feat: add a new API group reports.kyverno.io (#9521)

* feat: add new report interface

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* chore: reports.kyverno.io/v1 apigroup

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* chore: codegen

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: add report manager

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: add reports manager to reports controller

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: add alternateReportStorage to helm chart

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: report utils deepcopy

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* init flag

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* fix: wrong return value

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

---------

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Makefile

@@ -396,7 +396,7 @@ image-build-all: $(BUILD_WITH)-build-all
 GOPATH_SHIM                 := ${PWD}/.gopath
 PACKAGE_SHIM                := $(GOPATH_SHIM)/src/$(PACKAGE)
 OUT_PACKAGE                 := $(PACKAGE)/pkg/client
-INPUT_DIRS                  := $(PACKAGE)/api/kyverno/v1,$(PACKAGE)/api/kyverno/v1alpha2,$(PACKAGE)/api/kyverno/v1beta1,$(PACKAGE)/api/kyverno/v2,$(PACKAGE)/api/kyverno/v2beta1,$(PACKAGE)/api/kyverno/v2alpha1,$(PACKAGE)/api/policyreport/v1alpha2
+INPUT_DIRS                  := $(PACKAGE)/api/kyverno/v1,$(PACKAGE)/api/kyverno/v1alpha2,$(PACKAGE)/api/kyverno/v1beta1,$(PACKAGE)/api/kyverno/v2,$(PACKAGE)/api/kyverno/v2beta1,$(PACKAGE)/api/kyverno/v2alpha1,$(PACKAGE)/api/kyverno/reports/v1,$(PACKAGE)/api/policyreport/v1alpha2
 CLIENTSET_PACKAGE           := $(OUT_PACKAGE)/clientset
 LISTERS_PACKAGE             := $(OUT_PACKAGE)/listers
 INFORMERS_PACKAGE           := $(OUT_PACKAGE)/informers

api/kyverno/reports/v1/admission_report_types.go

@@ -0,0 +1,124 @@
+/*
+Copyright 2020 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1
+
+import (
+	policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type AdmissionReportSpec struct {
+	// Owner is a reference to the report owner (e.g. a Deployment, Namespace, or Node)
+	Owner metav1.OwnerReference `json:"owner"`
+
+	// PolicyReportSummary provides a summary of results
+	// +optional
+	Summary policyreportv1alpha2.PolicyReportSummary `json:"summary,omitempty"`
+
+	// PolicyReportResult provides result details
+	// +optional
+	Results []policyreportv1alpha2.PolicyReportResult `json:"results,omitempty"`
+}
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:object:root=true
+// +kubebuilder:storageversion
+// +kubebuilder:resource:shortName=admr,categories=kyverno
+// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:printcolumn:name="PASS",type=integer,JSONPath=".spec.summary.pass"
+// +kubebuilder:printcolumn:name="FAIL",type=integer,JSONPath=".spec.summary.fail"
+// +kubebuilder:printcolumn:name="WARN",type=integer,JSONPath=".spec.summary.warn"
+// +kubebuilder:printcolumn:name="ERROR",type=integer,JSONPath=".spec.summary.error"
+// +kubebuilder:printcolumn:name="SKIP",type=integer,JSONPath=".spec.summary.skip"
+// +kubebuilder:printcolumn:name="GVR",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/resource\\.gvr']"
+// +kubebuilder:printcolumn:name="REF",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/resource\\.name']"
+// +kubebuilder:printcolumn:name="AGGREGATE",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/report\\.aggregate']",priority=1
+
+// AdmissionReport is the Schema for the AdmissionReports API
+type AdmissionReport struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+	Spec              AdmissionReportSpec `json:"spec"`
+}
+
+func (r *AdmissionReport) GetResults() []policyreportv1alpha2.PolicyReportResult {
+	return r.Spec.Results
+}
+
+func (r *AdmissionReport) SetResults(results []policyreportv1alpha2.PolicyReportResult) {
+	r.Spec.Results = results
+}
+
+func (r *AdmissionReport) SetSummary(summary policyreportv1alpha2.PolicyReportSummary) {
+	r.Spec.Summary = summary
+}
+
+// +genclient
+// +genclient:nonNamespaced
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:object:root=true
+// +kubebuilder:storageversion
+// +kubebuilder:resource:scope=Cluster,shortName=cadmr,categories=kyverno
+// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:printcolumn:name="PASS",type=integer,JSONPath=".spec.summary.pass"
+// +kubebuilder:printcolumn:name="FAIL",type=integer,JSONPath=".spec.summary.fail"
+// +kubebuilder:printcolumn:name="WARN",type=integer,JSONPath=".spec.summary.warn"
+// +kubebuilder:printcolumn:name="ERROR",type=integer,JSONPath=".spec.summary.error"
+// +kubebuilder:printcolumn:name="SKIP",type=integer,JSONPath=".spec.summary.skip"
+// +kubebuilder:printcolumn:name="GVR",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/resource\\.gvr']"
+// +kubebuilder:printcolumn:name="REF",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/resource\\.name']"
+// +kubebuilder:printcolumn:name="AGGREGATE",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/report\\.aggregate']",priority=1
+
+// ClusterAdmissionReport is the Schema for the ClusterAdmissionReports API
+type ClusterAdmissionReport struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+	Spec              AdmissionReportSpec `json:"spec"`
+}
+
+func (r *ClusterAdmissionReport) GetResults() []policyreportv1alpha2.PolicyReportResult {
+	return r.Spec.Results
+}
+
+func (r *ClusterAdmissionReport) SetResults(results []policyreportv1alpha2.PolicyReportResult) {
+	r.Spec.Results = results
+}
+
+func (r *ClusterAdmissionReport) SetSummary(summary policyreportv1alpha2.PolicyReportSummary) {
+	r.Spec.Summary = summary
+}
+
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// AdmissionReportList contains a list of AdmissionReport
+type AdmissionReportList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []AdmissionReport `json:"items"`
+}
+
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// ClusterAdmissionReportList contains a list of ClusterAdmissionReport
+type ClusterAdmissionReportList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []ClusterAdmissionReport `json:"items"`
+}

api/kyverno/reports/v1/background_scan_report_types.go

@@ -0,0 +1,123 @@
+/*
+Copyright 2020 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1
+
+import (
+	policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type BackgroundScanReportSpec struct {
+	// PolicyReportSummary provides a summary of results
+	// +optional
+	Summary policyreportv1alpha2.PolicyReportSummary `json:"summary,omitempty"`
+
+	// PolicyReportResult provides result details
+	// +optional
+	Results []policyreportv1alpha2.PolicyReportResult `json:"results,omitempty"`
+}
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:object:root=true
+// +kubebuilder:storageversion
+// +kubebuilder:resource:shortName=bgscanr,categories=kyverno
+// +kubebuilder:printcolumn:name="ApiVersion",type=string,JSONPath=".metadata.ownerReferences[0].apiVersion"
+// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=".metadata.ownerReferences[0].kind"
+// +kubebuilder:printcolumn:name="Subject",type=string,JSONPath=".metadata.ownerReferences[0].name"
+// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=".spec.summary.pass"
+// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=".spec.summary.fail"
+// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=".spec.summary.warn"
+// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=".spec.summary.error"
+// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=".spec.summary.skip"
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:printcolumn:name="Hash",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/resource\\.hash']",priority=1
+
+// BackgroundScanReport is the Schema for the BackgroundScanReports API
+type BackgroundScanReport struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+	Spec              BackgroundScanReportSpec `json:"spec"`
+}
+
+func (r *BackgroundScanReport) GetResults() []policyreportv1alpha2.PolicyReportResult {
+	return r.Spec.Results
+}
+
+func (r *BackgroundScanReport) SetResults(results []policyreportv1alpha2.PolicyReportResult) {
+	r.Spec.Results = results
+}
+
+func (r *BackgroundScanReport) SetSummary(summary policyreportv1alpha2.PolicyReportSummary) {
+	r.Spec.Summary = summary
+}
+
+// +genclient
+// +genclient:nonNamespaced
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:object:root=true
+// +kubebuilder:storageversion
+// +kubebuilder:resource:scope=Cluster,shortName=cbgscanr,categories=kyverno
+// +kubebuilder:printcolumn:name="ApiVersion",type=string,JSONPath=".metadata.ownerReferences[0].apiVersion"
+// +kubebuilder:printcolumn:name="Kind",type=string,JSONPath=".metadata.ownerReferences[0].kind"
+// +kubebuilder:printcolumn:name="Subject",type=string,JSONPath=".metadata.ownerReferences[0].name"
+// +kubebuilder:printcolumn:name="Pass",type=integer,JSONPath=".spec.summary.pass"
+// +kubebuilder:printcolumn:name="Fail",type=integer,JSONPath=".spec.summary.fail"
+// +kubebuilder:printcolumn:name="Warn",type=integer,JSONPath=".spec.summary.warn"
+// +kubebuilder:printcolumn:name="Error",type=integer,JSONPath=".spec.summary.error"
+// +kubebuilder:printcolumn:name="Skip",type=integer,JSONPath=".spec.summary.skip"
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:printcolumn:name="Hash",type=string,JSONPath=".metadata.labels['audit\\.kyverno\\.io/resource\\.hash']",priority=1
+
+// ClusterBackgroundScanReport is the Schema for the ClusterBackgroundScanReports API
+type ClusterBackgroundScanReport struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+	Spec              BackgroundScanReportSpec `json:"spec"`
+}
+
+func (r *ClusterBackgroundScanReport) GetResults() []policyreportv1alpha2.PolicyReportResult {
+	return r.Spec.Results
+}
+
+func (r *ClusterBackgroundScanReport) SetResults(results []policyreportv1alpha2.PolicyReportResult) {
+	r.Spec.Results = results
+}
+
+func (r *ClusterBackgroundScanReport) SetSummary(summary policyreportv1alpha2.PolicyReportSummary) {
+	r.Spec.Summary = summary
+}
+
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// BackgroundScanReportList contains a list of BackgroundScanReport
+type BackgroundScanReportList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []BackgroundScanReport `json:"items"`
+}
+
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// ClusterBackgroundScanReportList contains a list of ClusterBackgroundScanReport
+type ClusterBackgroundScanReportList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []ClusterBackgroundScanReport `json:"items"`
+}

api/kyverno/reports/v1/doc.go

@@ -0,0 +1,21 @@
+/*
+Copyright 2020 The Kubernetes authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// +k8s:openapi-gen=true
+// +k8s:deepcopy-gen=package
+// +kubebuilder:object:generate=true
+// +groupName=reports.kyverno.io
+package v1

api/kyverno/reports/v1/zz_generated.deepcopy.go

@@ -0,0 +1,316 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by deepcopy-gen. DO NOT EDIT.
+
+package v1
+
+import (
+	v1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AdmissionReport) DeepCopyInto(out *AdmissionReport) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionReport.
+func (in *AdmissionReport) DeepCopy() *AdmissionReport {
+	if in == nil {
+		return nil
+	}
+	out := new(AdmissionReport)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *AdmissionReport) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AdmissionReportList) DeepCopyInto(out *AdmissionReportList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]AdmissionReport, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionReportList.
+func (in *AdmissionReportList) DeepCopy() *AdmissionReportList {
+	if in == nil {
+		return nil
+	}
+	out := new(AdmissionReportList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *AdmissionReportList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *AdmissionReportSpec) DeepCopyInto(out *AdmissionReportSpec) {
+	*out = *in
+	in.Owner.DeepCopyInto(&out.Owner)
+	out.Summary = in.Summary
+	if in.Results != nil {
+		in, out := &in.Results, &out.Results
+		*out = make([]v1alpha2.PolicyReportResult, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionReportSpec.
+func (in *AdmissionReportSpec) DeepCopy() *AdmissionReportSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(AdmissionReportSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *BackgroundScanReport) DeepCopyInto(out *BackgroundScanReport) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackgroundScanReport.
+func (in *BackgroundScanReport) DeepCopy() *BackgroundScanReport {
+	if in == nil {
+		return nil
+	}
+	out := new(BackgroundScanReport)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *BackgroundScanReport) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *BackgroundScanReportList) DeepCopyInto(out *BackgroundScanReportList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]BackgroundScanReport, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackgroundScanReportList.
+func (in *BackgroundScanReportList) DeepCopy() *BackgroundScanReportList {
+	if in == nil {
+		return nil
+	}
+	out := new(BackgroundScanReportList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *BackgroundScanReportList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *BackgroundScanReportSpec) DeepCopyInto(out *BackgroundScanReportSpec) {
+	*out = *in
+	out.Summary = in.Summary
+	if in.Results != nil {
+		in, out := &in.Results, &out.Results
+		*out = make([]v1alpha2.PolicyReportResult, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BackgroundScanReportSpec.
+func (in *BackgroundScanReportSpec) DeepCopy() *BackgroundScanReportSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(BackgroundScanReportSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClusterAdmissionReport) DeepCopyInto(out *ClusterAdmissionReport) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAdmissionReport.
+func (in *ClusterAdmissionReport) DeepCopy() *ClusterAdmissionReport {
+	if in == nil {
+		return nil
+	}
+	out := new(ClusterAdmissionReport)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ClusterAdmissionReport) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClusterAdmissionReportList) DeepCopyInto(out *ClusterAdmissionReportList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]ClusterAdmissionReport, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAdmissionReportList.
+func (in *ClusterAdmissionReportList) DeepCopy() *ClusterAdmissionReportList {
+	if in == nil {
+		return nil
+	}
+	out := new(ClusterAdmissionReportList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ClusterAdmissionReportList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClusterBackgroundScanReport) DeepCopyInto(out *ClusterBackgroundScanReport) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterBackgroundScanReport.
+func (in *ClusterBackgroundScanReport) DeepCopy() *ClusterBackgroundScanReport {
+	if in == nil {
+		return nil
+	}
+	out := new(ClusterBackgroundScanReport)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ClusterBackgroundScanReport) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ClusterBackgroundScanReportList) DeepCopyInto(out *ClusterBackgroundScanReportList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]ClusterBackgroundScanReport, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterBackgroundScanReportList.
+func (in *ClusterBackgroundScanReportList) DeepCopy() *ClusterBackgroundScanReportList {
+	if in == nil {
+		return nil
+	}
+	out := new(ClusterBackgroundScanReportList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *ClusterBackgroundScanReportList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}

api/kyverno/reports/v1/zz_generated.defaults.go

@@ -0,0 +1,33 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by defaulter-gen. DO NOT EDIT.
+
+package v1
+
+import (
+	runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+// RegisterDefaults adds defaulters functions to the given scheme.
+// Public to allow building arbitrary schemes.
+// All generated defaulters are covering - they call all nested defaulters.
+func RegisterDefaults(scheme *runtime.Scheme) error {
+	return nil
+}

api/kyverno/reports/v1/zz_generated.register.go

@@ -0,0 +1,73 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by register-gen. DO NOT EDIT.
+
+package v1
+
+import (
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+// GroupName specifies the group name used to register the objects.
+const GroupName = "reports.kyverno.io"
+
+// GroupVersion specifies the group and the version used to register the objects.
+var GroupVersion = v1.GroupVersion{Group: GroupName, Version: "v1"}
+
+// SchemeGroupVersion is group version used to register these objects
+// Deprecated: use GroupVersion instead.
+var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"}
+
+// Resource takes an unqualified resource and returns a Group qualified GroupResource
+func Resource(resource string) schema.GroupResource {
+	return SchemeGroupVersion.WithResource(resource).GroupResource()
+}
+
+var (
+	// localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes.
+	SchemeBuilder      runtime.SchemeBuilder
+	localSchemeBuilder = &SchemeBuilder
+	// Depreciated: use Install instead
+	AddToScheme = localSchemeBuilder.AddToScheme
+	Install     = localSchemeBuilder.AddToScheme
+)
+
+func init() {
+	// We only register manually written functions here. The registration of the
+	// generated functions takes place in the generated files. The separation
+	// makes the code compile even when the generated files are missing.
+	localSchemeBuilder.Register(addKnownTypes)
+}
+
+// Adds the list of known types to Scheme.
+func addKnownTypes(scheme *runtime.Scheme) error {
+	scheme.AddKnownTypes(SchemeGroupVersion,
+		&AdmissionReport{},
+		&AdmissionReportList{},
+		&BackgroundScanReport{},
+		&BackgroundScanReportList{},
+		&ClusterAdmissionReport{},
+		&ClusterAdmissionReportList{},
+		&ClusterBackgroundScanReport{},
+		&ClusterBackgroundScanReportList{},
+	)
+	// AddToGroupVersion allows the serialization of client types like ListOptions.
+	v1.AddToGroupVersion(scheme, SchemeGroupVersion)
+	return nil
+}

charts/kyverno/README.md

@@ -313,6 +313,7 @@ The chart values are organised per component.
 |-----|------|---------|-------------|
 | features.admissionReports.enabled | bool | `true` | Enables the feature |
 | features.aggregateReports.enabled | bool | `true` | Enables the feature |
+| features.alternateReportStorage.enabled | bool | `false` | Enables the feature |
 | features.policyReports.enabled | bool | `true` | Enables the feature |
 | features.validatingAdmissionPolicyReports.enabled | bool | `false` | Enables the feature |
 | features.autoUpdateWebhooks.enabled | bool | `true` | Enables the feature |

charts/kyverno/templates/_helpers.tpl

@@ -16,6 +16,9 @@
 {{- with .aggregateReports -}}
   {{- $flags = append $flags (print "--aggregateReports=" .enabled) -}}
 {{- end -}}
+{{- with .alternateReportStorage -}}
+  {{- $flags = append $flags (print "--alternateReportStorage=" .enabled) -}}
+{{- end -}}
 {{- with .policyReports -}}
   {{- $flags = append $flags (print "--policyReports=" .enabled) -}}
 {{- end -}}

charts/kyverno/templates/admission-controller/clusterrole.yaml

@@ -68,6 +68,22 @@ rules:
       - update
       - watch
       - deletecollection
+  - apiGroups:
+      - reports.kyverno.io
+    resources:
+      - admissionreports
+      - clusteradmissionreports
+      - backgroundscanreports
+      - clusterbackgroundscanreports
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+      - deletecollection
   - apiGroups:
       - wgpolicyk8s.io
     resources:
@@ -146,4 +162,4 @@ metadata:
 rules:
   {{- toYaml . | nindent 2 }}
 {{- end }}
-{{- end }}
+{{- end }}

charts/kyverno/templates/admission-controller/deployment.yaml

@@ -168,6 +168,7 @@ spec:
               "policyExceptions"
               "protectManagedResources"
               "registryClient"
+              "alternateReportStorage"
               "tuf"
             ) | nindent 12 }}
             {{- range $key, $value := .Values.admissionController.container.extraArgs }}

charts/kyverno/templates/admission-controller/flowschema.yaml

@@ -81,6 +81,37 @@ spec:
         - update
         - watch
         - deletecollection
+    - apiGroups:
+        - reports.kyverno.io
+      clusterScope: true
+      resources:
+        - clusteradmissionreports
+        - clusterbackgroundscanreports
+      verbs:
+        - create
+        - delete
+        - get
+        - list
+        - patch
+        - update
+        - watch
+        - deletecollection
+    - apiGroups:
+        - reports.kyverno.io
+      namespaces:
+        - '*'
+      resources:
+        - admissionreports
+        - backgroundscanreports
+      verbs:
+        - create
+        - delete
+        - get
+        - list
+        - patch
+        - update
+        - watch
+        - deletecollection
     - apiGroups:
         - wgpolicyk8s.io
       clusterScope: true
@@ -192,4 +223,4 @@ spec:
       serviceAccount:
         name: {{ template "kyverno.admission-controller.serviceAccountName" . }}
         namespace: {{ template "kyverno.namespace" . }}
-{{- end }}
+{{- end }}

charts/kyverno/templates/background-controller/deployment.yaml

@@ -120,6 +120,7 @@ spec:
               "logging"
               "omitEvents"
               "policyExceptions"
+              "alternateReportStorage"
             ) | nindent 12 }}
             {{- range $key, $value := .Values.backgroundController.extraArgs }}
             {{- if $value }}

charts/kyverno/templates/cleanup/cleanup-admission-reports.yaml

@@ -40,10 +40,10 @@ spec:
             - /bin/sh
             - -c
             - |
-              COUNT=$(kubectl get admissionreports.kyverno.io -A | wc -l)
+              COUNT=$(kubectl get admissionreports.reports.kyverno.io -A | wc -l)
               if [ "$COUNT" -gt {{ .Values.cleanupJobs.admissionReports.threshold }} ]; then
                 echo "too many reports found ($COUNT), cleaning up..."
-                kubectl delete admissionreports.kyverno.io -A -l='!audit.kyverno.io/report.aggregate'
+                kubectl delete admissionreports.reports.kyverno.io -A -l='!audit.kyverno.io/report.aggregate'
               else
                 echo "($COUNT) reports found, no clean up needed"
               fi
@@ -83,4 +83,4 @@ spec:
               {{- tpl (toYaml .) $ | nindent 14 }}
             {{- end }}
           {{- end }}
-{{- end -}}
+{{- end -}}

charts/kyverno/templates/cleanup/cleanup-cluster-admission-reports.yaml

@@ -40,10 +40,10 @@ spec:
             - /bin/sh
             - -c
             - |
-              COUNT=$(kubectl get clusteradmissionreports.kyverno.io -A | wc -l)
+              COUNT=$(kubectl get clusteradmissionreports.reports.kyverno.io -A | wc -l)
               if [ "$COUNT" -gt {{ .Values.cleanupJobs.clusterAdmissionReports.threshold }} ]; then
                 echo "too many reports found ($COUNT), cleaning up..."
-                kubectl delete clusteradmissionreports.kyverno.io -A -l='!audit.kyverno.io/report.aggregate'
+                kubectl delete clusteradmissionreports.reports.kyverno.io -A -l='!audit.kyverno.io/report.aggregate'
               else
                 echo "($COUNT) reports found, no clean up needed"
               fi
@@ -83,4 +83,4 @@ spec:
               {{- tpl (toYaml .) $ | nindent 14 }}
             {{- end }}
           {{- end }}
-{{- end -}}
+{{- end -}}

charts/kyverno/templates/cleanup/clusterrole.yaml

@@ -14,3 +14,12 @@ rules:
       - list
       - deletecollection
       - delete
+  - apiGroups:
+      - reports.kyverno.io
+    resources:
+      - admissionreports
+      - clusteradmissionreports
+    verbs:
+      - list
+      - deletecollection
+      - delete

charts/kyverno/templates/rbac/reports.yaml

@@ -21,6 +21,21 @@ rules:
       - patch
       - update
       - watch
+  - apiGroups:
+      - reports.kyverno.io
+    resources:
+      - admissionreports
+      - clusteradmissionreports
+      - backgroundscanreports
+      - clusterbackgroundscanreports
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -40,4 +55,15 @@ rules:
       - get
       - list
       - watch
-{{- end -}}
+  - apiGroups:
+      - reports.kyverno.io
+    resources:
+      - admissionreports
+      - clusteradmissionreports
+      - backgroundscanreports
+      - clusterbackgroundscanreports
+    verbs:
+      - get
+      - list
+      - watch
+{{- end -}}

charts/kyverno/templates/reports-controller/clusterrole.yaml

@@ -55,6 +55,22 @@ rules:
       - update
       - watch
       - deletecollection
+  - apiGroups:
+      - reports.kyverno.io
+    resources:
+      - admissionreports
+      - clusteradmissionreports
+      - backgroundscanreports
+      - clusterbackgroundscanreports
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+      - deletecollection
   - apiGroups:
       - wgpolicyk8s.io
     resources:
@@ -100,4 +116,4 @@ rules:
   {{- end }}
 {{- end }}
 {{- end }}
-{{- end }}
+{{- end }}

charts/kyverno/templates/reports-controller/deployment.yaml

@@ -127,6 +127,7 @@ spec:
               "policyExceptions"
               "reports"
               "registryClient"
+              "alternateReportStorage"
               "tuf"
             ) | nindent 12 }}
             {{- range $key, $value := .Values.reportsController.extraArgs }}

charts/kyverno/templates/reports-controller/flowschema.yaml

@@ -51,6 +51,37 @@ spec:
         - update
         - watch
         - deletecollection
+    - apiGroups:
+        - reports.kyverno.io
+      clusterScope: true
+      resources:
+        - clusteradmissionreports
+        - clusterbackgroundscanreports
+      verbs:
+        - create
+        - delete
+        - get
+        - list
+        - patch
+        - update
+        - watch
+        - deletecollection
+    - apiGroups:
+        - reports.kyverno.io
+      namespaces:
+        - '*'
+      resources:
+        - admissionreports
+        - backgroundscanreports
+      verbs:
+        - create
+        - delete
+        - get
+        - list
+        - patch
+        - update
+        - watch
+        - deletecollection
     - apiGroups:
         - wgpolicyk8s.io
       clusterScope: true
@@ -119,4 +150,4 @@ spec:
       serviceAccount:
         name: {{ template "kyverno.reports-controller.serviceAccountName" . }}
         namespace: {{ template "kyverno.namespace" . }}
-{{- end }}
+{{- end }}

charts/kyverno/values.yaml

@@ -561,6 +561,9 @@ features:
   aggregateReports:
     # -- Enables the feature
     enabled: true
+  alternateReportStorage:
+    # -- Enables the feature
+    enabled: false
   policyReports:
     # -- Enables the feature
     enabled: true

cmd/background-controller/main.go

@@ -106,6 +106,7 @@ func main() {
 		internal.WithRegistryClient(),
 		internal.WithLeaderElection(),
 		internal.WithKyvernoClient(),
+		internal.WithAlternateReportStore(),
 		internal.WithDynamicClient(),
 		internal.WithKyvernoDynamicClient(),
 		internal.WithEventsClient(),

cmd/internal/config.go

@@ -17,6 +17,7 @@ type Configuration interface {
 	UsesImageVerifyCache() bool
 	UsesLeaderElection() bool
 	UsesKyvernoClient() bool
+	UsesAlternateReportStore() bool
 	UsesDynamicClient() bool
 	UsesApiServerClient() bool
 	UsesMetadataClient() bool
@@ -107,6 +108,12 @@ func WithKyvernoClient() ConfigurationOption {
 	}
 }
 
+func WithAlternateReportStore() ConfigurationOption {
+	return func(c *configuration) {
+		c.usesAlternateReportStore = true
+	}
+}
+
 func WithDynamicClient() ConfigurationOption {
 	return func(c *configuration) {
 		c.usesDynamicClient = true
@@ -158,6 +165,7 @@ type configuration struct {
 	usesImageVerifyCache     bool
 	usesLeaderElection       bool
 	usesKyvernoClient        bool
+	usesAlternateReportStore bool
 	usesDynamicClient        bool
 	usesApiServerClient      bool
 	usesMetadataClient       bool
@@ -214,6 +222,10 @@ func (c *configuration) UsesKyvernoClient() bool {
 	return c.usesKyvernoClient
 }
 
+func (c *configuration) UsesAlternateReportStore() bool {
+	return c.usesAlternateReportStore
+}
+
 func (c *configuration) UsesDynamicClient() bool {
 	return c.usesDynamicClient
 }

cmd/internal/flag.go

@@ -56,6 +56,8 @@ var (
 	imageVerifyCacheEnabled     bool
 	imageVerifyCacheTTLDuration time.Duration
 	imageVerifyCacheMaxSize     int64
+	// alternate report storage
+	alternateReportStorage bool
 )
 
 func initLoggingFlags() {
@@ -133,6 +135,10 @@ func initCleanupFlags() {
 	flag.StringVar(&cleanupServerPort, "cleanupServerPort", "9443", "kyverno cleanup server port, defaults to '9443'.")
 }
 
+func initAltReportStoreFlag() {
+	flag.BoolVar(&alternateReportStorage, "alternateReportStorage", false, "Store kyverno intermediate reports in a separate api group reports.kyverno.io. defaults to false.")
+}
+
 type options struct {
 	clientRateLimitQPS   float64
 	clientRateLimitBurst int
@@ -216,6 +222,10 @@ func initFlags(config Configuration, opts ...Option) {
 	if config.UsesLeaderElection() {
 		initLeaderElectionFlags()
 	}
+	// alternate report storage
+	if config.UsesAlternateReportStore() {
+		initAltReportStoreFlag()
+	}
 
 	initCleanupFlags()
 

cmd/internal/setup.go

@@ -16,6 +16,7 @@ import (
 	"github.com/kyverno/kyverno/pkg/imageverifycache"
 	"github.com/kyverno/kyverno/pkg/metrics"
 	"github.com/kyverno/kyverno/pkg/registryclient"
+	"github.com/kyverno/kyverno/pkg/report"
 	eventsv1 "k8s.io/client-go/kubernetes/typed/events/v1"
 	corev1listers "k8s.io/client-go/listers/core/v1"
 )
@@ -48,6 +49,7 @@ type SetupResult struct {
 	MetadataClient         metadataclient.UpstreamInterface
 	KyvernoDynamicClient   dclient.Interface
 	EventsClient           eventsv1.EventsV1Interface
+	ReportManager          report.Interface
 }
 
 func Setup(config Configuration, name string, skipResourceFilters bool) (context.Context, SetupResult, context.CancelFunc) {
@@ -82,8 +84,13 @@ func Setup(config Configuration, name string, skipResourceFilters bool) (context
 		leaderElectionClient = createKubernetesClient(logger, clientRateLimitQPS, clientRateLimitBurst, kubeclient.WithMetrics(metricsManager, metrics.KubeClient), kubeclient.WithTracing())
 	}
 	var kyvernoClient kyvernoclient.UpstreamInterface
+	var reportManager report.Interface
 	if config.UsesKyvernoClient() {
 		kyvernoClient = createKyvernoClient(logger, kyvernoclient.WithMetrics(metricsManager, metrics.KyvernoClient), kyvernoclient.WithTracing())
+
+		if config.UsesAlternateReportStore() {
+			reportManager = report.NewReportManager(alternateReportStorage, kyvernoClient)
+		}
 	}
 	var dynamicClient dynamicclient.UpstreamInterface
 	if config.UsesDynamicClient() {
@@ -123,6 +130,7 @@ func Setup(config Configuration, name string, skipResourceFilters bool) (context
 			MetadataClient:         metadataClient,
 			KyvernoDynamicClient:   dClient,
 			EventsClient:           eventsClient,
+			ReportManager:          reportManager,
 		},
 		shutdown(logger.WithName("shutdown"), sdownMaxProcs, sdownMetrics, sdownTracing, sdownSignals)
 }

cmd/kyverno/main.go

@@ -254,6 +254,7 @@ func main() {
 		internal.WithImageVerifyCache(),
 		internal.WithLeaderElection(),
 		internal.WithKyvernoClient(),
+		internal.WithAlternateReportStore(),
 		internal.WithDynamicClient(),
 		internal.WithKyvernoDynamicClient(),
 		internal.WithEventsClient(),
@@ -482,6 +483,7 @@ func main() {
 		engine,
 		setup.KyvernoDynamicClient,
 		setup.KyvernoClient,
+		setup.ReportManager,
 		setup.Configuration,
 		setup.MetricsManager,
 		policyCache,

cmd/reports-controller/main.go

@@ -24,6 +24,7 @@ import (
 	"github.com/kyverno/kyverno/pkg/event"
 	"github.com/kyverno/kyverno/pkg/leaderelection"
 	"github.com/kyverno/kyverno/pkg/logging"
+	"github.com/kyverno/kyverno/pkg/report"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	kubeinformers "k8s.io/client-go/informers"
 	admissionregistrationv1alpha1informers "k8s.io/client-go/informers/admissionregistration/v1alpha1"
@@ -46,6 +47,7 @@ func createReportControllers(
 	backgroundScanWorkers int,
 	client dclient.Interface,
 	kyvernoClient versioned.Interface,
+	reportManager report.Interface,
 	metadataFactory metadatainformers.SharedInformerFactory,
 	kubeInformer kubeinformers.SharedInformerFactory,
 	kyvernoInformer kyvernoinformer.SharedInformerFactory,
@@ -85,6 +87,7 @@ func createReportControllers(
 				aggregatereportcontroller.NewController(
 					kyvernoClient,
 					metadataFactory,
+					reportManager,
 					kyvernoV1.Policies(),
 					kyvernoV1.ClusterPolicies(),
 					vapInformer,
@@ -101,6 +104,7 @@ func createReportControllers(
 					kyvernoClient,
 					client,
 					metadataFactory,
+					reportManager,
 				),
 				admissionreportcontroller.Workers,
 			))
@@ -109,6 +113,7 @@ func createReportControllers(
 			backgroundScanController := backgroundscancontroller.NewController(
 				client,
 				kyvernoClient,
+				reportManager,
 				eng,
 				metadataFactory,
 				kyvernoV1.Policies(),
@@ -153,6 +158,7 @@ func createrLeaderControllers(
 	kyvernoInformer kyvernoinformer.SharedInformerFactory,
 	metadataInformer metadatainformers.SharedInformerFactory,
 	kyvernoClient versioned.Interface,
+	reportManager report.Interface,
 	dynamicClient dclient.Interface,
 	configuration config.Configuration,
 	jp jmespath.Interface,
@@ -170,6 +176,7 @@ func createrLeaderControllers(
 		backgroundScanWorkers,
 		dynamicClient,
 		kyvernoClient,
+		reportManager,
 		metadataInformer,
 		kubeInformer,
 		kyvernoInformer,
@@ -223,6 +230,7 @@ func main() {
 		internal.WithImageVerifyCache(),
 		internal.WithLeaderElection(),
 		internal.WithKyvernoClient(),
+		internal.WithAlternateReportStore(),
 		internal.WithDynamicClient(),
 		internal.WithMetadataClient(),
 		internal.WithKyvernoDynamicClient(),
@@ -313,6 +321,7 @@ func main() {
 				kyvernoInformer,
 				metadataInformer,
 				setup.KyvernoClient,
+				setup.ReportManager,
 				setup.KyvernoDynamicClient,
 				setup.Configuration,
 				setup.Jp,

