Helm Improvements (#16)

* Helm Improvements
* Update README

.gitignore

@@ -1,3 +1,3 @@
 .deploy
-config.yaml
+/config.yaml
 build

README.md

@@ -42,18 +42,19 @@ helm install policy-reporter policy-reporter/policy-reporter -n policy-reporter
 ### Installation with Loki
 
 ```bash
-helm install policy-reporter policy-reporter/policy-reporter --set loki.host=http://loki:3100 -n policy-reporter --create-namespace
+helm install policy-reporter policy-reporter/policy-reporter --set target.loki.host=http://loki:3100 -n policy-reporter --create-namespace
 ```
 #### Additional configurations for Loki
 
-* Configure `loki.minimumPriority` to send only results with the configured minimumPriority or above, empty means all results. (info < warning < error)
-* Configure `loki.skipExistingOnStartup` to skip all results who already existed before the PolicyReporter started (default: `true`).
+* Configure `target.loki.minimumPriority` to send only results with the configured minimumPriority or above, empty means all results. (info < warning < error)
+* Configure `target.loki.skipExistingOnStartup` to skip all results who already existed before the PolicyReporter started (default: `true`).
 
 ```yaml
-loki:
-  host: ""
-  minimumPriority: ""
-  skipExistingOnStartup: true
+target:
+  loki:
+    host: ""
+    minimumPriority: ""
+    skipExistingOnStartup: true
 ```
 
 #### Example
@@ -63,23 +64,24 @@ loki:
 ### Installation with Elasticsearch
 
 ```bash
-helm install policy-reporter policy-reporter/policy-reporter --set elasticsearch.host=http://elasticsearch:3100 -n policy-reporter --create-namespace
+helm install policy-reporter policy-reporter/policy-reporter --set target.elasticsearch.host=http://elasticsearch:3100 -n policy-reporter --create-namespace
 ```
 
 #### Additional configurations for Elasticsearch
 
-* Configure `elasticsearch.index` to customize the elasticsearch index.
-* Configure `elasticsearch.rotation` is added as suffix to the index. Possible values are `daily`, `monthly`, `annually` and `none`.
-* Configure `elasticsearch.minimumPriority` to send only results with the configured minimumPriority or above, empty means all results. (info < warning < error)
-* Configure `elasticsearch.skipExistingOnStartup` to skip all results who already existed before the PolicyReporter started (default: `true`).
+* Configure `target.elasticsearch.index` to customize the elasticsearch index.
+* Configure `target.elasticsearch.rotation` is added as suffix to the index. Possible values are `daily`, `monthly`, `annually` and `none`.
+* Configure `target.elasticsearch.minimumPriority` to send only results with the configured minimumPriority or above, empty means all results. (info < warning < error)
+* Configure `target.elasticsearch.skipExistingOnStartup` to skip all results who already existed before the PolicyReporter started (default: `true`).
 
 ```yaml
-elasticsearch:
-  host: ""
-  index: "policy-reporter"
-  rotation: "daily"
-  minimumPriority: ""
-  skipExistingOnStartup: true
+target:
+  elasticsearch:
+    host: ""
+    index: "policy-reporter"
+    rotation: "daily"
+    minimumPriority: ""
+    skipExistingOnStartup: true
 ```
 
 #### Example
@@ -89,19 +91,20 @@ elasticsearch:
 ### Installation with Slack
 
 ```bash
-helm install policy-reporter policy-reporter/policy-reporter --set slack.webhook=http://hook.slack -n policy-reporter --create-namespace
+helm install policy-reporter policy-reporter/policy-reporter --set target.slack.webhook=http://hook.slack -n policy-reporter --create-namespace
 ```
 
 #### Additional configurations for Slack
 
-* Configure `slack.minimumPriority` to send only results with the configured minimumPriority or above, empty means all results. (info < warning < error)
-* Configure `slack.skipExistingOnStartup` to skip all results who already existed before the PolicyReporter started (default: `true`).
+* Configure `target.slack.minimumPriority` to send only results with the configured minimumPriority or above, empty means all results. (info < warning < error)
+* Configure `target.slack.skipExistingOnStartup` to skip all results who already existed before the PolicyReporter started (default: `true`).
 
 ```yaml
-slack:
-  webhook: ""
-  minimumPriority: ""
-  skipExistingOnStartup: true
+target:
+  slack:
+    webhook: ""
+    minimumPriority: ""
+    skipExistingOnStartup: true
 ```
 
