policy-reporter/README.md

# Policy Reporter
[![CI](https://github.com/kyverno/policy-reporter/actions/workflows/ci.yaml/badge.svg)](https://github.com/kyverno/policy-reporter/actions/workflows/ci.yaml) [![Go Report Card](https://goreportcard.com/badge/github.com/kyverno/policy-reporter)](https://goreportcard.com/report/github.com/kyverno/policy-reporter) [![Coverage Status](https://coveralls.io/repos/github/kyverno/policy-reporter/badge.svg?branch=main)](https://coveralls.io/github/kyverno/policy-reporter?branch=main)

## Motivation

Kyverno ships with two types of validation. You can either enforce a rule or audit it. If you don't want to block developers or if you want to try out a new rule, you can use the audit functionality. The audit configuration creates [PolicyReports](https://kyverno.io/docs/policy-reports/) which you can access with `kubectl`. Because I can't find a simple solution to get a general overview of this PolicyReports and PolicyReportResults, I created this tool to send information about PolicyReports to different targets like [Grafana Loki](https://grafana.com/oss/loki/), [Elasticsearch](https://www.elastic.co/de/elasticsearch/) or [Slack](https://slack.com/). 

Policy Reporter provides also a Prometheus Metrics API as well as an standalone mode along with the [Policy Reporter UI](https://kyverno.github.io/policy-reporter/guide/getting-started#core--policy-reporter-ui).

This project is in an early stage. Please let me know if anything did not work as expected or if you want to send your audits to unsupported targets.

## Documentation

You can find detailed Information and Screens about Features and Configurations in the [Documentation](https://kyverno.github.io/policy-reporter).

## Getting Started

## Installation with Helm v3

Installation via Helm Repository

### Add the Helm repository
```bash
helm repo add policy-reporter https://kyverno.github.io/policy-reporter
helm repo update
```

### Basic Installation

The basic installation provides optional Prometheus Metrics and/or optional REST APIs, for more details have a look at the [Documentation](https://kyverno.github.io/policy-reporter/guide/getting-started).

```bash
helm install policy-reporter policy-reporter/policy-reporter -n policy-reporter --set metrics.enabled=true --set rest.enabled=true --create-namespace
```

### Installation without Helm or Kustomize

To install Policy Reporter without Helm or Kustomize have a look at [manifests](https://github.com/kyverno/policy-reporter/tree/main/manifest).

## Policy Reporter UI

You can use the Policy Reporter as standalone Application along with the optional UI SubChart.

### Installation with Policy Reporter UI and Kyverno Plugin enabled
```bash
helm install policy-reporter policy-reporter/policy-reporter --set kyvernoPlugin.enabled=true --set ui.enabled=true --set ui.plugins.kyverno=true -n policy-reporter --create-namespace
kubectl port-forward service/policy-reporter-ui 8082:8080 -n policy-reporter
```
Open `http://localhost:8082/` in your browser.

Check the [Documentation](https://kyverno.github.io/policy-reporter/guide/getting-started#core--policy-reporter-ui) for Screens and additional Information

## Targets

Policy Reporter supports the following [Targets](https://kyverno.github.io/policy-reporter/core/targets) to send new (Cluster)PolicyReport Results too:
* [Grafana Loki](https://kyverno.github.io/policy-reporter/core/targets#grafana-loki)
* [Elasticsearch](https://kyverno.github.io/policy-reporter/core/targets#elasticsearch)
* [Microsoft Teams](https://kyverno.github.io/policy-reporter/core/targets#microsoft-teams)
* [Slack](https://kyverno.github.io/policy-reporter/core/targets#slack)
* [Discord](https://kyverno.github.io/policy-reporter/core/targets#discord)
* [Policy Reporter UI](https://kyverno.github.io/policy-reporter/core/targets#policy-reporter-ui)
* [Webhook](https://kyverno.github.io/policy-reporter/core/targets#webhook)
* [S3](https://kyverno.github.io/policy-reporter/core/targets#s3-compatible-storage)
* [AWS Kinesis compatible Services](https://kyverno.github.io/policy-reporter/core/targets#kinesis-compatible-services)
* [AWS SecurityHub](https://kyverno.github.io/policy-reporter/core/targets#aws-securityhub)
* [Google Cloud Storage](https://kyverno.github.io/policy-reporter/core/targets/#google-cloud-storage)
* [Telegram](https://kyverno.github.io/policy-reporter/core/targets#telegram)
* [Google Chat](https://kyverno.github.io/policy-reporter/core/targets#google-chat)

## Monitoring

The Helm Chart includes optional SubChart for [Prometheus Operator](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) Integration. The provided Dashboards working without Loki and are only based on the Prometheus Metrics.

