add flag for policy reports (#7888)

* add flag for policy reports Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove logger param Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update launch Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove logging changes Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove logging changes Signed-off-by: Jim Bugwadia <jim@nirmata.com> * remove logging changes Signed-off-by: Jim Bugwadia <jim@nirmata.com> * update Helm chart Signed-off-by: Jim Bugwadia <jim@nirmata.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com>
2024-12-15 17:51:20 +00:00 · 2023-07-25 21:22:51 -07:00 · 2023-07-25 21:22:51 -07:00 · be2abbeaa8
commit be2abbeaa8
parent 51e479c819
8 changed files with 32 additions and 5 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -5,7 +5,8 @@
 ### Note

 - Deprecated flag `--imageSignatureRepository`. Will be removed in 1.12. Use per rule configuration `verifyImages.Repository` instead.
- Added `--aggregateReports` flag to reports controller to enable/disable aggregated reports (default value is `true`).
+- Added `--aggregateReports` flag for reports controller to enable/disable aggregated reports (default value is `true`).
+- Added `--policyReports` flag for reports controller to enable/disable policy reports (default value is  `true`).

 ## v1.10.0

--- a/charts/kyverno/README.md
+++ b/charts/kyverno/README.md
@ -292,6 +292,7 @@ The chart values are organised per component.
 |-----|------|---------|-------------|
 | features.admissionReports.enabled | bool | `true` | Enables the feature |
 | features.aggregateReports.enabled | bool | `true` | Enables the feature |
+| features.policyReports.enabled | bool | `true` | Enables the feature |
 | features.autoUpdateWebhooks.enabled | bool | `true` | Enables the feature |
 | features.backgroundScan.enabled | bool | `true` | Enables the feature |
 | features.backgroundScan.backgroundScanWorkers | int | `2` | Number of background scan workers |
--- a/charts/kyverno/templates/_helpers.tpl
+++ b/charts/kyverno/templates/_helpers.tpl
@ -16,6 +16,9 @@
 {{- with .aggregateReports -}}
  {{- $flags = append $flags (print "--aggregateReports=" .enabled) -}}
 {{- end -}}
+{{- with .policyReports -}}
+  {{- $flags = append $flags (print "--policyReports=" .enabled) -}}
+{{- end -}}
 {{- with .autoUpdateWebhooks -}}
  {{- $flags = append $flags (print "--autoUpdateWebhooks=" .enabled) -}}
 {{- end -}}
--- a/charts/kyverno/templates/reports-controller/deployment.yaml
+++ b/charts/kyverno/templates/reports-controller/deployment.yaml
@ -110,6 +110,7 @@ spec:
            {{- include "kyverno.features.flags" (pick (mergeOverwrite .Values.features .Values.reportsController.featuresOverride)
              "admissionReports"
              "aggregateReports"
+              "policyReports"
              "backgroundScan"
              "configMapCaching"
              "deferredLoading"
--- a/charts/kyverno/values.yaml
+++ b/charts/kyverno/values.yaml
@ -349,6 +349,9 @@ features:
  aggregateReports:
    # -- Enables the feature
    enabled: true
+  policyReports:
+    # -- Enables the feature
+    enabled: true
  autoUpdateWebhooks:
    # -- Enables the feature
    enabled: true
--- a/cmd/reports-controller/main.go
+++ b/cmd/reports-controller/main.go
@ -37,6 +37,7 @@ func createReportControllers(
 	backgroundScan bool,
 	admissionReports bool,
 	aggregateReports bool,
+	policyReports bool,
 	reportsChunkSize int,
 	backgroundScanWorkers int,
 	client dclient.Interface,
@ -107,6 +108,7 @@ func createReportControllers(
 					configuration,
 					jp,
 					eventGenerator,
+					policyReports,
 				),
 				backgroundScanWorkers,
 			))
@ -127,6 +129,7 @@ func createrLeaderControllers(
 	backgroundScan bool,
 	admissionReports bool,
 	aggregateReports bool,
+	policyReports bool,
 	reportsChunkSize int,
 	backgroundScanWorkers int,
 	kubeInformer kubeinformers.SharedInformerFactory,
@ -144,6 +147,7 @@ func createrLeaderControllers(
 		backgroundScan,
 		admissionReports,
 		aggregateReports,
+		policyReports,
 		reportsChunkSize,
 		backgroundScanWorkers,
 		dynamicClient,
@ -164,6 +168,7 @@ func main() {
 		backgroundScan         bool
 		admissionReports       bool
 		aggregateReports       bool
+		policyReports          bool
 		reportsChunkSize       int
 		backgroundScanWorkers  int
 		backgroundScanInterval time.Duration
@ -175,6 +180,7 @@ func main() {
 	flagset.BoolVar(&backgroundScan, "backgroundScan", true, "Enable or disable background scan.")
 	flagset.BoolVar(&admissionReports, "admissionReports", true, "Enable or disable admission reports.")
 	flagset.BoolVar(&aggregateReports, "aggregateReports", true, "Enable or disable aggregated policy reports.")
+	flagset.BoolVar(&policyReports, "policyReports", true, "Enable or disable policy reports.")
 	flagset.IntVar(&reportsChunkSize, "reportsChunkSize", 1000, "Max number of results in generated reports, reports will be split accordingly if there are more results to be stored.")
 	flagset.IntVar(&backgroundScanWorkers, "backgroundScanWorkers", backgroundscancontroller.Workers, "Configure the number of background scan workers.")
 	flagset.DurationVar(&backgroundScanInterval, "backgroundScanInterval", time.Hour, "Configure background scan interval.")
@ -268,6 +274,7 @@ func main() {
 				backgroundScan,
 				admissionReports,
 				aggregateReports,
+				policyReports,
 				reportsChunkSize,
 				backgroundScanWorkers,
 				kubeInformer,
--- a/config/install-latest-testing.yaml
+++ b/config/install-latest-testing.yaml
@ -39203,6 +39203,7 @@ spec:
            - --metricsPort=8000
            - --admissionReports=true
            - --aggregateReports=true
+            - --policyReports=true
            - --backgroundScan=true
            - --backgroundScanWorkers=2
            - --backgroundScanInterval=1h
--- a/pkg/controllers/report/background/controller.go
+++ b/pkg/controllers/report/background/controller.go
@ -63,9 +63,10 @@ type controller struct {
 	forceDelay    time.Duration

