mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-31 03:45:17 +00:00
e0ab72bb9a
This PR refactors the reports generation code. It removes RCR and CRCR crds and replaces them with AdmissionReport, ClusterAdmissionReport, BackgroundScanReport and ClusterBackgroundScanReport crds. The new reports system is based on 4 controllers: Admission reports controller is responsible for cleaning up admission reports and attaching admission reports to their corresponding resource in case of a creation Background scan reports controller is responsible for creating background scan reports when a resource and/or policy changes Aggregation controller takes care of aggregation per resource reports into higher level reports (per namespace) Resources controller is responsible for watching reports that need background scan reports I added two new flags to disable admission reports and/or background scan reports, the whole reporting system can be disabled if something goes wrong. I also added a flag to split reports in chunks to avoid creating too large resources. Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> Signed-off-by: prateekpandey14 <prateek.pandey@nirmata.com> Co-authored-by: prateekpandey14 <prateek.pandey@nirmata.com>
525 lines
10 KiB
HTML
525 lines
10 KiB
HTML
<!doctype html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
|
|
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
|
|
<title>Kyverno API</title>
|
|
<style>
|
|
.bg-blue {
|
|
color: #ffffff;
|
|
background-color: #1589dd;
|
|
}
|
|
</style>
|
|
</head>
|
|
<body>
|
|
<div class="container">
|
|
<nav class="navbar navbar-expand-lg navbar-dark bg-dark">
|
|
<a class="navbar-brand" href="#"><p><b>Packages : </b></p></a>
|
|
<ul style="list-style:none">
|
|
<li>
|
|
<a href="#kyverno.io%2fv1alpha2"><b style="color: white">kyverno.io/v1alpha2</b></a>
|
|
</li>
|
|
</ul>
|
|
</nav>
|
|
<h2 id="kyverno.io/v1alpha2">kyverno.io/v1alpha2</h2>
|
|
<p>
|
|
<p>Package v1alpha2 contains API Schema definitions for the policy v1alpha2 API group</p>
|
|
</p>
|
|
Resource Types:
|
|
<ul><li>
|
|
<a href="#kyverno.io/v1alpha2.AdmissionReport">AdmissionReport</a>
|
|
</li><li>
|
|
<a href="#kyverno.io/v1alpha2.BackgroundScanReport">BackgroundScanReport</a>
|
|
</li><li>
|
|
<a href="#kyverno.io/v1alpha2.ClusterAdmissionReport">ClusterAdmissionReport</a>
|
|
</li><li>
|
|
<a href="#kyverno.io/v1alpha2.ClusterBackgroundScanReport">ClusterBackgroundScanReport</a>
|
|
</li></ul>
|
|
<hr />
|
|
<h3 id="kyverno.io/v1alpha2.AdmissionReport">AdmissionReport
|
|
</h3>
|
|
<p>
|
|
<p>AdmissionReport is the Schema for the AdmissionReports API</p>
|
|
</p>
|
|
<table class="table table-striped">
|
|
<thead class="thead-dark">
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td>
|
|
<code>apiVersion</code><br/>
|
|
string</td>
|
|
<td>
|
|
<code>
|
|
kyverno.io/v1alpha2
|
|
</code>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
<code>kind</code><br/>
|
|
string
|
|
</td>
|
|
<td><code>AdmissionReport</code></td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
<code>metadata</code><br/>
|
|
<em>
|
|
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#objectmeta-v1-meta">
|
|
Kubernetes meta/v1.ObjectMeta
|
|
</a>
|
|
</em>
|
|
</td>
|
|
<td>
|
|
Refer to the Kubernetes API documentation for the fields of the
|
|
<code>metadata</code> field.
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
<code>spec</code><br/>
|
|
<em>
|
|
<a href="#kyverno.io/v1alpha2.AdmissionReportSpec">
|
|
AdmissionReportSpec
|
|
</a>
|
|
</em>
|
|
</td>
|
|
<td>
|
|
<br/>
|
|
<br/>
|
|
<table class="table table-striped">
|
|
<tr>
|
|
<td>
|
|
<code>owner</code><br/>
|
|
<em>
|
|
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#ownerreference-v1-meta">
|
|
Kubernetes meta/v1.OwnerReference
|
|
</a>
|
|
</em>
|
|
</td>
|
|
<td>
|
|
<p>Owner is a reference to the report owner (e.g. a Deployment, Namespace, or Node)</p>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
<code>summary</code><br/>
|
|
<em>
|
|
github.com/kyverno/kyverno/api/policyreport/v1alpha2.PolicyReportSummary
|
|
</em>
|
|
</td>
|
|
<td>
|
|
<em>(Optional)</em>
|
|
<p>PolicyReportSummary provides a summary of results</p>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
<code>results</code><br/>
|
|
<em>
|
|
[]github.com/kyverno/kyverno/api/policyreport/v1alpha2.PolicyReportResult
|
|
</em>
|
|
</td>
|
|
<td>
|
|
<em>(Optional)</em>
|
|
<p>PolicyReportResult provides result details</p>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
<hr />
|
|
<h3 id="kyverno.io/v1alpha2.BackgroundScanReport">BackgroundScanReport
|
|
</h3>
|
|
<p>
|
|
<p>BackgroundScanReport is the Schema for the BackgroundScanReports API</p>
|
|
</p>
|
|
<table class="table table-striped">
|
|
<thead class="thead-dark">
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td>
|
|
<code>apiVersion</code><br/>
|
|
string</td>
|
|
<td>
|
|
<code>
|
|
kyverno.io/v1alpha2
|
|
</code>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
<code>kind</code><br/>
|
|
string
|
|
</td>
|
|
<td><code>BackgroundScanReport</code></td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
<code>metadata</code><br/>
|
|
<em>
|
|
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#objectmeta-v1-meta">
|
|
Kubernetes meta/v1.ObjectMeta
|
|
</a>
|
|
</em>
|
|
</td>
|
|
<td>
|
|
Refer to the Kubernetes API documentation for the fields of the
|
|
<code>metadata</code> field.