 #### Example
@@ -111,19 +114,20 @@ slack:
 ### Installation with Discord
 
 ```bash
-helm install policy-reporter policy-reporter/policy-reporter --set discord.webhook=http://hook.discord -n policy-reporter --create-namespace
+helm install policy-reporter policy-reporter/policy-reporter --set target.discord.webhook=http://hook.discord -n policy-reporter --create-namespace
 ```
 
 #### Additional configurations for Discord
 
-* Configure `discord.minimumPriority` to send only results with the configured minimumPriority or above, empty means all results. (info < warning < error)
-* Configure `discord.skipExistingOnStartup` to skip all results who already existed before the PolicyReporter started (default: `true`).
+* Configure `target.discord.minimumPriority` to send only results with the configured minimumPriority or above, empty means all results. (info < warning < error)
+* Configure `target.discord.skipExistingOnStartup` to skip all results who already existed before the PolicyReporter started (default: `true`).
 
 ```yaml
-discord:
-  webhook: ""
-  minimumPriority: ""
-  skipExistingOnStartup: true
+target:
+  discord:
+    webhook: ""
+    minimumPriority: ""
+    skipExistingOnStartup: true
 ```
 
 #### Example
@@ -136,11 +140,17 @@ You can combine multiple targets by setting the required `host` or `webhook` con
 
 ## Configure Policy Priorities
 
-By default kyverno PolicyReports has no priority or severity for policies. So every passed rule validation will be processed as notice, a failed validation is processed as error. To customize this you can configure a mapping from policies to fail priorities. So you can send them as debug, info or warnings instead of errors. To configure the priorities create a ConfigMap in the `policy-reporter` namespace with the name `policy-reporter-priorities`. Configure each priority as value with the __Policyname__ as key and the __Priority__ as value. This Configuration is loaded and synchronized during runtime. Any change to this configmap will automaticly synchronized, no new deployment needed.
+By default kyverno PolicyReports has no priority or severity for policies. So every passed rule validation will be processed as notice, a failed validation is processed as error. To customize this you can configure a mapping from policies to fail priorities. So you can send them as debug, info or warnings instead of errors. To configure the priorities enale the required `Role` and `RoleBinding` by setting `policyPriorities.enabled` to `true` and create a ConfigMap in the `policy-reporter` namespace with the name `policy-reporter-priorities`. Configure each priority as value with the __Policyname__ as key and the __Priority__ as value. This Configuration is loaded and synchronized during runtime. Any change to this configmap will automaticly synchronized, no new deployment needed.
 
-A special Policyname `default` is supported. The `default` configuration can be used to set a global default priority instead of `error`. 
+A special Policyname `default` is supported. The `default` configuration can be used to set a global default priority instead of `error`.
 
-###
+### Enable the required Role and RoleBinding
+
+```bash
+helm install policy-reporter policy-reporter/policy-reporter --set policyPriorities.enabled=true -n policy-reporter --create-namespace
+```
+
+### Create the ConfigMap
 ```bash
 kubectl create configmap policy-reporter-priorities --from-literal check-label-app=warning --from-literal require-ns-labels=warning -n policy-reporter
 ```
@@ -176,7 +186,7 @@ The Monitoring Subchart offers several values for changing the height or disabli
 
 To change a value of this subchart you have to prefix each option with `monitoring.`
 