config/crds/reports.kyverno.io_admissionreports.yaml

@@ -0,0 +1,330 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.12.0
+  name: admissionreports.reports.kyverno.io
+spec:
+  group: reports.kyverno.io
+  names:
+    categories:
+    - kyverno
+    kind: AdmissionReport
+    listKind: AdmissionReportList
+    plural: admissionreports
+    shortNames:
+    - admr
+    singular: admissionreport
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .metadata.creationTimestamp
+      name: AGE
+      type: date
+    - jsonPath: .spec.summary.pass
+      name: PASS
+      type: integer
+    - jsonPath: .spec.summary.fail
+      name: FAIL
+      type: integer
+    - jsonPath: .spec.summary.warn
+      name: WARN
+      type: integer
+    - jsonPath: .spec.summary.error
+      name: ERROR
+      type: integer
+    - jsonPath: .spec.summary.skip
+      name: SKIP
+      type: integer
+    - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.gvr']
+      name: GVR
+      type: string
+    - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.name']
+      name: REF
+      type: string
+    - jsonPath: .metadata.labels['audit\.kyverno\.io/report\.aggregate']
+      name: AGGREGATE
+      priority: 1
+      type: string
+    name: v1
+    schema:
+      openAPIV3Schema:
+        description: AdmissionReport is the Schema for the AdmissionReports API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              owner:
+                description: Owner is a reference to the report owner (e.g. a Deployment,
+                  Namespace, or Node)
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  blockOwnerDeletion:
+                    description: If true, AND if the owner has the "foregroundDeletion"
+                      finalizer, then the owner cannot be deleted from the key-value
+                      store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
+                      for how the garbage collector interacts with this field and
+                      enforces the foreground deletion. Defaults to false. To set
+                      this field, a user needs "delete" permission of the owner, otherwise
+                      422 (Unprocessable Entity) will be returned.
+                    type: boolean
+                  controller:
+                    description: If true, this reference points to the managing controller.
+                    type: boolean
+                  kind:
+                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names'
+                    type: string
+                  uid:
+                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids'
+                    type: string
+                required:
+                - apiVersion
+                - kind
+                - name
+                - uid
+                type: object
+                x-kubernetes-map-type: atomic
+              results:
+                description: PolicyReportResult provides result details
+                items:
+                  description: PolicyReportResult provides the result for an individual
+                    policy
+                  properties:
+                    category:
+                      description: Category indicates policy category
+                      type: string
+                    message:
+                      description: Description is a short user friendly message for
+                        the policy rule
+                      type: string
+                    policy:
+                      description: Policy is the name or identifier of the policy
+                      type: string
+                    properties:
+                      additionalProperties:
+                        type: string
+                      description: Properties provides additional information for
+                        the policy rule
+                      type: object
+                    resourceSelector:
+                      description: SubjectSelector is an optional label selector for
+                        checked Kubernetes resources. For example, a policy result
+                        may apply to all pods that match a label. Either a Subject
+                        or a SubjectSelector can be specified. If neither are provided,
+                        the result is assumed to be for the policy report scope.
+                      properties:
+                        matchExpressions:
+                          description: matchExpressions is a list of label selector
+                            requirements. The requirements are ANDed.
+                          items:
+                            description: A label selector requirement is a selector
+                              that contains values, a key, and an operator that relates
+                              the key and values.
+                            properties:
+                              key:
+                                description: key is the label key that the selector
+                                  applies to.
+                                type: string
+                              operator:
+                                description: operator represents a key's relationship
+                                  to a set of values. Valid operators are In, NotIn,
+                                  Exists and DoesNotExist.
+                                type: string
+                              values:
+                                description: values is an array of string values.
+                                  If the operator is In or NotIn, the values array
+                                  must be non-empty. If the operator is Exists or
+                                  DoesNotExist, the values array must be empty. This
+                                  array is replaced during a strategic merge patch.
+                                items:
+                                  type: string
+                                type: array
+                            required:
+                            - key
+                            - operator
+                            type: object
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            type: string
+                          description: matchLabels is a map of {key,value} pairs.
+                            A single {key,value} in the matchLabels map is equivalent
+                            to an element of matchExpressions, whose key field is
+                            "key", the operator is "In", and the values array contains
+                            only "value". The requirements are ANDed.
+                          type: object
+                      type: object
+                      x-kubernetes-map-type: atomic
+                    resources:
+                      description: Subjects is an optional reference to the checked
+                        Kubernetes resources
+                      items:
+                        description: "ObjectReference contains enough information
+                          to let you inspect or modify the referred object. --- New
+                          uses of this type are discouraged because of difficulty
+                          describing its usage when embedded in APIs. 1. Ignored fields.
+                          \ It includes many fields which are not generally honored.
+                          \ For instance, ResourceVersion and FieldPath are both very
+                          rarely valid in actual usage. 2. Invalid usage help.  It
+                          is impossible to add specific help for individual usage.
+                          \ In most embedded usages, there are particular restrictions
+                          like, \"must refer only to types A and B\" or \"UID not
+                          honored\" or \"name must be restricted\". Those cannot be
+                          well described when embedded. 3. Inconsistent validation.
+                          \ Because the usages are different, the validation rules
+                          are different by usage, which makes it hard for users to
+                          predict what will happen. 4. The fields are both imprecise
+                          and overly precise.  Kind is not a precise mapping to a
+                          URL. This can produce ambiguity during interpretation and
+                          require a REST mapping.  In most cases, the dependency is
+                          on the group,resource tuple and the version of the actual
+                          struct is irrelevant. 5. We cannot easily change it.  Because
+                          this type is embedded in many locations, updates to this
+                          type will affect numerous schemas.  Don't make new APIs
+                          embed an underspecified API type they do not control. \n
+                          Instead of using this type, create a locally provided and
+                          used type that is well-focused on your reference. For example,
+                          ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                          ."
+                        properties:
+                          apiVersion:
+                            description: API version of the referent.
+                            type: string
+                          fieldPath:
+                            description: 'If referring to a piece of an object instead
+                              of an entire object, this string should contain a valid
+                              JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                              For example, if the object reference is to a container
+                              within a pod, this would take on a value like: "spec.containers{name}"
+                              (where "name" refers to the name of the container that
+                              triggered the event) or if no container name is specified
+                              "spec.containers[2]" (container with index 2 in this
+                              pod). This syntax is chosen only to have some well-defined
+                              way of referencing a part of an object. TODO: this design
+                              is not final and this field is subject to change in
+                              the future.'
+                            type: string
+                          kind:
+                            description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                            type: string
+                          name:
+                            description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                            type: string
+                          namespace:
+                            description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                            type: string
+                          resourceVersion:
+                            description: 'Specific resourceVersion to which this reference
+                              is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                            type: string
+                          uid:
+                            description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                      type: array
+                    result:
+                      description: Result indicates the outcome of the policy rule
+                        execution
+                      enum:
+                      - pass
+                      - fail
+                      - warn
+                      - error
+                      - skip
+                      type: string
+                    rule:
+                      description: Rule is the name or identifier of the rule within
+                        the policy
+                      type: string
+                    scored:
+                      description: Scored indicates if this result is scored
+                      type: boolean
+                    severity:
+                      description: Severity indicates policy check result criticality
+                      enum:
+                      - critical
+                      - high
+                      - low
+                      - medium
+                      - info
+                      type: string
+                    source:
+                      description: Source is an identifier for the policy engine that
+                        manages this report
+                      type: string
+                    timestamp:
+                      description: Timestamp indicates the time the result was found
+                      properties:
+                        nanos:
+                          description: Non-negative fractions of a second at nanosecond
+                            resolution. Negative second values with fractions must
+                            still have non-negative nanos values that count forward
+                            in time. Must be from 0 to 999,999,999 inclusive. This
+                            field may be limited in precision depending on context.
+                          format: int32
+                          type: integer
+                        seconds:
+                          description: Represents seconds of UTC time since Unix epoch
+                            1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z
+                            to 9999-12-31T23:59:59Z inclusive.
+                          format: int64
+                          type: integer
+                      required:
+                      - nanos
+                      - seconds
+                      type: object
+                  required:
+                  - policy
+                  type: object
+                type: array
+              summary:
+                description: PolicyReportSummary provides a summary of results
+                properties:
+                  error:
+                    description: Error provides the count of policies that could not
+                      be evaluated
+                    type: integer
+                  fail:
+                    description: Fail provides the count of policies whose requirements
+                      were not met
+                    type: integer
+                  pass:
+                    description: Pass provides the count of policies whose requirements
+                      were met
+                    type: integer
+                  skip:
+                    description: Skip indicates the count of policies that were not
+                      selected for evaluation
+                    type: integer
+                  warn:
+                    description: Warn provides the count of non-scored policies whose
+                      requirements were not met
+                    type: integer
+                type: object
+            required:
+            - owner
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources: {}

config/crds/reports.kyverno.io_backgroundscanreports.yaml

@@ -0,0 +1,297 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.12.0
+  name: backgroundscanreports.reports.kyverno.io
+spec:
+  group: reports.kyverno.io
+  names:
+    categories:
+    - kyverno
+    kind: BackgroundScanReport
+    listKind: BackgroundScanReportList
+    plural: backgroundscanreports
+    shortNames:
+    - bgscanr
+    singular: backgroundscanreport
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .metadata.ownerReferences[0].apiVersion
+      name: ApiVersion
+      type: string
+    - jsonPath: .metadata.ownerReferences[0].kind
+      name: Kind
+      type: string
+    - jsonPath: .metadata.ownerReferences[0].name
+      name: Subject
+      type: string
+    - jsonPath: .spec.summary.pass
+      name: Pass
+      type: integer
+    - jsonPath: .spec.summary.fail
+      name: Fail
+      type: integer
+    - jsonPath: .spec.summary.warn
+      name: Warn
+      type: integer
+    - jsonPath: .spec.summary.error
+      name: Error
+      type: integer
+    - jsonPath: .spec.summary.skip
+      name: Skip
+      type: integer
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.hash']
+      name: Hash
+      priority: 1
+      type: string
+    name: v1
+    schema:
+      openAPIV3Schema:
+        description: BackgroundScanReport is the Schema for the BackgroundScanReports
+          API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              results:
+                description: PolicyReportResult provides result details
+                items:
+                  description: PolicyReportResult provides the result for an individual
+                    policy
+                  properties:
+                    category:
+                      description: Category indicates policy category
+                      type: string
+                    message:
+                      description: Description is a short user friendly message for
+                        the policy rule
+                      type: string
+                    policy:
+                      description: Policy is the name or identifier of the policy
+                      type: string
+                    properties:
+                      additionalProperties:
+                        type: string
+                      description: Properties provides additional information for
+                        the policy rule
+                      type: object
+                    resourceSelector:
+                      description: SubjectSelector is an optional label selector for
+                        checked Kubernetes resources. For example, a policy result
+                        may apply to all pods that match a label. Either a Subject
+                        or a SubjectSelector can be specified. If neither are provided,
+                        the result is assumed to be for the policy report scope.
+                      properties:
+                        matchExpressions:
+                          description: matchExpressions is a list of label selector
+                            requirements. The requirements are ANDed.
+                          items:
+                            description: A label selector requirement is a selector
+                              that contains values, a key, and an operator that relates
+                              the key and values.
+                            properties:
+                              key:
+                                description: key is the label key that the selector
+                                  applies to.
+                                type: string
+                              operator:
+                                description: operator represents a key's relationship
+                                  to a set of values. Valid operators are In, NotIn,
+                                  Exists and DoesNotExist.
+                                type: string
+                              values:
+                                description: values is an array of string values.
+                                  If the operator is In or NotIn, the values array
+                                  must be non-empty. If the operator is Exists or
+                                  DoesNotExist, the values array must be empty. This
+                                  array is replaced during a strategic merge patch.
+                                items:
+                                  type: string
+                                type: array
+                            required:
+                            - key
+                            - operator
+                            type: object
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            type: string
+                          description: matchLabels is a map of {key,value} pairs.
+                            A single {key,value} in the matchLabels map is equivalent
+                            to an element of matchExpressions, whose key field is
+                            "key", the operator is "In", and the values array contains
+                            only "value". The requirements are ANDed.
+                          type: object
+                      type: object
+                      x-kubernetes-map-type: atomic
+                    resources:
+                      description: Subjects is an optional reference to the checked
+                        Kubernetes resources
+                      items:
+                        description: "ObjectReference contains enough information
+                          to let you inspect or modify the referred object. --- New
+                          uses of this type are discouraged because of difficulty
+                          describing its usage when embedded in APIs. 1. Ignored fields.
+                          \ It includes many fields which are not generally honored.
+                          \ For instance, ResourceVersion and FieldPath are both very
+                          rarely valid in actual usage. 2. Invalid usage help.  It
+                          is impossible to add specific help for individual usage.
+                          \ In most embedded usages, there are particular restrictions
+                          like, \"must refer only to types A and B\" or \"UID not
+                          honored\" or \"name must be restricted\". Those cannot be
+                          well described when embedded. 3. Inconsistent validation.
+                          \ Because the usages are different, the validation rules
+                          are different by usage, which makes it hard for users to
+                          predict what will happen. 4. The fields are both imprecise
+                          and overly precise.  Kind is not a precise mapping to a
+                          URL. This can produce ambiguity during interpretation and
+                          require a REST mapping.  In most cases, the dependency is
+                          on the group,resource tuple and the version of the actual
+                          struct is irrelevant. 5. We cannot easily change it.  Because
+                          this type is embedded in many locations, updates to this
+                          type will affect numerous schemas.  Don't make new APIs
+                          embed an underspecified API type they do not control. \n
+                          Instead of using this type, create a locally provided and
+                          used type that is well-focused on your reference. For example,
+                          ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                          ."
+                        properties:
+                          apiVersion:
+                            description: API version of the referent.
+                            type: string
+                          fieldPath:
+                            description: 'If referring to a piece of an object instead
+                              of an entire object, this string should contain a valid
+                              JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                              For example, if the object reference is to a container
+                              within a pod, this would take on a value like: "spec.containers{name}"
+                              (where "name" refers to the name of the container that
+                              triggered the event) or if no container name is specified
+                              "spec.containers[2]" (container with index 2 in this
+                              pod). This syntax is chosen only to have some well-defined
+                              way of referencing a part of an object. TODO: this design
+                              is not final and this field is subject to change in
+                              the future.'
+                            type: string
+                          kind:
+                            description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                            type: string
+                          name:
+                            description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                            type: string
+                          namespace:
+                            description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                            type: string
+                          resourceVersion:
+                            description: 'Specific resourceVersion to which this reference
+                              is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                            type: string
+                          uid:
+                            description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                      type: array
+                    result:
+                      description: Result indicates the outcome of the policy rule
+                        execution
+                      enum:
+                      - pass
+                      - fail
+                      - warn
+                      - error
+                      - skip
+                      type: string
+                    rule:
+                      description: Rule is the name or identifier of the rule within
+                        the policy
+                      type: string
+                    scored:
+                      description: Scored indicates if this result is scored
+                      type: boolean
+                    severity:
+                      description: Severity indicates policy check result criticality
+                      enum:
+                      - critical
+                      - high
+                      - low
+                      - medium
+                      - info
+                      type: string
+                    source:
+                      description: Source is an identifier for the policy engine that
+                        manages this report
+                      type: string
+                    timestamp:
+                      description: Timestamp indicates the time the result was found
+                      properties:
+                        nanos:
+                          description: Non-negative fractions of a second at nanosecond
+                            resolution. Negative second values with fractions must
+                            still have non-negative nanos values that count forward
+                            in time. Must be from 0 to 999,999,999 inclusive. This
+                            field may be limited in precision depending on context.
+                          format: int32
+                          type: integer
+                        seconds:
+                          description: Represents seconds of UTC time since Unix epoch
+                            1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z
+                            to 9999-12-31T23:59:59Z inclusive.
+                          format: int64
+                          type: integer
+                      required:
+                      - nanos
+                      - seconds
+                      type: object
+                  required:
+                  - policy
+                  type: object
+                type: array
+              summary:
+                description: PolicyReportSummary provides a summary of results
+                properties:
+                  error:
+                    description: Error provides the count of policies that could not
+                      be evaluated
+                    type: integer
+                  fail:
+                    description: Fail provides the count of policies whose requirements
+                      were not met
+                    type: integer
+                  pass:
+                    description: Pass provides the count of policies whose requirements
+                      were met
+                    type: integer
+                  skip:
+                    description: Skip indicates the count of policies that were not
+                      selected for evaluation
+                    type: integer
+                  warn:
+                    description: Warn provides the count of non-scored policies whose
+                      requirements were not met
+                    type: integer
+                type: object
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources: {}

config/crds/reports.kyverno.io_clusteradmissionreports.yaml

@@ -0,0 +1,331 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.12.0
+  name: clusteradmissionreports.reports.kyverno.io
+spec:
+  group: reports.kyverno.io
+  names:
+    categories:
+    - kyverno
+    kind: ClusterAdmissionReport
+    listKind: ClusterAdmissionReportList
+    plural: clusteradmissionreports
+    shortNames:
+    - cadmr
+    singular: clusteradmissionreport
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .metadata.creationTimestamp
+      name: AGE
+      type: date
+    - jsonPath: .spec.summary.pass
+      name: PASS
+      type: integer
+    - jsonPath: .spec.summary.fail
+      name: FAIL
+      type: integer
+    - jsonPath: .spec.summary.warn
+      name: WARN
+      type: integer
+    - jsonPath: .spec.summary.error
+      name: ERROR
+      type: integer
+    - jsonPath: .spec.summary.skip
+      name: SKIP
+      type: integer
+    - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.gvr']
+      name: GVR
+      type: string
+    - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.name']
+      name: REF
+      type: string
+    - jsonPath: .metadata.labels['audit\.kyverno\.io/report\.aggregate']
+      name: AGGREGATE
+      priority: 1
+      type: string
+    name: v1
+    schema:
+      openAPIV3Schema:
+        description: ClusterAdmissionReport is the Schema for the ClusterAdmissionReports
+          API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              owner:
+                description: Owner is a reference to the report owner (e.g. a Deployment,
+                  Namespace, or Node)
+                properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  blockOwnerDeletion:
+                    description: If true, AND if the owner has the "foregroundDeletion"
+                      finalizer, then the owner cannot be deleted from the key-value
+                      store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion
+                      for how the garbage collector interacts with this field and
+                      enforces the foreground deletion. Defaults to false. To set
+                      this field, a user needs "delete" permission of the owner, otherwise
+                      422 (Unprocessable Entity) will be returned.
+                    type: boolean
+                  controller:
+                    description: If true, this reference points to the managing controller.
+                    type: boolean
+                  kind:
+                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                    type: string
+                  name:
+                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names'
+                    type: string
+                  uid:
+                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids'
+                    type: string
+                required:
+                - apiVersion
+                - kind
+                - name
+                - uid
+                type: object
+                x-kubernetes-map-type: atomic
+              results:
+                description: PolicyReportResult provides result details
+                items:
+                  description: PolicyReportResult provides the result for an individual
+                    policy
+                  properties:
+                    category:
+                      description: Category indicates policy category
+                      type: string
+                    message:
+                      description: Description is a short user friendly message for
+                        the policy rule
+                      type: string
+                    policy:
+                      description: Policy is the name or identifier of the policy
+                      type: string
+                    properties:
+                      additionalProperties:
+                        type: string
+                      description: Properties provides additional information for
+                        the policy rule
+                      type: object
+                    resourceSelector:
+                      description: SubjectSelector is an optional label selector for
+                        checked Kubernetes resources. For example, a policy result
+                        may apply to all pods that match a label. Either a Subject
+                        or a SubjectSelector can be specified. If neither are provided,
+                        the result is assumed to be for the policy report scope.
+                      properties:
+                        matchExpressions:
+                          description: matchExpressions is a list of label selector
+                            requirements. The requirements are ANDed.
+                          items:
+                            description: A label selector requirement is a selector
+                              that contains values, a key, and an operator that relates
+                              the key and values.
+                            properties:
+                              key:
+                                description: key is the label key that the selector
+                                  applies to.
+                                type: string
+                              operator:
+                                description: operator represents a key's relationship
+                                  to a set of values. Valid operators are In, NotIn,
+                                  Exists and DoesNotExist.
+                                type: string
+                              values:
+                                description: values is an array of string values.
+                                  If the operator is In or NotIn, the values array
+                                  must be non-empty. If the operator is Exists or
+                                  DoesNotExist, the values array must be empty. This
+                                  array is replaced during a strategic merge patch.
+                                items:
+                                  type: string
+                                type: array
+                            required:
+                            - key
+                            - operator
+                            type: object
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            type: string
+                          description: matchLabels is a map of {key,value} pairs.
+                            A single {key,value} in the matchLabels map is equivalent
+                            to an element of matchExpressions, whose key field is
+                            "key", the operator is "In", and the values array contains
+                            only "value". The requirements are ANDed.
+                          type: object
+                      type: object
+                      x-kubernetes-map-type: atomic
+                    resources:
+                      description: Subjects is an optional reference to the checked
+                        Kubernetes resources
+                      items:
+                        description: "ObjectReference contains enough information
+                          to let you inspect or modify the referred object. --- New
+                          uses of this type are discouraged because of difficulty
+                          describing its usage when embedded in APIs. 1. Ignored fields.
+                          \ It includes many fields which are not generally honored.
+                          \ For instance, ResourceVersion and FieldPath are both very
+                          rarely valid in actual usage. 2. Invalid usage help.  It
+                          is impossible to add specific help for individual usage.
+                          \ In most embedded usages, there are particular restrictions
+                          like, \"must refer only to types A and B\" or \"UID not
+                          honored\" or \"name must be restricted\". Those cannot be
+                          well described when embedded. 3. Inconsistent validation.
+                          \ Because the usages are different, the validation rules
+                          are different by usage, which makes it hard for users to
+                          predict what will happen. 4. The fields are both imprecise
+                          and overly precise.  Kind is not a precise mapping to a
+                          URL. This can produce ambiguity during interpretation and
+                          require a REST mapping.  In most cases, the dependency is
+                          on the group,resource tuple and the version of the actual
+                          struct is irrelevant. 5. We cannot easily change it.  Because
+                          this type is embedded in many locations, updates to this
+                          type will affect numerous schemas.  Don't make new APIs
+                          embed an underspecified API type they do not control. \n
+                          Instead of using this type, create a locally provided and
+                          used type that is well-focused on your reference. For example,
+                          ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                          ."
+                        properties:
+                          apiVersion:
+                            description: API version of the referent.
+                            type: string
+                          fieldPath:
+                            description: 'If referring to a piece of an object instead
+                              of an entire object, this string should contain a valid
+                              JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                              For example, if the object reference is to a container
+                              within a pod, this would take on a value like: "spec.containers{name}"
+                              (where "name" refers to the name of the container that
+                              triggered the event) or if no container name is specified
+                              "spec.containers[2]" (container with index 2 in this
+                              pod). This syntax is chosen only to have some well-defined
+                              way of referencing a part of an object. TODO: this design
+                              is not final and this field is subject to change in
+                              the future.'
+                            type: string
+                          kind:
+                            description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                            type: string
+                          name:
+                            description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                            type: string
+                          namespace:
+                            description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                            type: string
+                          resourceVersion:
+                            description: 'Specific resourceVersion to which this reference
+                              is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                            type: string
+                          uid:
+                            description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                      type: array
+                    result:
+                      description: Result indicates the outcome of the policy rule
+                        execution
+                      enum:
+                      - pass
+                      - fail
+                      - warn
+                      - error
+                      - skip
+                      type: string
+                    rule:
+                      description: Rule is the name or identifier of the rule within
+                        the policy
+                      type: string
+                    scored:
+                      description: Scored indicates if this result is scored
+                      type: boolean
+                    severity:
+                      description: Severity indicates policy check result criticality
+                      enum:
+                      - critical
+                      - high
+                      - low
+                      - medium
+                      - info
+                      type: string
+                    source:
+                      description: Source is an identifier for the policy engine that
+                        manages this report
+                      type: string
+                    timestamp:
+                      description: Timestamp indicates the time the result was found
+                      properties:
+                        nanos:
+                          description: Non-negative fractions of a second at nanosecond
+                            resolution. Negative second values with fractions must
+                            still have non-negative nanos values that count forward
+                            in time. Must be from 0 to 999,999,999 inclusive. This
+                            field may be limited in precision depending on context.
+                          format: int32
+                          type: integer
+                        seconds:
+                          description: Represents seconds of UTC time since Unix epoch
+                            1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z
+                            to 9999-12-31T23:59:59Z inclusive.
+                          format: int64
+                          type: integer
+                      required:
+                      - nanos
+                      - seconds
+                      type: object
+                  required:
+                  - policy
+                  type: object
+                type: array
+              summary:
+                description: PolicyReportSummary provides a summary of results
+                properties:
+                  error:
+                    description: Error provides the count of policies that could not
+                      be evaluated
+                    type: integer
+                  fail:
+                    description: Fail provides the count of policies whose requirements
+                      were not met
+                    type: integer
+                  pass:
+                    description: Pass provides the count of policies whose requirements
+                      were met
+                    type: integer
+                  skip:
+                    description: Skip indicates the count of policies that were not
+                      selected for evaluation
+                    type: integer
+                  warn:
+                    description: Warn provides the count of non-scored policies whose
+                      requirements were not met
+                    type: integer
+                type: object
+            required:
+            - owner
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources: {}

config/crds/reports.kyverno.io_clusterbackgroundscanreports.yaml

@@ -0,0 +1,297 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.12.0
+  name: clusterbackgroundscanreports.reports.kyverno.io
+spec:
+  group: reports.kyverno.io
+  names:
+    categories:
+    - kyverno
+    kind: ClusterBackgroundScanReport
+    listKind: ClusterBackgroundScanReportList
+    plural: clusterbackgroundscanreports
+    shortNames:
+    - cbgscanr
+    singular: clusterbackgroundscanreport
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .metadata.ownerReferences[0].apiVersion
+      name: ApiVersion
+      type: string
+    - jsonPath: .metadata.ownerReferences[0].kind
+      name: Kind
+      type: string
+    - jsonPath: .metadata.ownerReferences[0].name
+      name: Subject
+      type: string
+    - jsonPath: .spec.summary.pass
+      name: Pass
+      type: integer
+    - jsonPath: .spec.summary.fail
+      name: Fail
+      type: integer
+    - jsonPath: .spec.summary.warn
+      name: Warn
+      type: integer
+    - jsonPath: .spec.summary.error
+      name: Error
+      type: integer
+    - jsonPath: .spec.summary.skip
+      name: Skip
+      type: integer
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    - jsonPath: .metadata.labels['audit\.kyverno\.io/resource\.hash']
+      name: Hash
+      priority: 1
+      type: string
+    name: v1
+    schema:
+      openAPIV3Schema:
+        description: ClusterBackgroundScanReport is the Schema for the ClusterBackgroundScanReports
+          API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              results:
+                description: PolicyReportResult provides result details
+                items:
+                  description: PolicyReportResult provides the result for an individual
+                    policy
+                  properties:
+                    category:
+                      description: Category indicates policy category
+                      type: string
+                    message:
+                      description: Description is a short user friendly message for
+                        the policy rule
+                      type: string
+                    policy:
+                      description: Policy is the name or identifier of the policy
+                      type: string
+                    properties:
+                      additionalProperties:
+                        type: string
+                      description: Properties provides additional information for
+                        the policy rule
+                      type: object
+                    resourceSelector:
+                      description: SubjectSelector is an optional label selector for
+                        checked Kubernetes resources. For example, a policy result
+                        may apply to all pods that match a label. Either a Subject
+                        or a SubjectSelector can be specified. If neither are provided,
+                        the result is assumed to be for the policy report scope.
+                      properties:
+                        matchExpressions:
+                          description: matchExpressions is a list of label selector
+                            requirements. The requirements are ANDed.
+                          items:
+                            description: A label selector requirement is a selector
+                              that contains values, a key, and an operator that relates
+                              the key and values.
+                            properties:
+                              key:
+                                description: key is the label key that the selector
+                                  applies to.
+                                type: string
+                              operator:
+                                description: operator represents a key's relationship
+                                  to a set of values. Valid operators are In, NotIn,
+                                  Exists and DoesNotExist.
+                                type: string
+                              values:
+                                description: values is an array of string values.
+                                  If the operator is In or NotIn, the values array
+                                  must be non-empty. If the operator is Exists or
+                                  DoesNotExist, the values array must be empty. This
+                                  array is replaced during a strategic merge patch.
+                                items:
+                                  type: string
+                                type: array
+                            required:
+                            - key
+                            - operator
+                            type: object
+                          type: array
+                        matchLabels:
+                          additionalProperties:
+                            type: string
+                          description: matchLabels is a map of {key,value} pairs.
+                            A single {key,value} in the matchLabels map is equivalent
+                            to an element of matchExpressions, whose key field is
+                            "key", the operator is "In", and the values array contains
+                            only "value". The requirements are ANDed.
+                          type: object
+                      type: object
+                      x-kubernetes-map-type: atomic
+                    resources:
+                      description: Subjects is an optional reference to the checked
+                        Kubernetes resources
+                      items:
+                        description: "ObjectReference contains enough information
+                          to let you inspect or modify the referred object. --- New
+                          uses of this type are discouraged because of difficulty
+                          describing its usage when embedded in APIs. 1. Ignored fields.
+                          \ It includes many fields which are not generally honored.
+                          \ For instance, ResourceVersion and FieldPath are both very
+                          rarely valid in actual usage. 2. Invalid usage help.  It
+                          is impossible to add specific help for individual usage.
+                          \ In most embedded usages, there are particular restrictions
+                          like, \"must refer only to types A and B\" or \"UID not
+                          honored\" or \"name must be restricted\". Those cannot be
+                          well described when embedded. 3. Inconsistent validation.
+                          \ Because the usages are different, the validation rules
+                          are different by usage, which makes it hard for users to
+                          predict what will happen. 4. The fields are both imprecise
+                          and overly precise.  Kind is not a precise mapping to a
+                          URL. This can produce ambiguity during interpretation and
+                          require a REST mapping.  In most cases, the dependency is
+                          on the group,resource tuple and the version of the actual
+                          struct is irrelevant. 5. We cannot easily change it.  Because
+                          this type is embedded in many locations, updates to this
+                          type will affect numerous schemas.  Don't make new APIs
+                          embed an underspecified API type they do not control. \n
+                          Instead of using this type, create a locally provided and
+                          used type that is well-focused on your reference. For example,
+                          ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
+                          ."
+                        properties:
+                          apiVersion:
+                            description: API version of the referent.
+                            type: string
+                          fieldPath:
+                            description: 'If referring to a piece of an object instead
+                              of an entire object, this string should contain a valid
+                              JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                              For example, if the object reference is to a container
+                              within a pod, this would take on a value like: "spec.containers{name}"
+                              (where "name" refers to the name of the container that
+                              triggered the event) or if no container name is specified
+                              "spec.containers[2]" (container with index 2 in this
+                              pod). This syntax is chosen only to have some well-defined
+                              way of referencing a part of an object. TODO: this design
+                              is not final and this field is subject to change in
+                              the future.'
+                            type: string
+                          kind:
+                            description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+                            type: string
+                          name:
+                            description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                            type: string
+                          namespace:
+                            description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                            type: string
+                          resourceVersion:
+                            description: 'Specific resourceVersion to which this reference
+                              is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
+                            type: string
+                          uid:
+                            description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
+                      type: array
+                    result:
+                      description: Result indicates the outcome of the policy rule
+                        execution
+                      enum:
+                      - pass
+                      - fail
+                      - warn
+                      - error
+                      - skip
+                      type: string
+                    rule:
+                      description: Rule is the name or identifier of the rule within
+                        the policy
+                      type: string
+                    scored:
+                      description: Scored indicates if this result is scored
+                      type: boolean
+                    severity:
+                      description: Severity indicates policy check result criticality
+                      enum:
+                      - critical
+                      - high
+                      - low
+                      - medium
+                      - info
+                      type: string
+                    source:
+                      description: Source is an identifier for the policy engine that
+                        manages this report
+                      type: string
+                    timestamp:
+                      description: Timestamp indicates the time the result was found
+                      properties:
+                        nanos:
+                          description: Non-negative fractions of a second at nanosecond
+                            resolution. Negative second values with fractions must
+                            still have non-negative nanos values that count forward
+                            in time. Must be from 0 to 999,999,999 inclusive. This
+                            field may be limited in precision depending on context.
+                          format: int32
+                          type: integer
+                        seconds:
+                          description: Represents seconds of UTC time since Unix epoch
+                            1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z
+                            to 9999-12-31T23:59:59Z inclusive.
+                          format: int64
+                          type: integer
+                      required:
+                      - nanos
+                      - seconds
+                      type: object
+                  required:
+                  - policy
+                  type: object
+                type: array
+              summary:
+                description: PolicyReportSummary provides a summary of results
+                properties:
+                  error:
+                    description: Error provides the count of policies that could not
+                      be evaluated
+                    type: integer
+                  fail:
+                    description: Fail provides the count of policies whose requirements
+                      were not met
+                    type: integer
+                  pass:
+                    description: Pass provides the count of policies whose requirements
+                      were met
+                    type: integer
+                  skip:
+                    description: Skip indicates the count of policies that were not
+                      selected for evaluation
+                    type: integer
+                  warn:
+                    description: Warn provides the count of non-scored policies whose
+                      requirements were not met
+                    type: integer
+                type: object
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources: {}