Have a look into the [Documentation](https://kyverno.github.io/policy-reporter/guide/helm-chart-core/#configure-the-servicemonitor) for details.

### Grafana Dashboard Import

If you are not using the MonitoringStack you can import the dashboards from [Grafana](https://grafana.com/orgs/policyreporter/dashboards)

## Resources

* [[Video] 37. #EveryoneCanContribute cafe: Policy reporter for Kyverno](https://youtu.be/1mKywg9f5Fw)
* [[Video] Rawkode Live: Hands on Policy Reporter](https://www.youtube.com/watch?v=ZrOtTELNLyg)
* [[Blog] Monitor Security and Best Practices with Kyverno and Policy Reporter](https://blog.webdev-jogeleit.de/blog/monitor-security-with-kyverno-and-policy-reporter/)
Update README.md 2021-03-19 19:32:46 +00:00			`# Policy Reporter`
update repository owner (#50) Signed-off-by: Frank Jogeleit <fj@move-elevator.de> 2021-07-23 08:05:20 +00:00			`[![CI](https://github.com/kyverno/policy-reporter/actions/workflows/ci.yaml/badge.svg)](https://github.com/kyverno/policy-reporter/actions/workflows/ci.yaml) [![Go Report Card](https://goreportcard.com/badge/github.com/kyverno/policy-reporter)](https://goreportcard.com/report/github.com/kyverno/policy-reporter) [![Coverage Status](https://coveralls.io/repos/github/kyverno/policy-reporter/badge.svg?branch=main)](https://coveralls.io/github/kyverno/policy-reporter?branch=main)`
init 2021-02-19 23:58:01 +00:00
Add concurrency to metrics and loki client 2021-02-20 10:00:10 +00:00			`## Motivation`
init 2021-02-19 23:58:01 +00:00
Update README 2021-03-19 19:23:43 +00:00			Kyverno ships with two types of validation. You can either enforce a rule or audit it. If you don't want to block developers or if you want to try out a new rule, you can use the audit functionality. The audit configuration creates [PolicyReports](https://kyverno.io/docs/policy-reports/) which you can access with `kubectl`. Because I can't find a simple solution to get a general overview of this PolicyReports and PolicyReportResults, I created this tool to send information about PolicyReports to different targets like [Grafana Loki](https://grafana.com/oss/loki/), [Elasticsearch](https://www.elastic.co/de/elasticsearch/) or [Slack](https://slack.com/).
Update README 2021-02-20 11:16:25 +00:00
Update Documentation Links Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de> 2022-07-12 08:06:18 +00:00			`Policy Reporter provides also a Prometheus Metrics API as well as an standalone mode along with the [Policy Reporter UI](https://kyverno.github.io/policy-reporter/guide/getting-started#core--policy-reporter-ui).`
Update README 2021-03-19 19:23:43 +00:00
			`This project is in an early stage. Please let me know if anything did not work as expected or if you want to send your audits to unsupported targets.`

			`## Documentation`

Internal Rewrite (#91) * Internal Rewrite Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de> 2021-12-13 15:02:40 +00:00			`You can find detailed Information and Screens about Features and Configurations in the [Documentation](https://kyverno.github.io/policy-reporter).`
update readme 2021-02-20 00:16:18 +00:00
Update README, replace target cm with secret 2021-03-01 15:36:44 +00:00			`## Getting Started`

