mirror of
https://github.com/kyverno/kyverno.git
synced 2024-12-14 11:57:48 +00:00
add flag for policy reports (#7888)
* add flag for policy reports Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove logger param Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update launch Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove logging changes Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove logging changes Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove logging changes Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update Helm chart Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com>
This commit is contained in:
parent
51e479c819
commit
be2abbeaa8
8 changed files with 32 additions and 5 deletions
|
@ -5,7 +5,8 @@
|
|||
### Note
|
||||
|
||||
- Deprecated flag `--imageSignatureRepository`. Will be removed in 1.12. Use per rule configuration `verifyImages.Repository` instead.
|
||||
- Added `--aggregateReports` flag to reports controller to enable/disable aggregated reports (default value is `true`).
|
||||
- Added `--aggregateReports` flag for reports controller to enable/disable aggregated reports (default value is `true`).
|
||||
- Added `--policyReports` flag for reports controller to enable/disable policy reports (default value is `true`).
|
||||
|
||||
## v1.10.0
|
||||
|
||||
|
|
|
@ -292,6 +292,7 @@ The chart values are organised per component.
|
|||
|-----|------|---------|-------------|
|
||||
| features.admissionReports.enabled | bool | `true` | Enables the feature |
|
||||
| features.aggregateReports.enabled | bool | `true` | Enables the feature |
|
||||
| features.policyReports.enabled | bool | `true` | Enables the feature |
|
||||
| features.autoUpdateWebhooks.enabled | bool | `true` | Enables the feature |
|
||||
| features.backgroundScan.enabled | bool | `true` | Enables the feature |
|
||||
| features.backgroundScan.backgroundScanWorkers | int | `2` | Number of background scan workers |
|
||||
|
|
|
@ -16,6 +16,9 @@
|
|||
{{- with .aggregateReports -}}
|
||||
{{- $flags = append $flags (print "--aggregateReports=" .enabled) -}}
|
||||
{{- end -}}
|
||||
{{- with .policyReports -}}
|
||||
{{- $flags = append $flags (print "--policyReports=" .enabled) -}}
|
||||
{{- end -}}
|
||||
{{- with .autoUpdateWebhooks -}}
|
||||
{{- $flags = append $flags (print "--autoUpdateWebhooks=" .enabled) -}}
|
||||
{{- end -}}
|
||||
|
|
|
@ -110,6 +110,7 @@ spec:
|
|||
{{- include "kyverno.features.flags" (pick (mergeOverwrite .Values.features .Values.reportsController.featuresOverride)
|
||||
"admissionReports"
|
||||
"aggregateReports"
|
||||
"policyReports"
|
||||
"backgroundScan"
|
||||
"configMapCaching"
|
||||
"deferredLoading"
|
||||
|
|
|
@ -349,6 +349,9 @@ features:
|
|||
aggregateReports:
|
||||
# -- Enables the feature
|
||||
enabled: true
|
||||
policyReports:
|
||||
# -- Enables the feature
|
||||
enabled: true
|
||||
autoUpdateWebhooks:
|
||||
# -- Enables the feature
|
||||
enabled: true
|
||||
|
|
|
@ -37,6 +37,7 @@ func createReportControllers(
|
|||
backgroundScan bool,
|
||||
admissionReports bool,
|
||||
aggregateReports bool,
|
||||
policyReports bool,
|
||||
reportsChunkSize int,
|
||||
backgroundScanWorkers int,
|
||||
client dclient.Interface,
|
||||
|
@ -107,6 +108,7 @@ func createReportControllers(
|
|||
configuration,
|
||||
jp,
|
||||
eventGenerator,
|
||||
policyReports,
|
||||
),
|
||||
backgroundScanWorkers,
|
||||
))
|
||||
|
@ -127,6 +129,7 @@ func createrLeaderControllers(
|
|||
backgroundScan bool,
|
||||
admissionReports bool,
|
||||
aggregateReports bool,
|
||||
policyReports bool,
|
||||
reportsChunkSize int,
|
||||
backgroundScanWorkers int,
|
||||
kubeInformer kubeinformers.SharedInformerFactory,
|
||||
|
@ -144,6 +147,7 @@ func createrLeaderControllers(
|
|||
backgroundScan,
|
||||
admissionReports,
|
||||
aggregateReports,
|
||||
policyReports,
|
||||
reportsChunkSize,
|
||||
backgroundScanWorkers,
|
||||
dynamicClient,
|
||||
|
@ -164,6 +168,7 @@ func main() {
|
|||
backgroundScan bool
|
||||
admissionReports bool
|
||||
aggregateReports bool
|
||||
policyReports bool
|
||||
reportsChunkSize int
|
||||
backgroundScanWorkers int
|
||||
backgroundScanInterval time.Duration
|
||||
|
@ -175,6 +180,7 @@ func main() {
|
|||
flagset.BoolVar(&backgroundScan, "backgroundScan", true, "Enable or disable background scan.")