docs/user/crd/index.html

@@ -36,6 +36,9 @@ background-color: #1589dd;
 <a href="#kyverno.io%2fv2beta1"><b style="color: white">kyverno.io/v2beta1</b></a>
 </li>
 <li>
+<a href="#reports.kyverno.io%2fv1"><b style="color: white">reports.kyverno.io/v1</b></a>
+</li>
+<li>
 <a href="#wgpolicyk8s.io%2fv1alpha2"><b style="color: white">wgpolicyk8s.io/v1alpha2</b></a>
 </li>
 </ul>
@@ -9987,6 +9990,519 @@ CEL
 </tbody>
 </table>
 <hr />
+<h2 id="reports.kyverno.io/v1">reports.kyverno.io/v1</h2>
+<p>
+</p>
+Resource Types:
+<ul><li>
+<a href="#reports.kyverno.io/v1.AdmissionReport">AdmissionReport</a>
+</li><li>
+<a href="#reports.kyverno.io/v1.BackgroundScanReport">BackgroundScanReport</a>
+</li><li>
+<a href="#reports.kyverno.io/v1.ClusterAdmissionReport">ClusterAdmissionReport</a>
+</li><li>
+<a href="#reports.kyverno.io/v1.ClusterBackgroundScanReport">ClusterBackgroundScanReport</a>
+</li></ul>
+<hr />
+<h3 id="reports.kyverno.io/v1.AdmissionReport">AdmissionReport
+</h3>
+<p>
+<p>AdmissionReport is the Schema for the AdmissionReports API</p>
+</p>
+<table class="table table-striped">
+<thead class="thead-dark">
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>apiVersion</code><br/>
+string</td>
+<td>
+<code>
+reports.kyverno.io/v1
+</code>
+</td>
+</tr>
+<tr>
+<td>
+<code>kind</code><br/>
+string
+</td>
+<td><code>AdmissionReport</code></td>
+</tr>
+<tr>
+<td>
+<code>metadata</code><br/>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#objectmeta-v1-meta">
+Kubernetes meta/v1.ObjectMeta
+</a>
+</em>
+</td>
+<td>
+Refer to the Kubernetes API documentation for the fields of the
+<code>metadata</code> field.
+</td>
+</tr>
+<tr>
+<td>
+<code>spec</code><br/>
+<em>
+<a href="#reports.kyverno.io/v1.AdmissionReportSpec">
+AdmissionReportSpec
+</a>
+</em>
+</td>
+<td>
+<br/>
+<br/>
+<table class="table table-striped">
+<tr>
+<td>
+<code>owner</code><br/>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#ownerreference-v1-meta">
+Kubernetes meta/v1.OwnerReference
+</a>
+</em>
+</td>
+<td>
+<p>Owner is a reference to the report owner (e.g. a Deployment, Namespace, or Node)</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>summary</code><br/>
+<em>
+<a href="#wgpolicyk8s.io/v1alpha2.PolicyReportSummary">
+PolicyReportSummary
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>PolicyReportSummary provides a summary of results</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>results</code><br/>
+<em>
+<a href="#wgpolicyk8s.io/v1alpha2.PolicyReportResult">
+[]PolicyReportResult
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>PolicyReportResult provides result details</p>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+</tbody>
+</table>
+<hr />
+<h3 id="reports.kyverno.io/v1.BackgroundScanReport">BackgroundScanReport
+</h3>
+<p>
+<p>BackgroundScanReport is the Schema for the BackgroundScanReports API</p>
+</p>
+<table class="table table-striped">
+<thead class="thead-dark">
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>apiVersion</code><br/>
+string</td>
+<td>
+<code>
+reports.kyverno.io/v1
+</code>
+</td>
+</tr>
+<tr>
+<td>
+<code>kind</code><br/>
+string
+</td>
+<td><code>BackgroundScanReport</code></td>
+</tr>
+<tr>
+<td>
+<code>metadata</code><br/>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#objectmeta-v1-meta">
+Kubernetes meta/v1.ObjectMeta
+</a>
+</em>
+</td>
+<td>
+Refer to the Kubernetes API documentation for the fields of the
+<code>metadata</code> field.
+</td>
+</tr>
+<tr>
+<td>
+<code>spec</code><br/>
+<em>
+<a href="#reports.kyverno.io/v1.BackgroundScanReportSpec">
+BackgroundScanReportSpec
+</a>
+</em>
+</td>
+<td>
+<br/>
+<br/>
+<table class="table table-striped">
+<tr>
+<td>
+<code>summary</code><br/>
+<em>
+<a href="#wgpolicyk8s.io/v1alpha2.PolicyReportSummary">
+PolicyReportSummary
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>PolicyReportSummary provides a summary of results</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>results</code><br/>
+<em>
+<a href="#wgpolicyk8s.io/v1alpha2.PolicyReportResult">
+[]PolicyReportResult
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>PolicyReportResult provides result details</p>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+</tbody>
+</table>
+<hr />
+<h3 id="reports.kyverno.io/v1.ClusterAdmissionReport">ClusterAdmissionReport
+</h3>
+<p>
+<p>ClusterAdmissionReport is the Schema for the ClusterAdmissionReports API</p>
+</p>
+<table class="table table-striped">
+<thead class="thead-dark">
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>apiVersion</code><br/>
+string</td>
+<td>
+<code>
+reports.kyverno.io/v1
+</code>
+</td>
+</tr>
+<tr>
+<td>
+<code>kind</code><br/>
+string
+</td>
+<td><code>ClusterAdmissionReport</code></td>
+</tr>
+<tr>
+<td>
+<code>metadata</code><br/>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#objectmeta-v1-meta">
+Kubernetes meta/v1.ObjectMeta
+</a>
+</em>
+</td>
+<td>
+Refer to the Kubernetes API documentation for the fields of the
+<code>metadata</code> field.
+</td>
+</tr>
+<tr>
+<td>
+<code>spec</code><br/>
+<em>
+<a href="#reports.kyverno.io/v1.AdmissionReportSpec">
+AdmissionReportSpec
+</a>
+</em>
+</td>
+<td>
+<br/>
+<br/>
+<table class="table table-striped">
+<tr>
+<td>
+<code>owner</code><br/>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#ownerreference-v1-meta">
+Kubernetes meta/v1.OwnerReference
+</a>
+</em>
+</td>
+<td>
+<p>Owner is a reference to the report owner (e.g. a Deployment, Namespace, or Node)</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>summary</code><br/>
+<em>
+<a href="#wgpolicyk8s.io/v1alpha2.PolicyReportSummary">
+PolicyReportSummary
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>PolicyReportSummary provides a summary of results</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>results</code><br/>
+<em>
+<a href="#wgpolicyk8s.io/v1alpha2.PolicyReportResult">
+[]PolicyReportResult
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>PolicyReportResult provides result details</p>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+</tbody>
+</table>
+<hr />
+<h3 id="reports.kyverno.io/v1.ClusterBackgroundScanReport">ClusterBackgroundScanReport
+</h3>
+<p>
+<p>ClusterBackgroundScanReport is the Schema for the ClusterBackgroundScanReports API</p>
+</p>
+<table class="table table-striped">
+<thead class="thead-dark">
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>apiVersion</code><br/>
+string</td>
+<td>
+<code>
+reports.kyverno.io/v1
+</code>
+</td>
+</tr>
+<tr>
+<td>
+<code>kind</code><br/>
+string
+</td>
+<td><code>ClusterBackgroundScanReport</code></td>
+</tr>
+<tr>
+<td>
+<code>metadata</code><br/>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#objectmeta-v1-meta">
+Kubernetes meta/v1.ObjectMeta
+</a>
+</em>
+</td>
+<td>
+Refer to the Kubernetes API documentation for the fields of the
+<code>metadata</code> field.
+</td>
+</tr>
+<tr>
+<td>
+<code>spec</code><br/>
+<em>
+<a href="#reports.kyverno.io/v1.BackgroundScanReportSpec">
+BackgroundScanReportSpec
+</a>
+</em>
+</td>
+<td>
+<br/>
+<br/>
+<table class="table table-striped">
+<tr>
+<td>
+<code>summary</code><br/>
+<em>
+<a href="#wgpolicyk8s.io/v1alpha2.PolicyReportSummary">
+PolicyReportSummary
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>PolicyReportSummary provides a summary of results</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>results</code><br/>
+<em>
+<a href="#wgpolicyk8s.io/v1alpha2.PolicyReportResult">
+[]PolicyReportResult
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>PolicyReportResult provides result details</p>
+</td>
+</tr>
+</table>
+</td>
+</tr>
+</tbody>
+</table>
+<hr />
+<h3 id="reports.kyverno.io/v1.AdmissionReportSpec">AdmissionReportSpec
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#reports.kyverno.io/v1.AdmissionReport">AdmissionReport</a>, 
+<a href="#reports.kyverno.io/v1.ClusterAdmissionReport">ClusterAdmissionReport</a>)
+</p>
+<p>
+</p>
+<table class="table table-striped">
+<thead class="thead-dark">
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>owner</code><br/>
+<em>
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#ownerreference-v1-meta">
+Kubernetes meta/v1.OwnerReference
+</a>
+</em>
+</td>
+<td>
+<p>Owner is a reference to the report owner (e.g. a Deployment, Namespace, or Node)</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>summary</code><br/>
+<em>
+<a href="#wgpolicyk8s.io/v1alpha2.PolicyReportSummary">
+PolicyReportSummary
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>PolicyReportSummary provides a summary of results</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>results</code><br/>
+<em>
+<a href="#wgpolicyk8s.io/v1alpha2.PolicyReportResult">
+[]PolicyReportResult
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>PolicyReportResult provides result details</p>
+</td>
+</tr>
+</tbody>
+</table>
+<hr />
+<h3 id="reports.kyverno.io/v1.BackgroundScanReportSpec">BackgroundScanReportSpec
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#reports.kyverno.io/v1.BackgroundScanReport">BackgroundScanReport</a>, 
+<a href="#reports.kyverno.io/v1.ClusterBackgroundScanReport">ClusterBackgroundScanReport</a>)
+</p>
+<p>
+</p>
+<table class="table table-striped">
+<thead class="thead-dark">
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>summary</code><br/>
+<em>
+<a href="#wgpolicyk8s.io/v1alpha2.PolicyReportSummary">
+PolicyReportSummary
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>PolicyReportSummary provides a summary of results</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>results</code><br/>
+<em>
+<a href="#wgpolicyk8s.io/v1alpha2.PolicyReportResult">
+[]PolicyReportResult
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>PolicyReportResult provides result details</p>
+</td>
+</tr>
+</tbody>
+</table>
+<hr />
 <h2 id="wgpolicyk8s.io/v1alpha2">wgpolicyk8s.io/v1alpha2</h2>
 Resource Types:
 <ul><li>
@@ -10209,6 +10725,8 @@ PolicyReportSummary
 (<em>Appears on:</em>
 <a href="#wgpolicyk8s.io/v1alpha2.ClusterPolicyReport">ClusterPolicyReport</a>, 
 <a href="#wgpolicyk8s.io/v1alpha2.PolicyReport">PolicyReport</a>, 
+<a href="#reports.kyverno.io/v1.AdmissionReportSpec">AdmissionReportSpec</a>, 
+<a href="#reports.kyverno.io/v1.BackgroundScanReportSpec">BackgroundScanReportSpec</a>, 
 <a href="#kyverno.io/v2.AdmissionReportSpec">AdmissionReportSpec</a>, 
 <a href="#kyverno.io/v2.BackgroundScanReportSpec">BackgroundScanReportSpec</a>)
 </p>
@@ -10383,6 +10901,8 @@ PolicySeverity
 (<em>Appears on:</em>
 <a href="#wgpolicyk8s.io/v1alpha2.ClusterPolicyReport">ClusterPolicyReport</a>, 
 <a href="#wgpolicyk8s.io/v1alpha2.PolicyReport">PolicyReport</a>, 
+<a href="#reports.kyverno.io/v1.AdmissionReportSpec">AdmissionReportSpec</a>, 
+<a href="#reports.kyverno.io/v1.BackgroundScanReportSpec">BackgroundScanReportSpec</a>, 
 <a href="#kyverno.io/v2.AdmissionReportSpec">AdmissionReportSpec</a>, 
 <a href="#kyverno.io/v2.BackgroundScanReportSpec">BackgroundScanReportSpec</a>)
 </p>

pkg/client/applyconfigurations/reports/v1/admissionreport.go

@@ -0,0 +1,210 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+)
+
+// AdmissionReportApplyConfiguration represents an declarative configuration of the AdmissionReport type for use
+// with apply.
+type AdmissionReportApplyConfiguration struct {
+	v1.TypeMetaApplyConfiguration    `json:",inline"`
+	*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
+	Spec                             *AdmissionReportSpecApplyConfiguration `json:"spec,omitempty"`
+}
+
+// AdmissionReport constructs an declarative configuration of the AdmissionReport type for use with
+// apply.
+func AdmissionReport(name, namespace string) *AdmissionReportApplyConfiguration {
+	b := &AdmissionReportApplyConfiguration{}
+	b.WithName(name)
+	b.WithNamespace(namespace)
+	b.WithKind("AdmissionReport")
+	b.WithAPIVersion("reports.kyverno.io/v1")
+	return b
+}
+
+// WithKind sets the Kind field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Kind field is set to the value of the last call.
+func (b *AdmissionReportApplyConfiguration) WithKind(value string) *AdmissionReportApplyConfiguration {
+	b.Kind = &value
+	return b
+}
+
+// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the APIVersion field is set to the value of the last call.
+func (b *AdmissionReportApplyConfiguration) WithAPIVersion(value string) *AdmissionReportApplyConfiguration {
+	b.APIVersion = &value
+	return b
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *AdmissionReportApplyConfiguration) WithName(value string) *AdmissionReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Name = &value
+	return b
+}
+
+// WithGenerateName sets the GenerateName field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the GenerateName field is set to the value of the last call.
+func (b *AdmissionReportApplyConfiguration) WithGenerateName(value string) *AdmissionReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.GenerateName = &value
+	return b
+}
+
+// WithNamespace sets the Namespace field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Namespace field is set to the value of the last call.
+func (b *AdmissionReportApplyConfiguration) WithNamespace(value string) *AdmissionReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Namespace = &value
+	return b
+}
+
+// WithUID sets the UID field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the UID field is set to the value of the last call.
+func (b *AdmissionReportApplyConfiguration) WithUID(value types.UID) *AdmissionReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.UID = &value
+	return b
+}
+
+// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ResourceVersion field is set to the value of the last call.
+func (b *AdmissionReportApplyConfiguration) WithResourceVersion(value string) *AdmissionReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.ResourceVersion = &value
+	return b
+}
+
+// WithGeneration sets the Generation field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Generation field is set to the value of the last call.
+func (b *AdmissionReportApplyConfiguration) WithGeneration(value int64) *AdmissionReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Generation = &value
+	return b
+}
+
+// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the CreationTimestamp field is set to the value of the last call.
+func (b *AdmissionReportApplyConfiguration) WithCreationTimestamp(value metav1.Time) *AdmissionReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.CreationTimestamp = &value
+	return b
+}
+
+// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionTimestamp field is set to the value of the last call.
+func (b *AdmissionReportApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *AdmissionReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.DeletionTimestamp = &value
+	return b
+}
+
+// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call.
+func (b *AdmissionReportApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *AdmissionReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.DeletionGracePeriodSeconds = &value
+	return b
+}
+
+// WithLabels puts the entries into the Labels field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Labels field,
+// overwriting an existing map entries in Labels field with the same key.
+func (b *AdmissionReportApplyConfiguration) WithLabels(entries map[string]string) *AdmissionReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	if b.Labels == nil && len(entries) > 0 {
+		b.Labels = make(map[string]string, len(entries))
+	}
+	for k, v := range entries {
+		b.Labels[k] = v
+	}
+	return b
+}
+
+// WithAnnotations puts the entries into the Annotations field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Annotations field,
+// overwriting an existing map entries in Annotations field with the same key.
+func (b *AdmissionReportApplyConfiguration) WithAnnotations(entries map[string]string) *AdmissionReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	if b.Annotations == nil && len(entries) > 0 {
+		b.Annotations = make(map[string]string, len(entries))
+	}
+	for k, v := range entries {
+		b.Annotations[k] = v
+	}
+	return b
+}
+
+// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the OwnerReferences field.
+func (b *AdmissionReportApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *AdmissionReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithOwnerReferences")
+		}
+		b.OwnerReferences = append(b.OwnerReferences, *values[i])
+	}
+	return b
+}
+
+// WithFinalizers adds the given value to the Finalizers field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Finalizers field.
+func (b *AdmissionReportApplyConfiguration) WithFinalizers(values ...string) *AdmissionReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	for i := range values {
+		b.Finalizers = append(b.Finalizers, values[i])
+	}
+	return b
+}
+
+func (b *AdmissionReportApplyConfiguration) ensureObjectMetaApplyConfigurationExists() {
+	if b.ObjectMetaApplyConfiguration == nil {
+		b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{}
+	}
+}
+
+// WithSpec sets the Spec field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Spec field is set to the value of the last call.
+func (b *AdmissionReportApplyConfiguration) WithSpec(value *AdmissionReportSpecApplyConfiguration) *AdmissionReportApplyConfiguration {
+	b.Spec = value
+	return b
+}

pkg/client/applyconfigurations/reports/v1/admissionreportspec.go

@@ -0,0 +1,67 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+import (
+	v1alpha2 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/policyreport/v1alpha2"
+	v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+)
+
+// AdmissionReportSpecApplyConfiguration represents an declarative configuration of the AdmissionReportSpec type for use
+// with apply.
+type AdmissionReportSpecApplyConfiguration struct {
+	Owner   *v1.OwnerReferenceApplyConfiguration            `json:"owner,omitempty"`
+	Summary *v1alpha2.PolicyReportSummaryApplyConfiguration `json:"summary,omitempty"`
+	Results []v1alpha2.PolicyReportResultApplyConfiguration `json:"results,omitempty"`
+}
+
+// AdmissionReportSpecApplyConfiguration constructs an declarative configuration of the AdmissionReportSpec type for use with
+// apply.
+func AdmissionReportSpec() *AdmissionReportSpecApplyConfiguration {
+	return &AdmissionReportSpecApplyConfiguration{}
+}
+
+// WithOwner sets the Owner field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Owner field is set to the value of the last call.
+func (b *AdmissionReportSpecApplyConfiguration) WithOwner(value *v1.OwnerReferenceApplyConfiguration) *AdmissionReportSpecApplyConfiguration {
+	b.Owner = value
+	return b
+}
+
+// WithSummary sets the Summary field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Summary field is set to the value of the last call.
+func (b *AdmissionReportSpecApplyConfiguration) WithSummary(value *v1alpha2.PolicyReportSummaryApplyConfiguration) *AdmissionReportSpecApplyConfiguration {
+	b.Summary = value
+	return b
+}
+
+// WithResults adds the given value to the Results field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Results field.
+func (b *AdmissionReportSpecApplyConfiguration) WithResults(values ...*v1alpha2.PolicyReportResultApplyConfiguration) *AdmissionReportSpecApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithResults")
+		}
+		b.Results = append(b.Results, *values[i])
+	}
+	return b
+}

pkg/client/applyconfigurations/reports/v1/backgroundscanreport.go

@@ -0,0 +1,210 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+)
+
+// BackgroundScanReportApplyConfiguration represents an declarative configuration of the BackgroundScanReport type for use
+// with apply.
+type BackgroundScanReportApplyConfiguration struct {
+	v1.TypeMetaApplyConfiguration    `json:",inline"`
+	*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
+	Spec                             *BackgroundScanReportSpecApplyConfiguration `json:"spec,omitempty"`
+}
+
+// BackgroundScanReport constructs an declarative configuration of the BackgroundScanReport type for use with
+// apply.
+func BackgroundScanReport(name, namespace string) *BackgroundScanReportApplyConfiguration {
+	b := &BackgroundScanReportApplyConfiguration{}
+	b.WithName(name)
+	b.WithNamespace(namespace)
+	b.WithKind("BackgroundScanReport")
+	b.WithAPIVersion("reports.kyverno.io/v1")
+	return b
+}
+
+// WithKind sets the Kind field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Kind field is set to the value of the last call.
+func (b *BackgroundScanReportApplyConfiguration) WithKind(value string) *BackgroundScanReportApplyConfiguration {
+	b.Kind = &value
+	return b
+}
+
+// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the APIVersion field is set to the value of the last call.
+func (b *BackgroundScanReportApplyConfiguration) WithAPIVersion(value string) *BackgroundScanReportApplyConfiguration {
+	b.APIVersion = &value
+	return b
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *BackgroundScanReportApplyConfiguration) WithName(value string) *BackgroundScanReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Name = &value
+	return b
+}
+
+// WithGenerateName sets the GenerateName field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the GenerateName field is set to the value of the last call.
+func (b *BackgroundScanReportApplyConfiguration) WithGenerateName(value string) *BackgroundScanReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.GenerateName = &value
+	return b
+}
+
+// WithNamespace sets the Namespace field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Namespace field is set to the value of the last call.
+func (b *BackgroundScanReportApplyConfiguration) WithNamespace(value string) *BackgroundScanReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Namespace = &value
+	return b
+}
+
+// WithUID sets the UID field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the UID field is set to the value of the last call.
+func (b *BackgroundScanReportApplyConfiguration) WithUID(value types.UID) *BackgroundScanReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.UID = &value
+	return b
+}
+
+// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ResourceVersion field is set to the value of the last call.
+func (b *BackgroundScanReportApplyConfiguration) WithResourceVersion(value string) *BackgroundScanReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.ResourceVersion = &value
+	return b
+}
+
+// WithGeneration sets the Generation field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Generation field is set to the value of the last call.
+func (b *BackgroundScanReportApplyConfiguration) WithGeneration(value int64) *BackgroundScanReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Generation = &value
+	return b
+}
+
+// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the CreationTimestamp field is set to the value of the last call.
+func (b *BackgroundScanReportApplyConfiguration) WithCreationTimestamp(value metav1.Time) *BackgroundScanReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.CreationTimestamp = &value
+	return b
+}
+
+// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionTimestamp field is set to the value of the last call.
+func (b *BackgroundScanReportApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *BackgroundScanReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.DeletionTimestamp = &value
+	return b
+}
+
+// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call.
+func (b *BackgroundScanReportApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *BackgroundScanReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.DeletionGracePeriodSeconds = &value
+	return b
+}
+
+// WithLabels puts the entries into the Labels field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Labels field,
+// overwriting an existing map entries in Labels field with the same key.
+func (b *BackgroundScanReportApplyConfiguration) WithLabels(entries map[string]string) *BackgroundScanReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	if b.Labels == nil && len(entries) > 0 {
+		b.Labels = make(map[string]string, len(entries))
+	}
+	for k, v := range entries {
+		b.Labels[k] = v
+	}
+	return b
+}
+
+// WithAnnotations puts the entries into the Annotations field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Annotations field,
+// overwriting an existing map entries in Annotations field with the same key.
+func (b *BackgroundScanReportApplyConfiguration) WithAnnotations(entries map[string]string) *BackgroundScanReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	if b.Annotations == nil && len(entries) > 0 {
+		b.Annotations = make(map[string]string, len(entries))
+	}
+	for k, v := range entries {
+		b.Annotations[k] = v
+	}
+	return b
+}
+
+// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the OwnerReferences field.
+func (b *BackgroundScanReportApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *BackgroundScanReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithOwnerReferences")
+		}
+		b.OwnerReferences = append(b.OwnerReferences, *values[i])
+	}
+	return b
+}
+
+// WithFinalizers adds the given value to the Finalizers field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Finalizers field.
+func (b *BackgroundScanReportApplyConfiguration) WithFinalizers(values ...string) *BackgroundScanReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	for i := range values {
+		b.Finalizers = append(b.Finalizers, values[i])
+	}
+	return b
+}
+
+func (b *BackgroundScanReportApplyConfiguration) ensureObjectMetaApplyConfigurationExists() {
+	if b.ObjectMetaApplyConfiguration == nil {
+		b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{}
+	}
+}
+
+// WithSpec sets the Spec field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Spec field is set to the value of the last call.
+func (b *BackgroundScanReportApplyConfiguration) WithSpec(value *BackgroundScanReportSpecApplyConfiguration) *BackgroundScanReportApplyConfiguration {
+	b.Spec = value
+	return b
+}

pkg/client/applyconfigurations/reports/v1/backgroundscanreportspec.go

@@ -0,0 +1,57 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+import (
+	v1alpha2 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/policyreport/v1alpha2"
+)
+
+// BackgroundScanReportSpecApplyConfiguration represents an declarative configuration of the BackgroundScanReportSpec type for use
+// with apply.
+type BackgroundScanReportSpecApplyConfiguration struct {
+	Summary *v1alpha2.PolicyReportSummaryApplyConfiguration `json:"summary,omitempty"`
+	Results []v1alpha2.PolicyReportResultApplyConfiguration `json:"results,omitempty"`
+}
+
+// BackgroundScanReportSpecApplyConfiguration constructs an declarative configuration of the BackgroundScanReportSpec type for use with
+// apply.
+func BackgroundScanReportSpec() *BackgroundScanReportSpecApplyConfiguration {
+	return &BackgroundScanReportSpecApplyConfiguration{}
+}
+
+// WithSummary sets the Summary field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Summary field is set to the value of the last call.
+func (b *BackgroundScanReportSpecApplyConfiguration) WithSummary(value *v1alpha2.PolicyReportSummaryApplyConfiguration) *BackgroundScanReportSpecApplyConfiguration {
+	b.Summary = value
+	return b
+}
+
+// WithResults adds the given value to the Results field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Results field.
+func (b *BackgroundScanReportSpecApplyConfiguration) WithResults(values ...*v1alpha2.PolicyReportResultApplyConfiguration) *BackgroundScanReportSpecApplyConfiguration {
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithResults")
+		}
+		b.Results = append(b.Results, *values[i])
+	}
+	return b
+}

pkg/client/applyconfigurations/reports/v1/clusteradmissionreport.go

@@ -0,0 +1,209 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+)
+
+// ClusterAdmissionReportApplyConfiguration represents an declarative configuration of the ClusterAdmissionReport type for use
+// with apply.
+type ClusterAdmissionReportApplyConfiguration struct {
+	v1.TypeMetaApplyConfiguration    `json:",inline"`
+	*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
+	Spec                             *AdmissionReportSpecApplyConfiguration `json:"spec,omitempty"`
+}
+
+// ClusterAdmissionReport constructs an declarative configuration of the ClusterAdmissionReport type for use with
+// apply.
+func ClusterAdmissionReport(name string) *ClusterAdmissionReportApplyConfiguration {
+	b := &ClusterAdmissionReportApplyConfiguration{}
+	b.WithName(name)
+	b.WithKind("ClusterAdmissionReport")
+	b.WithAPIVersion("reports.kyverno.io/v1")
+	return b
+}
+
+// WithKind sets the Kind field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Kind field is set to the value of the last call.
+func (b *ClusterAdmissionReportApplyConfiguration) WithKind(value string) *ClusterAdmissionReportApplyConfiguration {
+	b.Kind = &value
+	return b
+}
+
+// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the APIVersion field is set to the value of the last call.
+func (b *ClusterAdmissionReportApplyConfiguration) WithAPIVersion(value string) *ClusterAdmissionReportApplyConfiguration {
+	b.APIVersion = &value
+	return b
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *ClusterAdmissionReportApplyConfiguration) WithName(value string) *ClusterAdmissionReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Name = &value
+	return b
+}
+
+// WithGenerateName sets the GenerateName field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the GenerateName field is set to the value of the last call.
+func (b *ClusterAdmissionReportApplyConfiguration) WithGenerateName(value string) *ClusterAdmissionReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.GenerateName = &value
+	return b
+}
+
+// WithNamespace sets the Namespace field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Namespace field is set to the value of the last call.
+func (b *ClusterAdmissionReportApplyConfiguration) WithNamespace(value string) *ClusterAdmissionReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Namespace = &value
+	return b
+}
+
+// WithUID sets the UID field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the UID field is set to the value of the last call.
+func (b *ClusterAdmissionReportApplyConfiguration) WithUID(value types.UID) *ClusterAdmissionReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.UID = &value
+	return b
+}
+
+// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ResourceVersion field is set to the value of the last call.
+func (b *ClusterAdmissionReportApplyConfiguration) WithResourceVersion(value string) *ClusterAdmissionReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.ResourceVersion = &value
+	return b
+}
+
+// WithGeneration sets the Generation field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Generation field is set to the value of the last call.
+func (b *ClusterAdmissionReportApplyConfiguration) WithGeneration(value int64) *ClusterAdmissionReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Generation = &value
+	return b
+}
+
+// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the CreationTimestamp field is set to the value of the last call.
+func (b *ClusterAdmissionReportApplyConfiguration) WithCreationTimestamp(value metav1.Time) *ClusterAdmissionReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.CreationTimestamp = &value
+	return b
+}
+
+// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionTimestamp field is set to the value of the last call.
+func (b *ClusterAdmissionReportApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *ClusterAdmissionReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.DeletionTimestamp = &value
+	return b
+}
+
+// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call.
+func (b *ClusterAdmissionReportApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *ClusterAdmissionReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.DeletionGracePeriodSeconds = &value
+	return b
+}
+
+// WithLabels puts the entries into the Labels field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Labels field,
+// overwriting an existing map entries in Labels field with the same key.
+func (b *ClusterAdmissionReportApplyConfiguration) WithLabels(entries map[string]string) *ClusterAdmissionReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	if b.Labels == nil && len(entries) > 0 {
+		b.Labels = make(map[string]string, len(entries))
+	}
+	for k, v := range entries {
+		b.Labels[k] = v
+	}
+	return b
+}
+
+// WithAnnotations puts the entries into the Annotations field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Annotations field,
+// overwriting an existing map entries in Annotations field with the same key.
+func (b *ClusterAdmissionReportApplyConfiguration) WithAnnotations(entries map[string]string) *ClusterAdmissionReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	if b.Annotations == nil && len(entries) > 0 {
+		b.Annotations = make(map[string]string, len(entries))
+	}
+	for k, v := range entries {
+		b.Annotations[k] = v
+	}
+	return b
+}
+
+// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the OwnerReferences field.
+func (b *ClusterAdmissionReportApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *ClusterAdmissionReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithOwnerReferences")
+		}
+		b.OwnerReferences = append(b.OwnerReferences, *values[i])
+	}
+	return b
+}
+
+// WithFinalizers adds the given value to the Finalizers field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Finalizers field.
+func (b *ClusterAdmissionReportApplyConfiguration) WithFinalizers(values ...string) *ClusterAdmissionReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	for i := range values {
+		b.Finalizers = append(b.Finalizers, values[i])
+	}
+	return b
+}
+
+func (b *ClusterAdmissionReportApplyConfiguration) ensureObjectMetaApplyConfigurationExists() {
+	if b.ObjectMetaApplyConfiguration == nil {
+		b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{}
+	}
+}
+
+// WithSpec sets the Spec field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Spec field is set to the value of the last call.
+func (b *ClusterAdmissionReportApplyConfiguration) WithSpec(value *AdmissionReportSpecApplyConfiguration) *ClusterAdmissionReportApplyConfiguration {
+	b.Spec = value
+	return b
+}

pkg/client/applyconfigurations/reports/v1/clusterbackgroundscanreport.go

@@ -0,0 +1,209 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+)
+
+// ClusterBackgroundScanReportApplyConfiguration represents an declarative configuration of the ClusterBackgroundScanReport type for use
+// with apply.
+type ClusterBackgroundScanReportApplyConfiguration struct {
+	v1.TypeMetaApplyConfiguration    `json:",inline"`
+	*v1.ObjectMetaApplyConfiguration `json:"metadata,omitempty"`
+	Spec                             *BackgroundScanReportSpecApplyConfiguration `json:"spec,omitempty"`
+}
+
+// ClusterBackgroundScanReport constructs an declarative configuration of the ClusterBackgroundScanReport type for use with
+// apply.
+func ClusterBackgroundScanReport(name string) *ClusterBackgroundScanReportApplyConfiguration {
+	b := &ClusterBackgroundScanReportApplyConfiguration{}
+	b.WithName(name)
+	b.WithKind("ClusterBackgroundScanReport")
+	b.WithAPIVersion("reports.kyverno.io/v1")
+	return b
+}
+
+// WithKind sets the Kind field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Kind field is set to the value of the last call.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithKind(value string) *ClusterBackgroundScanReportApplyConfiguration {
+	b.Kind = &value
+	return b
+}
+
+// WithAPIVersion sets the APIVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the APIVersion field is set to the value of the last call.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithAPIVersion(value string) *ClusterBackgroundScanReportApplyConfiguration {
+	b.APIVersion = &value
+	return b
+}
+
+// WithName sets the Name field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Name field is set to the value of the last call.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithName(value string) *ClusterBackgroundScanReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Name = &value
+	return b
+}
+
+// WithGenerateName sets the GenerateName field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the GenerateName field is set to the value of the last call.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithGenerateName(value string) *ClusterBackgroundScanReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.GenerateName = &value
+	return b
+}
+
+// WithNamespace sets the Namespace field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Namespace field is set to the value of the last call.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithNamespace(value string) *ClusterBackgroundScanReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Namespace = &value
+	return b
+}
+
+// WithUID sets the UID field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the UID field is set to the value of the last call.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithUID(value types.UID) *ClusterBackgroundScanReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.UID = &value
+	return b
+}
+
+// WithResourceVersion sets the ResourceVersion field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ResourceVersion field is set to the value of the last call.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithResourceVersion(value string) *ClusterBackgroundScanReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.ResourceVersion = &value
+	return b
+}
+
+// WithGeneration sets the Generation field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Generation field is set to the value of the last call.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithGeneration(value int64) *ClusterBackgroundScanReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.Generation = &value
+	return b
+}
+
+// WithCreationTimestamp sets the CreationTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the CreationTimestamp field is set to the value of the last call.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithCreationTimestamp(value metav1.Time) *ClusterBackgroundScanReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.CreationTimestamp = &value
+	return b
+}
+
+// WithDeletionTimestamp sets the DeletionTimestamp field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionTimestamp field is set to the value of the last call.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithDeletionTimestamp(value metav1.Time) *ClusterBackgroundScanReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.DeletionTimestamp = &value
+	return b
+}
+
+// WithDeletionGracePeriodSeconds sets the DeletionGracePeriodSeconds field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DeletionGracePeriodSeconds field is set to the value of the last call.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithDeletionGracePeriodSeconds(value int64) *ClusterBackgroundScanReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	b.DeletionGracePeriodSeconds = &value
+	return b
+}
+
+// WithLabels puts the entries into the Labels field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Labels field,
+// overwriting an existing map entries in Labels field with the same key.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithLabels(entries map[string]string) *ClusterBackgroundScanReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	if b.Labels == nil && len(entries) > 0 {
+		b.Labels = make(map[string]string, len(entries))
+	}
+	for k, v := range entries {
+		b.Labels[k] = v
+	}
+	return b
+}
+
+// WithAnnotations puts the entries into the Annotations field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, the entries provided by each call will be put on the Annotations field,
+// overwriting an existing map entries in Annotations field with the same key.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithAnnotations(entries map[string]string) *ClusterBackgroundScanReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	if b.Annotations == nil && len(entries) > 0 {
+		b.Annotations = make(map[string]string, len(entries))
+	}
+	for k, v := range entries {
+		b.Annotations[k] = v
+	}
+	return b
+}
+
+// WithOwnerReferences adds the given value to the OwnerReferences field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the OwnerReferences field.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithOwnerReferences(values ...*v1.OwnerReferenceApplyConfiguration) *ClusterBackgroundScanReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	for i := range values {
+		if values[i] == nil {
+			panic("nil value passed to WithOwnerReferences")
+		}
+		b.OwnerReferences = append(b.OwnerReferences, *values[i])
+	}
+	return b
+}
+
+// WithFinalizers adds the given value to the Finalizers field in the declarative configuration
+// and returns the receiver, so that objects can be build by chaining "With" function invocations.
+// If called multiple times, values provided by each call will be appended to the Finalizers field.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithFinalizers(values ...string) *ClusterBackgroundScanReportApplyConfiguration {
+	b.ensureObjectMetaApplyConfigurationExists()
+	for i := range values {
+		b.Finalizers = append(b.Finalizers, values[i])
+	}
+	return b
+}
+
+func (b *ClusterBackgroundScanReportApplyConfiguration) ensureObjectMetaApplyConfigurationExists() {
+	if b.ObjectMetaApplyConfiguration == nil {
+		b.ObjectMetaApplyConfiguration = &v1.ObjectMetaApplyConfiguration{}
+	}
+}
+
+// WithSpec sets the Spec field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Spec field is set to the value of the last call.
+func (b *ClusterBackgroundScanReportApplyConfiguration) WithSpec(value *BackgroundScanReportSpecApplyConfiguration) *ClusterBackgroundScanReportApplyConfiguration {
+	b.Spec = value
+	return b
+}

pkg/client/applyconfigurations/utils.go

@@ -19,6 +19,7 @@ limitations under the License.
 package applyconfigurations
 
 import (
+	reportsv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
 	v1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	v1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
 	v1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
@@ -33,6 +34,7 @@ import (
 	kyvernov2alpha1 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/kyverno/v2alpha1"
 	kyvernov2beta1 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/kyverno/v2beta1"
 	applyconfigurationspolicyreportv1alpha2 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/policyreport/v1alpha2"
+	applyconfigurationsreportsv1 "github.com/kyverno/kyverno/pkg/client/applyconfigurations/reports/v1"
 	schema "k8s.io/apimachinery/pkg/runtime/schema"
 )
 