-Example
+#### Example
 
 ```bash
 helm install policy-reporter policy-reporter/policy-reporter --set monitoring.enabled=true --set monitoring.policyReportDetails.secondStatusRow.enabled=false -n policy-reporter --create-namespace
@@ -267,6 +277,78 @@ The UI is an optional application and provides three different views with inform
 
 ![ClusterPolicyReports](https://github.com/fjogeleit/policy-reporter-ui/blob/main/docs/images/cluster-policy-report.png?raw=true)
 
+## Example Helm values.yaml
+
+Example Helm `values.yaml` with the integrated Policy Reporter UI, Loki as target and customized Grafana Dashboards enabled.
+
+```yaml
+ui:
+  enabled: true
+
+policyPriorities:
+  enabled: true
+
+target:
+  loki:
+    host: "http://loki.loki-stack.svc.cluster.local:3100"
+    minimumPriority: "warning"
+    skipExistingOnStartup: true
+
+monitoring:
+  enabled: true
+
+  policyReportDetails:
+    firstStatusRow:
+      height: 6
+    secondStatusRow:
+      enabled: false
+      height: 2
+    statusTimeline:
+      enabled: true
+      height: 8
+    passTable:
+      enabled: true
+      height: 8
+    failTable:
+      enabled: true
+      height: 8
+    warningTable:
+      enabled: false
+      height: 4
+    errorTable:
+      enabled: false
+      height: 4
+
+  clusterPolicyReportDetails:
+    statusRow:
+      height: 6
+    statusTimeline:
+      enabled: true
+      height: 8
+    passTable:
+      enabled: true
+      height: 8
+    failTable:
+      enabled: true
+      height: 8
+    warningTable:
+      enabled: false
+      height: 4
+    errorTable:
+      enabled: false
+      height: 4
+
+  policyReportOverview:
+    failingSummaryRow:
+      height: 8
+    failingTimeline:
+      height: 10
+    failingPolicyRuleTable:
+      height: 10
+    failingClusterPolicyRuleTable:
+      height: 10
+```
+
 # Todos
 * ~~Support for ClusterPolicyReports~~
 * ~~Additional Targets~~

charts/policy-reporter/Chart.yaml

@@ -5,7 +5,7 @@ description: |
   It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord
 
 type: application
-version: 0.17.1
+version: 0.18.0
 appVersion: 0.12.0
 
 dependencies:

charts/policy-reporter/charts/policy-reporter-ui/templates/deployment.yaml

@@ -17,14 +17,14 @@ spec:
     metadata:
       labels:
         {{- include "ui.selectorLabels" . | nindent 8 }}
-{{- range $key, $value := $.Values.podLabels }}
-        {{ $key }}: {{ $value | quote }}
-{{- end }}
+        {{- with .Values.podLabels }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
       {{- if .Values.podAnnotations }}
       annotations:
-{{- range $key, $value := $.Values.podAnnotations }}
-        {{ $key }}: {{ $value | quote }}
-{{- end }}
+        {{- with .Values.podAnnotations }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
       {{- end }}
     spec:
       {{- with .Values.imagePullSecrets }}

charts/policy-reporter/charts/policy-reporter-ui/templates/ingress.yaml

@@ -11,13 +11,13 @@ metadata:
   name: {{ include "ui.fullname" . }}
   labels:
     {{- include "ui.selectorLabels" . | nindent 4 }}
-{{- range $key, $value := $.Values.ingress.labels }}
-    {{ $key }}: {{ $value | quote }}
-{{- end }}
+    {{- with .Values.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.ingress.annotations }}
   annotations:
-{{- range $key, $value := $.Values.ingress.annotations }}
-    {{ $key }}: {{ $value | quote }}
-{{- end }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   {{- if .Values.ingress.tls }}
   tls:

charts/policy-reporter/charts/policy-reporter-ui/templates/service.yaml

@@ -5,13 +5,13 @@ metadata:
   name: {{ include "ui.fullname" . }}
   labels:
     {{- include "ui.labels" . | nindent 4 }}
-{{- range $key, $value := $.Values.service.labels }}
-    {{ $key }}: {{ $value | quote }}
-{{- end }}
+    {{- with .Values.service.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.service.annotations }}
   annotations:
-{{- range $key, $value := $.Values.service.annotations }}
-    {{ $key }}: {{ $value | quote }}
-{{- end }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:

charts/policy-reporter/charts/policy-reporter-ui/values.yaml

@@ -76,3 +76,14 @@ ingress:
   #  - secretName: chart-example-tls
   #    hosts:
   #      - chart-example.local
+
+# Node labels for pod assignment
+# ref: https://kubernetes.io/docs/user-guide/node-selection/
+nodeSelector: {}
+
+# Tolerations for pod assignment
+# ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+tolerations: []
+
+# Anti-affinity to disallow deploying client and master nodes on the same worker node
+affinity: {}

charts/policy-reporter/config.yaml

@@ -0,0 +1,21 @@
+loki:
+  host: {{ .Values.target.loki.host | quote }}
+  minimumPriority: {{ .Values.target.loki.minimumPriority | quote }}
+  skipExistingOnStartup: {{ .Values.target.loki.skipExistingOnStartup }}
+
+elasticsearch:
+  host: {{ .Values.target.elasticsearch.host | quote }}
+  index: {{ .Values.target.elasticsearch.index | default "policy-reporter" | quote }}
+  rotation: {{ .Values.target.elasticsearch.rotation | default "dayli" | quote }}
+  minimumPriority: {{ .Values.target.elasticsearch.minimumPriority | quote }}
+  skipExistingOnStartup: {{ .Values.target.elasticsearch.skipExistingOnStartup }}
+
+slack:
+  webhook: {{ .Values.target.slack.webhook | quote }}
+  minimumPriority: {{ .Values.target.slack.minimumPriority | quote }}
+  skipExistingOnStartup: {{ .Values.target.slack.skipExistingOnStartup }}
+
+discord:
+  webhook: {{ .Values.target.discord.webhook | quote }}
+  minimumPriority: {{ .Values.target.discord.minimumPriority | quote }}
+  skipExistingOnStartup: {{ .Values.target.discord.skipExistingOnStartup }}

charts/policy-reporter/templates/deployment.yaml

@@ -21,14 +21,15 @@ spec:
     metadata:
       labels:
         {{- include "policyreporter.selectorLabels" . | nindent 8 }}
-{{- range $key, $value := $.Values.podLabels }}
-        {{ $key }}: {{ $value | quote }}
-{{- end }}
+        {{- with .Values.podLabels }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
       annotations:
-        checksum/secret: {{ include (print $.Template.BasePath "/targetssecret.yaml") . | sha256sum | quote }}
-{{- range $key, $value := $.Values.podAnnotations }}
-        {{ $key }}: {{ $value | quote }}
-{{- end }}
+        checksum/secret: {{ include (print .Template.BasePath "/targetssecret.yaml") . | sha256sum | quote }}
+        policy-priorities/enabled: {{ .Values.policyPriorities.enabled | quote }}
+        {{- with .Values.podAnnotations }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
     spec:
       {{- with .Values.imagePullSecrets }}
       imagePullSecrets:

charts/policy-reporter/templates/service.yaml

@@ -7,13 +7,13 @@ metadata:
   name: {{ include "policyreporter.fullname" . }}
   labels:
     {{- include "policyreporter.labels" . | nindent 4 }}
-{{- range $key, $value := $.Values.service.labels }}
-    {{ $key }}: {{ $value | quote }}
-{{- end }}
+    {{- with .Values.service.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.service.annotations }}
   annotations:
-{{- range $key, $value := $.Values.service.annotations }}
-    {{ $key }}: {{ $value | quote }}
-{{- end }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:

charts/policy-reporter/templates/targetssecret.yaml

@@ -5,26 +5,5 @@ metadata:
   labels:
     {{- include "policyreporter.labels" . | nindent 4 }}
 type: Opaque
-stringData:
-  config.yaml: |-
-    loki:
-      host: {{ .Values.loki.host | quote }}
-      minimumPriority: {{ .Values.loki.minimumPriority | quote }}
-      skipExistingOnStartup: {{ .Values.loki.skipExistingOnStartup }}
-
-    elasticsearch:
-      host: {{ .Values.elasticsearch.host | quote }}
