diff --git a/CHANGELOG.md b/CHANGELOG.md
index 04ececadb8..18cd6ea8e5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,7 @@
### Note
- Deprecated flag `--imageSignatureRepository`. Will be removed in 1.12. Use per rule configuration `verifyImages.Repository` instead.
+- Added `--aggregateReports` flag to reports controller to enable/disable aggregated reports (default value is `true`).
## v1.10.0
diff --git a/charts/kyverno/README.md b/charts/kyverno/README.md
index d5ba55bf37..3ea57519fe 100644
--- a/charts/kyverno/README.md
+++ b/charts/kyverno/README.md
@@ -291,6 +291,7 @@ The chart values are organised per component.
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| features.admissionReports.enabled | bool | `true` | Enables the feature |
+| features.aggregateReports.enabled | bool | `true` | Enables the feature |
| features.autoUpdateWebhooks.enabled | bool | `true` | Enables the feature |
| features.backgroundScan.enabled | bool | `true` | Enables the feature |
| features.backgroundScan.backgroundScanWorkers | int | `2` | Number of background scan workers |
diff --git a/charts/kyverno/templates/_helpers.tpl b/charts/kyverno/templates/_helpers.tpl
index e98df2411b..6498629feb 100644
--- a/charts/kyverno/templates/_helpers.tpl
+++ b/charts/kyverno/templates/_helpers.tpl
@@ -13,6 +13,9 @@
{{- with .admissionReports -}}
{{- $flags = append $flags (print "--admissionReports=" .enabled) -}}
{{- end -}}
+{{- with .aggregateReports -}}
+ {{- $flags = append $flags (print "--aggregateReports=" .enabled) -}}
+{{- end -}}
{{- with .autoUpdateWebhooks -}}
{{- $flags = append $flags (print "--autoUpdateWebhooks=" .enabled) -}}
{{- end -}}
diff --git a/charts/kyverno/templates/reports-controller/deployment.yaml b/charts/kyverno/templates/reports-controller/deployment.yaml
index c688826918..34089cc673 100644
--- a/charts/kyverno/templates/reports-controller/deployment.yaml
+++ b/charts/kyverno/templates/reports-controller/deployment.yaml
@@ -109,6 +109,7 @@ spec:
{{- end }}
{{- include "kyverno.features.flags" (pick (mergeOverwrite .Values.features .Values.reportsController.featuresOverride)
"admissionReports"
+ "aggregateReports"
"backgroundScan"
"configMapCaching"
"logging"
diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml
index 4d6ba082f2..bd365c7837 100644
--- a/charts/kyverno/values.yaml
+++ b/charts/kyverno/values.yaml
@@ -327,6 +327,9 @@ features:
admissionReports:
# -- Enables the feature
enabled: true
+ aggregateReports:
+ # -- Enables the feature
+ enabled: true
autoUpdateWebhooks:
# -- Enables the feature
enabled: true
diff --git a/cmd/reports-controller/main.go b/cmd/reports-controller/main.go
index 10c7a6f0cd..404eb4e7fe 100644
--- a/cmd/reports-controller/main.go
+++ b/cmd/reports-controller/main.go
@@ -36,6 +36,7 @@ func createReportControllers(
eng engineapi.Engine,
backgroundScan bool,
admissionReports bool,
+ aggregateReports bool,
reportsChunkSize int,
backgroundScanWorkers int,
client dclient.Interface,
@@ -65,18 +66,20 @@ func createReportControllers(
resourceReportController,
resourcereportcontroller.Workers,
))
- ctrls = append(ctrls, internal.NewController(
- aggregatereportcontroller.ControllerName,
- aggregatereportcontroller.NewController(
- kyvernoClient,
- metadataFactory,
- kyvernoV1.Policies(),
- kyvernoV1.ClusterPolicies(),
- resourceReportController,
- reportsChunkSize,
- ),
- aggregatereportcontroller.Workers,
- ))
+ if aggregateReports {
+ ctrls = append(ctrls, internal.NewController(
+ aggregatereportcontroller.ControllerName,
+ aggregatereportcontroller.NewController(
+ kyvernoClient,
+ metadataFactory,
+ kyvernoV1.Policies(),
+ kyvernoV1.ClusterPolicies(),
+ resourceReportController,
+ reportsChunkSize,
+ ),
+ aggregatereportcontroller.Workers,
+ ))
+ }
if admissionReports {
ctrls = append(ctrls, internal.NewController(
admissionreportcontroller.ControllerName,
@@ -123,6 +126,7 @@ func createrLeaderControllers(
eng engineapi.Engine,
backgroundScan bool,
admissionReports bool,
+ aggregateReports bool,
reportsChunkSize int,
backgroundScanWorkers int,
kubeInformer kubeinformers.SharedInformerFactory,
@@ -139,6 +143,7 @@ func createrLeaderControllers(
eng,
backgroundScan,
admissionReports,
+ aggregateReports,
reportsChunkSize,
backgroundScanWorkers,
dynamicClient,
@@ -158,6 +163,7 @@ func main() {
var (
backgroundScan bool
admissionReports bool
+ aggregateReports bool
reportsChunkSize int
backgroundScanWorkers int
backgroundScanInterval time.Duration
@@ -168,6 +174,7 @@ func main() {
flagset := flag.NewFlagSet("reports-controller", flag.ExitOnError)
flagset.BoolVar(&backgroundScan, "backgroundScan", true, "Enable or disable backgound scan.")
flagset.BoolVar(&admissionReports, "admissionReports", true, "Enable or disable admission reports.")
+ flagset.BoolVar(&aggregateReports, "aggregateReports", true, "Enable or disable aggregated policy reports.")
flagset.IntVar(&reportsChunkSize, "reportsChunkSize", 1000, "Max number of results in generated reports, reports will be split accordingly if there are more results to be stored.")
flagset.IntVar(&backgroundScanWorkers, "backgroundScanWorkers", backgroundscancontroller.Workers, "Configure the number of background scan workers.")
flagset.DurationVar(&backgroundScanInterval, "backgroundScanInterval", time.Hour, "Configure background scan interval.")
@@ -259,6 +266,7 @@ func main() {
engine,
backgroundScan,
admissionReports,
+ aggregateReports,
reportsChunkSize,
backgroundScanWorkers,
kubeInformer,
diff --git a/config/install-latest-testing.yaml b/config/install-latest-testing.yaml
index ac80409b40..32a0b3560a 100644
--- a/config/install-latest-testing.yaml
+++ b/config/install-latest-testing.yaml
@@ -39109,6 +39109,7 @@ spec:
- --otelConfig=prometheus
- --metricsPort=8000
- --admissionReports=true
+ - --aggregateReports=true
- --backgroundScan=true
- --backgroundScanWorkers=2
- --backgroundScanInterval=1h