@@ -256,6 +258,20 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
 	case v2beta1.SchemeGroupVersion.WithKind("Validation"):
 		return &kyvernov2beta1.ValidationApplyConfiguration{}
 
+		// Group=reports.kyverno.io, Version=v1
+	case reportsv1.SchemeGroupVersion.WithKind("AdmissionReport"):
+		return &applyconfigurationsreportsv1.AdmissionReportApplyConfiguration{}
+	case reportsv1.SchemeGroupVersion.WithKind("AdmissionReportSpec"):
+		return &applyconfigurationsreportsv1.AdmissionReportSpecApplyConfiguration{}
+	case reportsv1.SchemeGroupVersion.WithKind("BackgroundScanReport"):
+		return &applyconfigurationsreportsv1.BackgroundScanReportApplyConfiguration{}
+	case reportsv1.SchemeGroupVersion.WithKind("BackgroundScanReportSpec"):
+		return &applyconfigurationsreportsv1.BackgroundScanReportSpecApplyConfiguration{}
+	case reportsv1.SchemeGroupVersion.WithKind("ClusterAdmissionReport"):
+		return &applyconfigurationsreportsv1.ClusterAdmissionReportApplyConfiguration{}
+	case reportsv1.SchemeGroupVersion.WithKind("ClusterBackgroundScanReport"):
+		return &applyconfigurationsreportsv1.ClusterBackgroundScanReportApplyConfiguration{}
+
 		// Group=wgpolicyk8s.io, Version=v1alpha2
 	case policyreportv1alpha2.SchemeGroupVersion.WithKind("ClusterPolicyReport"):
 		return &applyconfigurationspolicyreportv1alpha2.ClusterPolicyReportApplyConfiguration{}

pkg/client/clientset/versioned/clientset.go

@@ -29,6 +29,7 @@ import (
 	kyvernov2alpha1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2alpha1"
 	kyvernov2beta1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2beta1"
 	wgpolicyk8sv1alpha2 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/policyreport/v1alpha2"
+	reportsv1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1"
 	discovery "k8s.io/client-go/discovery"
 	rest "k8s.io/client-go/rest"
 	flowcontrol "k8s.io/client-go/util/flowcontrol"
@@ -43,6 +44,7 @@ type Interface interface {
 	KyvernoV2beta1() kyvernov2beta1.KyvernoV2beta1Interface
 	KyvernoV2alpha1() kyvernov2alpha1.KyvernoV2alpha1Interface
 	Wgpolicyk8sV1alpha2() wgpolicyk8sv1alpha2.Wgpolicyk8sV1alpha2Interface
+	ReportsV1() reportsv1.ReportsV1Interface
 }
 
 // Clientset contains the clients for groups.
@@ -55,6 +57,7 @@ type Clientset struct {
 	kyvernoV2beta1      *kyvernov2beta1.KyvernoV2beta1Client
 	kyvernoV2alpha1     *kyvernov2alpha1.KyvernoV2alpha1Client
 	wgpolicyk8sV1alpha2 *wgpolicyk8sv1alpha2.Wgpolicyk8sV1alpha2Client
+	reportsV1           *reportsv1.ReportsV1Client
 }
 
 // KyvernoV1 retrieves the KyvernoV1Client
@@ -92,6 +95,11 @@ func (c *Clientset) Wgpolicyk8sV1alpha2() wgpolicyk8sv1alpha2.Wgpolicyk8sV1alpha
 	return c.wgpolicyk8sV1alpha2
 }
 
+// ReportsV1 retrieves the ReportsV1Client
+func (c *Clientset) ReportsV1() reportsv1.ReportsV1Interface {
+	return c.reportsV1
+}
+
 // Discovery retrieves the DiscoveryClient
 func (c *Clientset) Discovery() discovery.DiscoveryInterface {
 	if c == nil {
@@ -164,6 +172,10 @@ func NewForConfigAndClient(c *rest.Config, httpClient *http.Client) (*Clientset,
 	if err != nil {
 		return nil, err
 	}
+	cs.reportsV1, err = reportsv1.NewForConfigAndClient(&configShallowCopy, httpClient)
+	if err != nil {
+		return nil, err
+	}
 
 	cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfigAndClient(&configShallowCopy, httpClient)
 	if err != nil {
@@ -192,6 +204,7 @@ func New(c rest.Interface) *Clientset {
 	cs.kyvernoV2beta1 = kyvernov2beta1.New(c)
 	cs.kyvernoV2alpha1 = kyvernov2alpha1.New(c)
 	cs.wgpolicyk8sV1alpha2 = wgpolicyk8sv1alpha2.New(c)
+	cs.reportsV1 = reportsv1.New(c)
 
 	cs.DiscoveryClient = discovery.NewDiscoveryClient(c)
 	return &cs

pkg/client/clientset/versioned/fake/clientset_generated.go

@@ -34,6 +34,8 @@ import (
 	fakekyvernov2beta1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2beta1/fake"
 	wgpolicyk8sv1alpha2 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/policyreport/v1alpha2"
 	fakewgpolicyk8sv1alpha2 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/policyreport/v1alpha2/fake"
+	reportsv1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1"
+	fakereportsv1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1/fake"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/watch"
 	"k8s.io/client-go/discovery"
@@ -125,3 +127,8 @@ func (c *Clientset) KyvernoV2alpha1() kyvernov2alpha1.KyvernoV2alpha1Interface {
 func (c *Clientset) Wgpolicyk8sV1alpha2() wgpolicyk8sv1alpha2.Wgpolicyk8sV1alpha2Interface {
 	return &fakewgpolicyk8sv1alpha2.FakeWgpolicyk8sV1alpha2{Fake: &c.Fake}
 }
+
+// ReportsV1 retrieves the ReportsV1Client
+func (c *Clientset) ReportsV1() reportsv1.ReportsV1Interface {
+	return &fakereportsv1.FakeReportsV1{Fake: &c.Fake}
+}

pkg/client/clientset/versioned/fake/register.go

@@ -19,6 +19,7 @@ limitations under the License.
 package fake
 
 import (
+	reportsv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
 	kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
@@ -44,6 +45,7 @@ var localSchemeBuilder = runtime.SchemeBuilder{
 	kyvernov2beta1.AddToScheme,
 	kyvernov2alpha1.AddToScheme,
 	wgpolicyk8sv1alpha2.AddToScheme,
+	reportsv1.AddToScheme,
 }
 
 // AddToScheme adds all types of this clientset into the given scheme. This allows composition

pkg/client/clientset/versioned/scheme/register.go

@@ -19,6 +19,7 @@ limitations under the License.
 package scheme
 
 import (
+	reportsv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
 	kyvernov1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
 	kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
@@ -44,6 +45,7 @@ var localSchemeBuilder = runtime.SchemeBuilder{
 	kyvernov2beta1.AddToScheme,
 	kyvernov2alpha1.AddToScheme,
 	wgpolicyk8sv1alpha2.AddToScheme,
+	reportsv1.AddToScheme,
 }
 
 // AddToScheme adds all types of this clientset into the given scheme. This allows composition

pkg/client/clientset/versioned/typed/reports/v1/admissionreport.go

@@ -0,0 +1,178 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1
+
+import (
+	"context"
+	"time"
+
+	v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+	scheme "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+)
+
+// AdmissionReportsGetter has a method to return a AdmissionReportInterface.
+// A group's client should implement this interface.
+type AdmissionReportsGetter interface {
+	AdmissionReports(namespace string) AdmissionReportInterface
+}
+
+// AdmissionReportInterface has methods to work with AdmissionReport resources.
+type AdmissionReportInterface interface {
+	Create(ctx context.Context, admissionReport *v1.AdmissionReport, opts metav1.CreateOptions) (*v1.AdmissionReport, error)
+	Update(ctx context.Context, admissionReport *v1.AdmissionReport, opts metav1.UpdateOptions) (*v1.AdmissionReport, error)
+	Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error
+	DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error
+	Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.AdmissionReport, error)
+	List(ctx context.Context, opts metav1.ListOptions) (*v1.AdmissionReportList, error)
+	Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error)
+	Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.AdmissionReport, err error)
+	AdmissionReportExpansion
+}
+
+// admissionReports implements AdmissionReportInterface
+type admissionReports struct {
+	client rest.Interface
+	ns     string
+}
+
+// newAdmissionReports returns a AdmissionReports
+func newAdmissionReports(c *ReportsV1Client, namespace string) *admissionReports {
+	return &admissionReports{
+		client: c.RESTClient(),
+		ns:     namespace,
+	}
+}
+
+// Get takes name of the admissionReport, and returns the corresponding admissionReport object, and an error if there is any.
+func (c *admissionReports) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.AdmissionReport, err error) {
+	result = &v1.AdmissionReport{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("admissionreports").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of AdmissionReports that match those selectors.
+func (c *admissionReports) List(ctx context.Context, opts metav1.ListOptions) (result *v1.AdmissionReportList, err error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	result = &v1.AdmissionReportList{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("admissionreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested admissionReports.
+func (c *admissionReports) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	opts.Watch = true
+	return c.client.Get().
+		Namespace(c.ns).
+		Resource("admissionreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Watch(ctx)
+}
+
+// Create takes the representation of a admissionReport and creates it.  Returns the server's representation of the admissionReport, and an error, if there is any.
+func (c *admissionReports) Create(ctx context.Context, admissionReport *v1.AdmissionReport, opts metav1.CreateOptions) (result *v1.AdmissionReport, err error) {
+	result = &v1.AdmissionReport{}
+	err = c.client.Post().
+		Namespace(c.ns).
+		Resource("admissionreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(admissionReport).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Update takes the representation of a admissionReport and updates it. Returns the server's representation of the admissionReport, and an error, if there is any.
+func (c *admissionReports) Update(ctx context.Context, admissionReport *v1.AdmissionReport, opts metav1.UpdateOptions) (result *v1.AdmissionReport, err error) {
+	result = &v1.AdmissionReport{}
+	err = c.client.Put().
+		Namespace(c.ns).
+		Resource("admissionreports").
+		Name(admissionReport.Name).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(admissionReport).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Delete takes name of the admissionReport and deletes it. Returns an error if one occurs.
+func (c *admissionReports) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error {
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("admissionreports").
+		Name(name).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *admissionReports) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error {
+	var timeout time.Duration
+	if listOpts.TimeoutSeconds != nil {
+		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+	}
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("admissionreports").
+		VersionedParams(&listOpts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// Patch applies the patch and returns the patched admissionReport.
+func (c *admissionReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.AdmissionReport, err error) {
+	result = &v1.AdmissionReport{}
+	err = c.client.Patch(pt).
+		Namespace(c.ns).
+		Resource("admissionreports").
+		Name(name).
+		SubResource(subresources...).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(data).
+		Do(ctx).
+		Into(result)
+	return
+}

pkg/client/clientset/versioned/typed/reports/v1/backgroundscanreport.go

@@ -0,0 +1,178 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1
+
+import (
+	"context"
+	"time"
+
+	v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+	scheme "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+)
+
+// BackgroundScanReportsGetter has a method to return a BackgroundScanReportInterface.
+// A group's client should implement this interface.
+type BackgroundScanReportsGetter interface {
+	BackgroundScanReports(namespace string) BackgroundScanReportInterface
+}
+
+// BackgroundScanReportInterface has methods to work with BackgroundScanReport resources.
+type BackgroundScanReportInterface interface {
+	Create(ctx context.Context, backgroundScanReport *v1.BackgroundScanReport, opts metav1.CreateOptions) (*v1.BackgroundScanReport, error)
+	Update(ctx context.Context, backgroundScanReport *v1.BackgroundScanReport, opts metav1.UpdateOptions) (*v1.BackgroundScanReport, error)
+	Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error
+	DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error
+	Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.BackgroundScanReport, error)
+	List(ctx context.Context, opts metav1.ListOptions) (*v1.BackgroundScanReportList, error)
+	Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error)
+	Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.BackgroundScanReport, err error)
+	BackgroundScanReportExpansion
+}
+
+// backgroundScanReports implements BackgroundScanReportInterface
+type backgroundScanReports struct {
+	client rest.Interface
+	ns     string
+}
+
+// newBackgroundScanReports returns a BackgroundScanReports
+func newBackgroundScanReports(c *ReportsV1Client, namespace string) *backgroundScanReports {
+	return &backgroundScanReports{
+		client: c.RESTClient(),
+		ns:     namespace,
+	}
+}
+
+// Get takes name of the backgroundScanReport, and returns the corresponding backgroundScanReport object, and an error if there is any.
+func (c *backgroundScanReports) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.BackgroundScanReport, err error) {
+	result = &v1.BackgroundScanReport{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("backgroundscanreports").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of BackgroundScanReports that match those selectors.
+func (c *backgroundScanReports) List(ctx context.Context, opts metav1.ListOptions) (result *v1.BackgroundScanReportList, err error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	result = &v1.BackgroundScanReportList{}
+	err = c.client.Get().
+		Namespace(c.ns).
+		Resource("backgroundscanreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested backgroundScanReports.
+func (c *backgroundScanReports) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	opts.Watch = true
+	return c.client.Get().
+		Namespace(c.ns).
+		Resource("backgroundscanreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Watch(ctx)
+}
+
+// Create takes the representation of a backgroundScanReport and creates it.  Returns the server's representation of the backgroundScanReport, and an error, if there is any.
+func (c *backgroundScanReports) Create(ctx context.Context, backgroundScanReport *v1.BackgroundScanReport, opts metav1.CreateOptions) (result *v1.BackgroundScanReport, err error) {
+	result = &v1.BackgroundScanReport{}
+	err = c.client.Post().
+		Namespace(c.ns).
+		Resource("backgroundscanreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(backgroundScanReport).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Update takes the representation of a backgroundScanReport and updates it. Returns the server's representation of the backgroundScanReport, and an error, if there is any.
+func (c *backgroundScanReports) Update(ctx context.Context, backgroundScanReport *v1.BackgroundScanReport, opts metav1.UpdateOptions) (result *v1.BackgroundScanReport, err error) {
+	result = &v1.BackgroundScanReport{}
+	err = c.client.Put().
+		Namespace(c.ns).
+		Resource("backgroundscanreports").
+		Name(backgroundScanReport.Name).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(backgroundScanReport).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Delete takes name of the backgroundScanReport and deletes it. Returns an error if one occurs.
+func (c *backgroundScanReports) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error {
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("backgroundscanreports").
+		Name(name).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *backgroundScanReports) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error {
+	var timeout time.Duration
+	if listOpts.TimeoutSeconds != nil {
+		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+	}
+	return c.client.Delete().
+		Namespace(c.ns).
+		Resource("backgroundscanreports").
+		VersionedParams(&listOpts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// Patch applies the patch and returns the patched backgroundScanReport.
+func (c *backgroundScanReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.BackgroundScanReport, err error) {
+	result = &v1.BackgroundScanReport{}
+	err = c.client.Patch(pt).
+		Namespace(c.ns).
+		Resource("backgroundscanreports").
+		Name(name).
+		SubResource(subresources...).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(data).
+		Do(ctx).
+		Into(result)
+	return
+}

pkg/client/clientset/versioned/typed/reports/v1/clusteradmissionreport.go

@@ -0,0 +1,168 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1
+
+import (
+	"context"
+	"time"
+
+	v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+	scheme "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+)
+
+// ClusterAdmissionReportsGetter has a method to return a ClusterAdmissionReportInterface.
+// A group's client should implement this interface.
+type ClusterAdmissionReportsGetter interface {
+	ClusterAdmissionReports() ClusterAdmissionReportInterface
+}
+
+// ClusterAdmissionReportInterface has methods to work with ClusterAdmissionReport resources.
+type ClusterAdmissionReportInterface interface {
+	Create(ctx context.Context, clusterAdmissionReport *v1.ClusterAdmissionReport, opts metav1.CreateOptions) (*v1.ClusterAdmissionReport, error)
+	Update(ctx context.Context, clusterAdmissionReport *v1.ClusterAdmissionReport, opts metav1.UpdateOptions) (*v1.ClusterAdmissionReport, error)
+	Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error
+	DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error
+	Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.ClusterAdmissionReport, error)
+	List(ctx context.Context, opts metav1.ListOptions) (*v1.ClusterAdmissionReportList, error)
+	Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error)
+	Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterAdmissionReport, err error)
+	ClusterAdmissionReportExpansion
+}
+
+// clusterAdmissionReports implements ClusterAdmissionReportInterface
+type clusterAdmissionReports struct {
+	client rest.Interface
+}
+
+// newClusterAdmissionReports returns a ClusterAdmissionReports
+func newClusterAdmissionReports(c *ReportsV1Client) *clusterAdmissionReports {
+	return &clusterAdmissionReports{
+		client: c.RESTClient(),
+	}
+}
+
+// Get takes name of the clusterAdmissionReport, and returns the corresponding clusterAdmissionReport object, and an error if there is any.
+func (c *clusterAdmissionReports) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterAdmissionReport, err error) {
+	result = &v1.ClusterAdmissionReport{}
+	err = c.client.Get().
+		Resource("clusteradmissionreports").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of ClusterAdmissionReports that match those selectors.
+func (c *clusterAdmissionReports) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterAdmissionReportList, err error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	result = &v1.ClusterAdmissionReportList{}
+	err = c.client.Get().
+		Resource("clusteradmissionreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested clusterAdmissionReports.
+func (c *clusterAdmissionReports) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	opts.Watch = true
+	return c.client.Get().
+		Resource("clusteradmissionreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Watch(ctx)
+}
+
+// Create takes the representation of a clusterAdmissionReport and creates it.  Returns the server's representation of the clusterAdmissionReport, and an error, if there is any.
+func (c *clusterAdmissionReports) Create(ctx context.Context, clusterAdmissionReport *v1.ClusterAdmissionReport, opts metav1.CreateOptions) (result *v1.ClusterAdmissionReport, err error) {
+	result = &v1.ClusterAdmissionReport{}
+	err = c.client.Post().
+		Resource("clusteradmissionreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(clusterAdmissionReport).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Update takes the representation of a clusterAdmissionReport and updates it. Returns the server's representation of the clusterAdmissionReport, and an error, if there is any.
+func (c *clusterAdmissionReports) Update(ctx context.Context, clusterAdmissionReport *v1.ClusterAdmissionReport, opts metav1.UpdateOptions) (result *v1.ClusterAdmissionReport, err error) {
+	result = &v1.ClusterAdmissionReport{}
+	err = c.client.Put().
+		Resource("clusteradmissionreports").
+		Name(clusterAdmissionReport.Name).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(clusterAdmissionReport).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Delete takes name of the clusterAdmissionReport and deletes it. Returns an error if one occurs.
+func (c *clusterAdmissionReports) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error {
+	return c.client.Delete().
+		Resource("clusteradmissionreports").
+		Name(name).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *clusterAdmissionReports) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error {
+	var timeout time.Duration
+	if listOpts.TimeoutSeconds != nil {
+		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+	}
+	return c.client.Delete().
+		Resource("clusteradmissionreports").
+		VersionedParams(&listOpts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// Patch applies the patch and returns the patched clusterAdmissionReport.
+func (c *clusterAdmissionReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterAdmissionReport, err error) {
+	result = &v1.ClusterAdmissionReport{}
+	err = c.client.Patch(pt).
+		Resource("clusteradmissionreports").
+		Name(name).
+		SubResource(subresources...).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(data).
+		Do(ctx).
+		Into(result)
+	return
+}

pkg/client/clientset/versioned/typed/reports/v1/clusterbackgroundscanreport.go

@@ -0,0 +1,168 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1
+
+import (
+	"context"
+	"time"
+
+	v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+	scheme "github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	rest "k8s.io/client-go/rest"
+)
+
+// ClusterBackgroundScanReportsGetter has a method to return a ClusterBackgroundScanReportInterface.
+// A group's client should implement this interface.
+type ClusterBackgroundScanReportsGetter interface {
+	ClusterBackgroundScanReports() ClusterBackgroundScanReportInterface
+}
+
+// ClusterBackgroundScanReportInterface has methods to work with ClusterBackgroundScanReport resources.
+type ClusterBackgroundScanReportInterface interface {
+	Create(ctx context.Context, clusterBackgroundScanReport *v1.ClusterBackgroundScanReport, opts metav1.CreateOptions) (*v1.ClusterBackgroundScanReport, error)
+	Update(ctx context.Context, clusterBackgroundScanReport *v1.ClusterBackgroundScanReport, opts metav1.UpdateOptions) (*v1.ClusterBackgroundScanReport, error)
+	Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error
+	DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error
+	Get(ctx context.Context, name string, opts metav1.GetOptions) (*v1.ClusterBackgroundScanReport, error)
+	List(ctx context.Context, opts metav1.ListOptions) (*v1.ClusterBackgroundScanReportList, error)
+	Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error)
+	Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterBackgroundScanReport, err error)
+	ClusterBackgroundScanReportExpansion
+}
+
+// clusterBackgroundScanReports implements ClusterBackgroundScanReportInterface
+type clusterBackgroundScanReports struct {
+	client rest.Interface
+}
+
+// newClusterBackgroundScanReports returns a ClusterBackgroundScanReports
+func newClusterBackgroundScanReports(c *ReportsV1Client) *clusterBackgroundScanReports {
+	return &clusterBackgroundScanReports{
+		client: c.RESTClient(),
+	}
+}
+
+// Get takes name of the clusterBackgroundScanReport, and returns the corresponding clusterBackgroundScanReport object, and an error if there is any.
+func (c *clusterBackgroundScanReports) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterBackgroundScanReport, err error) {
+	result = &v1.ClusterBackgroundScanReport{}
+	err = c.client.Get().
+		Resource("clusterbackgroundscanreports").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of ClusterBackgroundScanReports that match those selectors.
+func (c *clusterBackgroundScanReports) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterBackgroundScanReportList, err error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	result = &v1.ClusterBackgroundScanReportList{}
+	err = c.client.Get().
+		Resource("clusterbackgroundscanreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested clusterBackgroundScanReports.
+func (c *clusterBackgroundScanReports) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) {
+	var timeout time.Duration
+	if opts.TimeoutSeconds != nil {
+		timeout = time.Duration(*opts.TimeoutSeconds) * time.Second
+	}
+	opts.Watch = true
+	return c.client.Get().
+		Resource("clusterbackgroundscanreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Watch(ctx)
+}
+
+// Create takes the representation of a clusterBackgroundScanReport and creates it.  Returns the server's representation of the clusterBackgroundScanReport, and an error, if there is any.
+func (c *clusterBackgroundScanReports) Create(ctx context.Context, clusterBackgroundScanReport *v1.ClusterBackgroundScanReport, opts metav1.CreateOptions) (result *v1.ClusterBackgroundScanReport, err error) {
+	result = &v1.ClusterBackgroundScanReport{}
+	err = c.client.Post().
+		Resource("clusterbackgroundscanreports").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(clusterBackgroundScanReport).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Update takes the representation of a clusterBackgroundScanReport and updates it. Returns the server's representation of the clusterBackgroundScanReport, and an error, if there is any.
+func (c *clusterBackgroundScanReports) Update(ctx context.Context, clusterBackgroundScanReport *v1.ClusterBackgroundScanReport, opts metav1.UpdateOptions) (result *v1.ClusterBackgroundScanReport, err error) {
+	result = &v1.ClusterBackgroundScanReport{}
+	err = c.client.Put().
+		Resource("clusterbackgroundscanreports").
+		Name(clusterBackgroundScanReport.Name).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(clusterBackgroundScanReport).
+		Do(ctx).
+		Into(result)
+	return
+}
+
+// Delete takes name of the clusterBackgroundScanReport and deletes it. Returns an error if one occurs.
+func (c *clusterBackgroundScanReports) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error {
+	return c.client.Delete().
+		Resource("clusterbackgroundscanreports").
+		Name(name).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *clusterBackgroundScanReports) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error {
+	var timeout time.Duration
+	if listOpts.TimeoutSeconds != nil {
+		timeout = time.Duration(*listOpts.TimeoutSeconds) * time.Second
+	}
+	return c.client.Delete().
+		Resource("clusterbackgroundscanreports").
+		VersionedParams(&listOpts, scheme.ParameterCodec).
+		Timeout(timeout).
+		Body(&opts).
+		Do(ctx).
+		Error()
+}
+
+// Patch applies the patch and returns the patched clusterBackgroundScanReport.
+func (c *clusterBackgroundScanReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterBackgroundScanReport, err error) {
+	result = &v1.ClusterBackgroundScanReport{}
+	err = c.client.Patch(pt).
+		Resource("clusterbackgroundscanreports").
+		Name(name).
+		SubResource(subresources...).
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Body(data).
+		Do(ctx).
+		Into(result)
+	return
+}

pkg/client/clientset/versioned/typed/reports/v1/doc.go

@@ -0,0 +1,20 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+// This package has the automatically generated typed clients.
+package v1

pkg/client/clientset/versioned/typed/reports/v1/fake/doc.go

@@ -0,0 +1,20 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+// Package fake has the automatically generated clients.
+package fake

pkg/client/clientset/versioned/typed/reports/v1/fake/fake_admissionreport.go

@@ -0,0 +1,129 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	"context"
+
+	v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+)
+
+// FakeAdmissionReports implements AdmissionReportInterface
+type FakeAdmissionReports struct {
+	Fake *FakeReportsV1
+	ns   string
+}
+
+var admissionreportsResource = v1.SchemeGroupVersion.WithResource("admissionreports")
+
+var admissionreportsKind = v1.SchemeGroupVersion.WithKind("AdmissionReport")
+
+// Get takes name of the admissionReport, and returns the corresponding admissionReport object, and an error if there is any.
+func (c *FakeAdmissionReports) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.AdmissionReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewGetAction(admissionreportsResource, c.ns, name), &v1.AdmissionReport{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1.AdmissionReport), err
+}
+
+// List takes label and field selectors, and returns the list of AdmissionReports that match those selectors.
+func (c *FakeAdmissionReports) List(ctx context.Context, opts metav1.ListOptions) (result *v1.AdmissionReportList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewListAction(admissionreportsResource, admissionreportsKind, c.ns, opts), &v1.AdmissionReportList{})
+
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1.AdmissionReportList{ListMeta: obj.(*v1.AdmissionReportList).ListMeta}
+	for _, item := range obj.(*v1.AdmissionReportList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested admissionReports.
+func (c *FakeAdmissionReports) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewWatchAction(admissionreportsResource, c.ns, opts))
+
+}
+
+// Create takes the representation of a admissionReport and creates it.  Returns the server's representation of the admissionReport, and an error, if there is any.
+func (c *FakeAdmissionReports) Create(ctx context.Context, admissionReport *v1.AdmissionReport, opts metav1.CreateOptions) (result *v1.AdmissionReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewCreateAction(admissionreportsResource, c.ns, admissionReport), &v1.AdmissionReport{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1.AdmissionReport), err
+}
+
+// Update takes the representation of a admissionReport and updates it. Returns the server's representation of the admissionReport, and an error, if there is any.
+func (c *FakeAdmissionReports) Update(ctx context.Context, admissionReport *v1.AdmissionReport, opts metav1.UpdateOptions) (result *v1.AdmissionReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewUpdateAction(admissionreportsResource, c.ns, admissionReport), &v1.AdmissionReport{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1.AdmissionReport), err
+}
+
+// Delete takes name of the admissionReport and deletes it. Returns an error if one occurs.
+func (c *FakeAdmissionReports) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewDeleteActionWithOptions(admissionreportsResource, c.ns, name, opts), &v1.AdmissionReport{})
+
+	return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeAdmissionReports) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error {
+	action := testing.NewDeleteCollectionAction(admissionreportsResource, c.ns, listOpts)
+
+	_, err := c.Fake.Invokes(action, &v1.AdmissionReportList{})
+	return err
+}
+
+// Patch applies the patch and returns the patched admissionReport.
+func (c *FakeAdmissionReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.AdmissionReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewPatchSubresourceAction(admissionreportsResource, c.ns, name, pt, data, subresources...), &v1.AdmissionReport{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1.AdmissionReport), err
+}

pkg/client/clientset/versioned/typed/reports/v1/fake/fake_backgroundscanreport.go

@@ -0,0 +1,129 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	"context"
+
+	v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+)
+
+// FakeBackgroundScanReports implements BackgroundScanReportInterface
+type FakeBackgroundScanReports struct {
+	Fake *FakeReportsV1
+	ns   string
+}
+
+var backgroundscanreportsResource = v1.SchemeGroupVersion.WithResource("backgroundscanreports")
+
+var backgroundscanreportsKind = v1.SchemeGroupVersion.WithKind("BackgroundScanReport")
+
+// Get takes name of the backgroundScanReport, and returns the corresponding backgroundScanReport object, and an error if there is any.
+func (c *FakeBackgroundScanReports) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.BackgroundScanReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewGetAction(backgroundscanreportsResource, c.ns, name), &v1.BackgroundScanReport{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1.BackgroundScanReport), err
+}
+
+// List takes label and field selectors, and returns the list of BackgroundScanReports that match those selectors.
+func (c *FakeBackgroundScanReports) List(ctx context.Context, opts metav1.ListOptions) (result *v1.BackgroundScanReportList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewListAction(backgroundscanreportsResource, backgroundscanreportsKind, c.ns, opts), &v1.BackgroundScanReportList{})
+
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1.BackgroundScanReportList{ListMeta: obj.(*v1.BackgroundScanReportList).ListMeta}
+	for _, item := range obj.(*v1.BackgroundScanReportList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested backgroundScanReports.
+func (c *FakeBackgroundScanReports) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewWatchAction(backgroundscanreportsResource, c.ns, opts))
+
+}
+
+// Create takes the representation of a backgroundScanReport and creates it.  Returns the server's representation of the backgroundScanReport, and an error, if there is any.
+func (c *FakeBackgroundScanReports) Create(ctx context.Context, backgroundScanReport *v1.BackgroundScanReport, opts metav1.CreateOptions) (result *v1.BackgroundScanReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewCreateAction(backgroundscanreportsResource, c.ns, backgroundScanReport), &v1.BackgroundScanReport{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1.BackgroundScanReport), err
+}
+
+// Update takes the representation of a backgroundScanReport and updates it. Returns the server's representation of the backgroundScanReport, and an error, if there is any.
+func (c *FakeBackgroundScanReports) Update(ctx context.Context, backgroundScanReport *v1.BackgroundScanReport, opts metav1.UpdateOptions) (result *v1.BackgroundScanReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewUpdateAction(backgroundscanreportsResource, c.ns, backgroundScanReport), &v1.BackgroundScanReport{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1.BackgroundScanReport), err
+}
+
+// Delete takes name of the backgroundScanReport and deletes it. Returns an error if one occurs.
+func (c *FakeBackgroundScanReports) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewDeleteActionWithOptions(backgroundscanreportsResource, c.ns, name, opts), &v1.BackgroundScanReport{})
+
+	return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeBackgroundScanReports) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error {
+	action := testing.NewDeleteCollectionAction(backgroundscanreportsResource, c.ns, listOpts)
+
+	_, err := c.Fake.Invokes(action, &v1.BackgroundScanReportList{})
+	return err
+}
+
+// Patch applies the patch and returns the patched backgroundScanReport.
+func (c *FakeBackgroundScanReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.BackgroundScanReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewPatchSubresourceAction(backgroundscanreportsResource, c.ns, name, pt, data, subresources...), &v1.BackgroundScanReport{})
+
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1.BackgroundScanReport), err
+}

pkg/client/clientset/versioned/typed/reports/v1/fake/fake_clusteradmissionreport.go