-      index: {{ .Values.elasticsearch.index | default "policy-reporter" | quote }}
-      rotation: {{ .Values.elasticsearch.rotation | default "dayli" | quote }}
-      minimumPriority: {{ .Values.elasticsearch.minimumPriority | quote }}
-      skipExistingOnStartup: {{ .Values.elasticsearch.skipExistingOnStartup }}
-
-    slack:
-      webhook: {{ .Values.slack.webhook | quote }}
-      minimumPriority: {{ .Values.slack.minimumPriority | quote }}
-      skipExistingOnStartup: {{ .Values.slack.skipExistingOnStartup }}
-
-    discord:
-      webhook: {{ .Values.discord.webhook | quote }}
-      minimumPriority: {{ .Values.discord.minimumPriority | quote }}
-      skipExistingOnStartup: {{ .Values.discord.skipExistingOnStartup }}
+data:
+  config.yaml: {{ tpl (.Files.Get "config.yaml") . | b64enc }}

charts/policy-reporter/values.yaml

@@ -5,6 +5,9 @@ image:
 
 imagePullSecrets: []
 
+# Deploy not more than one replica
+# Policy Reporter doesn't scale yet.
+# Each pod will report each change.
 replicaCount: 1
 
 deploymentStrategy: {}
@@ -66,6 +69,10 @@ resources: {}
   #   memory: 20Mi
   #   cpu: 5m
 
+# enable policy-report-ui
+ui:
+  enabled: false
+
 monitoring:
   enabled: false
   namespace: cattle-dashboards
@@ -87,42 +94,44 @@ api:
 policyPriorities:
   enabled: false
 
-loki:
-  # loki host address
-  host: ""
-  # minimum priority "" < info < warning < error
-  minimumPriority: ""
-  # Skip already existing PolicyReportResults on startup
-  skipExistingOnStartup: true
+# Supported targets for new PolicyReport Results
+target:
+  loki:
+    # loki host address
+    host: ""
+    # minimum priority "" < info < warning < error
+    minimumPriority: ""
+    # Skip already existing PolicyReportResults on startup
+    skipExistingOnStartup: true
 
-elasticsearch:
-  # elasticsearch host address
-  host: ""
-  # elasticsearch index (default: policy-reporter)
-  index: ""
-  # elasticsearch index rotation and index suffix
-  # possible values: dayli, monthly, annually, none (default: dayli)
-  rotation: ""
-  # minimum priority "" < info < warning < error
-  minimumPriority: ""
-  # Skip already existing PolicyReportResults on startup
-  skipExistingOnStartup: true
+  elasticsearch:
+    # elasticsearch host address
+    host: ""
+    # elasticsearch index (default: policy-reporter)
+    index: ""
+    # elasticsearch index rotation and index suffix
+    # possible values: dayli, monthly, annually, none (default: dayli)
+    rotation: ""
+    # minimum priority "" < info < warning < error
+    minimumPriority: ""
+    # Skip already existing PolicyReportResults on startup
+    skipExistingOnStartup: true
 
-slack:
-  # slack app webhook address
-  webhook: ""
-  # minimum priority "" < info < warning < error
-  minimumPriority: ""
-  # Skip already existing PolicyReportResults on startup
-  skipExistingOnStartup: true
+  slack:
+    # slack app webhook address
+    webhook: ""
+    # minimum priority "" < info < warning < error
+    minimumPriority: ""
+    # Skip already existing PolicyReportResults on startup
+    skipExistingOnStartup: true
 
-discord:
-  # discord app webhook address
-  webhook: ""
-  # minimum priority "" < info < warning < error
-  minimumPriority: ""
-  # Skip already existing PolicyReportResults on startup
-  skipExistingOnStartup: true
+  discord:
+    # discord app webhook address
+    webhook: ""
+    # minimum priority "" < info < warning < error
+    minimumPriority: ""
+    # Skip already existing PolicyReportResults on startup
+    skipExistingOnStartup: true
 
 # Node labels for pod assignment
 # ref: https://kubernetes.io/docs/user-guide/node-selection/
@@ -134,7 +143,3 @@ tolerations: []
 
 # Anti-affinity to disallow deploying client and master nodes on the same worker node
 affinity: {}
-
-# enable policy-report-ui
-ui:
-  enabled: false