|
||||
flagset.BoolVar(&admissionReports, "admissionReports", true, "Enable or disable admission reports.")
|
||||
flagset.BoolVar(&aggregateReports, "aggregateReports", true, "Enable or disable aggregated policy reports.")
|
||||
flagset.BoolVar(&policyReports, "policyReports", true, "Enable or disable policy reports.")
|
||||
flagset.IntVar(&reportsChunkSize, "reportsChunkSize", 1000, "Max number of results in generated reports, reports will be split accordingly if there are more results to be stored.")
|
||||
flagset.IntVar(&backgroundScanWorkers, "backgroundScanWorkers", backgroundscancontroller.Workers, "Configure the number of background scan workers.")
|
||||
flagset.DurationVar(&backgroundScanInterval, "backgroundScanInterval", time.Hour, "Configure background scan interval.")
|
||||
|
@ -268,6 +274,7 @@ func main() {
|
|||
backgroundScan,
|
||||
admissionReports,
|
||||
aggregateReports,
|
||||
policyReports,
|
||||
reportsChunkSize,
|
||||
backgroundScanWorkers,
|
||||
kubeInformer,
|
||||
|
|
|
@ -39203,6 +39203,7 @@ spec:
|
|||
- --metricsPort=8000
|
||||
- --admissionReports=true
|
||||
- --aggregateReports=true
|
||||
- --policyReports=true
|
||||
- --backgroundScan=true
|
||||
- --backgroundScanWorkers=2
|
||||
- --backgroundScanInterval=1h
|
||||
|
|
|
@ -63,9 +63,10 @@ type controller struct {
|
|||
forceDelay time.Duration
|
||||
|
||||
// config
|
||||
config config.Configuration
|
||||
jp jmespath.Interface
|
||||
eventGen event.Interface
|
||||
config config.Configuration
|
||||
jp jmespath.Interface
|
||||
eventGen event.Interface
|
||||
policyReports bool
|
||||
}
|
||||
|
||||
func NewController(
|
||||
|
@ -81,6 +82,7 @@ func NewController(
|
|||
config config.Configuration,
|
||||
jp jmespath.Interface,
|
||||
eventGen event.Interface,
|
||||
policyReports bool,
|
||||
) controllers.Controller {
|
||||
bgscanr := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("backgroundscanreports"))
|
||||
cbgscanr := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("clusterbackgroundscanreports"))
|
||||
|
@ -100,6 +102,7 @@ func NewController(
|
|||
config: config,
|
||||
jp: jp,
|
||||
eventGen: eventGen,
|
||||
policyReports: policyReports,
|
||||
}
|
||||
controllerutils.AddDefaultEventHandlers(logger, bgscanr.Informer(), queue)
|
||||
controllerutils.AddDefaultEventHandlers(logger, cbgscanr.Informer(), queue)
|
||||
|
@ -303,7 +306,14 @@ func (c *controller) reconcileReport(
|
|||
if full || !controllerutils.HasAnnotation(desired, annotationLastScanTime) {
|
||||
controllerutils.SetAnnotation(desired, annotationLastScanTime, time.Now().Format(time.RFC3339))
|
||||
}
|
||||
// store report
|
||||
if c.policyReports {
|
||||
return c.storeReport(ctx, observed, desired)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (c *controller) storeReport(ctx context.Context, observed, desired kyvernov1alpha2.ReportInterface) error {
|
||||
var err error
|
||||
hasReport := observed.GetResourceVersion() != ""
|
||||
wantsReport := desired != nil && len(desired.GetResults()) != 0
|
||||
if !hasReport && !wantsReport {
|
||||
|
|
Loading…
Reference in a new issue