@@ -0,0 +1,121 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	"context"
+
+	v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+)
+
+// FakeClusterAdmissionReports implements ClusterAdmissionReportInterface
+type FakeClusterAdmissionReports struct {
+	Fake *FakeReportsV1
+}
+
+var clusteradmissionreportsResource = v1.SchemeGroupVersion.WithResource("clusteradmissionreports")
+
+var clusteradmissionreportsKind = v1.SchemeGroupVersion.WithKind("ClusterAdmissionReport")
+
+// Get takes name of the clusterAdmissionReport, and returns the corresponding clusterAdmissionReport object, and an error if there is any.
+func (c *FakeClusterAdmissionReports) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterAdmissionReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootGetAction(clusteradmissionreportsResource, name), &v1.ClusterAdmissionReport{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1.ClusterAdmissionReport), err
+}
+
+// List takes label and field selectors, and returns the list of ClusterAdmissionReports that match those selectors.
+func (c *FakeClusterAdmissionReports) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterAdmissionReportList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootListAction(clusteradmissionreportsResource, clusteradmissionreportsKind, opts), &v1.ClusterAdmissionReportList{})
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1.ClusterAdmissionReportList{ListMeta: obj.(*v1.ClusterAdmissionReportList).ListMeta}
+	for _, item := range obj.(*v1.ClusterAdmissionReportList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested clusterAdmissionReports.
+func (c *FakeClusterAdmissionReports) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewRootWatchAction(clusteradmissionreportsResource, opts))
+}
+
+// Create takes the representation of a clusterAdmissionReport and creates it.  Returns the server's representation of the clusterAdmissionReport, and an error, if there is any.
+func (c *FakeClusterAdmissionReports) Create(ctx context.Context, clusterAdmissionReport *v1.ClusterAdmissionReport, opts metav1.CreateOptions) (result *v1.ClusterAdmissionReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootCreateAction(clusteradmissionreportsResource, clusterAdmissionReport), &v1.ClusterAdmissionReport{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1.ClusterAdmissionReport), err
+}
+
+// Update takes the representation of a clusterAdmissionReport and updates it. Returns the server's representation of the clusterAdmissionReport, and an error, if there is any.
+func (c *FakeClusterAdmissionReports) Update(ctx context.Context, clusterAdmissionReport *v1.ClusterAdmissionReport, opts metav1.UpdateOptions) (result *v1.ClusterAdmissionReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootUpdateAction(clusteradmissionreportsResource, clusterAdmissionReport), &v1.ClusterAdmissionReport{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1.ClusterAdmissionReport), err
+}
+
+// Delete takes name of the clusterAdmissionReport and deletes it. Returns an error if one occurs.
+func (c *FakeClusterAdmissionReports) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewRootDeleteActionWithOptions(clusteradmissionreportsResource, name, opts), &v1.ClusterAdmissionReport{})
+	return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeClusterAdmissionReports) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error {
+	action := testing.NewRootDeleteCollectionAction(clusteradmissionreportsResource, listOpts)
+
+	_, err := c.Fake.Invokes(action, &v1.ClusterAdmissionReportList{})
+	return err
+}
+
+// Patch applies the patch and returns the patched clusterAdmissionReport.
+func (c *FakeClusterAdmissionReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterAdmissionReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootPatchSubresourceAction(clusteradmissionreportsResource, name, pt, data, subresources...), &v1.ClusterAdmissionReport{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1.ClusterAdmissionReport), err
+}

pkg/client/clientset/versioned/typed/reports/v1/fake/fake_clusterbackgroundscanreport.go

@@ -0,0 +1,121 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	"context"
+
+	v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	labels "k8s.io/apimachinery/pkg/labels"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	testing "k8s.io/client-go/testing"
+)
+
+// FakeClusterBackgroundScanReports implements ClusterBackgroundScanReportInterface
+type FakeClusterBackgroundScanReports struct {
+	Fake *FakeReportsV1
+}
+
+var clusterbackgroundscanreportsResource = v1.SchemeGroupVersion.WithResource("clusterbackgroundscanreports")
+
+var clusterbackgroundscanreportsKind = v1.SchemeGroupVersion.WithKind("ClusterBackgroundScanReport")
+
+// Get takes name of the clusterBackgroundScanReport, and returns the corresponding clusterBackgroundScanReport object, and an error if there is any.
+func (c *FakeClusterBackgroundScanReports) Get(ctx context.Context, name string, options metav1.GetOptions) (result *v1.ClusterBackgroundScanReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootGetAction(clusterbackgroundscanreportsResource, name), &v1.ClusterBackgroundScanReport{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1.ClusterBackgroundScanReport), err
+}
+
+// List takes label and field selectors, and returns the list of ClusterBackgroundScanReports that match those selectors.
+func (c *FakeClusterBackgroundScanReports) List(ctx context.Context, opts metav1.ListOptions) (result *v1.ClusterBackgroundScanReportList, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootListAction(clusterbackgroundscanreportsResource, clusterbackgroundscanreportsKind, opts), &v1.ClusterBackgroundScanReportList{})
+	if obj == nil {
+		return nil, err
+	}
+
+	label, _, _ := testing.ExtractFromListOptions(opts)
+	if label == nil {
+		label = labels.Everything()
+	}
+	list := &v1.ClusterBackgroundScanReportList{ListMeta: obj.(*v1.ClusterBackgroundScanReportList).ListMeta}
+	for _, item := range obj.(*v1.ClusterBackgroundScanReportList).Items {
+		if label.Matches(labels.Set(item.Labels)) {
+			list.Items = append(list.Items, item)
+		}
+	}
+	return list, err
+}
+
+// Watch returns a watch.Interface that watches the requested clusterBackgroundScanReports.
+func (c *FakeClusterBackgroundScanReports) Watch(ctx context.Context, opts metav1.ListOptions) (watch.Interface, error) {
+	return c.Fake.
+		InvokesWatch(testing.NewRootWatchAction(clusterbackgroundscanreportsResource, opts))
+}
+
+// Create takes the representation of a clusterBackgroundScanReport and creates it.  Returns the server's representation of the clusterBackgroundScanReport, and an error, if there is any.
+func (c *FakeClusterBackgroundScanReports) Create(ctx context.Context, clusterBackgroundScanReport *v1.ClusterBackgroundScanReport, opts metav1.CreateOptions) (result *v1.ClusterBackgroundScanReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootCreateAction(clusterbackgroundscanreportsResource, clusterBackgroundScanReport), &v1.ClusterBackgroundScanReport{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1.ClusterBackgroundScanReport), err
+}
+
+// Update takes the representation of a clusterBackgroundScanReport and updates it. Returns the server's representation of the clusterBackgroundScanReport, and an error, if there is any.
+func (c *FakeClusterBackgroundScanReports) Update(ctx context.Context, clusterBackgroundScanReport *v1.ClusterBackgroundScanReport, opts metav1.UpdateOptions) (result *v1.ClusterBackgroundScanReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootUpdateAction(clusterbackgroundscanreportsResource, clusterBackgroundScanReport), &v1.ClusterBackgroundScanReport{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1.ClusterBackgroundScanReport), err
+}
+
+// Delete takes name of the clusterBackgroundScanReport and deletes it. Returns an error if one occurs.
+func (c *FakeClusterBackgroundScanReports) Delete(ctx context.Context, name string, opts metav1.DeleteOptions) error {
+	_, err := c.Fake.
+		Invokes(testing.NewRootDeleteActionWithOptions(clusterbackgroundscanreportsResource, name, opts), &v1.ClusterBackgroundScanReport{})
+	return err
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *FakeClusterBackgroundScanReports) DeleteCollection(ctx context.Context, opts metav1.DeleteOptions, listOpts metav1.ListOptions) error {
+	action := testing.NewRootDeleteCollectionAction(clusterbackgroundscanreportsResource, listOpts)
+
+	_, err := c.Fake.Invokes(action, &v1.ClusterBackgroundScanReportList{})
+	return err
+}
+
+// Patch applies the patch and returns the patched clusterBackgroundScanReport.
+func (c *FakeClusterBackgroundScanReports) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts metav1.PatchOptions, subresources ...string) (result *v1.ClusterBackgroundScanReport, err error) {
+	obj, err := c.Fake.
+		Invokes(testing.NewRootPatchSubresourceAction(clusterbackgroundscanreportsResource, name, pt, data, subresources...), &v1.ClusterBackgroundScanReport{})
+	if obj == nil {
+		return nil, err
+	}
+	return obj.(*v1.ClusterBackgroundScanReport), err
+}

pkg/client/clientset/versioned/typed/reports/v1/fake/fake_reports_client.go

@@ -0,0 +1,52 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package fake
+
+import (
+	v1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1"
+	rest "k8s.io/client-go/rest"
+	testing "k8s.io/client-go/testing"
+)
+
+type FakeReportsV1 struct {
+	*testing.Fake
+}
+
+func (c *FakeReportsV1) AdmissionReports(namespace string) v1.AdmissionReportInterface {
+	return &FakeAdmissionReports{c, namespace}
+}
+
+func (c *FakeReportsV1) BackgroundScanReports(namespace string) v1.BackgroundScanReportInterface {
+	return &FakeBackgroundScanReports{c, namespace}
+}
+
+func (c *FakeReportsV1) ClusterAdmissionReports() v1.ClusterAdmissionReportInterface {
+	return &FakeClusterAdmissionReports{c}
+}
+
+func (c *FakeReportsV1) ClusterBackgroundScanReports() v1.ClusterBackgroundScanReportInterface {
+	return &FakeClusterBackgroundScanReports{c}
+}
+
+// RESTClient returns a RESTClient that is used to communicate
+// with API server by this client implementation.
+func (c *FakeReportsV1) RESTClient() rest.Interface {
+	var ret *rest.RESTClient
+	return ret
+}

pkg/client/clientset/versioned/typed/reports/v1/generated_expansion.go

@@ -0,0 +1,27 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1
+
+type AdmissionReportExpansion interface{}
+
+type BackgroundScanReportExpansion interface{}
+
+type ClusterAdmissionReportExpansion interface{}
+
+type ClusterBackgroundScanReportExpansion interface{}

pkg/client/clientset/versioned/typed/reports/v1/reports_client.go

@@ -0,0 +1,122 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by client-gen. DO NOT EDIT.
+
+package v1
+
+import (
+	"net/http"
+
+	v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+	"github.com/kyverno/kyverno/pkg/client/clientset/versioned/scheme"
+	rest "k8s.io/client-go/rest"
+)
+
+type ReportsV1Interface interface {
+	RESTClient() rest.Interface
+	AdmissionReportsGetter
+	BackgroundScanReportsGetter
+	ClusterAdmissionReportsGetter
+	ClusterBackgroundScanReportsGetter
+}
+
+// ReportsV1Client is used to interact with features provided by the reports.kyverno.io group.
+type ReportsV1Client struct {
+	restClient rest.Interface
+}
+
+func (c *ReportsV1Client) AdmissionReports(namespace string) AdmissionReportInterface {
+	return newAdmissionReports(c, namespace)
+}
+
+func (c *ReportsV1Client) BackgroundScanReports(namespace string) BackgroundScanReportInterface {
+	return newBackgroundScanReports(c, namespace)
+}
+
+func (c *ReportsV1Client) ClusterAdmissionReports() ClusterAdmissionReportInterface {
+	return newClusterAdmissionReports(c)
+}
+
+func (c *ReportsV1Client) ClusterBackgroundScanReports() ClusterBackgroundScanReportInterface {
+	return newClusterBackgroundScanReports(c)
+}
+
+// NewForConfig creates a new ReportsV1Client for the given config.
+// NewForConfig is equivalent to NewForConfigAndClient(c, httpClient),
+// where httpClient was generated with rest.HTTPClientFor(c).
+func NewForConfig(c *rest.Config) (*ReportsV1Client, error) {
+	config := *c
+	if err := setConfigDefaults(&config); err != nil {
+		return nil, err
+	}
+	httpClient, err := rest.HTTPClientFor(&config)
+	if err != nil {
+		return nil, err
+	}
+	return NewForConfigAndClient(&config, httpClient)
+}
+
+// NewForConfigAndClient creates a new ReportsV1Client for the given config and http client.
+// Note the http client provided takes precedence over the configured transport values.
+func NewForConfigAndClient(c *rest.Config, h *http.Client) (*ReportsV1Client, error) {
+	config := *c
+	if err := setConfigDefaults(&config); err != nil {
+		return nil, err
+	}
+	client, err := rest.RESTClientForConfigAndClient(&config, h)
+	if err != nil {
+		return nil, err
+	}
+	return &ReportsV1Client{client}, nil
+}
+
+// NewForConfigOrDie creates a new ReportsV1Client for the given config and
+// panics if there is an error in the config.
+func NewForConfigOrDie(c *rest.Config) *ReportsV1Client {
+	client, err := NewForConfig(c)
+	if err != nil {
+		panic(err)
+	}
+	return client
+}
+
+// New creates a new ReportsV1Client for the given RESTClient.
+func New(c rest.Interface) *ReportsV1Client {
+	return &ReportsV1Client{c}
+}
+
+func setConfigDefaults(config *rest.Config) error {
+	gv := v1.SchemeGroupVersion
+	config.GroupVersion = &gv
+	config.APIPath = "/apis"
+	config.NegotiatedSerializer = scheme.Codecs.WithoutConversion()
+
+	if config.UserAgent == "" {
+		config.UserAgent = rest.DefaultKubernetesUserAgent()
+	}
+
+	return nil
+}
+
+// RESTClient returns a RESTClient that is used to communicate
+// with API server by this client implementation.
+func (c *ReportsV1Client) RESTClient() rest.Interface {
+	if c == nil {
+		return nil
+	}
+	return c.restClient
+}

pkg/client/informers/externalversions/factory.go

@@ -27,6 +27,7 @@ import (
 	internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
 	kyverno "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno"
 	policyreport "github.com/kyverno/kyverno/pkg/client/informers/externalversions/policyreport"
+	reports "github.com/kyverno/kyverno/pkg/client/informers/externalversions/reports"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtime "k8s.io/apimachinery/pkg/runtime"
 	schema "k8s.io/apimachinery/pkg/runtime/schema"
@@ -246,6 +247,7 @@ type SharedInformerFactory interface {
 
 	Kyverno() kyverno.Interface
 	Wgpolicyk8s() policyreport.Interface
+	Reports() reports.Interface
 }
 
 func (f *sharedInformerFactory) Kyverno() kyverno.Interface {
@@ -255,3 +257,7 @@ func (f *sharedInformerFactory) Kyverno() kyverno.Interface {
 func (f *sharedInformerFactory) Wgpolicyk8s() policyreport.Interface {
 	return policyreport.New(f, f.namespace, f.tweakListOptions)
 }
+
+func (f *sharedInformerFactory) Reports() reports.Interface {
+	return reports.New(f, f.namespace, f.tweakListOptions)
+}

pkg/client/informers/externalversions/generic.go

@@ -21,6 +21,7 @@ package externalversions
 import (
 	"fmt"
 
+	reportsv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
 	v1 "github.com/kyverno/kyverno/api/kyverno/v1"
 	v1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
 	v1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
@@ -116,6 +117,16 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
 	case v2beta1.SchemeGroupVersion.WithResource("policyexceptions"):
 		return &genericInformer{resource: resource.GroupResource(), informer: f.Kyverno().V2beta1().PolicyExceptions().Informer()}, nil
 
+		// Group=reports.kyverno.io, Version=v1
+	case reportsv1.SchemeGroupVersion.WithResource("admissionreports"):
+		return &genericInformer{resource: resource.GroupResource(), informer: f.Reports().V1().AdmissionReports().Informer()}, nil
+	case reportsv1.SchemeGroupVersion.WithResource("backgroundscanreports"):
+		return &genericInformer{resource: resource.GroupResource(), informer: f.Reports().V1().BackgroundScanReports().Informer()}, nil
+	case reportsv1.SchemeGroupVersion.WithResource("clusteradmissionreports"):
+		return &genericInformer{resource: resource.GroupResource(), informer: f.Reports().V1().ClusterAdmissionReports().Informer()}, nil
+	case reportsv1.SchemeGroupVersion.WithResource("clusterbackgroundscanreports"):
+		return &genericInformer{resource: resource.GroupResource(), informer: f.Reports().V1().ClusterBackgroundScanReports().Informer()}, nil
+
 		// Group=wgpolicyk8s.io, Version=v1alpha2
 	case policyreportv1alpha2.SchemeGroupVersion.WithResource("clusterpolicyreports"):
 		return &genericInformer{resource: resource.GroupResource(), informer: f.Wgpolicyk8s().V1alpha2().ClusterPolicyReports().Informer()}, nil

pkg/client/informers/externalversions/reports/interface.go

@@ -0,0 +1,46 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package reports
+
+import (
+	internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
+	v1 "github.com/kyverno/kyverno/pkg/client/informers/externalversions/reports/v1"
+)
+
+// Interface provides access to each of this group's versions.
+type Interface interface {
+	// V1 provides access to shared informers for resources in V1.
+	V1() v1.Interface
+}
+
+type group struct {
+	factory          internalinterfaces.SharedInformerFactory
+	namespace        string
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// New returns a new Interface.
+func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
+	return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
+}
+
+// V1 returns a new v1.Interface.
+func (g *group) V1() v1.Interface {
+	return v1.New(g.factory, g.namespace, g.tweakListOptions)
+}

pkg/client/informers/externalversions/reports/v1/admissionreport.go

@@ -0,0 +1,90 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1
+
+import (
+	"context"
+	time "time"
+
+	reportsv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+	versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
+	internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
+	v1 "github.com/kyverno/kyverno/pkg/client/listers/reports/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	watch "k8s.io/apimachinery/pkg/watch"
+	cache "k8s.io/client-go/tools/cache"
+)
+
+// AdmissionReportInformer provides access to a shared informer and lister for
+// AdmissionReports.
+type AdmissionReportInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() v1.AdmissionReportLister
+}
+
+type admissionReportInformer struct {
+	factory          internalinterfaces.SharedInformerFactory
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+	namespace        string
+}
+
+// NewAdmissionReportInformer constructs a new informer for AdmissionReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewAdmissionReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+	return NewFilteredAdmissionReportInformer(client, namespace, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredAdmissionReportInformer constructs a new informer for AdmissionReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredAdmissionReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+	return cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options metav1.ListOptions) (runtime.Object, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.ReportsV1().AdmissionReports(namespace).List(context.TODO(), options)
+			},
+			WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.ReportsV1().AdmissionReports(namespace).Watch(context.TODO(), options)
+			},
+		},
+		&reportsv1.AdmissionReport{},
+		resyncPeriod,
+		indexers,
+	)
+}
+
+func (f *admissionReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+	return NewFilteredAdmissionReportInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *admissionReportInformer) Informer() cache.SharedIndexInformer {
+	return f.factory.InformerFor(&reportsv1.AdmissionReport{}, f.defaultInformer)
+}
+
+func (f *admissionReportInformer) Lister() v1.AdmissionReportLister {
+	return v1.NewAdmissionReportLister(f.Informer().GetIndexer())
+}

pkg/client/informers/externalversions/reports/v1/backgroundscanreport.go

@@ -0,0 +1,90 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1
+
+import (
+	"context"
+	time "time"
+
+	reportsv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+	versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
+	internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
+	v1 "github.com/kyverno/kyverno/pkg/client/listers/reports/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	watch "k8s.io/apimachinery/pkg/watch"
+	cache "k8s.io/client-go/tools/cache"
+)
+
+// BackgroundScanReportInformer provides access to a shared informer and lister for
+// BackgroundScanReports.
+type BackgroundScanReportInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() v1.BackgroundScanReportLister
+}
+
+type backgroundScanReportInformer struct {
+	factory          internalinterfaces.SharedInformerFactory
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+	namespace        string
+}
+
+// NewBackgroundScanReportInformer constructs a new informer for BackgroundScanReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewBackgroundScanReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+	return NewFilteredBackgroundScanReportInformer(client, namespace, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredBackgroundScanReportInformer constructs a new informer for BackgroundScanReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredBackgroundScanReportInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+	return cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options metav1.ListOptions) (runtime.Object, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.ReportsV1().BackgroundScanReports(namespace).List(context.TODO(), options)
+			},
+			WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.ReportsV1().BackgroundScanReports(namespace).Watch(context.TODO(), options)
+			},
+		},
+		&reportsv1.BackgroundScanReport{},
+		resyncPeriod,
+		indexers,
+	)
+}
+
+func (f *backgroundScanReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+	return NewFilteredBackgroundScanReportInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *backgroundScanReportInformer) Informer() cache.SharedIndexInformer {
+	return f.factory.InformerFor(&reportsv1.BackgroundScanReport{}, f.defaultInformer)
+}
+
+func (f *backgroundScanReportInformer) Lister() v1.BackgroundScanReportLister {
+	return v1.NewBackgroundScanReportLister(f.Informer().GetIndexer())
+}

pkg/client/informers/externalversions/reports/v1/clusteradmissionreport.go

@@ -0,0 +1,89 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1
+
+import (
+	"context"
+	time "time"
+
+	reportsv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+	versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
+	internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
+	v1 "github.com/kyverno/kyverno/pkg/client/listers/reports/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	watch "k8s.io/apimachinery/pkg/watch"
+	cache "k8s.io/client-go/tools/cache"
+)
+
+// ClusterAdmissionReportInformer provides access to a shared informer and lister for
+// ClusterAdmissionReports.
+type ClusterAdmissionReportInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() v1.ClusterAdmissionReportLister
+}
+
+type clusterAdmissionReportInformer struct {
+	factory          internalinterfaces.SharedInformerFactory
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// NewClusterAdmissionReportInformer constructs a new informer for ClusterAdmissionReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewClusterAdmissionReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+	return NewFilteredClusterAdmissionReportInformer(client, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredClusterAdmissionReportInformer constructs a new informer for ClusterAdmissionReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredClusterAdmissionReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+	return cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options metav1.ListOptions) (runtime.Object, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.ReportsV1().ClusterAdmissionReports().List(context.TODO(), options)
+			},
+			WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.ReportsV1().ClusterAdmissionReports().Watch(context.TODO(), options)
+			},
+		},
+		&reportsv1.ClusterAdmissionReport{},
+		resyncPeriod,
+		indexers,
+	)
+}
+
+func (f *clusterAdmissionReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+	return NewFilteredClusterAdmissionReportInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *clusterAdmissionReportInformer) Informer() cache.SharedIndexInformer {
+	return f.factory.InformerFor(&reportsv1.ClusterAdmissionReport{}, f.defaultInformer)
+}
+
+func (f *clusterAdmissionReportInformer) Lister() v1.ClusterAdmissionReportLister {
+	return v1.NewClusterAdmissionReportLister(f.Informer().GetIndexer())
+}

pkg/client/informers/externalversions/reports/v1/clusterbackgroundscanreport.go

@@ -0,0 +1,89 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1
+
+import (
+	"context"
+	time "time"
+
+	reportsv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+	versioned "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
+	internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
+	v1 "github.com/kyverno/kyverno/pkg/client/listers/reports/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	watch "k8s.io/apimachinery/pkg/watch"
+	cache "k8s.io/client-go/tools/cache"
+)
+
+// ClusterBackgroundScanReportInformer provides access to a shared informer and lister for
+// ClusterBackgroundScanReports.
+type ClusterBackgroundScanReportInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() v1.ClusterBackgroundScanReportLister
+}
+
+type clusterBackgroundScanReportInformer struct {
+	factory          internalinterfaces.SharedInformerFactory
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// NewClusterBackgroundScanReportInformer constructs a new informer for ClusterBackgroundScanReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewClusterBackgroundScanReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+	return NewFilteredClusterBackgroundScanReportInformer(client, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredClusterBackgroundScanReportInformer constructs a new informer for ClusterBackgroundScanReport type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredClusterBackgroundScanReportInformer(client versioned.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+	return cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options metav1.ListOptions) (runtime.Object, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.ReportsV1().ClusterBackgroundScanReports().List(context.TODO(), options)
+			},
+			WatchFunc: func(options metav1.ListOptions) (watch.Interface, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.ReportsV1().ClusterBackgroundScanReports().Watch(context.TODO(), options)
+			},
+		},
+		&reportsv1.ClusterBackgroundScanReport{},
+		resyncPeriod,
+		indexers,
+	)
+}
+
+func (f *clusterBackgroundScanReportInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+	return NewFilteredClusterBackgroundScanReportInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *clusterBackgroundScanReportInformer) Informer() cache.SharedIndexInformer {
+	return f.factory.InformerFor(&reportsv1.ClusterBackgroundScanReport{}, f.defaultInformer)
+}
+
+func (f *clusterBackgroundScanReportInformer) Lister() v1.ClusterBackgroundScanReportLister {
+	return v1.NewClusterBackgroundScanReportLister(f.Informer().GetIndexer())
+}

pkg/client/informers/externalversions/reports/v1/interface.go

@@ -0,0 +1,66 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by informer-gen. DO NOT EDIT.
+
+package v1
+
+import (
+	internalinterfaces "github.com/kyverno/kyverno/pkg/client/informers/externalversions/internalinterfaces"
+)
+
+// Interface provides access to all the informers in this group version.
+type Interface interface {
+	// AdmissionReports returns a AdmissionReportInformer.
+	AdmissionReports() AdmissionReportInformer
+	// BackgroundScanReports returns a BackgroundScanReportInformer.
+	BackgroundScanReports() BackgroundScanReportInformer
+	// ClusterAdmissionReports returns a ClusterAdmissionReportInformer.
+	ClusterAdmissionReports() ClusterAdmissionReportInformer
+	// ClusterBackgroundScanReports returns a ClusterBackgroundScanReportInformer.
+	ClusterBackgroundScanReports() ClusterBackgroundScanReportInformer
+}
+
+type version struct {
+	factory          internalinterfaces.SharedInformerFactory
+	namespace        string
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// New returns a new Interface.
+func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface {
+	return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
+}
+
+// AdmissionReports returns a AdmissionReportInformer.
+func (v *version) AdmissionReports() AdmissionReportInformer {
+	return &admissionReportInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+}
+
+// BackgroundScanReports returns a BackgroundScanReportInformer.
+func (v *version) BackgroundScanReports() BackgroundScanReportInformer {
+	return &backgroundScanReportInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
+}
+
+// ClusterAdmissionReports returns a ClusterAdmissionReportInformer.
+func (v *version) ClusterAdmissionReports() ClusterAdmissionReportInformer {
+	return &clusterAdmissionReportInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
+}
+
+// ClusterBackgroundScanReports returns a ClusterBackgroundScanReportInformer.
+func (v *version) ClusterBackgroundScanReports() ClusterBackgroundScanReportInformer {
+	return &clusterBackgroundScanReportInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
+}

pkg/client/listers/reports/v1/admissionreport.go

@@ -0,0 +1,99 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1
+
+import (
+	v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/client-go/tools/cache"
+)
+
+// AdmissionReportLister helps list AdmissionReports.
+// All objects returned here must be treated as read-only.
+type AdmissionReportLister interface {
+	// List lists all AdmissionReports in the indexer.
+	// Objects returned here must be treated as read-only.
+	List(selector labels.Selector) (ret []*v1.AdmissionReport, err error)
+	// AdmissionReports returns an object that can list and get AdmissionReports.
+	AdmissionReports(namespace string) AdmissionReportNamespaceLister
+	AdmissionReportListerExpansion
+}
+
+// admissionReportLister implements the AdmissionReportLister interface.
+type admissionReportLister struct {
+	indexer cache.Indexer
+}
+
+// NewAdmissionReportLister returns a new AdmissionReportLister.
+func NewAdmissionReportLister(indexer cache.Indexer) AdmissionReportLister {
+	return &admissionReportLister{indexer: indexer}
+}
+
+// List lists all AdmissionReports in the indexer.
+func (s *admissionReportLister) List(selector labels.Selector) (ret []*v1.AdmissionReport, err error) {
+	err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1.AdmissionReport))
+	})
+	return ret, err
+}
+
+// AdmissionReports returns an object that can list and get AdmissionReports.
+func (s *admissionReportLister) AdmissionReports(namespace string) AdmissionReportNamespaceLister {
+	return admissionReportNamespaceLister{indexer: s.indexer, namespace: namespace}
+}
+
+// AdmissionReportNamespaceLister helps list and get AdmissionReports.
+// All objects returned here must be treated as read-only.
+type AdmissionReportNamespaceLister interface {
+	// List lists all AdmissionReports in the indexer for a given namespace.
+	// Objects returned here must be treated as read-only.
+	List(selector labels.Selector) (ret []*v1.AdmissionReport, err error)
+	// Get retrieves the AdmissionReport from the indexer for a given namespace and name.
+	// Objects returned here must be treated as read-only.
+	Get(name string) (*v1.AdmissionReport, error)
+	AdmissionReportNamespaceListerExpansion
+}
+
+// admissionReportNamespaceLister implements the AdmissionReportNamespaceLister
+// interface.
+type admissionReportNamespaceLister struct {
+	indexer   cache.Indexer
+	namespace string
+}
+
+// List lists all AdmissionReports in the indexer for a given namespace.
+func (s admissionReportNamespaceLister) List(selector labels.Selector) (ret []*v1.AdmissionReport, err error) {
+	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1.AdmissionReport))
+	})
+	return ret, err
+}
+
+// Get retrieves the AdmissionReport from the indexer for a given namespace and name.
+func (s admissionReportNamespaceLister) Get(name string) (*v1.AdmissionReport, error) {
+	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errors.NewNotFound(v1.Resource("admissionreport"), name)
+	}
+	return obj.(*v1.AdmissionReport), nil
+}

pkg/client/listers/reports/v1/backgroundscanreport.go

@@ -0,0 +1,99 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1
+
+import (
+	v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/client-go/tools/cache"
+)
+
+// BackgroundScanReportLister helps list BackgroundScanReports.
+// All objects returned here must be treated as read-only.
+type BackgroundScanReportLister interface {
+	// List lists all BackgroundScanReports in the indexer.
+	// Objects returned here must be treated as read-only.
+	List(selector labels.Selector) (ret []*v1.BackgroundScanReport, err error)
+	// BackgroundScanReports returns an object that can list and get BackgroundScanReports.
+	BackgroundScanReports(namespace string) BackgroundScanReportNamespaceLister
+	BackgroundScanReportListerExpansion
+}
+
+// backgroundScanReportLister implements the BackgroundScanReportLister interface.
+type backgroundScanReportLister struct {
+	indexer cache.Indexer
+}
+
+// NewBackgroundScanReportLister returns a new BackgroundScanReportLister.
+func NewBackgroundScanReportLister(indexer cache.Indexer) BackgroundScanReportLister {
+	return &backgroundScanReportLister{indexer: indexer}
+}
+
+// List lists all BackgroundScanReports in the indexer.
+func (s *backgroundScanReportLister) List(selector labels.Selector) (ret []*v1.BackgroundScanReport, err error) {
+	err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1.BackgroundScanReport))
+	})
+	return ret, err
+}
+
+// BackgroundScanReports returns an object that can list and get BackgroundScanReports.
+func (s *backgroundScanReportLister) BackgroundScanReports(namespace string) BackgroundScanReportNamespaceLister {
+	return backgroundScanReportNamespaceLister{indexer: s.indexer, namespace: namespace}
+}
+
+// BackgroundScanReportNamespaceLister helps list and get BackgroundScanReports.
+// All objects returned here must be treated as read-only.
+type BackgroundScanReportNamespaceLister interface {
+	// List lists all BackgroundScanReports in the indexer for a given namespace.
+	// Objects returned here must be treated as read-only.
+	List(selector labels.Selector) (ret []*v1.BackgroundScanReport, err error)
+	// Get retrieves the BackgroundScanReport from the indexer for a given namespace and name.
+	// Objects returned here must be treated as read-only.
+	Get(name string) (*v1.BackgroundScanReport, error)
+	BackgroundScanReportNamespaceListerExpansion
+}
+
+// backgroundScanReportNamespaceLister implements the BackgroundScanReportNamespaceLister
+// interface.
+type backgroundScanReportNamespaceLister struct {
+	indexer   cache.Indexer
+	namespace string
+}
+
+// List lists all BackgroundScanReports in the indexer for a given namespace.
+func (s backgroundScanReportNamespaceLister) List(selector labels.Selector) (ret []*v1.BackgroundScanReport, err error) {
+	err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1.BackgroundScanReport))
+	})
+	return ret, err
+}
+
+// Get retrieves the BackgroundScanReport from the indexer for a given namespace and name.
+func (s backgroundScanReportNamespaceLister) Get(name string) (*v1.BackgroundScanReport, error) {
+	obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errors.NewNotFound(v1.Resource("backgroundscanreport"), name)
+	}
+	return obj.(*v1.BackgroundScanReport), nil
+}

pkg/client/listers/reports/v1/clusteradmissionreport.go

@@ -0,0 +1,68 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1
+
+import (
+	v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/client-go/tools/cache"
+)
+
+// ClusterAdmissionReportLister helps list ClusterAdmissionReports.
+// All objects returned here must be treated as read-only.
+type ClusterAdmissionReportLister interface {
+	// List lists all ClusterAdmissionReports in the indexer.
+	// Objects returned here must be treated as read-only.
+	List(selector labels.Selector) (ret []*v1.ClusterAdmissionReport, err error)
+	// Get retrieves the ClusterAdmissionReport from the index for a given name.
+	// Objects returned here must be treated as read-only.
+	Get(name string) (*v1.ClusterAdmissionReport, error)
+	ClusterAdmissionReportListerExpansion
+}
+
+// clusterAdmissionReportLister implements the ClusterAdmissionReportLister interface.
+type clusterAdmissionReportLister struct {
+	indexer cache.Indexer
+}
+
+// NewClusterAdmissionReportLister returns a new ClusterAdmissionReportLister.
+func NewClusterAdmissionReportLister(indexer cache.Indexer) ClusterAdmissionReportLister {
+	return &clusterAdmissionReportLister{indexer: indexer}
+}
+
+// List lists all ClusterAdmissionReports in the indexer.
+func (s *clusterAdmissionReportLister) List(selector labels.Selector) (ret []*v1.ClusterAdmissionReport, err error) {
+	err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1.ClusterAdmissionReport))
+	})
+	return ret, err
+}
+
+// Get retrieves the ClusterAdmissionReport from the index for a given name.
+func (s *clusterAdmissionReportLister) Get(name string) (*v1.ClusterAdmissionReport, error) {
+	obj, exists, err := s.indexer.GetByKey(name)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errors.NewNotFound(v1.Resource("clusteradmissionreport"), name)
+	}
+	return obj.(*v1.ClusterAdmissionReport), nil
+}

pkg/client/listers/reports/v1/clusterbackgroundscanreport.go

@@ -0,0 +1,68 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1
+
+import (
+	v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/client-go/tools/cache"
+)
+
+// ClusterBackgroundScanReportLister helps list ClusterBackgroundScanReports.
+// All objects returned here must be treated as read-only.
+type ClusterBackgroundScanReportLister interface {
+	// List lists all ClusterBackgroundScanReports in the indexer.
+	// Objects returned here must be treated as read-only.
+	List(selector labels.Selector) (ret []*v1.ClusterBackgroundScanReport, err error)
+	// Get retrieves the ClusterBackgroundScanReport from the index for a given name.
+	// Objects returned here must be treated as read-only.
+	Get(name string) (*v1.ClusterBackgroundScanReport, error)
+	ClusterBackgroundScanReportListerExpansion
+}
+
+// clusterBackgroundScanReportLister implements the ClusterBackgroundScanReportLister interface.
+type clusterBackgroundScanReportLister struct {
+	indexer cache.Indexer
+}
+
+// NewClusterBackgroundScanReportLister returns a new ClusterBackgroundScanReportLister.
+func NewClusterBackgroundScanReportLister(indexer cache.Indexer) ClusterBackgroundScanReportLister {
+	return &clusterBackgroundScanReportLister{indexer: indexer}
+}
+
+// List lists all ClusterBackgroundScanReports in the indexer.
+func (s *clusterBackgroundScanReportLister) List(selector labels.Selector) (ret []*v1.ClusterBackgroundScanReport, err error) {
+	err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1.ClusterBackgroundScanReport))
+	})
+	return ret, err
+}
+
+// Get retrieves the ClusterBackgroundScanReport from the index for a given name.
+func (s *clusterBackgroundScanReportLister) Get(name string) (*v1.ClusterBackgroundScanReport, error) {
+	obj, exists, err := s.indexer.GetByKey(name)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errors.NewNotFound(v1.Resource("clusterbackgroundscanreport"), name)
+	}
+	return obj.(*v1.ClusterBackgroundScanReport), nil
+}

pkg/client/listers/reports/v1/expansion_generated.go

@@ -0,0 +1,43 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by lister-gen. DO NOT EDIT.
+
+package v1
+
+// AdmissionReportListerExpansion allows custom methods to be added to
+// AdmissionReportLister.
+type AdmissionReportListerExpansion interface{}
+
+// AdmissionReportNamespaceListerExpansion allows custom methods to be added to
+// AdmissionReportNamespaceLister.
+type AdmissionReportNamespaceListerExpansion interface{}
+
+// BackgroundScanReportListerExpansion allows custom methods to be added to
+// BackgroundScanReportLister.
+type BackgroundScanReportListerExpansion interface{}
+
+// BackgroundScanReportNamespaceListerExpansion allows custom methods to be added to
+// BackgroundScanReportNamespaceLister.
+type BackgroundScanReportNamespaceListerExpansion interface{}
+
+// ClusterAdmissionReportListerExpansion allows custom methods to be added to
+// ClusterAdmissionReportLister.
+type ClusterAdmissionReportListerExpansion interface{}
+
+// ClusterBackgroundScanReportListerExpansion allows custom methods to be added to
+// ClusterBackgroundScanReportLister.
+type ClusterBackgroundScanReportListerExpansion interface{}

pkg/clients/kyverno/clientset.generated.go

@@ -10,6 +10,7 @@ import (
 	github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2alpha1"
 	github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/kyverno/v2beta1"
 	github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_policyreport_v1alpha2 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/policyreport/v1alpha2"
+	github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1"
 	discovery "github.com/kyverno/kyverno/pkg/clients/kyverno/discovery"
 	kyvernov1 "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov1"
 	kyvernov1alpha2 "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov1alpha2"
@@ -17,6 +18,7 @@ import (
 	kyvernov2 "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov2"
 	kyvernov2alpha1 "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov2alpha1"
 	kyvernov2beta1 "github.com/kyverno/kyverno/pkg/clients/kyverno/kyvernov2beta1"
+	reportsv1 "github.com/kyverno/kyverno/pkg/clients/kyverno/reportsv1"
 	wgpolicyk8sv1alpha2 "github.com/kyverno/kyverno/pkg/clients/kyverno/wgpolicyk8sv1alpha2"
 	"github.com/kyverno/kyverno/pkg/metrics"
 	k8s_io_client_go_discovery "k8s.io/client-go/discovery"
@@ -30,6 +32,7 @@ type clientset struct {
 	kyvernov2           github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2.KyvernoV2Interface
 	kyvernov2alpha1     github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2alpha1.KyvernoV2alpha1Interface
 	kyvernov2beta1      github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.KyvernoV2beta1Interface
+	reportsv1           github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface
 	wgpolicyk8sv1alpha2 github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_policyreport_v1alpha2.Wgpolicyk8sV1alpha2Interface
 }
 
