feat: make aggregated reports optional (#7475)

* feat: make aggregated reports optional Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * helm Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * changelog Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
2025-03-31 03:45:17 +00:00 · 2023-06-16 17:19:22 +02:00 · 2023-06-16 17:19:22 +02:00 · b2707c0cd1
commit b2707c0cd1
parent 7ba136767a
7 changed files with 30 additions and 12 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -5,6 +5,7 @@
 ### Note
 - Deprecated flag `--imageSignatureRepository`. Will be removed in 1.12. Use per rule configuration `verifyImages.Repository` instead.
 - Added `--aggregateReports` flag to reports controller to enable/disable aggregated reports (default value is `true`).
 ## v1.10.0
--- a/charts/kyverno/README.md
+++ b/charts/kyverno/README.md
@ -291,6 +291,7 @@ The chart values are organised per component.
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | features.admissionReports.enabled | bool | `true` | Enables the feature |
 | features.aggregateReports.enabled | bool | `true` | Enables the feature |
 | features.autoUpdateWebhooks.enabled | bool | `true` | Enables the feature |
 | features.backgroundScan.enabled | bool | `true` | Enables the feature |
 | features.backgroundScan.backgroundScanWorkers | int | `2` | Number of background scan workers |
--- a/charts/kyverno/templates/_helpers.tpl
+++ b/charts/kyverno/templates/_helpers.tpl
@ -13,6 +13,9 @@
 {{- with .admissionReports -}}
  {{- $flags = append $flags (print "--admissionReports=" .enabled) -}}
 {{- end -}}
 {{- with .aggregateReports -}}
  {{- $flags = append $flags (print "--aggregateReports=" .enabled) -}}
 {{- end -}}
 {{- with .autoUpdateWebhooks -}}
  {{- $flags = append $flags (print "--autoUpdateWebhooks=" .enabled) -}}
 {{- end -}}
--- a/charts/kyverno/templates/reports-controller/deployment.yaml
+++ b/charts/kyverno/templates/reports-controller/deployment.yaml
@ -109,6 +109,7 @@ spec:
            {{- end }}
            {{- include "kyverno.features.flags" (pick (mergeOverwrite .Values.features .Values.reportsController.featuresOverride)
              "admissionReports"
              "aggregateReports"
              "backgroundScan"
              "configMapCaching"
              "logging"
--- a/charts/kyverno/values.yaml
+++ b/charts/kyverno/values.yaml
@ -327,6 +327,9 @@ features:
  admissionReports:
    # -- Enables the feature
    enabled: true
  aggregateReports:
    # -- Enables the feature
    enabled: true
  autoUpdateWebhooks:
    # -- Enables the feature
    enabled: true
--- a/cmd/reports-controller/main.go
+++ b/cmd/reports-controller/main.go
@ -36,6 +36,7 @@ func createReportControllers(
 	eng engineapi.Engine,
 	backgroundScan bool,
 	admissionReports bool,
 	aggregateReports bool,
 	reportsChunkSize int,
 	backgroundScanWorkers int,
 	client dclient.Interface,
@ -65,18 +66,20 @@ func createReportControllers(
 			resourceReportController,
 			resourcereportcontroller.Workers,
 		))
-		ctrls = append(ctrls, internal.NewController(
+		if aggregateReports {
-			aggregatereportcontroller.ControllerName,
+			ctrls = append(ctrls, internal.NewController(
-			aggregatereportcontroller.NewController(
+				aggregatereportcontroller.ControllerName,
-				kyvernoClient,
+				aggregatereportcontroller.NewController(
-				metadataFactory,
+					kyvernoClient,
-				kyvernoV1.Policies(),
+					metadataFactory,
-				kyvernoV1.ClusterPolicies(),
+					kyvernoV1.Policies(),
-				resourceReportController,
+					kyvernoV1.ClusterPolicies(),
-				reportsChunkSize,
+					resourceReportController,
-			),
+					reportsChunkSize,
-			aggregatereportcontroller.Workers,
+				),
-		))
+				aggregatereportcontroller.Workers,
 			))
 		}
 		if admissionReports {
 			ctrls = append(ctrls, internal.NewController(
 				admissionreportcontroller.ControllerName,
@ -123,6 +126,7 @@ func createrLeaderControllers(
 	eng engineapi.Engine,
 	backgroundScan bool,
 	admissionReports bool,
 	aggregateReports bool,
 	reportsChunkSize int,
 	backgroundScanWorkers int,
 	kubeInformer kubeinformers.SharedInformerFactory,
@ -139,6 +143,7 @@ func createrLeaderControllers(
 		eng,
 		backgroundScan,
 		admissionReports,
 		aggregateReports,
 		reportsChunkSize,
 		backgroundScanWorkers,
 		dynamicClient,
@ -158,6 +163,7 @@ func main() {
 	var (
 		backgroundScan         bool
 		admissionReports       bool
 		aggregateReports       bool
 		reportsChunkSize       int
 		backgroundScanWorkers  int
 		backgroundScanInterval time.Duration
@ -168,6 +174,7 @@ func main() {
 	flagset := flag.NewFlagSet("reports-controller", flag.ExitOnError)
 	flagset.BoolVar(&backgroundScan, "backgroundScan", true, "Enable or disable backgound scan.")
 	flagset.BoolVar(&admissionReports, "admissionReports", true, "Enable or disable admission reports.")
 	flagset.BoolVar(&aggregateReports, "aggregateReports", true, "Enable or disable aggregated policy reports.")
 	flagset.IntVar(&reportsChunkSize, "reportsChunkSize", 1000, "Max number of results in generated reports, reports will be split accordingly if there are more results to be stored.")
 	flagset.IntVar(&backgroundScanWorkers, "backgroundScanWorkers", backgroundscancontroller.Workers, "Configure the number of background scan workers.")
 	flagset.DurationVar(&backgroundScanInterval, "backgroundScanInterval", time.Hour, "Configure background scan interval.")
@ -259,6 +266,7 @@ func main() {
 				engine,
 				backgroundScan,
 				admissionReports,
 				aggregateReports,
 				reportsChunkSize,
 				backgroundScanWorkers,
 				kubeInformer,
--- a/config/install-latest-testing.yaml
+++ b/config/install-latest-testing.yaml
@ -39109,6 +39109,7 @@ spec:
            - --otelConfig=prometheus
            - --metricsPort=8000
            - --admissionReports=true
            - --aggregateReports=true
            - --backgroundScan=true
            - --backgroundScanWorkers=2
            - --backgroundScanInterval=1h