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
<code>spec</code><br/>
|
|
<em>
|
|
<a href="#kyverno.io/v1alpha2.BackgroundScanReportSpec">
|
|
BackgroundScanReportSpec
|
|
</a>
|
|
</em>
|
|
</td>
|
|
<td>
|
|
<br/>
|
|
<br/>
|
|
<table class="table table-striped">
|
|
<tr>
|
|
<td>
|
|
<code>summary</code><br/>
|
|
<em>
|
|
github.com/kyverno/kyverno/api/policyreport/v1alpha2.PolicyReportSummary
|
|
</em>
|
|
</td>
|
|
<td>
|
|
<em>(Optional)</em>
|
|
<p>PolicyReportSummary provides a summary of results</p>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
<code>results</code><br/>
|
|
<em>
|
|
[]github.com/kyverno/kyverno/api/policyreport/v1alpha2.PolicyReportResult
|
|
</em>
|
|
</td>
|
|
<td>
|
|
<em>(Optional)</em>
|
|
<p>PolicyReportResult provides result details</p>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
<hr />
|
|
<h3 id="kyverno.io/v1alpha2.ClusterAdmissionReport">ClusterAdmissionReport
|
|
</h3>
|
|
<p>
|
|
<p>ClusterAdmissionReport is the Schema for the ClusterAdmissionReports API</p>
|
|
</p>
|
|
<table class="table table-striped">
|
|
<thead class="thead-dark">
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td>
|
|
<code>apiVersion</code><br/>
|
|
string</td>
|
|
<td>
|
|
<code>
|
|
kyverno.io/v1alpha2
|
|
</code>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
<code>kind</code><br/>
|
|
string
|
|
</td>
|
|
<td><code>ClusterAdmissionReport</code></td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
<code>metadata</code><br/>
|
|
<em>
|
|
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#objectmeta-v1-meta">
|
|
Kubernetes meta/v1.ObjectMeta
|
|
</a>
|
|
</em>
|
|
</td>
|
|
<td>
|
|
Refer to the Kubernetes API documentation for the fields of the
|
|
<code>metadata</code> field.
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
<code>spec</code><br/>
|
|
<em>
|
|
<a href="#kyverno.io/v1alpha2.AdmissionReportSpec">
|
|
AdmissionReportSpec
|
|
</a>
|
|
</em>
|
|
</td>
|
|
<td>
|
|
<br/>
|
|
<br/>
|
|
<table class="table table-striped">
|
|
<tr>
|
|
<td>
|
|
<code>owner</code><br/>
|
|
<em>
|
|
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#ownerreference-v1-meta">
|
|
Kubernetes meta/v1.OwnerReference
|
|
</a>
|
|
</em>
|
|
</td>
|
|
<td>
|
|
<p>Owner is a reference to the report owner (e.g. a Deployment, Namespace, or Node)</p>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
<code>summary</code><br/>
|
|
<em>
|
|
github.com/kyverno/kyverno/api/policyreport/v1alpha2.PolicyReportSummary
|
|
</em>
|
|
</td>
|
|
<td>
|
|
<em>(Optional)</em>
|
|
<p>PolicyReportSummary provides a summary of results</p>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
<code>results</code><br/>
|
|
<em>
|
|
[]github.com/kyverno/kyverno/api/policyreport/v1alpha2.PolicyReportResult
|
|
</em>
|
|
</td>
|
|
<td>
|
|
<em>(Optional)</em>
|
|
<p>PolicyReportResult provides result details</p>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
<hr />
|
|
<h3 id="kyverno.io/v1alpha2.ClusterBackgroundScanReport">ClusterBackgroundScanReport
|
|
</h3>
|
|
<p>
|
|
<p>ClusterBackgroundScanReport is the Schema for the ClusterBackgroundScanReports API</p>
|
|
</p>
|
|
<table class="table table-striped">
|
|
<thead class="thead-dark">
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td>
|
|
<code>apiVersion</code><br/>
|
|
string</td>
|
|
<td>
|
|
<code>
|
|
kyverno.io/v1alpha2
|
|
</code>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
<code>kind</code><br/>
|
|
string
|
|
</td>
|
|
<td><code>ClusterBackgroundScanReport</code></td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
<code>metadata</code><br/>
|
|
<em>
|
|
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#objectmeta-v1-meta">
|
|
Kubernetes meta/v1.ObjectMeta
|
|
</a>
|
|
</em>
|
|
</td>
|
|
<td>
|
|
Refer to the Kubernetes API documentation for the fields of the
|
|
<code>metadata</code> field.