@@ -54,6 +57,9 @@ func (c *clientset) KyvernoV2alpha1() github_com_kyverno_kyverno_pkg_client_clie
 func (c *clientset) KyvernoV2beta1() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_kyverno_v2beta1.KyvernoV2beta1Interface {
 	return c.kyvernov2beta1
 }
+func (c *clientset) ReportsV1() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface {
+	return c.reportsv1
+}
 func (c *clientset) Wgpolicyk8sV1alpha2() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_policyreport_v1alpha2.Wgpolicyk8sV1alpha2Interface {
 	return c.wgpolicyk8sv1alpha2
 }
@@ -67,6 +73,7 @@ func WrapWithMetrics(inner github_com_kyverno_kyverno_pkg_client_clientset_versi
 		kyvernov2:           kyvernov2.WithMetrics(inner.KyvernoV2(), m, clientType),
 		kyvernov2alpha1:     kyvernov2alpha1.WithMetrics(inner.KyvernoV2alpha1(), m, clientType),
 		kyvernov2beta1:      kyvernov2beta1.WithMetrics(inner.KyvernoV2beta1(), m, clientType),
+		reportsv1:           reportsv1.WithMetrics(inner.ReportsV1(), m, clientType),
 		wgpolicyk8sv1alpha2: wgpolicyk8sv1alpha2.WithMetrics(inner.Wgpolicyk8sV1alpha2(), m, clientType),
 	}
 }
@@ -80,6 +87,7 @@ func WrapWithTracing(inner github_com_kyverno_kyverno_pkg_client_clientset_versi
 		kyvernov2:           kyvernov2.WithTracing(inner.KyvernoV2(), "KyvernoV2"),
 		kyvernov2alpha1:     kyvernov2alpha1.WithTracing(inner.KyvernoV2alpha1(), "KyvernoV2alpha1"),
 		kyvernov2beta1:      kyvernov2beta1.WithTracing(inner.KyvernoV2beta1(), "KyvernoV2beta1"),
+		reportsv1:           reportsv1.WithTracing(inner.ReportsV1(), "ReportsV1"),
 		wgpolicyk8sv1alpha2: wgpolicyk8sv1alpha2.WithTracing(inner.Wgpolicyk8sV1alpha2(), "Wgpolicyk8sV1alpha2"),
 	}
 }
@@ -93,6 +101,7 @@ func WrapWithLogging(inner github_com_kyverno_kyverno_pkg_client_clientset_versi
 		kyvernov2:           kyvernov2.WithLogging(inner.KyvernoV2(), logger.WithValues("group", "KyvernoV2")),
 		kyvernov2alpha1:     kyvernov2alpha1.WithLogging(inner.KyvernoV2alpha1(), logger.WithValues("group", "KyvernoV2alpha1")),
 		kyvernov2beta1:      kyvernov2beta1.WithLogging(inner.KyvernoV2beta1(), logger.WithValues("group", "KyvernoV2beta1")),
+		reportsv1:           reportsv1.WithLogging(inner.ReportsV1(), logger.WithValues("group", "ReportsV1")),
 		wgpolicyk8sv1alpha2: wgpolicyk8sv1alpha2.WithLogging(inner.Wgpolicyk8sV1alpha2(), logger.WithValues("group", "Wgpolicyk8sV1alpha2")),
 	}
 }

pkg/clients/kyverno/reportsv1/admissionreports/resource.generated.go

@@ -0,0 +1,337 @@
+package resource
+
+import (
+	context "context"
+	"fmt"
+	"time"
+
+	"github.com/go-logr/logr"
+	github_com_kyverno_kyverno_api_kyverno_reports_v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+	github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1"
+	"github.com/kyverno/kyverno/pkg/metrics"
+	"github.com/kyverno/kyverno/pkg/tracing"
+	"go.opentelemetry.io/otel/trace"
+	"go.uber.org/multierr"
+	k8s_io_apimachinery_pkg_apis_meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	k8s_io_apimachinery_pkg_types "k8s.io/apimachinery/pkg/types"
+	k8s_io_apimachinery_pkg_watch "k8s.io/apimachinery/pkg/watch"
+)
+
+func WithLogging(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface, logger logr.Logger) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface {
+	return &withLogging{inner, logger}
+}
+
+func WithMetrics(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface, recorder metrics.Recorder) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface {
+	return &withMetrics{inner, recorder}
+}
+
+func WithTracing(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface, client, kind string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface {
+	return &withTracing{inner, client, kind}
+}
+
+type withLogging struct {
+	inner  github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface
+	logger logr.Logger
+}
+
+func (c *withLogging) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Create")
+	ret0, ret1 := c.inner.Create(arg0, arg1, arg2)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Create failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Create done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Delete")
+	ret0 := c.inner.Delete(arg0, arg1, arg2)
+	if err := multierr.Combine(ret0); err != nil {
+		logger.Error(err, "Delete failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Delete done", "duration", time.Since(start))
+	}
+	return ret0
+}
+func (c *withLogging) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "DeleteCollection")
+	ret0 := c.inner.DeleteCollection(arg0, arg1, arg2)
+	if err := multierr.Combine(ret0); err != nil {
+		logger.Error(err, "DeleteCollection failed", "duration", time.Since(start))
+	} else {
+		logger.Info("DeleteCollection done", "duration", time.Since(start))
+	}
+	return ret0
+}
+func (c *withLogging) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Get")
+	ret0, ret1 := c.inner.Get(arg0, arg1, arg2)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Get failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Get done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReportList, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "List")
+	ret0, ret1 := c.inner.List(arg0, arg1)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "List failed", "duration", time.Since(start))
+	} else {
+		logger.Info("List done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Patch")
+	ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Patch failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Patch done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Update")
+	ret0, ret1 := c.inner.Update(arg0, arg1, arg2)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Update failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Update done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Watch")
+	ret0, ret1 := c.inner.Watch(arg0, arg1)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Watch failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Watch done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+
+type withMetrics struct {
+	inner    github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface
+	recorder metrics.Recorder
+}
+
+func (c *withMetrics) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) {
+	defer c.recorder.RecordWithContext(arg0, "create")
+	return c.inner.Create(arg0, arg1, arg2)
+}
+func (c *withMetrics) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+	defer c.recorder.RecordWithContext(arg0, "delete")
+	return c.inner.Delete(arg0, arg1, arg2)
+}
+func (c *withMetrics) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+	defer c.recorder.RecordWithContext(arg0, "delete_collection")
+	return c.inner.DeleteCollection(arg0, arg1, arg2)
+}
+func (c *withMetrics) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) {
+	defer c.recorder.RecordWithContext(arg0, "get")
+	return c.inner.Get(arg0, arg1, arg2)
+}
+func (c *withMetrics) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReportList, error) {
+	defer c.recorder.RecordWithContext(arg0, "list")
+	return c.inner.List(arg0, arg1)
+}
+func (c *withMetrics) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) {
+	defer c.recorder.RecordWithContext(arg0, "patch")
+	return c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+}
+func (c *withMetrics) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) {
+	defer c.recorder.RecordWithContext(arg0, "update")
+	return c.inner.Update(arg0, arg1, arg2)
+}
+func (c *withMetrics) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+	defer c.recorder.RecordWithContext(arg0, "watch")
+	return c.inner.Watch(arg0, arg1)
+}
+
+type withTracing struct {
+	inner  github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface
+	client string
+	kind   string
+}
+
+func (c *withTracing) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Create"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Create"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Create(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Delete"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Delete"),
+			),
+		)
+		defer span.End()
+	}
+	ret0 := c.inner.Delete(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret0)
+	}
+	return ret0
+}
+func (c *withTracing) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "DeleteCollection"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("DeleteCollection"),
+			),
+		)
+		defer span.End()
+	}
+	ret0 := c.inner.DeleteCollection(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret0)
+	}
+	return ret0
+}
+func (c *withTracing) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Get"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Get"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Get(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReportList, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "List"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("List"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.List(arg0, arg1)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Patch"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Patch"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.AdmissionReport, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Update"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Update"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Update(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Watch"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Watch"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Watch(arg0, arg1)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}

pkg/clients/kyverno/reportsv1/backgroundscanreports/resource.generated.go

@@ -0,0 +1,337 @@
+package resource
+
+import (
+	context "context"
+	"fmt"
+	"time"
+
+	"github.com/go-logr/logr"
+	github_com_kyverno_kyverno_api_kyverno_reports_v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+	github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1"
+	"github.com/kyverno/kyverno/pkg/metrics"
+	"github.com/kyverno/kyverno/pkg/tracing"
+	"go.opentelemetry.io/otel/trace"
+	"go.uber.org/multierr"
+	k8s_io_apimachinery_pkg_apis_meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	k8s_io_apimachinery_pkg_types "k8s.io/apimachinery/pkg/types"
+	k8s_io_apimachinery_pkg_watch "k8s.io/apimachinery/pkg/watch"
+)
+
+func WithLogging(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface, logger logr.Logger) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface {
+	return &withLogging{inner, logger}
+}
+
+func WithMetrics(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface, recorder metrics.Recorder) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface {
+	return &withMetrics{inner, recorder}
+}
+
+func WithTracing(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface, client, kind string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface {
+	return &withTracing{inner, client, kind}
+}
+
+type withLogging struct {
+	inner  github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface
+	logger logr.Logger
+}
+
+func (c *withLogging) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Create")
+	ret0, ret1 := c.inner.Create(arg0, arg1, arg2)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Create failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Create done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Delete")
+	ret0 := c.inner.Delete(arg0, arg1, arg2)
+	if err := multierr.Combine(ret0); err != nil {
+		logger.Error(err, "Delete failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Delete done", "duration", time.Since(start))
+	}
+	return ret0
+}
+func (c *withLogging) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "DeleteCollection")
+	ret0 := c.inner.DeleteCollection(arg0, arg1, arg2)
+	if err := multierr.Combine(ret0); err != nil {
+		logger.Error(err, "DeleteCollection failed", "duration", time.Since(start))
+	} else {
+		logger.Info("DeleteCollection done", "duration", time.Since(start))
+	}
+	return ret0
+}
+func (c *withLogging) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Get")
+	ret0, ret1 := c.inner.Get(arg0, arg1, arg2)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Get failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Get done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReportList, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "List")
+	ret0, ret1 := c.inner.List(arg0, arg1)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "List failed", "duration", time.Since(start))
+	} else {
+		logger.Info("List done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Patch")
+	ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Patch failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Patch done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Update")
+	ret0, ret1 := c.inner.Update(arg0, arg1, arg2)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Update failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Update done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Watch")
+	ret0, ret1 := c.inner.Watch(arg0, arg1)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Watch failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Watch done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+
+type withMetrics struct {
+	inner    github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface
+	recorder metrics.Recorder
+}
+
+func (c *withMetrics) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) {
+	defer c.recorder.RecordWithContext(arg0, "create")
+	return c.inner.Create(arg0, arg1, arg2)
+}
+func (c *withMetrics) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+	defer c.recorder.RecordWithContext(arg0, "delete")
+	return c.inner.Delete(arg0, arg1, arg2)
+}
+func (c *withMetrics) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+	defer c.recorder.RecordWithContext(arg0, "delete_collection")
+	return c.inner.DeleteCollection(arg0, arg1, arg2)
+}
+func (c *withMetrics) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) {
+	defer c.recorder.RecordWithContext(arg0, "get")
+	return c.inner.Get(arg0, arg1, arg2)
+}
+func (c *withMetrics) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReportList, error) {
+	defer c.recorder.RecordWithContext(arg0, "list")
+	return c.inner.List(arg0, arg1)
+}
+func (c *withMetrics) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) {
+	defer c.recorder.RecordWithContext(arg0, "patch")
+	return c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+}
+func (c *withMetrics) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) {
+	defer c.recorder.RecordWithContext(arg0, "update")
+	return c.inner.Update(arg0, arg1, arg2)
+}
+func (c *withMetrics) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+	defer c.recorder.RecordWithContext(arg0, "watch")
+	return c.inner.Watch(arg0, arg1)
+}
+
+type withTracing struct {
+	inner  github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface
+	client string
+	kind   string
+}
+
+func (c *withTracing) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Create"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Create"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Create(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Delete"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Delete"),
+			),
+		)
+		defer span.End()
+	}
+	ret0 := c.inner.Delete(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret0)
+	}
+	return ret0
+}
+func (c *withTracing) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "DeleteCollection"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("DeleteCollection"),
+			),
+		)
+		defer span.End()
+	}
+	ret0 := c.inner.DeleteCollection(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret0)
+	}
+	return ret0
+}
+func (c *withTracing) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Get"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Get"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Get(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReportList, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "List"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("List"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.List(arg0, arg1)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Patch"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Patch"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.BackgroundScanReport, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Update"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Update"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Update(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Watch"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Watch"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Watch(arg0, arg1)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}

pkg/clients/kyverno/reportsv1/client.generated.go

@@ -0,0 +1,92 @@
+package client
+
+import (
+	"github.com/go-logr/logr"
+	github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1"
+	admissionreports "github.com/kyverno/kyverno/pkg/clients/kyverno/reportsv1/admissionreports"
+	backgroundscanreports "github.com/kyverno/kyverno/pkg/clients/kyverno/reportsv1/backgroundscanreports"
+	clusteradmissionreports "github.com/kyverno/kyverno/pkg/clients/kyverno/reportsv1/clusteradmissionreports"
+	clusterbackgroundscanreports "github.com/kyverno/kyverno/pkg/clients/kyverno/reportsv1/clusterbackgroundscanreports"
+	"github.com/kyverno/kyverno/pkg/metrics"
+	"k8s.io/client-go/rest"
+)
+
+func WithMetrics(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface, metrics metrics.MetricsConfigManager, clientType metrics.ClientType) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface {
+	return &withMetrics{inner, metrics, clientType}
+}
+
+func WithTracing(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface, client string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface {
+	return &withTracing{inner, client}
+}
+
+func WithLogging(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface, logger logr.Logger) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface {
+	return &withLogging{inner, logger}
+}
+
+type withMetrics struct {
+	inner      github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface
+	metrics    metrics.MetricsConfigManager
+	clientType metrics.ClientType
+}
+
+func (c *withMetrics) RESTClient() rest.Interface {
+	return c.inner.RESTClient()
+}
+func (c *withMetrics) AdmissionReports(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface {
+	recorder := metrics.NamespacedClientQueryRecorder(c.metrics, namespace, "AdmissionReport", c.clientType)
+	return admissionreports.WithMetrics(c.inner.AdmissionReports(namespace), recorder)
+}
+func (c *withMetrics) BackgroundScanReports(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface {
+	recorder := metrics.NamespacedClientQueryRecorder(c.metrics, namespace, "BackgroundScanReport", c.clientType)
+	return backgroundscanreports.WithMetrics(c.inner.BackgroundScanReports(namespace), recorder)
+}
+func (c *withMetrics) ClusterAdmissionReports() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface {
+	recorder := metrics.ClusteredClientQueryRecorder(c.metrics, "ClusterAdmissionReport", c.clientType)
+	return clusteradmissionreports.WithMetrics(c.inner.ClusterAdmissionReports(), recorder)
+}
+func (c *withMetrics) ClusterBackgroundScanReports() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface {
+	recorder := metrics.ClusteredClientQueryRecorder(c.metrics, "ClusterBackgroundScanReport", c.clientType)
+	return clusterbackgroundscanreports.WithMetrics(c.inner.ClusterBackgroundScanReports(), recorder)
+}
+
+type withTracing struct {
+	inner  github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface
+	client string
+}
+
+func (c *withTracing) RESTClient() rest.Interface {
+	return c.inner.RESTClient()
+}
+func (c *withTracing) AdmissionReports(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface {
+	return admissionreports.WithTracing(c.inner.AdmissionReports(namespace), c.client, "AdmissionReport")
+}
+func (c *withTracing) BackgroundScanReports(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface {
+	return backgroundscanreports.WithTracing(c.inner.BackgroundScanReports(namespace), c.client, "BackgroundScanReport")
+}
+func (c *withTracing) ClusterAdmissionReports() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface {
+	return clusteradmissionreports.WithTracing(c.inner.ClusterAdmissionReports(), c.client, "ClusterAdmissionReport")
+}
+func (c *withTracing) ClusterBackgroundScanReports() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface {
+	return clusterbackgroundscanreports.WithTracing(c.inner.ClusterBackgroundScanReports(), c.client, "ClusterBackgroundScanReport")
+}
+
+type withLogging struct {
+	inner  github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ReportsV1Interface
+	logger logr.Logger
+}
+
+func (c *withLogging) RESTClient() rest.Interface {
+	return c.inner.RESTClient()
+}
+func (c *withLogging) AdmissionReports(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.AdmissionReportInterface {
+	return admissionreports.WithLogging(c.inner.AdmissionReports(namespace), c.logger.WithValues("resource", "AdmissionReports").WithValues("namespace", namespace))
+}
+func (c *withLogging) BackgroundScanReports(namespace string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.BackgroundScanReportInterface {
+	return backgroundscanreports.WithLogging(c.inner.BackgroundScanReports(namespace), c.logger.WithValues("resource", "BackgroundScanReports").WithValues("namespace", namespace))
+}
+func (c *withLogging) ClusterAdmissionReports() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface {
+	return clusteradmissionreports.WithLogging(c.inner.ClusterAdmissionReports(), c.logger.WithValues("resource", "ClusterAdmissionReports"))
+}
+func (c *withLogging) ClusterBackgroundScanReports() github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface {
+	return clusterbackgroundscanreports.WithLogging(c.inner.ClusterBackgroundScanReports(), c.logger.WithValues("resource", "ClusterBackgroundScanReports"))
+}

pkg/clients/kyverno/reportsv1/clusteradmissionreports/resource.generated.go

@@ -0,0 +1,337 @@
+package resource
+
+import (
+	context "context"
+	"fmt"
+	"time"
+
+	"github.com/go-logr/logr"
+	github_com_kyverno_kyverno_api_kyverno_reports_v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+	github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1"
+	"github.com/kyverno/kyverno/pkg/metrics"
+	"github.com/kyverno/kyverno/pkg/tracing"
+	"go.opentelemetry.io/otel/trace"
+	"go.uber.org/multierr"
+	k8s_io_apimachinery_pkg_apis_meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	k8s_io_apimachinery_pkg_types "k8s.io/apimachinery/pkg/types"
+	k8s_io_apimachinery_pkg_watch "k8s.io/apimachinery/pkg/watch"
+)
+
+func WithLogging(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface, logger logr.Logger) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface {
+	return &withLogging{inner, logger}
+}
+
+func WithMetrics(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface, recorder metrics.Recorder) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface {
+	return &withMetrics{inner, recorder}
+}
+
+func WithTracing(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface, client, kind string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface {
+	return &withTracing{inner, client, kind}
+}
+
+type withLogging struct {
+	inner  github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface
+	logger logr.Logger
+}
+
+func (c *withLogging) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Create")
+	ret0, ret1 := c.inner.Create(arg0, arg1, arg2)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Create failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Create done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Delete")
+	ret0 := c.inner.Delete(arg0, arg1, arg2)
+	if err := multierr.Combine(ret0); err != nil {
+		logger.Error(err, "Delete failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Delete done", "duration", time.Since(start))
+	}
+	return ret0
+}
+func (c *withLogging) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "DeleteCollection")
+	ret0 := c.inner.DeleteCollection(arg0, arg1, arg2)
+	if err := multierr.Combine(ret0); err != nil {
+		logger.Error(err, "DeleteCollection failed", "duration", time.Since(start))
+	} else {
+		logger.Info("DeleteCollection done", "duration", time.Since(start))
+	}
+	return ret0
+}
+func (c *withLogging) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Get")
+	ret0, ret1 := c.inner.Get(arg0, arg1, arg2)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Get failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Get done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReportList, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "List")
+	ret0, ret1 := c.inner.List(arg0, arg1)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "List failed", "duration", time.Since(start))
+	} else {
+		logger.Info("List done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Patch")
+	ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Patch failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Patch done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Update")
+	ret0, ret1 := c.inner.Update(arg0, arg1, arg2)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Update failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Update done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Watch")
+	ret0, ret1 := c.inner.Watch(arg0, arg1)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Watch failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Watch done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+
+type withMetrics struct {
+	inner    github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface
+	recorder metrics.Recorder
+}
+
+func (c *withMetrics) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) {
+	defer c.recorder.RecordWithContext(arg0, "create")
+	return c.inner.Create(arg0, arg1, arg2)
+}
+func (c *withMetrics) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+	defer c.recorder.RecordWithContext(arg0, "delete")
+	return c.inner.Delete(arg0, arg1, arg2)
+}
+func (c *withMetrics) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+	defer c.recorder.RecordWithContext(arg0, "delete_collection")
+	return c.inner.DeleteCollection(arg0, arg1, arg2)
+}
+func (c *withMetrics) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) {
+	defer c.recorder.RecordWithContext(arg0, "get")
+	return c.inner.Get(arg0, arg1, arg2)
+}
+func (c *withMetrics) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReportList, error) {
+	defer c.recorder.RecordWithContext(arg0, "list")
+	return c.inner.List(arg0, arg1)
+}
+func (c *withMetrics) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) {
+	defer c.recorder.RecordWithContext(arg0, "patch")
+	return c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+}
+func (c *withMetrics) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) {
+	defer c.recorder.RecordWithContext(arg0, "update")
+	return c.inner.Update(arg0, arg1, arg2)
+}
+func (c *withMetrics) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+	defer c.recorder.RecordWithContext(arg0, "watch")
+	return c.inner.Watch(arg0, arg1)
+}
+
+type withTracing struct {
+	inner  github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterAdmissionReportInterface
+	client string
+	kind   string
+}
+
+func (c *withTracing) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Create"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Create"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Create(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Delete"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Delete"),
+			),
+		)
+		defer span.End()
+	}
+	ret0 := c.inner.Delete(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret0)
+	}
+	return ret0
+}
+func (c *withTracing) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "DeleteCollection"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("DeleteCollection"),
+			),
+		)
+		defer span.End()
+	}
+	ret0 := c.inner.DeleteCollection(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret0)
+	}
+	return ret0
+}
+func (c *withTracing) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Get"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Get"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Get(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReportList, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "List"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("List"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.List(arg0, arg1)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Patch"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Patch"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterAdmissionReport, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Update"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Update"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Update(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Watch"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Watch"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Watch(arg0, arg1)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}

pkg/clients/kyverno/reportsv1/clusterbackgroundscanreports/resource.generated.go

@@ -0,0 +1,337 @@
+package resource
+
+import (
+	context "context"
+	"fmt"
+	"time"
+
+	"github.com/go-logr/logr"
+	github_com_kyverno_kyverno_api_kyverno_reports_v1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+	github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1 "github.com/kyverno/kyverno/pkg/client/clientset/versioned/typed/reports/v1"
+	"github.com/kyverno/kyverno/pkg/metrics"
+	"github.com/kyverno/kyverno/pkg/tracing"
+	"go.opentelemetry.io/otel/trace"
+	"go.uber.org/multierr"
+	k8s_io_apimachinery_pkg_apis_meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	k8s_io_apimachinery_pkg_types "k8s.io/apimachinery/pkg/types"
+	k8s_io_apimachinery_pkg_watch "k8s.io/apimachinery/pkg/watch"
+)
+
+func WithLogging(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface, logger logr.Logger) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface {
+	return &withLogging{inner, logger}
+}
+
+func WithMetrics(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface, recorder metrics.Recorder) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface {
+	return &withMetrics{inner, recorder}
+}
+
+func WithTracing(inner github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface, client, kind string) github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface {
+	return &withTracing{inner, client, kind}
+}
+
+type withLogging struct {
+	inner  github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface
+	logger logr.Logger
+}
+
+func (c *withLogging) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Create")
+	ret0, ret1 := c.inner.Create(arg0, arg1, arg2)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Create failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Create done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Delete")
+	ret0 := c.inner.Delete(arg0, arg1, arg2)
+	if err := multierr.Combine(ret0); err != nil {
+		logger.Error(err, "Delete failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Delete done", "duration", time.Since(start))
+	}
+	return ret0
+}
+func (c *withLogging) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "DeleteCollection")
+	ret0 := c.inner.DeleteCollection(arg0, arg1, arg2)
+	if err := multierr.Combine(ret0); err != nil {
+		logger.Error(err, "DeleteCollection failed", "duration", time.Since(start))
+	} else {
+		logger.Info("DeleteCollection done", "duration", time.Since(start))
+	}
+	return ret0
+}
+func (c *withLogging) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Get")
+	ret0, ret1 := c.inner.Get(arg0, arg1, arg2)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Get failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Get done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReportList, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "List")
+	ret0, ret1 := c.inner.List(arg0, arg1)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "List failed", "duration", time.Since(start))
+	} else {
+		logger.Info("List done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Patch")
+	ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Patch failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Patch done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Update")
+	ret0, ret1 := c.inner.Update(arg0, arg1, arg2)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Update failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Update done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+func (c *withLogging) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+	start := time.Now()
+	logger := c.logger.WithValues("operation", "Watch")
+	ret0, ret1 := c.inner.Watch(arg0, arg1)
+	if err := multierr.Combine(ret1); err != nil {
+		logger.Error(err, "Watch failed", "duration", time.Since(start))
+	} else {
+		logger.Info("Watch done", "duration", time.Since(start))
+	}
+	return ret0, ret1
+}
+
+type withMetrics struct {
+	inner    github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface
+	recorder metrics.Recorder
+}
+
+func (c *withMetrics) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) {
+	defer c.recorder.RecordWithContext(arg0, "create")
+	return c.inner.Create(arg0, arg1, arg2)
+}
+func (c *withMetrics) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+	defer c.recorder.RecordWithContext(arg0, "delete")
+	return c.inner.Delete(arg0, arg1, arg2)
+}
+func (c *withMetrics) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+	defer c.recorder.RecordWithContext(arg0, "delete_collection")
+	return c.inner.DeleteCollection(arg0, arg1, arg2)
+}
+func (c *withMetrics) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) {
+	defer c.recorder.RecordWithContext(arg0, "get")
+	return c.inner.Get(arg0, arg1, arg2)
+}
+func (c *withMetrics) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReportList, error) {
+	defer c.recorder.RecordWithContext(arg0, "list")
+	return c.inner.List(arg0, arg1)
+}
+func (c *withMetrics) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) {
+	defer c.recorder.RecordWithContext(arg0, "patch")
+	return c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+}
+func (c *withMetrics) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) {
+	defer c.recorder.RecordWithContext(arg0, "update")
+	return c.inner.Update(arg0, arg1, arg2)
+}
+func (c *withMetrics) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+	defer c.recorder.RecordWithContext(arg0, "watch")
+	return c.inner.Watch(arg0, arg1)
+}
+
+type withTracing struct {
+	inner  github_com_kyverno_kyverno_pkg_client_clientset_versioned_typed_reports_v1.ClusterBackgroundScanReportInterface
+	client string
+	kind   string
+}
+
+func (c *withTracing) Create(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.CreateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Create"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Create"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Create(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) Delete(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions) error {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Delete"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Delete"),
+			),
+		)
+		defer span.End()
+	}
+	ret0 := c.inner.Delete(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret0)
+	}
+	return ret0
+}
+func (c *withTracing) DeleteCollection(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.DeleteOptions, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) error {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "DeleteCollection"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("DeleteCollection"),
+			),
+		)
+		defer span.End()
+	}
+	ret0 := c.inner.DeleteCollection(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret0)
+	}
+	return ret0
+}
+func (c *withTracing) Get(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.GetOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Get"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Get"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Get(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) List(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReportList, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "List"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("List"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.List(arg0, arg1)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) Patch(arg0 context.Context, arg1 string, arg2 k8s_io_apimachinery_pkg_types.PatchType, arg3 []uint8, arg4 k8s_io_apimachinery_pkg_apis_meta_v1.PatchOptions, arg5 ...string) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Patch"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Patch"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Patch(arg0, arg1, arg2, arg3, arg4, arg5...)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) Update(arg0 context.Context, arg1 *github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, arg2 k8s_io_apimachinery_pkg_apis_meta_v1.UpdateOptions) (*github_com_kyverno_kyverno_api_kyverno_reports_v1.ClusterBackgroundScanReport, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Update"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Update"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Update(arg0, arg1, arg2)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}
+func (c *withTracing) Watch(arg0 context.Context, arg1 k8s_io_apimachinery_pkg_apis_meta_v1.ListOptions) (k8s_io_apimachinery_pkg_watch.Interface, error) {
+	var span trace.Span
+	if tracing.IsInSpan(arg0) {
+		arg0, span = tracing.StartChildSpan(
+			arg0,
+			"",
+			fmt.Sprintf("KUBE %s/%s/%s", c.client, c.kind, "Watch"),
+			trace.WithAttributes(
+				tracing.KubeClientGroupKey.String(c.client),
+				tracing.KubeClientKindKey.String(c.kind),
+				tracing.KubeClientOperationKey.String("Watch"),
+			),
+		)
+		defer span.End()
+	}
+	ret0, ret1 := c.inner.Watch(arg0, arg1)
+	if span != nil {
+		tracing.SetSpanStatus(span, ret1)
+	}
+	return ret0, ret1
+}

pkg/controllers/report/admission/controller.go

@@ -2,6 +2,7 @@ package admission
 
 import (
 	"context"
+	"fmt"
 	"time"
 
 	"github.com/go-logr/logr"
@@ -11,6 +12,7 @@ import (
 	"github.com/kyverno/kyverno/pkg/clients/dclient"
 	"github.com/kyverno/kyverno/pkg/controllers"
 	"github.com/kyverno/kyverno/pkg/controllers/report/utils"
+	"github.com/kyverno/kyverno/pkg/report"
 	controllerutils "github.com/kyverno/kyverno/pkg/utils/controller"
 	reportutils "github.com/kyverno/kyverno/pkg/utils/report"
 	"go.uber.org/multierr"
@@ -36,8 +38,9 @@ const (
 
 type controller struct {
 	// clients
-	client  versioned.Interface
-	dclient dclient.Interface
+	client        versioned.Interface
+	dclient       dclient.Interface
+	reportManager report.Interface
 
 	// listers
 	admrLister  cache.GenericLister
@@ -51,16 +54,18 @@ func NewController(
 	client versioned.Interface,
 	dclient dclient.Interface,
 	metadataFactory metadatainformers.SharedInformerFactory,
+	reportManager report.Interface,
 ) controllers.Controller {
-	admrInformer := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("admissionreports"))
-	cadmrInformer := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("clusteradmissionreports"))
+	admrInformer := reportManager.AdmissionReportInformer(metadataFactory)
+	cadmrInformer := reportManager.ClusterAdmissionReportInformer(metadataFactory)
 	queue := workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), ControllerName)
 	c := controller{
-		client:      client,
-		dclient:     dclient,
-		admrLister:  admrInformer.Lister(),
-		cadmrLister: cadmrInformer.Lister(),
-		queue:       queue,
+		client:        client,
+		dclient:       dclient,
+		reportManager: reportManager,
+		admrLister:    admrInformer.Lister(),
+		cadmrLister:   cadmrInformer.Lister(),
+		queue:         queue,
 	}
 	if _, err := controllerutils.AddEventHandlersT(
 		admrInformer.Informer(),
@@ -110,9 +115,9 @@ func (c *controller) getReports(uid types.UID) ([]metav1.Object, error) {
 
 func (c *controller) fetchReport(ctx context.Context, namespace, name string) (kyvernov1alpha2.ReportInterface, error) {
 	if namespace == "" {
-		return c.client.KyvernoV1alpha2().ClusterAdmissionReports().Get(ctx, name, metav1.GetOptions{})
+		return c.reportManager.GetClusterAdmissionReports(ctx, name, metav1.GetOptions{})
 	} else {
-		return c.client.KyvernoV1alpha2().AdmissionReports(namespace).Get(ctx, name, metav1.GetOptions{})
+		return c.reportManager.GetAdmissionReports(ctx, name, namespace, metav1.GetOptions{})
 	}
 }
 
