources/report-labels
    • New API to get available labels for ClusterPolicyReports: /v1/cluster-resources/report-labels
  • Metrics
    • special syntax to add (Custer)PolicyReport labels to metric labels: label:report-label-name, special characters like -, /, ., : will be transformed to _ in metrics
  • New Target Filter reportLabel to, filter results based on labels of the related (Cluster)PolicyReport
• Monitoring
  • New values to disable dedicated Grafana Dashboards:
    • grafana.dashboards.enable.overview, default true
    • grafana.dashboards.enable.policyReportDetails, default true
    • grafana.dashboards.enable.clusterPolicyReportDetails, default true
  • New values to configure the Grafana Dashboard datasource label, pluginName, pluginId
    • grafana.datasource.label, default Prometheus
    • grafana.datasource.pluginName, default Prometheus
    • grafana.datasource.pluginId, default prometheus
  • New value grafana.dashboards.labelFilter to add custom report labels as dashboard filter, default []. Label has to be a valid
  • New values grafana.dashboards.multicluster.enabled and grafana.dashboards.multicluster.label to add an optional cluster label.
• Kyverno Plugin
  • New HTML Compliance Reports
    • Grouped by Policy with Details per Namespace and Resource
    • Grouped by Namespace with Details per Policy and Resource
  • Go update to 1.19
• UI
  • Integrate new Compliance Reports
  • New PolicyReport label based filter, use ui.labelFilter to define a list of labels to add
  • Go update to 1.19

Policy Reporter watches for PolicyReport Resources. It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord

Policy Reporter

• Fix customFields mapping in TargetFactory

Policy Reporter

• Fix customFields property in values.yaml
• Fix PolicyReporter image.tag version

Policy Reporter watches for PolicyReport Resources. It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord

Policy Reporter watches for PolicyReport Resources. It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord

• Policy Reporter
  • New certificate config for loki, elasticsearch, teams, webhook and ui, to set the path to your custom certificate for the related client.
  • New skipTLS config for loki, elasticsearch, teams, webhook and ui, to skip tls if needed for the given target.
  • New secretRef for targets to reference a secret with the related username, password, webhook, host, accessKeyID, secretAccessKey information of the given target, instead of configure your credentials directly.
• Policy Reporter UI
  • New value refreshInterval to configure the default refresh interval for API polling. Set 0 to disable polling.
• Policy Reporter Kyverno Plugin
  • Fix the creation of duplicated results for PolicyReportResults.

• Policy Reporter
  • New Helm Chart value to add extra volumes to PolicyReporter deployment [#186 by preved911]
  • HTTP Basic authentication for Elasticsearch targets with username and password configuration fields
  • target.slack.customFields map property for Slack pushes to add additional metadata to notifications like clustername
  • Add timestamp to Result REST APIs
  • Overwrite the installation target namespace via the new global.namespace value.

• Policy Reporter
  • New emailReports.smtp.secret configuration to use an existing external secret to configure your SMTP connection
    • You can set all or a subset of the available keys in your secret: host, port, username, password, from, encryption
    • Keys available in your secret have a higher priority as your Helm release values.

• Policy Reporter
  • Add new Severity values info and critical
  • Update PolicyReport ID generierung
• Policy Reporter UI
  • Fix Grouping by Policy and Categories
  • Fix ReverseProxy RequestHost
  • New configuration ui.clusterName which is used in the ClusterSelect, if you configure additional Clusters
• Policy Reporter Kyverno Plugin
  • Add time property to PolicyReportResults

• Policy Reporter
  • Fix CronJob Resources by [#157 by MaxRink]
• Policy Reporter UI
  • Fix API Proxy for APIs behind ReverseProxy (like NGINX Ingress)

2.11.0

• Policy Reporter

  • High Availability support with leaderelection for necessary features like target pushes, to avoid duplicated pushes by multiple instances
    • Add new role and rolebinding to manage lease objects if leaderelection is enabled
  • Add redis configuration to the Helm Chart for external cache storage
  • Add PodDisruptionBudget for HA Deployments (replicaCount > 1)
  • Add skipTLS configuration for MS Teams Webhook

• Policy Reporter KyvernoPlugin

  • High Availability support with leaderelection for necessary features like PolicyReport management for blocked resources
    • Add new role and rolebinding to manage lease objects if leaderelection is enabled
  • Add PodDisruptionBudget for HA Deployments (replicaCount > 1)
  • Internal refactoring for better CRD management

• Policy Reporter UI

  • Add redis as possible log storage to support high availability deployments
  • Add PodDisruptionBudget for HA Deployments (replicaCount > 1)

Policy Reporter

• Add new config target.loki.path to overwrite the deprected prom push API

Policy Reporter UI

• New option ui.clusters makes it possible to configure additional external Policy Reporter APIs (details)
• General UI improvements for loading state and error handling

Policy Reporter watches for PolicyReport Resources. It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord

Policy Reporter

• Email Reports
  • Send Summary Reports over SMTP to different E-Mails
  • Supports channels and filters to send different subsets of Namespaces or Sources to dedicated E-Mails
  • Reports are generated and send over dedicated CronJobs, this makes it easy to send the reports as often as needed
  • Currently a basic summary and a more detailed violation report is available and can be separatly enabled and configured
• Metrics
  • Add metrics.mode for less or custom metric values, to reduce cardinality
• Monitoring
  • Fix Source Column for result tables
  • Fix Warn counter for ClusterPolicyReport Details

Fix Policy Reporter Version in the Helm Chart values.yaml