update readme 2021-02-20 00:16:18 +00:00			`## Installation with Helm v3`

Update Installation instruction 2021-02-21 09:26:14 +00:00			`Installation via Helm Repository`
update readme 2021-02-20 00:16:18 +00:00
Development (#7) * Implement elasticsearch * Update deployment * Add Changelog 2021-02-27 18:11:49 +00:00			`### Add the Helm repository`
update readme 2021-02-20 00:16:18 +00:00			```bash
update repository owner (#50) Signed-off-by: Frank Jogeleit <fj@move-elevator.de> 2021-07-23 08:05:20 +00:00			`helm repo add policy-reporter https://kyverno.github.io/policy-reporter`
Update README, replace target cm with secret 2021-03-01 15:36:44 +00:00			`helm repo update`
update readme 2021-02-20 00:16:18 +00:00			```
Development (#7) * Implement elasticsearch * Update deployment * Add Changelog 2021-02-27 18:11:49 +00:00
Update README.md 2021-06-15 10:56:38 +00:00			`### Basic Installation`

Update Documentation Links Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de> 2022-07-12 08:06:18 +00:00			`The basic installation provides optional Prometheus Metrics and/or optional REST APIs, for more details have a look at the [Documentation](https://kyverno.github.io/policy-reporter/guide/getting-started).`
Update README.md 2021-06-15 10:56:38 +00:00
Development (#7) * Implement elasticsearch * Update deployment * Add Changelog 2021-02-27 18:11:49 +00:00			```bash
Internal Rewrite (#91) * Internal Rewrite Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de> 2021-12-13 15:02:40 +00:00			`helm install policy-reporter policy-reporter/policy-reporter -n policy-reporter --set metrics.enabled=true --set rest.enabled=true --create-namespace`
Development (#7) * Implement elasticsearch * Update deployment * Add Changelog 2021-02-27 18:11:49 +00:00			```

Add static install manifests (#38) * Add static install manifests * Remove unused value 2021-05-21 10:29:51 +00:00			`### Installation without Helm or Kustomize`

update repository owner (#50) Signed-off-by: Frank Jogeleit <fj@move-elevator.de> 2021-07-23 08:05:20 +00:00			`To install Policy Reporter without Helm or Kustomize have a look at [manifests](https://github.com/kyverno/policy-reporter/tree/main/manifest).`
Add static install manifests (#38) * Add static install manifests * Remove unused value 2021-05-21 10:29:51 +00:00
Update README.md 2021-03-19 19:43:09 +00:00			`## Policy Reporter UI`
Implement Discord as Target 2021-02-28 11:59:33 +00:00
Update README.md 2021-03-19 23:13:58 +00:00			`You can use the Policy Reporter as standalone Application along with the optional UI SubChart.`
Implement Discord as Target 2021-02-28 11:59:33 +00:00
Update README.md 2021-05-08 11:17:03 +00:00			`### Installation with Policy Reporter UI and Kyverno Plugin enabled`
Implement Discord as Target 2021-02-28 11:59:33 +00:00			```bash
Update README.md 2021-05-08 11:17:03 +00:00			`helm install policy-reporter policy-reporter/policy-reporter --set kyvernoPlugin.enabled=true --set ui.enabled=true --set ui.plugins.kyverno=true -n policy-reporter --create-namespace`
Update README 2021-03-19 19:23:43 +00:00			`kubectl port-forward service/policy-reporter-ui 8082:8080 -n policy-reporter`
Manage PolicyPriorities with Helm (#17) * Manage PolicyPriorities with Helm 2021-03-17 10:51:44 +00:00			```
Update README 2021-03-19 19:23:43 +00:00			Open `http://localhost:8082/` in your browser.
Manage PolicyPriorities with Helm (#17) * Manage PolicyPriorities with Helm 2021-03-17 10:51:44 +00:00
Update Documentation Links Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de> 2022-07-12 08:06:18 +00:00			`Check the [Documentation](https://kyverno.github.io/policy-reporter/guide/getting-started#core--policy-reporter-ui) for Screens and additional Information`
Update README 2021-03-19 19:23:43 +00:00
			`## Targets`