@@ -142,18 +147,26 @@ func (c *controller) fetchReports(ctx context.Context, uid types.UID) ([]kyverno
 	} else {
 		for n := range ns {
 			if n == "" {
-				cadmrs, err := c.client.KyvernoV1alpha2().ClusterAdmissionReports().List(ctx, metav1.ListOptions{LabelSelector: selector.String()})
+				cadmrsObj, err := c.reportManager.ListClusterAdmissionReports(ctx, metav1.ListOptions{LabelSelector: selector.String()})
 				if err != nil {
 					return nil, err
 				}
+				cadmrs, ok := cadmrsObj.(*kyvernov1alpha2.ClusterAdmissionReportList)
+				if !ok {
+					return nil, fmt.Errorf("failed to convert runtime object to cluster admission report list")
+				}
 				for i := range cadmrs.Items {
 					results = append(results, &cadmrs.Items[i])
 				}
 			} else {
-				admrs, err := c.client.KyvernoV1alpha2().AdmissionReports(n).List(ctx, metav1.ListOptions{LabelSelector: selector.String()})
+				admrsObj, err := c.reportManager.ListAdmissionReports(ctx, n, metav1.ListOptions{LabelSelector: selector.String()})
 				if err != nil {
 					return nil, err
 				}
+				admrs, ok := admrsObj.(*kyvernov1alpha2.AdmissionReportList)
+				if !ok {
+					return nil, fmt.Errorf("failed to convert runtime object to admission report list")
+				}
 				for i := range admrs.Items {
 					results = append(results, &admrs.Items[i])
 				}
@@ -165,9 +178,9 @@ func (c *controller) fetchReports(ctx context.Context, uid types.UID) ([]kyverno
 
 func (c *controller) deleteReport(ctx context.Context, namespace, name string) error {
 	if namespace == "" {
-		return c.client.KyvernoV1alpha2().ClusterAdmissionReports().Delete(ctx, name, metav1.DeleteOptions{})
+		return c.reportManager.DeleteClusterAdmissionReports(ctx, name, metav1.DeleteOptions{})
 	} else {
-		return c.client.KyvernoV1alpha2().AdmissionReports(namespace).Delete(ctx, name, metav1.DeleteOptions{})
+		return c.reportManager.DeleteAdmissionReports(ctx, name, namespace, metav1.DeleteOptions{})
 	}
 }
 
@@ -224,7 +237,7 @@ func (c *controller) aggregateReports(ctx context.Context, uid types.UID) (kyver
 		// if we found the resource, build an aggregated report for it
 		if res != nil {
 			if aggregated == nil {
-				aggregated = reportutils.NewAdmissionReport(res.GetNamespace(), string(uid), gvr, *res)
+				aggregated = c.reportManager.NewAdmissionReport(res.GetNamespace(), string(uid), gvr, *res)
 				controllerutils.SetOwner(aggregated, res.GetAPIVersion(), res.GetKind(), res.GetName(), uid)
 				controllerutils.SetLabel(aggregated, reportutils.LabelAggregatedReport, string(uid))
 			}
@@ -251,12 +264,12 @@ func (c *controller) aggregateReports(ctx context.Context, uid types.UID) (kyver
 		}
 		after := aggregated
 		if aggregated.GetResourceVersion() != "" {
-			after = reportutils.DeepCopy(aggregated)
+			after = c.reportManager.DeepCopy(aggregated)
 		}
 		reportutils.SetResults(after, results...)
 		if after.GetResourceVersion() == "" {
 			if len(results) > 0 {
-				if _, err := reportutils.CreateReport(ctx, after, c.client); err != nil {
+				if _, err := c.reportManager.CreateReport(ctx, after); err != nil {
 					errs = append(errs, err)
 				}
 			}
@@ -267,7 +280,7 @@ func (c *controller) aggregateReports(ctx context.Context, uid types.UID) (kyver
 				}
 			} else {
 				if !utils.ReportsAreIdentical(aggregated, after) {
-					if _, err = reportutils.UpdateReport(ctx, after, c.client); err != nil {
+					if _, err = c.reportManager.UpdateReport(ctx, after); err != nil {
 						errs = append(errs, err)
 					}
 				}

pkg/controllers/report/aggregate/namespace/controller.go

@@ -16,6 +16,7 @@ import (
 	"github.com/kyverno/kyverno/pkg/controllers"
 	"github.com/kyverno/kyverno/pkg/controllers/report/resource"
 	engineapi "github.com/kyverno/kyverno/pkg/engine/api"
+	"github.com/kyverno/kyverno/pkg/report"
 	controllerutils "github.com/kyverno/kyverno/pkg/utils/controller"
 	datautils "github.com/kyverno/kyverno/pkg/utils/data"
 	reportutils "github.com/kyverno/kyverno/pkg/utils/report"
@@ -42,7 +43,8 @@ const (
 
 type controller struct {
 	// clients
-	client versioned.Interface
+	client        versioned.Interface
+	reportManager report.Interface
 
 	// listers
 	polLister      kyvernov1listers.PolicyLister
@@ -73,19 +75,21 @@ func keyFunc(obj metav1.Object) cache.ExplicitKey {
 func NewController(
 	client versioned.Interface,
 	metadataFactory metadatainformers.SharedInformerFactory,
+	reportManager report.Interface,
 	polInformer kyvernov1informers.PolicyInformer,
 	cpolInformer kyvernov1informers.ClusterPolicyInformer,
 	metadataCache resource.MetadataCache,
 	chunkSize int,
 ) controllers.Controller {
-	admrInformer := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("admissionreports"))
-	cadmrInformer := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("clusteradmissionreports"))
-	bgscanrInformer := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("backgroundscanreports"))
-	cbgscanrInformer := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("clusterbackgroundscanreports"))
+	admrInformer := reportManager.AdmissionReportInformer(metadataFactory)
+	cadmrInformer := reportManager.ClusterAdmissionReportInformer(metadataFactory)
+	bgscanrInformer := reportManager.BackgroundScanReportInformer(metadataFactory)
+	cbgscanrInformer := reportManager.ClusterBackgroundScanReportInformer(metadataFactory)
 	polrInformer := metadataFactory.ForResource(policyreportv1alpha2.SchemeGroupVersion.WithResource("policyreports"))
 	cpolrInformer := metadataFactory.ForResource(policyreportv1alpha2.SchemeGroupVersion.WithResource("clusterpolicyreports"))
 	c := controller{
 		client:         client,
+		reportManager:  reportManager,
 		polLister:      polInformer.Lister(),
 		cpolLister:     cpolInformer.Lister(),
 		admrLister:     admrInformer.Lister(),
@@ -141,7 +145,7 @@ func (c *controller) mergeAdmissionReports(ctx context.Context, namespace string
 	if namespace == "" {
 		next := ""
 		for {
-			cadms, err := c.client.KyvernoV1alpha2().ClusterAdmissionReports().List(ctx, metav1.ListOptions{
+			cadmsObj, err := c.reportManager.ListClusterAdmissionReports(ctx, metav1.ListOptions{
 				// no need to consider non aggregated reports
 				LabelSelector: reportutils.LabelAggregatedReport,
 				Limit:         mergeLimit,
@@ -150,6 +154,10 @@ func (c *controller) mergeAdmissionReports(ctx context.Context, namespace string
 			if err != nil {
 				return err
 			}
+			cadms, ok := cadmsObj.(*kyvernov1alpha2.ClusterAdmissionReportList)
+			if !ok {
+				return fmt.Errorf("failed to convert runtime object to cluster admission report list")
+			}
 			next = cadms.Continue
 			for i := range cadms.Items {
 				mergeReports(policyMap, accumulator, &cadms.Items[i])
@@ -161,7 +169,7 @@ func (c *controller) mergeAdmissionReports(ctx context.Context, namespace string
 	} else {
 		next := ""
 		for {
-			adms, err := c.client.KyvernoV1alpha2().AdmissionReports(namespace).List(ctx, metav1.ListOptions{
+			admsObj, err := c.reportManager.ListAdmissionReports(ctx, namespace, metav1.ListOptions{
 				// no need to consider non aggregated reports
 				LabelSelector: reportutils.LabelAggregatedReport,
 				Limit:         mergeLimit,
@@ -170,6 +178,10 @@ func (c *controller) mergeAdmissionReports(ctx context.Context, namespace string
 			if err != nil {
 				return err
 			}
+			adms, ok := admsObj.(*kyvernov1alpha2.AdmissionReportList)
+			if !ok {
+				return fmt.Errorf("failed to convert runtime object to admission report list")
+			}
 			next = adms.Continue
 			for i := range adms.Items {
 				mergeReports(policyMap, accumulator, &adms.Items[i])
@@ -185,13 +197,17 @@ func (c *controller) mergeBackgroundScanReports(ctx context.Context, namespace s
 	if namespace == "" {
 		next := ""
 		for {
-			cbgscans, err := c.client.KyvernoV1alpha2().ClusterBackgroundScanReports().List(ctx, metav1.ListOptions{
+			cbgscansObj, err := c.reportManager.ListClusterBackgroundScanReports(ctx, metav1.ListOptions{
 				Limit:    mergeLimit,
 				Continue: next,
 			})
 			if err != nil {
 				return err
 			}
+			cbgscans, ok := cbgscansObj.(*kyvernov1alpha2.ClusterBackgroundScanReportList)
+			if !ok {
+				return fmt.Errorf("failed to convert runtime object to admission report list")
+			}
 			next = cbgscans.Continue
 			for i := range cbgscans.Items {
 				mergeReports(policyMap, accumulator, &cbgscans.Items[i])
@@ -203,13 +219,17 @@ func (c *controller) mergeBackgroundScanReports(ctx context.Context, namespace s
 	} else {
 		next := ""
 		for {
-			bgscans, err := c.client.KyvernoV1alpha2().BackgroundScanReports(namespace).List(ctx, metav1.ListOptions{
+			bgscansObj, err := c.reportManager.ListBackgroundScanReports(ctx, namespace, metav1.ListOptions{
 				Limit:    mergeLimit,
 				Continue: next,
 			})
 			if err != nil {
 				return err
 			}
+			bgscans, ok := bgscansObj.(*kyvernov1alpha2.BackgroundScanReportList)
+			if !ok {
+				return fmt.Errorf("failed to convert runtime object to admission report list")
+			}
 			next = bgscans.Continue
 			for i := range bgscans.Items {
 				mergeReports(policyMap, accumulator, &bgscans.Items[i])
@@ -230,9 +250,9 @@ func (c *controller) reconcileReport(ctx context.Context, policyMap map[string]p
 				reportutils.SetPolicyLabel(report, engineapi.NewKyvernoPolicy(policy.policy))
 			}
 		}
-		return reportutils.CreateReport(ctx, report, c.client)
+		return c.reportManager.CreateReport(ctx, report)
 	}
-	after := reportutils.DeepCopy(report)
+	after := c.reportManager.DeepCopy(report)
 	// hold custom labels
 	reportutils.CleanupKyvernoLabels(after)
 	reportutils.SetManagedByKyvernoLabel(after)
@@ -246,7 +266,7 @@ func (c *controller) reconcileReport(ctx context.Context, policyMap map[string]p
 	if datautils.DeepEqual(report, after) {
 		return after, nil
 	}
-	return reportutils.UpdateReport(ctx, after, c.client)
+	return c.reportManager.UpdateReport(ctx, after)
 }
 
 func (c *controller) cleanReports(ctx context.Context, actual map[string]kyvernov1alpha2.ReportInterface, expected []kyvernov1alpha2.ReportInterface) error {
@@ -256,7 +276,7 @@ func (c *controller) cleanReports(ctx context.Context, actual map[string]kyverno
 	}
 	for _, obj := range actual {
 		if !keep.Has(obj.GetName()) {
-			err := reportutils.DeleteReport(ctx, obj, c.client)
+			err := c.reportManager.DeleteReport(ctx, obj)
 			if err != nil {
 				return err
 			}

pkg/controllers/report/aggregate/resource/controller.go

@@ -14,6 +14,7 @@ import (
 	kyvernov1listers "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
 	"github.com/kyverno/kyverno/pkg/controllers"
 	"github.com/kyverno/kyverno/pkg/controllers/report/resource"
+	"github.com/kyverno/kyverno/pkg/report"
 	controllerutils "github.com/kyverno/kyverno/pkg/utils/controller"
 	reportutils "github.com/kyverno/kyverno/pkg/utils/report"
 	corev1 "k8s.io/api/core/v1"
@@ -39,7 +40,8 @@ const (
 
 type controller struct {
 	// clients
-	client versioned.Interface
+	client        versioned.Interface
+	reportManager report.Interface
 
 	// listers
 	polLister  kyvernov1listers.PolicyLister
@@ -63,20 +65,22 @@ type policyMapEntry struct {
 func NewController(
 	client versioned.Interface,
 	metadataFactory metadatainformers.SharedInformerFactory,
+	reportManager report.Interface,
 	polInformer kyvernov1informers.PolicyInformer,
 	cpolInformer kyvernov1informers.ClusterPolicyInformer,
 	vapInformer admissionregistrationv1alpha1informers.ValidatingAdmissionPolicyInformer,
 	metadataCache resource.MetadataCache,
 	chunkSize int,
 ) controllers.Controller {
-	admrInformer := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("admissionreports"))
-	cadmrInformer := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("clusteradmissionreports"))
-	bgscanrInformer := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("backgroundscanreports"))
-	cbgscanrInformer := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("clusterbackgroundscanreports"))
+	admrInformer := reportManager.AdmissionReportInformer(metadataFactory)
+	cadmrInformer := reportManager.ClusterAdmissionReportInformer(metadataFactory)
+	bgscanrInformer := reportManager.BackgroundScanReportInformer(metadataFactory)
+	cbgscanrInformer := reportManager.ClusterBackgroundScanReportInformer(metadataFactory)
 	polrInformer := metadataFactory.ForResource(policyreportv1alpha2.SchemeGroupVersion.WithResource("policyreports"))
 	cpolrInformer := metadataFactory.ForResource(policyreportv1alpha2.SchemeGroupVersion.WithResource("clusterpolicyreports"))
 	c := controller{
 		client:        client,
+		reportManager: reportManager,
 		polLister:     polInformer.Lister(),
 		cpolLister:    cpolInformer.Lister(),
 		queue:         workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), ControllerName),
@@ -216,7 +220,7 @@ func (c *controller) createVapMap() (sets.Set[string], error) {
 
 func (c *controller) getBackgroundScanReport(ctx context.Context, namespace, name string) (kyvernov1alpha2.ReportInterface, error) {
 	if namespace == "" {
-		report, err := c.client.KyvernoV1alpha2().ClusterBackgroundScanReports().Get(ctx, name, metav1.GetOptions{})
+		report, err := c.reportManager.GetClusterBackgroundScanReports(ctx, name, metav1.GetOptions{})
 		if err != nil {
 			if apierrors.IsNotFound(err) {
 				return nil, nil
@@ -225,7 +229,7 @@ func (c *controller) getBackgroundScanReport(ctx context.Context, namespace, nam
 		}
 		return report, nil
 	} else {
-		report, err := c.client.KyvernoV1alpha2().BackgroundScanReports(namespace).Get(ctx, name, metav1.GetOptions{})
+		report, err := c.reportManager.GetBackgroundScanReports(ctx, name, namespace, metav1.GetOptions{})
 		if err != nil {
 			if apierrors.IsNotFound(err) {
 				return nil, nil
@@ -238,7 +242,7 @@ func (c *controller) getBackgroundScanReport(ctx context.Context, namespace, nam
 
 func (c *controller) getAdmissionReport(ctx context.Context, namespace, name string) (kyvernov1alpha2.ReportInterface, error) {
 	if namespace == "" {
-		report, err := c.client.KyvernoV1alpha2().ClusterAdmissionReports().Get(ctx, name, metav1.GetOptions{})
+		report, err := c.reportManager.GetClusterAdmissionReports(ctx, name, metav1.GetOptions{})
 		if err != nil {
 			if apierrors.IsNotFound(err) {
 				return nil, nil
@@ -247,7 +251,7 @@ func (c *controller) getAdmissionReport(ctx context.Context, namespace, name str
 		}
 		return report, nil
 	} else {
-		report, err := c.client.KyvernoV1alpha2().AdmissionReports(namespace).Get(ctx, name, metav1.GetOptions{})
+		report, err := c.reportManager.GetAdmissionReports(ctx, name, namespace, metav1.GetOptions{})
 		if err != nil {
 			if apierrors.IsNotFound(err) {
 				return nil, nil
@@ -334,29 +338,29 @@ func (c *controller) reconcile(ctx context.Context, logger logr.Logger, _, names
 		}
 		if len(results) == 0 {
 			if !create {
-				if err := deleteReport(ctx, policyReport, c.client); err != nil {
+				if err := deleteReport(ctx, policyReport, c.reportManager); err != nil {
 					return err
 				}
 			}
 		} else {
 			reportutils.SetResults(policyReport, results...)
 			if create {
-				if _, err := reportutils.CreateReport(ctx, policyReport, c.client); err != nil {
+				if _, err := c.reportManager.CreateReport(ctx, policyReport); err != nil {
 					return err
 				}
 			} else {
-				if _, err := updateReport(ctx, policyReport, c.client); err != nil {
+				if _, err := updateReport(ctx, policyReport, c.reportManager); err != nil {
 					return err
 				}
 			}
 		}
 		if admissionReport != nil {
-			if err := deleteReport(ctx, admissionReport, c.client); err != nil {
+			if err := deleteReport(ctx, admissionReport, c.reportManager); err != nil {
 				return err
 			}
 		}
 		if backgroundReport != nil {
-			if err := deleteReport(ctx, backgroundReport, c.client); err != nil {
+			if err := deleteReport(ctx, backgroundReport, c.reportManager); err != nil {
 				return err
 			}
 		}
@@ -366,7 +370,7 @@ func (c *controller) reconcile(ctx context.Context, logger logr.Logger, _, names
 			return err
 		}
 		if policyReport != nil {
-			if err := deleteReport(ctx, policyReport, c.client); err != nil {
+			if err := deleteReport(ctx, policyReport, c.reportManager); err != nil {
 				return err
 			}
 		}

pkg/controllers/report/aggregate/resource/utils.go

@@ -6,9 +6,8 @@ import (
 
 	kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
 	policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
-	"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
+	"github.com/kyverno/kyverno/pkg/report"
 	controllerutils "github.com/kyverno/kyverno/pkg/utils/controller"
-	reportutils "github.com/kyverno/kyverno/pkg/utils/report"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/sets"
 )
@@ -42,16 +41,16 @@ func mergeReports(policyMap map[string]policyMapEntry, vapMap sets.Set[string],
 	}
 }
 
-func deleteReport(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) error {
+func deleteReport(ctx context.Context, report kyvernov1alpha2.ReportInterface, reportManager report.Interface) error {
 	if !controllerutils.IsManagedByKyverno(report) {
 		return errors.New("can't delete report because it is not managed by kyverno")
 	}
-	return reportutils.DeleteReport(ctx, report, client)
+	return reportManager.DeleteReport(ctx, report)
 }
 
-func updateReport(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) (kyvernov1alpha2.ReportInterface, error) {
+func updateReport(ctx context.Context, report kyvernov1alpha2.ReportInterface, reportManager report.Interface) (kyvernov1alpha2.ReportInterface, error) {
 	if !controllerutils.IsManagedByKyverno(report) {
 		return nil, errors.New("can't update report because it is not managed by kyverno")
 	}
-	return reportutils.UpdateReport(ctx, report, client)
+	return reportManager.UpdateReport(ctx, report)
 }

pkg/controllers/report/background/controller.go

@@ -22,6 +22,7 @@ import (
 	engineapi "github.com/kyverno/kyverno/pkg/engine/api"
 	"github.com/kyverno/kyverno/pkg/engine/jmespath"
 	"github.com/kyverno/kyverno/pkg/event"
+	"github.com/kyverno/kyverno/pkg/report"
 	controllerutils "github.com/kyverno/kyverno/pkg/utils/controller"
 	datautils "github.com/kyverno/kyverno/pkg/utils/data"
 	reportutils "github.com/kyverno/kyverno/pkg/utils/report"
@@ -52,6 +53,7 @@ type controller struct {
 	// clients
 	client        dclient.Interface
 	kyvernoClient versioned.Interface
+	reportManager report.Interface
 	engine        engineapi.Engine
 
 	// listers
@@ -80,6 +82,7 @@ type controller struct {
 func NewController(
 	client dclient.Interface,
 	kyvernoClient versioned.Interface,
+	reportManager report.Interface,
 	engine engineapi.Engine,
 	metadataFactory metadatainformers.SharedInformerFactory,
 	polInformer kyvernov1informers.PolicyInformer,
@@ -94,12 +97,13 @@ func NewController(
 	eventGen event.Interface,
 	policyReports bool,
 ) controllers.Controller {
-	bgscanr := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("backgroundscanreports"))
-	cbgscanr := metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("clusterbackgroundscanreports"))
+	bgscanr := reportManager.BackgroundScanReportInformer(metadataFactory)
+	cbgscanr := reportManager.ClusterBackgroundScanReportInformer(metadataFactory)
 	queue := workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), ControllerName)
 	c := controller{
 		client:         client,
 		kyvernoClient:  kyvernoClient,
+		reportManager:  reportManager,
 		engine:         engine,
 		polLister:      polInformer.Lister(),
 		cpolLister:     cpolInformer.Lister(),
@@ -199,9 +203,9 @@ func (c *controller) enqueueResources() {
 
 func (c *controller) getReport(ctx context.Context, namespace, name string) (kyvernov1alpha2.ReportInterface, error) {
 	if namespace == "" {
-		return c.kyvernoClient.KyvernoV1alpha2().ClusterBackgroundScanReports().Get(ctx, name, metav1.GetOptions{})
+		return c.reportManager.GetClusterBackgroundScanReports(ctx, name, metav1.GetOptions{})
 	} else {
-		return c.kyvernoClient.KyvernoV1alpha2().BackgroundScanReports(namespace).Get(ctx, name, metav1.GetOptions{})
+		return c.reportManager.GetBackgroundScanReports(ctx, name, namespace, metav1.GetOptions{})
 	}
 }
 
@@ -300,7 +304,7 @@ func (c *controller) reconcileReport(
 		if !apierrors.IsNotFound(err) {
 			return err
 		}
-		observed = reportutils.NewBackgroundScanReport(namespace, name, gvk, resource.Name, uid)
+		observed = c.reportManager.NewBackgroundScanReport(namespace, name, gvk, resource.Name, uid)
 	}
 	// build desired report
 	expected := map[string]string{}
@@ -372,7 +376,7 @@ func (c *controller) reconcileReport(
 			}
 		}
 	}
-	desired := reportutils.DeepCopy(observed)
+	desired := c.reportManager.DeepCopy(observed)
 	for key := range desired.GetLabels() {
 		if reportutils.IsPolicyLabel(key) {
 			delete(desired.GetLabels(), key)
@@ -402,19 +406,19 @@ func (c *controller) storeReport(ctx context.Context, observed, desired kyvernov
 	if !hasReport && !wantsReport {
 		return nil
 	} else if !hasReport && wantsReport {
-		_, err = reportutils.CreateReport(ctx, desired, c.kyvernoClient)
+		_, err = c.reportManager.CreateReport(ctx, desired)
 		return err
 	} else if hasReport && !wantsReport {
 		if observed.GetNamespace() == "" {
-			return c.kyvernoClient.KyvernoV1alpha2().ClusterBackgroundScanReports().Delete(ctx, observed.GetName(), metav1.DeleteOptions{})
+			return c.reportManager.DeleteClusterBackgroundScanReports(ctx, observed.GetName(), metav1.DeleteOptions{})
 		} else {
-			return c.kyvernoClient.KyvernoV1alpha2().BackgroundScanReports(observed.GetNamespace()).Delete(ctx, observed.GetName(), metav1.DeleteOptions{})
+			return c.reportManager.DeleteBackgroundScanReports(ctx, observed.GetName(), observed.GetNamespace(), metav1.DeleteOptions{})
 		}
 	} else {
 		if utils.ReportsAreIdentical(observed, desired) {
 			return nil
 		}
-		_, err = reportutils.UpdateReport(ctx, desired, c.kyvernoClient)
+		_, err = c.reportManager.UpdateReport(ctx, desired)
 		return err
 	}
 }
@@ -434,9 +438,9 @@ func (c *controller) reconcile(ctx context.Context, log logr.Logger, key, namesp
 			return nil
 		} else {
 			if report.GetNamespace() == "" {
-				return c.kyvernoClient.KyvernoV1alpha2().ClusterBackgroundScanReports().Delete(ctx, report.GetName(), metav1.DeleteOptions{})
+				return c.reportManager.DeleteClusterBackgroundScanReports(ctx, report.GetName(), metav1.DeleteOptions{})
 			} else {
-				return c.kyvernoClient.KyvernoV1alpha2().BackgroundScanReports(report.GetNamespace()).Delete(ctx, report.GetName(), metav1.DeleteOptions{})
+				return c.reportManager.DeleteBackgroundScanReports(ctx, report.GetName(), report.GetNamespace(), metav1.DeleteOptions{})
 			}
 		}
 	}

pkg/report/copy.go

@@ -0,0 +1,45 @@
+package report
+
+import (
+	reportv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+	kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
+	policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
+)
+
+func deepCopyV1Alpha2(report kyvernov1alpha2.ReportInterface) kyvernov1alpha2.ReportInterface {
+	switch v := report.(type) {
+	case *kyvernov1alpha2.AdmissionReport:
+		return v.DeepCopy()
+	case *kyvernov1alpha2.ClusterAdmissionReport:
+		return v.DeepCopy()
+	case *kyvernov1alpha2.BackgroundScanReport:
+		return v.DeepCopy()
+	case *kyvernov1alpha2.ClusterBackgroundScanReport:
+		return v.DeepCopy()
+	case *policyreportv1alpha2.PolicyReport:
+		return v.DeepCopy()
+	case *policyreportv1alpha2.ClusterPolicyReport:
+		return v.DeepCopy()
+	default:
+		return nil
+	}
+}
+
+func deepCopyReportV1(report kyvernov1alpha2.ReportInterface) kyvernov1alpha2.ReportInterface {
+	switch v := report.(type) {
+	case *reportv1.AdmissionReport:
+		return v.DeepCopy()
+	case *reportv1.ClusterAdmissionReport:
+		return v.DeepCopy()
+	case *reportv1.BackgroundScanReport:
+		return v.DeepCopy()
+	case *reportv1.ClusterBackgroundScanReport:
+		return v.DeepCopy()
+	case *policyreportv1alpha2.PolicyReport:
+		return v.DeepCopy()
+	case *policyreportv1alpha2.ClusterPolicyReport:
+		return v.DeepCopy()
+	default:
+		return nil
+	}
+}

pkg/report/create.go

@@ -0,0 +1,62 @@
+package report
+
+import (
+	"context"
+	"errors"
+
+	reportv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+	kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
+	policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
+	"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+func createV1Alpha1Report(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) (kyvernov1alpha2.ReportInterface, error) {
+	switch v := report.(type) {
+	case *kyvernov1alpha2.AdmissionReport:
+		report, err := client.KyvernoV1alpha2().AdmissionReports(report.GetNamespace()).Create(ctx, v, metav1.CreateOptions{})
+		return report, err
+	case *kyvernov1alpha2.ClusterAdmissionReport:
+		report, err := client.KyvernoV1alpha2().ClusterAdmissionReports().Create(ctx, v, metav1.CreateOptions{})
+		return report, err
+	case *kyvernov1alpha2.BackgroundScanReport:
+		report, err := client.KyvernoV1alpha2().BackgroundScanReports(report.GetNamespace()).Create(ctx, v, metav1.CreateOptions{})
+		return report, err
+	case *kyvernov1alpha2.ClusterBackgroundScanReport:
+		report, err := client.KyvernoV1alpha2().ClusterBackgroundScanReports().Create(ctx, v, metav1.CreateOptions{})
+		return report, err
+	case *policyreportv1alpha2.PolicyReport:
+		report, err := client.Wgpolicyk8sV1alpha2().PolicyReports(report.GetNamespace()).Create(ctx, v, metav1.CreateOptions{})
+		return report, err
+	case *policyreportv1alpha2.ClusterPolicyReport:
+		report, err := client.Wgpolicyk8sV1alpha2().ClusterPolicyReports().Create(ctx, v, metav1.CreateOptions{})
+		return report, err
+	default:
+		return nil, errors.New("unknow type")
+	}
+}
+
+func createReportV1Report(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) (kyvernov1alpha2.ReportInterface, error) {
+	switch v := report.(type) {
+	case *reportv1.AdmissionReport:
+		report, err := client.ReportsV1().AdmissionReports(report.GetNamespace()).Create(ctx, v, metav1.CreateOptions{})
+		return report, err
+	case *reportv1.ClusterAdmissionReport:
+		report, err := client.ReportsV1().ClusterAdmissionReports().Create(ctx, v, metav1.CreateOptions{})
+		return report, err
+	case *reportv1.BackgroundScanReport:
+		report, err := client.ReportsV1().BackgroundScanReports(report.GetNamespace()).Create(ctx, v, metav1.CreateOptions{})
+		return report, err
+	case *reportv1.ClusterBackgroundScanReport:
+		report, err := client.ReportsV1().ClusterBackgroundScanReports().Create(ctx, v, metav1.CreateOptions{})
+		return report, err
+	case *policyreportv1alpha2.PolicyReport:
+		report, err := client.Wgpolicyk8sV1alpha2().PolicyReports(report.GetNamespace()).Create(ctx, v, metav1.CreateOptions{})
+		return report, err
+	case *policyreportv1alpha2.ClusterPolicyReport:
+		report, err := client.Wgpolicyk8sV1alpha2().ClusterPolicyReports().Create(ctx, v, metav1.CreateOptions{})
+		return report, err
+	default:
+		return nil, errors.New("unknow type")
+	}
+}

pkg/report/delete.go

@@ -4,13 +4,14 @@ import (
 	"context"
 	"errors"
 