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
<code>spec</code><br/>
|
|
<em>
|
|
<a href="#kyverno.io/v1alpha2.BackgroundScanReportSpec">
|
|
BackgroundScanReportSpec
|
|
</a>
|
|
</em>
|
|
</td>
|
|
<td>
|
|
<br/>
|
|
<br/>
|
|
<table class="table table-striped">
|
|
<tr>
|
|
<td>
|
|
<code>summary</code><br/>
|
|
<em>
|
|
github.com/kyverno/kyverno/api/policyreport/v1alpha2.PolicyReportSummary
|
|
</em>
|
|
</td>
|
|
<td>
|
|
<em>(Optional)</em>
|
|
<p>PolicyReportSummary provides a summary of results</p>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
<code>results</code><br/>
|
|
<em>
|
|
[]github.com/kyverno/kyverno/api/policyreport/v1alpha2.PolicyReportResult
|
|
</em>
|
|
</td>
|
|
<td>
|
|
<em>(Optional)</em>
|
|
<p>PolicyReportResult provides result details</p>
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
<hr />
|
|
<h3 id="kyverno.io/v1alpha2.AdmissionReportSpec">AdmissionReportSpec
|
|
</h3>
|
|
<p>
|
|
(<em>Appears on:</em>
|
|
<a href="#kyverno.io/v1alpha2.AdmissionReport">AdmissionReport</a>,
|
|
<a href="#kyverno.io/v1alpha2.ClusterAdmissionReport">ClusterAdmissionReport</a>)
|
|
</p>
|
|
<p>
|
|
</p>
|
|
<table class="table table-striped">
|
|
<thead class="thead-dark">
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td>
|
|
<code>owner</code><br/>
|
|
<em>
|
|
<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#ownerreference-v1-meta">
|
|
Kubernetes meta/v1.OwnerReference
|
|
</a>
|
|
</em>
|
|
</td>
|
|
<td>
|
|
<p>Owner is a reference to the report owner (e.g. a Deployment, Namespace, or Node)</p>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
<code>summary</code><br/>
|
|
<em>
|
|
github.com/kyverno/kyverno/api/policyreport/v1alpha2.PolicyReportSummary
|
|
</em>
|
|
</td>
|
|
<td>
|
|
<em>(Optional)</em>
|
|
<p>PolicyReportSummary provides a summary of results</p>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
<code>results</code><br/>
|
|
<em>
|
|
[]github.com/kyverno/kyverno/api/policyreport/v1alpha2.PolicyReportResult
|
|
</em>
|
|
</td>
|
|
<td>
|
|
<em>(Optional)</em>
|
|
<p>PolicyReportResult provides result details</p>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
<hr />
|
|
<h3 id="kyverno.io/v1alpha2.BackgroundScanReportSpec">BackgroundScanReportSpec
|
|
</h3>
|
|
<p>
|
|
(<em>Appears on:</em>
|
|
<a href="#kyverno.io/v1alpha2.BackgroundScanReport">BackgroundScanReport</a>,
|
|
<a href="#kyverno.io/v1alpha2.ClusterBackgroundScanReport">ClusterBackgroundScanReport</a>)
|
|
</p>
|
|
<p>
|
|
</p>
|
|
<table class="table table-striped">
|
|
<thead class="thead-dark">
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Description</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td>
|
|
<code>summary</code><br/>
|
|
<em>
|
|
github.com/kyverno/kyverno/api/policyreport/v1alpha2.PolicyReportSummary
|
|
</em>
|
|
</td>
|
|
<td>
|
|
<em>(Optional)</em>
|
|
<p>PolicyReportSummary provides a summary of results</p>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
<code>results</code><br/>
|
|
<em>
|
|
[]github.com/kyverno/kyverno/api/policyreport/v1alpha2.PolicyReportResult
|
|
</em>
|
|
</td>
|
|
<td>
|
|
<em>(Optional)</em>
|
|
<p>PolicyReportResult provides result details</p>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
<hr />
|
|
<h3 id="kyverno.io/v1alpha2.ReportInterface">ReportInterface
|
|
</h3>
|
|
<p>
|
|
<p>ReportInterface abstracts the concrete report change request type</p>
|
|
</p>
|
|
</div>
|
|
<script src="https://code.jquery.com/jquery-3.3.1.slim.min.js" integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo" crossorigin="anonymous"></script>
|
|
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js" integrity="sha384-UO2eT0CpHqdSJQ6hJty5KVphtPhzWj9WO1clHTMGa3JDZwrnQq4sF86dIHNDz0W1" crossorigin="anonymous"></script>
|
|
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js" integrity="sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM" crossorigin="anonymous"></script>
|
|
</body>
|
|
</html>
|