updated README to include up to date list of targets (#396) Signed-off-by: Vladyslav Ponoiko <vladyslav.ponoiko@automat-it.com> 2024-01-23 15:24:45 +00:00			`Policy Reporter supports the following [Targets](https://kyverno.github.io/policy-reporter/core/targets) to send new (Cluster)PolicyReport Results too:`
Update Documentation Links Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de> 2022-07-12 08:06:18 +00:00			`* [Grafana Loki](https://kyverno.github.io/policy-reporter/core/targets#grafana-loki)`
			`* [Elasticsearch](https://kyverno.github.io/policy-reporter/core/targets#elasticsearch)`
updated README to include up to date list of targets (#396) Signed-off-by: Vladyslav Ponoiko <vladyslav.ponoiko@automat-it.com> 2024-01-23 15:24:45 +00:00			`* [Microsoft Teams](https://kyverno.github.io/policy-reporter/core/targets#microsoft-teams)`
Update Documentation Links Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de> 2022-07-12 08:06:18 +00:00			`* [Slack](https://kyverno.github.io/policy-reporter/core/targets#slack)`
			`* [Discord](https://kyverno.github.io/policy-reporter/core/targets#discord)`
			`* [Policy Reporter UI](https://kyverno.github.io/policy-reporter/core/targets#policy-reporter-ui)`
updated README to include up to date list of targets (#396) Signed-off-by: Vladyslav Ponoiko <vladyslav.ponoiko@automat-it.com> 2024-01-23 15:24:45 +00:00			`* [Webhook](https://kyverno.github.io/policy-reporter/core/targets#webhook)`
Update Documentation Links Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de> 2022-07-12 08:06:18 +00:00			`* [S3](https://kyverno.github.io/policy-reporter/core/targets#s3-compatible-storage)`
updated README to include up to date list of targets (#396) Signed-off-by: Vladyslav Ponoiko <vladyslav.ponoiko@automat-it.com> 2024-01-23 15:24:45 +00:00			`* [AWS Kinesis compatible Services](https://kyverno.github.io/policy-reporter/core/targets#kinesis-compatible-services)`
			`* [AWS SecurityHub](https://kyverno.github.io/policy-reporter/core/targets#aws-securityhub)`
basic auth for API and Metrics (#343) * basic auth for API and Metrics Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de> 2023-09-10 08:00:31 +00:00			`* [Google Cloud Storage](https://kyverno.github.io/policy-reporter/core/targets/#google-cloud-storage)`
updated README to include up to date list of targets (#396) Signed-off-by: Vladyslav Ponoiko <vladyslav.ponoiko@automat-it.com> 2024-01-23 15:24:45 +00:00			`* [Telegram](https://kyverno.github.io/policy-reporter/core/targets#telegram)`
			`* [Google Chat](https://kyverno.github.io/policy-reporter/core/targets#google-chat)`
Update README, replace target cm with secret 2021-03-01 15:36:44 +00:00
Add ServiceMonitor and Grafana Dashboard to Helm Chart 2021-02-21 13:13:21 +00:00			`## Monitoring`

Update README.md 2021-03-19 23:13:58 +00:00			`The Helm Chart includes optional SubChart for [Prometheus Operator](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack) Integration. The provided Dashboards working without Loki and are only based on the Prometheus Metrics.`
Monitoring Improvements 2021-03-06 18:33:33 +00:00
Update Documentation Links Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de> 2022-07-12 08:06:18 +00:00			`Have a look into the [Documentation](https://kyverno.github.io/policy-reporter/guide/helm-chart-core/#configure-the-servicemonitor) for details.`
Monitoring Improvements 2021-03-06 18:33:33 +00:00
Update README 2021-03-19 19:23:43 +00:00			`### Grafana Dashboard Import`
Monitoring Improvements 2021-03-06 18:33:33 +00:00
			`If you are not using the MonitoringStack you can import the dashboards from [Grafana](https://grafana.com/orgs/policyreporter/dashboards)`
Update README 2021-04-17 11:42:04 +00:00
			`## Resources`

Add #37. EveryoneCanContribute Demo as Resource 2021-07-24 11:23:07 +00:00			`* [[Video] 37. #EveryoneCanContribute cafe: Policy reporter for Kyverno](https://youtu.be/1mKywg9f5Fw)`
Update README 2021-04-17 11:42:04 +00:00			`* [[Video] Rawkode Live: Hands on Policy Reporter](https://www.youtube.com/watch?v=ZrOtTELNLyg)`
Update README.md 2021-06-07 06:18:53 +00:00			`* [[Blog] Monitor Security and Best Practices with Kyverno and Policy Reporter](https://blog.webdev-jogeleit.de/blog/monitor-security-with-kyverno-and-policy-reporter/)`