 	// config
-	config   config.Configuration
-	jp       jmespath.Interface
-	eventGen event.Interface
+	config        config.Configuration
+	jp            jmespath.Interface
+	eventGen      event.Interface
+	policyReports bool
 }

 func NewController(
@ -81,6 +82,7 @@ func NewController(
 	config config.Configuration,
 	jp jmespath.Interface,
 	eventGen event.Interface,
+	policyReports bool,
 ) controllers.Controller {
 	bgscanr := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("backgroundscanreports"))
 	cbgscanr := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("clusterbackgroundscanreports"))
@ -100,6 +102,7 @@ func NewController(
 		config:         config,
 		jp:             jp,
 		eventGen:       eventGen,
+		policyReports:  policyReports,
 	}
 	controllerutils.AddDefaultEventHandlers(logger, bgscanr.Informer(), queue)
 	controllerutils.AddDefaultEventHandlers(logger, cbgscanr.Informer(), queue)
@ -303,7 +306,14 @@ func (c *controller) reconcileReport(
 	if full || !controllerutils.HasAnnotation(desired, annotationLastScanTime) {
 		controllerutils.SetAnnotation(desired, annotationLastScanTime, time.Now().Format(time.RFC3339))
 	}
-	// store report
+	if c.policyReports {
+		return c.storeReport(ctx, observed, desired)
+	}
+	return nil
+}
+
+func (c *controller) storeReport(ctx context.Context, observed, desired kyvernov1alpha2.ReportInterface) error {
+	var err error
 	hasReport := observed.GetResourceVersion() != ""
 	wantsReport := desired != nil && len(desired.GetResults()) != 0
 	if !hasReport && !wantsReport {