+	reportv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
 	kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
 	policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
 	"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-func DeleteReport(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) error {
+func deleteV1Alpha1Reports(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) error {
 	switch v := report.(type) {
 	case *kyvernov1alpha2.AdmissionReport:
 		return client.KyvernoV1alpha2().AdmissionReports(report.GetNamespace()).Delete(ctx, v.GetName(), metav1.DeleteOptions{})
@@ -28,3 +29,22 @@ func DeleteReport(ctx context.Context, report kyvernov1alpha2.ReportInterface, c
 		return errors.New("unknow type")
 	}
 }
+
+func deleteReportV1Reports(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) error {
+	switch v := report.(type) {
+	case *reportv1.AdmissionReport:
+		return client.ReportsV1().AdmissionReports(report.GetNamespace()).Delete(ctx, v.GetName(), metav1.DeleteOptions{})
+	case *reportv1.ClusterAdmissionReport:
+		return client.ReportsV1().ClusterAdmissionReports().Delete(ctx, v.GetName(), metav1.DeleteOptions{})
+	case *reportv1.BackgroundScanReport:
+		return client.ReportsV1().BackgroundScanReports(report.GetNamespace()).Delete(ctx, v.GetName(), metav1.DeleteOptions{})
+	case *reportv1.ClusterBackgroundScanReport:
+		return client.ReportsV1().ClusterBackgroundScanReports().Delete(ctx, v.GetName(), metav1.DeleteOptions{})
+	case *policyreportv1alpha2.PolicyReport:
+		return client.Wgpolicyk8sV1alpha2().PolicyReports(report.GetNamespace()).Delete(ctx, v.GetName(), metav1.DeleteOptions{})
+	case *policyreportv1alpha2.ClusterPolicyReport:
+		return client.Wgpolicyk8sV1alpha2().ClusterPolicyReports().Delete(ctx, v.GetName(), metav1.DeleteOptions{})
+	default:
+		return errors.New("unknow type")
+	}
+}

pkg/report/new.go

@@ -0,0 +1,88 @@
+package report
+
+import (
+	reportv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+	kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
+	kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
+	engineapi "github.com/kyverno/kyverno/pkg/engine/api"
+	controllerutils "github.com/kyverno/kyverno/pkg/utils/controller"
+	reportutils "github.com/kyverno/kyverno/pkg/utils/report"
+	admissionv1 "k8s.io/api/admission/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apimachinery/pkg/types"
+)
+
+func newAdmissionReportV1Alpha1(namespace, name string, gvr schema.GroupVersionResource, resource unstructured.Unstructured) kyvernov1alpha2.ReportInterface {
+	var report kyvernov1alpha2.ReportInterface
+	if namespace == "" {
+		report = &kyvernov1alpha2.ClusterAdmissionReport{Spec: kyvernov2.AdmissionReportSpec{}}
+	} else {
+		report = &kyvernov1alpha2.AdmissionReport{Spec: kyvernov2.AdmissionReportSpec{}}
+	}
+	report.SetName(name)
+	report.SetNamespace(namespace)
+	reportutils.SetResourceUid(report, resource.GetUID())
+	reportutils.SetResourceGVR(report, gvr)
+	reportutils.SetResourceNamespaceAndName(report, resource.GetNamespace(), resource.GetName())
+	reportutils.SetManagedByKyvernoLabel(report)
+	return report
+}
+
+func buildAdmissionReportV1Alpha1(resource unstructured.Unstructured, request admissionv1.AdmissionRequest, responses ...engineapi.EngineResponse) kyvernov1alpha2.ReportInterface {
+	report := newAdmissionReportV1Alpha1(resource.GetNamespace(), string(request.UID), schema.GroupVersionResource(request.Resource), resource)
+	reportutils.SetResponses(report, responses...)
+	return report
+}
+
+func newAdmissionReportReportV1(namespace, name string, gvr schema.GroupVersionResource, resource unstructured.Unstructured) kyvernov1alpha2.ReportInterface {
+	var report kyvernov1alpha2.ReportInterface
+	if namespace == "" {
+		report = &reportv1.ClusterAdmissionReport{Spec: reportv1.AdmissionReportSpec{}}
+	} else {
+		report = &reportv1.AdmissionReport{Spec: reportv1.AdmissionReportSpec{}}
+	}
+	report.SetName(name)
+	report.SetNamespace(namespace)
+	reportutils.SetResourceUid(report, resource.GetUID())
+	reportutils.SetResourceGVR(report, gvr)
+	reportutils.SetResourceNamespaceAndName(report, resource.GetNamespace(), resource.GetName())
+	reportutils.SetManagedByKyvernoLabel(report)
+	return report
+}
+
+func buildAdmissionReportReportV1(resource unstructured.Unstructured, request admissionv1.AdmissionRequest, responses ...engineapi.EngineResponse) kyvernov1alpha2.ReportInterface {
+	report := newAdmissionReportReportV1(resource.GetNamespace(), string(request.UID), schema.GroupVersionResource(request.Resource), resource)
+	reportutils.SetResponses(report, responses...)
+	return report
+}
+
+func newBackgroundScanReportV1Alpha1(namespace, name string, gvk schema.GroupVersionKind, owner string, uid types.UID) kyvernov1alpha2.ReportInterface {
+	var report kyvernov1alpha2.ReportInterface
+	if namespace == "" {
+		report = &kyvernov1alpha2.ClusterBackgroundScanReport{}
+	} else {
+		report = &kyvernov1alpha2.BackgroundScanReport{}
+	}
+	report.SetName(name)
+	report.SetNamespace(namespace)
+	controllerutils.SetOwner(report, gvk.GroupVersion().String(), gvk.Kind, owner, uid)
+	reportutils.SetResourceUid(report, uid)
+	reportutils.SetManagedByKyvernoLabel(report)
+	return report
+}
+
+func newBackgroundScanReportReportsV1(namespace, name string, gvk schema.GroupVersionKind, owner string, uid types.UID) kyvernov1alpha2.ReportInterface {
+	var report kyvernov1alpha2.ReportInterface
+	if namespace == "" {
+		report = &reportv1.ClusterBackgroundScanReport{}
+	} else {
+		report = &reportv1.BackgroundScanReport{}
+	}
+	report.SetName(name)
+	report.SetNamespace(namespace)
+	controllerutils.SetOwner(report, gvk.GroupVersion().String(), gvk.Kind, owner, uid)
+	reportutils.SetResourceUid(report, uid)
+	reportutils.SetManagedByKyvernoLabel(report)
+	return report
+}

pkg/report/report_manager.go

@@ -0,0 +1,247 @@
+package report
+
+import (
+	"context"
+
+	reportv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+	kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
+	"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
+	engineapi "github.com/kyverno/kyverno/pkg/engine/api"
+	admissionv1 "k8s.io/api/admission/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/client-go/informers"
+	metadatainformers "k8s.io/client-go/metadata/metadatainformer"
+)
+
+type reportManager struct {
+	storeInDB bool
+	client    versioned.Interface
+}
+
+type Interface interface {
+	CreateReport(ctx context.Context, report kyvernov1alpha2.ReportInterface) (kyvernov1alpha2.ReportInterface, error)
+	UpdateReport(ctx context.Context, report kyvernov1alpha2.ReportInterface) (kyvernov1alpha2.ReportInterface, error)
+	DeleteReport(ctx context.Context, report kyvernov1alpha2.ReportInterface) error
+
+	NewAdmissionReport(namespace, name string, gvr schema.GroupVersionResource, resource unstructured.Unstructured) kyvernov1alpha2.ReportInterface
+	BuildAdmissionReport(resource unstructured.Unstructured, request admissionv1.AdmissionRequest, responses ...engineapi.EngineResponse) kyvernov1alpha2.ReportInterface
+	NewBackgroundScanReport(namespace, name string, gvk schema.GroupVersionKind, owner string, uid types.UID) kyvernov1alpha2.ReportInterface
+
+	GetAdmissionReports(ctx context.Context, name string, namespace string, opts metav1.GetOptions) (kyvernov1alpha2.ReportInterface, error)
+	ListAdmissionReports(ctx context.Context, namespace string, opts metav1.ListOptions) (runtime.Object, error)
+	DeleteAdmissionReports(ctx context.Context, name, namespace string, opts metav1.DeleteOptions) error
+
+	GetBackgroundScanReports(ctx context.Context, name string, namespace string, opts metav1.GetOptions) (kyvernov1alpha2.ReportInterface, error)
+	ListBackgroundScanReports(ctx context.Context, namespace string, opts metav1.ListOptions) (runtime.Object, error)
+	DeleteBackgroundScanReports(ctx context.Context, name, namespace string, opts metav1.DeleteOptions) error
+
+	GetClusterAdmissionReports(ctx context.Context, name string, opts metav1.GetOptions) (kyvernov1alpha2.ReportInterface, error)
+	ListClusterAdmissionReports(ctx context.Context, opts metav1.ListOptions) (runtime.Object, error)
+	DeleteClusterAdmissionReports(ctx context.Context, namespace string, opts metav1.DeleteOptions) error
+
+	GetClusterBackgroundScanReports(ctx context.Context, name string, opts metav1.GetOptions) (kyvernov1alpha2.ReportInterface, error)
+	ListClusterBackgroundScanReports(ctx context.Context, opts metav1.ListOptions) (runtime.Object, error)
+	DeleteClusterBackgroundScanReports(ctx context.Context, namespace string, opts metav1.DeleteOptions) error
+
+	AdmissionReportInformer(metadataFactory metadatainformers.SharedInformerFactory) informers.GenericInformer
+	ClusterAdmissionReportInformer(metadataFactory metadatainformers.SharedInformerFactory) informers.GenericInformer
+	BackgroundScanReportInformer(metadataFactory metadatainformers.SharedInformerFactory) informers.GenericInformer
+	ClusterBackgroundScanReportInformer(metadataFactory metadatainformers.SharedInformerFactory) informers.GenericInformer
+
+	DeepCopy(report kyvernov1alpha2.ReportInterface) kyvernov1alpha2.ReportInterface
+}
+
+func NewReportManager(storeInDB bool, client versioned.Interface) Interface {
+	return &reportManager{
+		storeInDB: storeInDB,
+		client:    client,
+	}
+}
+
+func (r *reportManager) CreateReport(ctx context.Context, report kyvernov1alpha2.ReportInterface) (kyvernov1alpha2.ReportInterface, error) {
+	if r.storeInDB {
+		return createReportV1Report(ctx, report, r.client)
+	} else {
+		return createV1Alpha1Report(ctx, report, r.client)
+	}
+}
+
+func (r *reportManager) UpdateReport(ctx context.Context, report kyvernov1alpha2.ReportInterface) (kyvernov1alpha2.ReportInterface, error) {
+	if r.storeInDB {
+		return updateReportsV1Report(ctx, report, r.client)
+	} else {
+		return updateV1Alpha1Report(ctx, report, r.client)
+	}
+}
+
+func (r *reportManager) DeleteReport(ctx context.Context, report kyvernov1alpha2.ReportInterface) error {
+	if r.storeInDB {
+		return deleteReportV1Reports(ctx, report, r.client)
+	} else {
+		return deleteV1Alpha1Reports(ctx, report, r.client)
+	}
+}
+
+func (r *reportManager) GetAdmissionReports(ctx context.Context, name string, namespace string, opts metav1.GetOptions) (kyvernov1alpha2.ReportInterface, error) {
+	if r.storeInDB {
+		return r.client.ReportsV1().AdmissionReports(namespace).Get(ctx, name, opts)
+	} else {
+		return r.client.KyvernoV1alpha2().AdmissionReports(namespace).Get(ctx, name, opts)
+	}
+}
+
+func (r *reportManager) ListAdmissionReports(ctx context.Context, namespace string, opts metav1.ListOptions) (runtime.Object, error) {
+	if r.storeInDB {
+		return r.client.ReportsV1().AdmissionReports(namespace).List(ctx, opts)
+	} else {
+		return r.client.KyvernoV1alpha2().AdmissionReports(namespace).List(ctx, opts)
+	}
+}
+
+func (r *reportManager) DeleteAdmissionReports(ctx context.Context, name, namespace string, opts metav1.DeleteOptions) error {
+	if r.storeInDB {
+		return r.client.ReportsV1().AdmissionReports(namespace).Delete(ctx, name, opts)
+	} else {
+		return r.client.KyvernoV1alpha2().AdmissionReports(namespace).Delete(ctx, name, opts)
+	}
+}
+
+func (r *reportManager) GetBackgroundScanReports(ctx context.Context, name string, namespace string, opts metav1.GetOptions) (kyvernov1alpha2.ReportInterface, error) {
+	if r.storeInDB {
+		return r.client.ReportsV1().BackgroundScanReports(namespace).Get(ctx, name, opts)
+	} else {
+		return r.client.KyvernoV1alpha2().BackgroundScanReports(namespace).Get(ctx, name, opts)
+	}
+}
+
+func (r *reportManager) ListBackgroundScanReports(ctx context.Context, namespace string, opts metav1.ListOptions) (runtime.Object, error) {
+	if r.storeInDB {
+		return r.client.ReportsV1().BackgroundScanReports(namespace).List(ctx, opts)
+	} else {
+		return r.client.KyvernoV1alpha2().BackgroundScanReports(namespace).List(ctx, opts)
+	}
+}
+
+func (r *reportManager) DeleteBackgroundScanReports(ctx context.Context, name, namespace string, opts metav1.DeleteOptions) error {
+	if r.storeInDB {
+		return r.client.ReportsV1().BackgroundScanReports(namespace).Delete(ctx, name, opts)
+	} else {
+		return r.client.KyvernoV1alpha2().BackgroundScanReports(namespace).Delete(ctx, name, opts)
+	}
+}
+
+func (r *reportManager) GetClusterAdmissionReports(ctx context.Context, name string, opts metav1.GetOptions) (kyvernov1alpha2.ReportInterface, error) {
+	if r.storeInDB {
+		return r.client.ReportsV1().ClusterAdmissionReports().Get(ctx, name, opts)
+	} else {
+		return r.client.KyvernoV1alpha2().ClusterAdmissionReports().Get(ctx, name, opts)
+	}
+}
+
+func (r *reportManager) ListClusterAdmissionReports(ctx context.Context, opts metav1.ListOptions) (runtime.Object, error) {
+	if r.storeInDB {
+		return r.client.ReportsV1().ClusterAdmissionReports().List(ctx, opts)
+	} else {
+		return r.client.KyvernoV1alpha2().ClusterAdmissionReports().List(ctx, opts)
+	}
+}
+
+func (r *reportManager) DeleteClusterAdmissionReports(ctx context.Context, name string, opts metav1.DeleteOptions) error {
+	if r.storeInDB {
+		return r.client.ReportsV1().ClusterAdmissionReports().Delete(ctx, name, opts)
+	} else {
+		return r.client.KyvernoV1alpha2().ClusterAdmissionReports().Delete(ctx, name, opts)
+	}
+}
+
+func (r *reportManager) GetClusterBackgroundScanReports(ctx context.Context, name string, opts metav1.GetOptions) (kyvernov1alpha2.ReportInterface, error) {
+	if r.storeInDB {
+		return r.client.ReportsV1().ClusterBackgroundScanReports().Get(ctx, name, opts)
+	} else {
+		return r.client.KyvernoV1alpha2().ClusterBackgroundScanReports().Get(ctx, name, opts)
+	}
+}
+
+func (r *reportManager) ListClusterBackgroundScanReports(ctx context.Context, opts metav1.ListOptions) (runtime.Object, error) {
+	if r.storeInDB {
+		return r.client.ReportsV1().ClusterBackgroundScanReports().List(ctx, opts)
+	} else {
+		return r.client.KyvernoV1alpha2().ClusterBackgroundScanReports().List(ctx, opts)
+	}
+}
+
+func (r *reportManager) DeleteClusterBackgroundScanReports(ctx context.Context, name string, opts metav1.DeleteOptions) error {
+	if r.storeInDB {
+		return r.client.ReportsV1().ClusterBackgroundScanReports().Delete(ctx, name, opts)
+	} else {
+		return r.client.KyvernoV1alpha2().ClusterBackgroundScanReports().Delete(ctx, name, opts)
+	}
+}
+
+func (r *reportManager) NewAdmissionReport(namespace, name string, gvr schema.GroupVersionResource, resource unstructured.Unstructured) kyvernov1alpha2.ReportInterface {
+	if r.storeInDB {
+		return newAdmissionReportReportV1(namespace, name, gvr, resource)
+	} else {
+		return newAdmissionReportV1Alpha1(namespace, name, gvr, resource)
+	}
+}
+
+func (r *reportManager) BuildAdmissionReport(resource unstructured.Unstructured, request admissionv1.AdmissionRequest, responses ...engineapi.EngineResponse) kyvernov1alpha2.ReportInterface {
+	if r.storeInDB {
+		return buildAdmissionReportReportV1(resource, request, responses...)
+	} else {
+		return buildAdmissionReportV1Alpha1(resource, request, responses...)
+	}
+}
+
+func (r *reportManager) NewBackgroundScanReport(namespace, name string, gvk schema.GroupVersionKind, owner string, uid types.UID) kyvernov1alpha2.ReportInterface {
+	if r.storeInDB {
+		return newBackgroundScanReportReportsV1(namespace, name, gvk, owner, uid)
+	} else {
+		return newBackgroundScanReportV1Alpha1(namespace, name, gvk, owner, uid)
+	}
+}
+
+func (r *reportManager) AdmissionReportInformer(metadataFactory metadatainformers.SharedInformerFactory) informers.GenericInformer {
+	if r.storeInDB {
+		return metadataFactory.ForResource(reportv1.SchemeGroupVersion.WithResource("admissionreports"))
+	} else {
+		return metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("admissionreports"))
+	}
+}
+
+func (r *reportManager) ClusterAdmissionReportInformer(metadataFactory metadatainformers.SharedInformerFactory) informers.GenericInformer {
+	if r.storeInDB {
+		return metadataFactory.ForResource(reportv1.SchemeGroupVersion.WithResource("clusteradmissionreports"))
+	} else {
+		return metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("clusteradmissionreports"))
+	}
+}
+
+func (r *reportManager) BackgroundScanReportInformer(metadataFactory metadatainformers.SharedInformerFactory) informers.GenericInformer {
+	if r.storeInDB {
+		return metadataFactory.ForResource(reportv1.SchemeGroupVersion.WithResource("backgroundscanreports"))
+	} else {
+		return metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("backgroundscanreports"))
+	}
+}
+
+func (r *reportManager) ClusterBackgroundScanReportInformer(metadataFactory metadatainformers.SharedInformerFactory) informers.GenericInformer {
+	if r.storeInDB {
+		return metadataFactory.ForResource(reportv1.SchemeGroupVersion.WithResource("clusterbackgroundscanreports"))
+	} else {
+		return metadataFactory.ForResource(kyvernov1alpha2.SchemeGroupVersion.WithResource("clusterbackgroundscanreports"))
+	}
+}
+
+func (r *reportManager) DeepCopy(report kyvernov1alpha2.ReportInterface) kyvernov1alpha2.ReportInterface {
+	if r.storeInDB {
+		return deepCopyReportV1(report)
+	} else {
+		return deepCopyV1Alpha2(report)
+	}
+}

pkg/report/update.go

@@ -0,0 +1,62 @@
+package report
+
+import (
+	"context"
+	"errors"
+
+	reportv1 "github.com/kyverno/kyverno/api/kyverno/reports/v1"
+	kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
+	policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
+	"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+func updateV1Alpha1Report(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) (kyvernov1alpha2.ReportInterface, error) {
+	switch v := report.(type) {
+	case *kyvernov1alpha2.AdmissionReport:
+		report, err := client.KyvernoV1alpha2().AdmissionReports(report.GetNamespace()).Update(ctx, v, metav1.UpdateOptions{})
+		return report, err
+	case *kyvernov1alpha2.ClusterAdmissionReport:
+		report, err := client.KyvernoV1alpha2().ClusterAdmissionReports().Update(ctx, v, metav1.UpdateOptions{})
+		return report, err
+	case *kyvernov1alpha2.BackgroundScanReport:
+		report, err := client.KyvernoV1alpha2().BackgroundScanReports(report.GetNamespace()).Update(ctx, v, metav1.UpdateOptions{})
+		return report, err
+	case *kyvernov1alpha2.ClusterBackgroundScanReport:
+		report, err := client.KyvernoV1alpha2().ClusterBackgroundScanReports().Update(ctx, v, metav1.UpdateOptions{})
+		return report, err
+	case *policyreportv1alpha2.PolicyReport:
+		report, err := client.Wgpolicyk8sV1alpha2().PolicyReports(report.GetNamespace()).Update(ctx, v, metav1.UpdateOptions{})
+		return report, err
+	case *policyreportv1alpha2.ClusterPolicyReport:
+		report, err := client.Wgpolicyk8sV1alpha2().ClusterPolicyReports().Update(ctx, v, metav1.UpdateOptions{})
+		return report, err
+	default:
+		return nil, errors.New("unknow type")
+	}
+}
+
+func updateReportsV1Report(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) (kyvernov1alpha2.ReportInterface, error) {
+	switch v := report.(type) {
+	case *reportv1.AdmissionReport:
+		report, err := client.ReportsV1().AdmissionReports(report.GetNamespace()).Update(ctx, v, metav1.UpdateOptions{})
+		return report, err
+	case *reportv1.ClusterAdmissionReport:
+		report, err := client.ReportsV1().ClusterAdmissionReports().Update(ctx, v, metav1.UpdateOptions{})
+		return report, err
+	case *reportv1.BackgroundScanReport:
+		report, err := client.ReportsV1().BackgroundScanReports(report.GetNamespace()).Update(ctx, v, metav1.UpdateOptions{})
+		return report, err
+	case *reportv1.ClusterBackgroundScanReport:
+		report, err := client.ReportsV1().ClusterBackgroundScanReports().Update(ctx, v, metav1.UpdateOptions{})
+		return report, err
+	case *policyreportv1alpha2.PolicyReport:
+		report, err := client.Wgpolicyk8sV1alpha2().PolicyReports(report.GetNamespace()).Update(ctx, v, metav1.UpdateOptions{})
+		return report, err
+	case *policyreportv1alpha2.ClusterPolicyReport:
+		report, err := client.Wgpolicyk8sV1alpha2().ClusterPolicyReports().Update(ctx, v, metav1.UpdateOptions{})
+		return report, err
+	default:
+		return nil, errors.New("unknow type")
+	}
+}

pkg/utils/kube/crd.go

@@ -13,10 +13,14 @@ import (
 func CRDsInstalled(apiserverClient apiserver.Interface) error {
 	kyvernoCRDs := []string{
 		"admissionreports.kyverno.io",
+		"admissionreports.reports.kyverno.io",
 		"backgroundscanreports.kyverno.io",
+		"backgroundscanreports.reports.kyverno.io",
 		"cleanuppolicies.kyverno.io",
 		"clusteradmissionreports.kyverno.io",
+		"clusteradmissionreports.reports.kyverno.io",
 		"clusterbackgroundscanreports.kyverno.io",
+		"clusterbackgroundscanreports.reports.kyverno.io",
 		"clustercleanuppolicies.kyverno.io",
 		"clusterpolicies.kyverno.io",
 		"clusterpolicyreports.wgpolicyk8s.io",

pkg/utils/report/copy.go

@@ -1,25 +0,0 @@
-package report
-
-import (
-	kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
-	policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
-)
-
-func DeepCopy(report kyvernov1alpha2.ReportInterface) kyvernov1alpha2.ReportInterface {
-	switch v := report.(type) {
-	case *kyvernov1alpha2.AdmissionReport:
-		return v.DeepCopy()
-	case *kyvernov1alpha2.ClusterAdmissionReport:
-		return v.DeepCopy()
-	case *kyvernov1alpha2.BackgroundScanReport:
-		return v.DeepCopy()
-	case *kyvernov1alpha2.ClusterBackgroundScanReport:
-		return v.DeepCopy()
-	case *policyreportv1alpha2.PolicyReport:
-		return v.DeepCopy()
-	case *policyreportv1alpha2.ClusterPolicyReport:
-		return v.DeepCopy()
-	default:
-		return nil
-	}
-}

pkg/utils/report/create.go

@@ -1,36 +0,0 @@
-package report
-
-import (
-	"context"
-	"errors"
-
-	kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
-	policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
-	"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-func CreateReport(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) (kyvernov1alpha2.ReportInterface, error) {
-	switch v := report.(type) {
-	case *kyvernov1alpha2.AdmissionReport:
-		report, err := client.KyvernoV1alpha2().AdmissionReports(report.GetNamespace()).Create(ctx, v, metav1.CreateOptions{})
-		return report, err
-	case *kyvernov1alpha2.ClusterAdmissionReport:
-		report, err := client.KyvernoV1alpha2().ClusterAdmissionReports().Create(ctx, v, metav1.CreateOptions{})
-		return report, err
-	case *kyvernov1alpha2.BackgroundScanReport:
-		report, err := client.KyvernoV1alpha2().BackgroundScanReports(report.GetNamespace()).Create(ctx, v, metav1.CreateOptions{})
-		return report, err
-	case *kyvernov1alpha2.ClusterBackgroundScanReport:
-		report, err := client.KyvernoV1alpha2().ClusterBackgroundScanReports().Create(ctx, v, metav1.CreateOptions{})
-		return report, err
-	case *policyreportv1alpha2.PolicyReport:
-		report, err := client.Wgpolicyk8sV1alpha2().PolicyReports(report.GetNamespace()).Create(ctx, v, metav1.CreateOptions{})
-		return report, err
-	case *policyreportv1alpha2.ClusterPolicyReport:
-		report, err := client.Wgpolicyk8sV1alpha2().ClusterPolicyReports().Create(ctx, v, metav1.CreateOptions{})
-		return report, err
-	default:
-		return nil, errors.New("unknow type")
-	}
-}

pkg/utils/report/new.go

@@ -2,54 +2,10 @@ package report
 
 import (
 	kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
-	kyvernov2 "github.com/kyverno/kyverno/api/kyverno/v2"
 	policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
-	engineapi "github.com/kyverno/kyverno/pkg/engine/api"
-	controllerutils "github.com/kyverno/kyverno/pkg/utils/controller"
-	admissionv1 "k8s.io/api/admission/v1"
 	corev1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
-	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/apimachinery/pkg/types"
 )
 
-func NewAdmissionReport(namespace, name string, gvr schema.GroupVersionResource, resource unstructured.Unstructured) kyvernov1alpha2.ReportInterface {
-	var report kyvernov1alpha2.ReportInterface
-	if namespace == "" {
-		report = &kyvernov1alpha2.ClusterAdmissionReport{Spec: kyvernov2.AdmissionReportSpec{}}
-	} else {
-		report = &kyvernov1alpha2.AdmissionReport{Spec: kyvernov2.AdmissionReportSpec{}}
-	}
-	report.SetName(name)
-	report.SetNamespace(namespace)
-	SetResourceUid(report, resource.GetUID())
-	SetResourceGVR(report, gvr)
-	SetResourceNamespaceAndName(report, resource.GetNamespace(), resource.GetName())
-	SetManagedByKyvernoLabel(report)
-	return report
-}
-
-func BuildAdmissionReport(resource unstructured.Unstructured, request admissionv1.AdmissionRequest, responses ...engineapi.EngineResponse) kyvernov1alpha2.ReportInterface {
-	report := NewAdmissionReport(resource.GetNamespace(), string(request.UID), schema.GroupVersionResource(request.Resource), resource)
-	SetResponses(report, responses...)
-	return report
-}
-
-func NewBackgroundScanReport(namespace, name string, gvk schema.GroupVersionKind, owner string, uid types.UID) kyvernov1alpha2.ReportInterface {
-	var report kyvernov1alpha2.ReportInterface
-	if namespace == "" {
-		report = &kyvernov1alpha2.ClusterBackgroundScanReport{}
-	} else {
-		report = &kyvernov1alpha2.BackgroundScanReport{}
-	}
-	report.SetName(name)
-	report.SetNamespace(namespace)
-	controllerutils.SetOwner(report, gvk.GroupVersion().String(), gvk.Kind, owner, uid)
-	SetResourceUid(report, uid)
-	SetManagedByKyvernoLabel(report)
-	return report
-}
-
 func NewPolicyReport(namespace, name string, scope *corev1.ObjectReference, results ...policyreportv1alpha2.PolicyReportResult) kyvernov1alpha2.ReportInterface {
 	var report kyvernov1alpha2.ReportInterface
 	if namespace == "" {

pkg/utils/report/update.go

@@ -1,36 +0,0 @@
-package report
-
-import (
-	"context"
-	"errors"
-
-	kyvernov1alpha2 "github.com/kyverno/kyverno/api/kyverno/v1alpha2"
-	policyreportv1alpha2 "github.com/kyverno/kyverno/api/policyreport/v1alpha2"
-	"github.com/kyverno/kyverno/pkg/client/clientset/versioned"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-func UpdateReport(ctx context.Context, report kyvernov1alpha2.ReportInterface, client versioned.Interface) (kyvernov1alpha2.ReportInterface, error) {
-	switch v := report.(type) {
-	case *kyvernov1alpha2.AdmissionReport:
-		report, err := client.KyvernoV1alpha2().AdmissionReports(report.GetNamespace()).Update(ctx, v, metav1.UpdateOptions{})
-		return report, err
-	case *kyvernov1alpha2.ClusterAdmissionReport:
-		report, err := client.KyvernoV1alpha2().ClusterAdmissionReports().Update(ctx, v, metav1.UpdateOptions{})
-		return report, err
-	case *kyvernov1alpha2.BackgroundScanReport:
-		report, err := client.KyvernoV1alpha2().BackgroundScanReports(report.GetNamespace()).Update(ctx, v, metav1.UpdateOptions{})
-		return report, err
-	case *kyvernov1alpha2.ClusterBackgroundScanReport:
-		report, err := client.KyvernoV1alpha2().ClusterBackgroundScanReports().Update(ctx, v, metav1.UpdateOptions{})
-		return report, err
-	case *policyreportv1alpha2.PolicyReport:
-		report, err := client.Wgpolicyk8sV1alpha2().PolicyReports(report.GetNamespace()).Update(ctx, v, metav1.UpdateOptions{})
-		return report, err
-	case *policyreportv1alpha2.ClusterPolicyReport:
-		report, err := client.Wgpolicyk8sV1alpha2().ClusterPolicyReports().Update(ctx, v, metav1.UpdateOptions{})
-		return report, err
-	default:
-		return nil, errors.New("unknow type")
-	}
-}

pkg/webhooks/resource/handlers.go

@@ -18,6 +18,7 @@ import (
 	"github.com/kyverno/kyverno/pkg/event"
 	"github.com/kyverno/kyverno/pkg/metrics"
 	"github.com/kyverno/kyverno/pkg/policycache"
+	"github.com/kyverno/kyverno/pkg/report"
 	admissionutils "github.com/kyverno/kyverno/pkg/utils/admission"
 	engineutils "github.com/kyverno/kyverno/pkg/utils/engine"
 	jsonutils "github.com/kyverno/kyverno/pkg/utils/json"
@@ -36,6 +37,7 @@ type resourceHandlers struct {
 	// clients
 	client        dclient.Interface
 	kyvernoClient versioned.Interface
+	reportManager report.Interface
 	engine        engineapi.Engine
 
 	// config
@@ -63,6 +65,7 @@ func NewHandlers(
 	engine engineapi.Engine,
 	client dclient.Interface,
 	kyvernoClient versioned.Interface,
+	reportManager report.Interface,
 	configuration config.Configuration,
 	metricsConfig metrics.MetricsConfigManager,
 	pCache policycache.Cache,
@@ -80,6 +83,7 @@ func NewHandlers(
 		engine:                       engine,
 		client:                       client,
 		kyvernoClient:                kyvernoClient,
+		reportManager:                reportManager,
 		configuration:                configuration,
 		metricsConfig:                metricsConfig,
 		pCache:                       pCache,
@@ -124,7 +128,7 @@ func (h *resourceHandlers) Validate(ctx context.Context, logger logr.Logger, req
 		namespaceLabels = engineutils.GetNamespaceSelectorsFromNamespaceLister(request.Kind.Kind, request.Namespace, h.nsLister, logger)
 	}
 	policyContext = policyContext.WithNamespaceLabels(namespaceLabels)
-	vh := validation.NewValidationHandler(logger, h.kyvernoClient, h.engine, h.pCache, h.pcBuilder, h.eventGen, h.admissionReports, h.metricsConfig, h.configuration)
+	vh := validation.NewValidationHandler(logger, h.kyvernoClient, h.reportManager, h.engine, h.pCache, h.pcBuilder, h.eventGen, h.admissionReports, h.metricsConfig, h.configuration)
 
 	ok, msg, warnings := vh.HandleValidation(ctx, request, policies, policyContext, startTime)
 	if !ok {
@@ -167,7 +171,7 @@ func (h *resourceHandlers) Mutate(ctx context.Context, logger logr.Logger, reque
 		logger.Error(err, "failed to build policy context")
 		return admissionutils.Response(request.UID, err)
 	}
-	ivh := imageverification.NewImageVerificationHandler(logger, h.kyvernoClient, h.engine, h.eventGen, h.admissionReports, h.configuration, h.nsLister)
+	ivh := imageverification.NewImageVerificationHandler(logger, h.kyvernoClient, h.reportManager, h.engine, h.eventGen, h.admissionReports, h.configuration, h.nsLister)
 	imagePatches, imageVerifyWarnings, err := ivh.Handle(ctx, newRequest, verifyImagesPolicies, policyContext)
 	if err != nil {
 		logger.Error(err, "image verification failed")

pkg/webhooks/resource/imageverification/handler.go

@@ -13,6 +13,7 @@ import (
 	engineapi "github.com/kyverno/kyverno/pkg/engine/api"
 	"github.com/kyverno/kyverno/pkg/engine/mutate/patch"
 	"github.com/kyverno/kyverno/pkg/event"
+	"github.com/kyverno/kyverno/pkg/report"
 	"github.com/kyverno/kyverno/pkg/tracing"
 	admissionutils "github.com/kyverno/kyverno/pkg/utils/admission"
 	engineutils "github.com/kyverno/kyverno/pkg/utils/engine"
@@ -33,6 +34,7 @@ type ImageVerificationHandler interface {
 
 type imageVerificationHandler struct {
 	kyvernoClient    versioned.Interface
+	reportManager    report.Interface
 	engine           engineapi.Engine
 	log              logr.Logger
 	eventGen         event.Interface
@@ -44,6 +46,7 @@ type imageVerificationHandler struct {
 func NewImageVerificationHandler(
 	log logr.Logger,
 	kyvernoClient versioned.Interface,
+	reportManager report.Interface,
 	engine engineapi.Engine,
 	eventGen event.Interface,
 	admissionReports bool,
@@ -53,6 +56,7 @@ func NewImageVerificationHandler(
 	return &imageVerificationHandler{
 		kyvernoClient:    kyvernoClient,
 		engine:           engine,
+		reportManager:    reportManager,
 		log:              log,
 		eventGen:         eventGen,
 		admissionReports: admissionReports,
@@ -173,9 +177,9 @@ func (v *imageVerificationHandler) handleAudit(
 		fmt.Sprintf("AUDIT %s %s", request.Operation, request.Kind),
 		func(ctx context.Context, span trace.Span) {
 			if createReport {
-				report := reportutils.BuildAdmissionReport(resource, request, engineResponses...)
+				report := v.reportManager.BuildAdmissionReport(resource, request, engineResponses...)
 				if len(report.GetResults()) > 0 {
-					_, err := reportutils.CreateReport(context.Background(), report, v.kyvernoClient)
+					_, err := v.reportManager.CreateReport(context.Background(), report)
 					if err != nil {
 						v.log.Error(err, "failed to create report")
 					}

pkg/webhooks/resource/validation/validation.go

@@ -14,6 +14,7 @@ import (
 	"github.com/kyverno/kyverno/pkg/event"
 	"github.com/kyverno/kyverno/pkg/metrics"
 	"github.com/kyverno/kyverno/pkg/policycache"
+	"github.com/kyverno/kyverno/pkg/report"
 	"github.com/kyverno/kyverno/pkg/tracing"
 	admissionutils "github.com/kyverno/kyverno/pkg/utils/admission"
 	reportutils "github.com/kyverno/kyverno/pkg/utils/report"
@@ -35,6 +36,7 @@ type ValidationHandler interface {
 func NewValidationHandler(
 	log logr.Logger,
 	kyvernoClient versioned.Interface,
+	reportManager report.Interface,
 	engine engineapi.Engine,
 	pCache policycache.Cache,
 	pcBuilder webhookutils.PolicyContextBuilder,
@@ -46,6 +48,7 @@ func NewValidationHandler(
 	return &validationHandler{
 		log:              log,
 		kyvernoClient:    kyvernoClient,
+		reportManager:    reportManager,
 		engine:           engine,
 		pCache:           pCache,
 		pcBuilder:        pcBuilder,
@@ -59,6 +62,7 @@ func NewValidationHandler(
 type validationHandler struct {
 	log              logr.Logger
 	kyvernoClient    versioned.Interface
+	reportManager    report.Interface
 	engine           engineapi.Engine
 	pCache           policycache.Cache
 	pcBuilder        webhookutils.PolicyContextBuilder
@@ -190,9 +194,9 @@ func (v *validationHandler) handleAudit(
 			v.eventGen.Add(events...)
 			if createReport {
 				responses = append(responses, engineResponses...)
-				report := reportutils.BuildAdmissionReport(resource, request.AdmissionRequest, responses...)
+				report := v.reportManager.BuildAdmissionReport(resource, request.AdmissionRequest, responses...)
 				if len(report.GetResults()) > 0 {
-					_, err = reportutils.CreateReport(ctx, report, v.kyvernoClient)
+					_, err = v.reportManager.CreateReport(ctx, report)
 					if err != nil {
 						v.log.Error(err, "failed to create report")
 					}

test/conformance/chainsaw/generate/clusterpolicy/cornercases/cpol-data-trigger-not-present/rbac.yaml

@@ -379,6 +379,21 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - reports.kyverno.io
+  resources:
+  - admissionreports
+  - clusteradmissionreports
+  - backgroundscanreports
+  - clusterbackgroundscanreports
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - kyverno.io
   resources:

test/conformance/chainsaw/rbac/aggregate-to-admin/admin-reports.yaml

@@ -20,3 +20,18 @@ rules:
       - patch
       - update
       - watch
+  - apiGroups:
+      - reports.kyverno.io
+    resources:
+      - admissionreports
+      - clusteradmissionreports
+      - backgroundscanreports
+      - clusterbackgroundscanreports
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch