diff --git a/CHANGELOG.md b/CHANGELOG.md index 4a8b1948..2fd5239a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,13 @@ # Changelog +# 1.7.0 +* Enable REST API by default + * Add `/healthz` and `/ready` APIs as new endpoints for readinessProbe and livenessProbe +* Helm Chart Updates + * Add `global.labels` to add `labels` on every resource created + * Add default labels on every resource + # 1.6.2 * Increase Result Caching Time to handle Kyverno issues with Policy reconcilation [Issue](https://github.com/kyverno/kyverno/issues/1921) * Fix golint errors diff --git a/charts/policy-reporter/Chart.lock b/charts/policy-reporter/Chart.lock index 1a389012..42feb09f 100644 --- a/charts/policy-reporter/Chart.lock +++ b/charts/policy-reporter/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: monitoring repository: "" - version: 1.2.0 + version: 1.3.0 - name: ui repository: "" - version: 1.6.0 + version: 1.7.0 - name: kyvernoPlugin repository: "" - version: 0.2.0 -digest: sha256:c32c38e295ebe08651a81937858ba920212bd075aa7605189919c20820067e85 -generated: "2021-05-21T10:53:50.045598+02:00" + version: 0.3.0 +digest: sha256:e5b478e8c16d73531126c3b4331c92c1fb8bc89db412a46ddce22f6d45b26ccc +generated: "2021-05-29T09:48:14.131726+02:00" diff --git a/charts/policy-reporter/Chart.yaml b/charts/policy-reporter/Chart.yaml index 71ccea86..fc095d56 100644 --- a/charts/policy-reporter/Chart.yaml +++ b/charts/policy-reporter/Chart.yaml @@ -5,19 +5,19 @@ description: | It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord type: application -version: 1.6.2 -appVersion: 1.6.1 +version: 1.7.0 +appVersion: 1.7.0 dependencies: - name: monitoring condition: monitoring.enabled repository: "" - version: "1.2.0" + version: "1.3.0" - name: ui condition: ui.enabled repository: "" - version: "1.6.0" + version: "1.7.0" - name: kyvernoPlugin condition: kyvernoPlugin.enabled repository: "" - version: "0.2.0" + version: "0.3.0" diff --git a/charts/policy-reporter/charts/kyvernoPlugin/Chart.yaml b/charts/policy-reporter/charts/kyvernoPlugin/Chart.yaml index 62fc30d0..fce5bd95 100644 --- a/charts/policy-reporter/charts/kyvernoPlugin/Chart.yaml +++ b/charts/policy-reporter/charts/kyvernoPlugin/Chart.yaml @@ -3,5 +3,5 @@ name: kyvernoPlugin description: Policy Reporter Kyverno Plugin type: application -version: 0.2.0 +version: 0.3.0 appVersion: 0.1.1 \ No newline at end of file diff --git a/charts/policy-reporter/charts/kyvernoPlugin/templates/_helpers.tpl b/charts/policy-reporter/charts/kyvernoPlugin/templates/_helpers.tpl index ceced1dd..4be743c2 100644 --- a/charts/policy-reporter/charts/kyvernoPlugin/templates/_helpers.tpl +++ b/charts/policy-reporter/charts/kyvernoPlugin/templates/_helpers.tpl @@ -35,6 +35,9 @@ helm.sh/chart: {{ include "kyvernoplugin.chart" . }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Values.global.labels }} +{{ toYaml . }} +{{- end -}} {{- end }} {{/* diff --git a/charts/policy-reporter/charts/kyvernoPlugin/templates/clusterrole.yaml b/charts/policy-reporter/charts/kyvernoPlugin/templates/clusterrole.yaml index 994b377b..1458dd52 100644 --- a/charts/policy-reporter/charts/kyvernoPlugin/templates/clusterrole.yaml +++ b/charts/policy-reporter/charts/kyvernoPlugin/templates/clusterrole.yaml @@ -4,6 +4,7 @@ kind: ClusterRole metadata: labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" + {{- include "kyvernoplugin.labels" . | nindent 4 }} name: {{ include "kyvernoplugin.fullname" . }} rules: - apiGroups: diff --git a/charts/policy-reporter/charts/kyvernoPlugin/templates/clusterrolebinding.yaml b/charts/policy-reporter/charts/kyvernoPlugin/templates/clusterrolebinding.yaml index ac3ee30e..ac272723 100644 --- a/charts/policy-reporter/charts/kyvernoPlugin/templates/clusterrolebinding.yaml +++ b/charts/policy-reporter/charts/kyvernoPlugin/templates/clusterrolebinding.yaml @@ -3,6 +3,8 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ include "kyvernoplugin.fullname" . }} + labels: + {{- include "kyvernoplugin.labels" . | nindent 4 }} roleRef: kind: ClusterRole name: {{ include "kyvernoplugin.fullname" . }} diff --git a/charts/policy-reporter/charts/kyvernoPlugin/templates/deployment.yaml b/charts/policy-reporter/charts/kyvernoPlugin/templates/deployment.yaml index b7c51aa9..f636122f 100644 --- a/charts/policy-reporter/charts/kyvernoPlugin/templates/deployment.yaml +++ b/charts/policy-reporter/charts/kyvernoPlugin/templates/deployment.yaml @@ -20,6 +20,9 @@ spec: {{- with .Values.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.global.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- if .Values.podAnnotations }} annotations: {{- with .Values.podAnnotations }} diff --git a/charts/policy-reporter/charts/monitoring/Chart.yaml b/charts/policy-reporter/charts/monitoring/Chart.yaml index 04d4988d..89fc20d5 100644 --- a/charts/policy-reporter/charts/monitoring/Chart.yaml +++ b/charts/policy-reporter/charts/monitoring/Chart.yaml @@ -3,5 +3,5 @@ name: monitoring description: Policy Reporter Monitoring with predefined ServiceMonitor and Grafana Dashboards type: application -version: 1.2.0 +version: 1.3.0 appVersion: 0.0.0 diff --git a/charts/policy-reporter/charts/monitoring/templates/_helpers.tpl b/charts/policy-reporter/charts/monitoring/templates/_helpers.tpl index b2c49e06..8ff1c704 100644 --- a/charts/policy-reporter/charts/monitoring/templates/_helpers.tpl +++ b/charts/policy-reporter/charts/monitoring/templates/_helpers.tpl @@ -13,3 +13,30 @@ If release name contains chart name it will be used as a full name. {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} {{- end }} {{- end }} + +{{/* +Common labels +*/}} +{{- define "monitoring.labels" -}} +helm.sh/chart: {{ include "policyreporter.chart" . }} +{{ include "monitoring.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Values.global.labels }} +{{ toYaml . }} +{{- end -}} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "monitoring.selectorLabels" -}} +app.kubernetes.io/name: {{ include "monitoring.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{- define "monitoring.name" -}} +{{- "monitoring" }} +{{- end }} \ No newline at end of file diff --git a/charts/policy-reporter/charts/monitoring/templates/clusterpolicy-details.dashboard.yaml b/charts/policy-reporter/charts/monitoring/templates/clusterpolicy-details.dashboard.yaml index 182553e4..3a89d11d 100644 --- a/charts/policy-reporter/charts/monitoring/templates/clusterpolicy-details.dashboard.yaml +++ b/charts/policy-reporter/charts/monitoring/templates/clusterpolicy-details.dashboard.yaml @@ -5,6 +5,7 @@ metadata: namespace: {{ .Values.namespace }} labels: grafana_dashboard: "1" + {{- include "monitoring.labels" . | nindent 4 }} data: cluster-policy-reporter-details-dashboard.json: | { diff --git a/charts/policy-reporter/charts/monitoring/templates/kyverno-servicemonitor.yaml b/charts/policy-reporter/charts/monitoring/templates/kyverno-servicemonitor.yaml index f8cf0627..23cb37ae 100644 --- a/charts/policy-reporter/charts/monitoring/templates/kyverno-servicemonitor.yaml +++ b/charts/policy-reporter/charts/monitoring/templates/kyverno-servicemonitor.yaml @@ -3,10 +3,11 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "monitoring.fullname" . }}-kyverno-plugin - {{- if .Values.serviceMonitor.labels }} labels: - {{- toYaml .Values.serviceMonitor.labels | nindent 4 }} - {{- end }} + {{- with .Values.serviceMonitor.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- include "monitoring.labels" . | nindent 4 }} spec: selector: matchLabels: diff --git a/charts/policy-reporter/charts/monitoring/templates/overview.dashboard.yaml b/charts/policy-reporter/charts/monitoring/templates/overview.dashboard.yaml index c48ee668..91ba2b30 100644 --- a/charts/policy-reporter/charts/monitoring/templates/overview.dashboard.yaml +++ b/charts/policy-reporter/charts/monitoring/templates/overview.dashboard.yaml @@ -5,6 +5,10 @@ metadata: namespace: {{ .Values.namespace }} labels: grafana_dashboard: "1" + {{- with .Values.serviceMonitor.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- include "monitoring.labels" . | nindent 4 }} data: policy-reporter-dashboard.json: | { diff --git a/charts/policy-reporter/charts/monitoring/templates/policy-details.dashboard.yaml b/charts/policy-reporter/charts/monitoring/templates/policy-details.dashboard.yaml index 54abf207..e7f167b8 100644 --- a/charts/policy-reporter/charts/monitoring/templates/policy-details.dashboard.yaml +++ b/charts/policy-reporter/charts/monitoring/templates/policy-details.dashboard.yaml @@ -5,6 +5,10 @@ metadata: namespace: {{ .Values.namespace }} labels: grafana_dashboard: "1" + {{- with .Values.serviceMonitor.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- include "monitoring.labels" . | nindent 4 }} data: policy-reporter-details-dashboard.json: | { diff --git a/charts/policy-reporter/charts/monitoring/templates/servicemonitor.yaml b/charts/policy-reporter/charts/monitoring/templates/servicemonitor.yaml index 464823fc..14e16782 100644 --- a/charts/policy-reporter/charts/monitoring/templates/servicemonitor.yaml +++ b/charts/policy-reporter/charts/monitoring/templates/servicemonitor.yaml @@ -2,10 +2,11 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "monitoring.fullname" . }} - {{- if .Values.serviceMonitor.labels }} labels: - {{- toYaml .Values.serviceMonitor.labels | nindent 4 }} - {{- end }} + {{- include "monitoring.labels" . | nindent 4 }} + {{- with .Values.serviceMonitor.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: selector: matchLabels: diff --git a/charts/policy-reporter/charts/ui/Chart.yaml b/charts/policy-reporter/charts/ui/Chart.yaml index a5b89645..00117851 100644 --- a/charts/policy-reporter/charts/ui/Chart.yaml +++ b/charts/policy-reporter/charts/ui/Chart.yaml @@ -3,5 +3,5 @@ name: ui description: Policy Reporter UI type: application -version: 1.6.0 +version: 1.7.0 appVersion: 0.10.2 diff --git a/charts/policy-reporter/charts/ui/templates/_helpers.tpl b/charts/policy-reporter/charts/ui/templates/_helpers.tpl index da7eab58..482b38c1 100644 --- a/charts/policy-reporter/charts/ui/templates/_helpers.tpl +++ b/charts/policy-reporter/charts/ui/templates/_helpers.tpl @@ -35,6 +35,9 @@ helm.sh/chart: {{ include "ui.chart" . }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Values.global.labels }} +{{ toYaml . }} +{{- end -}} {{- end }} {{/* diff --git a/charts/policy-reporter/charts/ui/templates/deployment.yaml b/charts/policy-reporter/charts/ui/templates/deployment.yaml index 6f8061d4..d5838f8e 100644 --- a/charts/policy-reporter/charts/ui/templates/deployment.yaml +++ b/charts/policy-reporter/charts/ui/templates/deployment.yaml @@ -20,6 +20,9 @@ spec: {{- with .Values.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.global.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- if .Values.podAnnotations }} annotations: {{- with .Values.podAnnotations }} diff --git a/charts/policy-reporter/charts/ui/templates/ingress.yaml b/charts/policy-reporter/charts/ui/templates/ingress.yaml index b509b31b..edfabc7c 100644 --- a/charts/policy-reporter/charts/ui/templates/ingress.yaml +++ b/charts/policy-reporter/charts/ui/templates/ingress.yaml @@ -10,7 +10,7 @@ kind: Ingress metadata: name: {{ include "ui.fullname" . }} labels: - {{- include "ui.selectorLabels" . | nindent 4 }} + {{- include "ui.labels" . | nindent 4 }} {{- with .Values.ingress.labels }} {{- toYaml . | nindent 4 }} {{- end }} diff --git a/charts/policy-reporter/templates/_helpers.tpl b/charts/policy-reporter/templates/_helpers.tpl index 6d2faaa6..ad1e1145 100644 --- a/charts/policy-reporter/templates/_helpers.tpl +++ b/charts/policy-reporter/templates/_helpers.tpl @@ -35,6 +35,9 @@ helm.sh/chart: {{ include "policyreporter.chart" . }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Values.global.labels }} +{{ toYaml . }} +{{- end -}} {{- end }} {{/* diff --git a/charts/policy-reporter/templates/clusterrole.yaml b/charts/policy-reporter/templates/clusterrole.yaml index 3bec36ee..0939c787 100644 --- a/charts/policy-reporter/templates/clusterrole.yaml +++ b/charts/policy-reporter/templates/clusterrole.yaml @@ -4,6 +4,7 @@ kind: ClusterRole metadata: labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" + {{- include "policyreporter.labels" . | nindent 4 }} name: {{ include "policyreporter.fullname" . }} rules: - apiGroups: diff --git a/charts/policy-reporter/templates/clusterrolebinding.yaml b/charts/policy-reporter/templates/clusterrolebinding.yaml index 88d1e141..93d586ed 100644 --- a/charts/policy-reporter/templates/clusterrolebinding.yaml +++ b/charts/policy-reporter/templates/clusterrolebinding.yaml @@ -3,6 +3,8 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ include "policyreporter.fullname" . }} + labels: + {{- include "policyreporter.labels" . | nindent 4 }} roleRef: kind: ClusterRole name: {{ include "policyreporter.fullname" . }} diff --git a/charts/policy-reporter/templates/deployment.yaml b/charts/policy-reporter/templates/deployment.yaml index b53bb131..20365719 100644 --- a/charts/policy-reporter/templates/deployment.yaml +++ b/charts/policy-reporter/templates/deployment.yaml @@ -24,6 +24,9 @@ spec: {{- with .Values.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.global.labels }} + {{- toYaml . | nindent 8 }} + {{- end }} annotations: checksum/secret: {{ include (print .Template.BasePath "/targetssecret.yaml") . | sha256sum | quote }} policy-priorities/enabled: {{ .Values.policyPriorities.enabled | quote }} diff --git a/charts/policy-reporter/templates/role.yaml b/charts/policy-reporter/templates/role.yaml index 37788853..f9709e6b 100644 --- a/charts/policy-reporter/templates/role.yaml +++ b/charts/policy-reporter/templates/role.yaml @@ -3,6 +3,8 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "policyreporter.fullname" . }} + labels: + {{- include "policyreporter.labels" . | nindent 4 }} rules: - apiGroups: - '' diff --git a/charts/policy-reporter/templates/rolebinding.yaml b/charts/policy-reporter/templates/rolebinding.yaml index d056d998..24e24bf9 100644 --- a/charts/policy-reporter/templates/rolebinding.yaml +++ b/charts/policy-reporter/templates/rolebinding.yaml @@ -3,6 +3,8 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "policyreporter.fullname" . }} + labels: + {{- include "policyreporter.labels" . | nindent 4 }} roleRef: kind: Role name: {{ include "policyreporter.fullname" . }} diff --git a/charts/policy-reporter/values.yaml b/charts/policy-reporter/values.yaml index d3228f57..96bee304 100644 --- a/charts/policy-reporter/values.yaml +++ b/charts/policy-reporter/values.yaml @@ -1,7 +1,7 @@ image: repository: fjogeleit/policy-reporter pullPolicy: IfNotPresent - tag: 1.6.1 + tag: 1.7.0 imagePullSecrets: [] @@ -93,6 +93,8 @@ global: # Service Port number port: 8080 fullnameOverride: "" + # additional labels added on each resource + labels: {} # DEPRECTED - Can be removed # Policy Reporter watches now for both existing versions by default diff --git a/cmd/root.go b/cmd/root.go index d80f2df0..58087ada 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -26,7 +26,6 @@ func loadConfig(cmd *cobra.Command) (*config.Config, error) { v := viper.New() v.SetDefault("namespace", "policy-reporter") - v.SetDefault("api.port", 8080) cfgFile := "" @@ -72,7 +71,6 @@ func loadConfig(cmd *cobra.Command) (*config.Config, error) { if flag := cmd.Flags().Lookup("apiPort"); flag != nil { v.BindPFlag("api.port", flag) - v.BindPFlag("api.enabled", flag) } c := &config.Config{} diff --git a/cmd/run.go b/cmd/run.go index 97462026..3f1770e1 100644 --- a/cmd/run.go +++ b/cmd/run.go @@ -66,9 +66,7 @@ func newRunCMD() *cobra.Command { errorChan := make(chan error) - if c.API.Enabled { - go func() { errorChan <- resolver.APIServer().Start() }() - } + go func() { errorChan <- resolver.APIServer().Start() }() go func() { errorChan <- client.StartWatching() }() @@ -85,7 +83,7 @@ func newRunCMD() *cobra.Command { // For local usage cmd.PersistentFlags().StringP("kubeconfig", "k", "", "absolute path to the kubeconfig file") cmd.PersistentFlags().StringP("config", "c", "", "target configuration file") - cmd.PersistentFlags().IntP("apiPort", "a", 0, "http port for the optional rest api") + cmd.PersistentFlags().IntP("apiPort", "a", 8080, "http port for the optional rest api") flag.Parse() diff --git a/go.mod b/go.mod index fd5a4f03..b3ab1b3c 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/google/gofuzz v1.2.0 // indirect github.com/magiconair/properties v1.8.4 // indirect github.com/mitchellh/mapstructure v1.4.1 // indirect - github.com/patrickmn/go-cache v2.1.0+incompatible // indirect + github.com/patrickmn/go-cache v2.1.0+incompatible github.com/pelletier/go-toml v1.8.1 // indirect github.com/prometheus/client_golang v1.9.0 github.com/prometheus/client_model v0.2.0 @@ -17,7 +17,6 @@ require ( github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/spf13/viper v1.7.1 golang.org/x/net v0.0.0-20210220033124-5f55cee0dc0d // indirect - golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9 golang.org/x/sys v0.0.0-20210218155724-8ebf48af031b // indirect golang.org/x/text v0.3.5 // indirect gopkg.in/ini.v1 v1.62.0 // indirect diff --git a/go.sum b/go.sum index bc8fa17c..0bf2a839 100644 --- a/go.sum +++ b/go.sum @@ -552,7 +552,6 @@ golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9 h1:SQFwaSi55rU7vdNs9Yr0Z324VNlrF+0wMqRXT4St8ck= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= diff --git a/manifest/README.md b/manifest/README.md index c3ccb2c1..6081665b 100644 --- a/manifest/README.md +++ b/manifest/README.md @@ -27,8 +27,8 @@ Configures Policy Reporter UI as Target for Policy Reporter. ### Installation ```bash -kubectl apply -f https://raw.githubusercontent.com/fjogeleit/policy-reporter/main/manifest/kyverno-policy-reporter-ui/namespace.yaml -kubectl apply -f https://raw.githubusercontent.com/fjogeleit/policy-reporter/main/manifest/kyverno-policy-reporter-ui/target-secret.yaml +kubectl apply -f https://raw.githubusercontent.com/fjogeleit/policy-reporter/main/manifest/default-policy-reporter-ui/namespace.yaml +kubectl apply -f https://raw.githubusercontent.com/fjogeleit/policy-reporter/main/manifest/default-policy-reporter-ui/target-secret.yaml kubectl apply -f https://raw.githubusercontent.com/fjogeleit/policy-reporter/main/manifest/default-policy-reporter-ui/install.yaml ``` diff --git a/manifest/default-policy-reporter-ui/install.yaml b/manifest/default-policy-reporter-ui/install.yaml index 4c722044..edaad40c 100644 --- a/manifest/default-policy-reporter-ui/install.yaml +++ b/manifest/default-policy-reporter-ui/install.yaml @@ -148,7 +148,7 @@ spec: automountServiceAccountToken: true containers: - name: policy-reporter - image: "fjogeleit/policy-reporter:1.6.1" + image: "fjogeleit/policy-reporter:1.7.0" imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false @@ -161,7 +161,6 @@ spec: runAsUser: 1234 args: - --config=/app/config.yaml - - --apiPort=8080 ports: - name: http containerPort: 2112 @@ -171,12 +170,12 @@ spec: protocol: TCP livenessProbe: httpGet: - path: /metrics - port: http + path: /healthz + port: rest readinessProbe: httpGet: - path: /metrics - port: http + path: /ready + port: rest resources: {} volumeMounts: diff --git a/manifest/kyverno-policy-reporter-ui/install.yaml b/manifest/kyverno-policy-reporter-ui/install.yaml index 83ab4bb3..631722f2 100644 --- a/manifest/kyverno-policy-reporter-ui/install.yaml +++ b/manifest/kyverno-policy-reporter-ui/install.yaml @@ -266,7 +266,7 @@ spec: automountServiceAccountToken: true containers: - name: policy-reporter - image: "fjogeleit/policy-reporter:1.6.1" + image: "fjogeleit/policy-reporter:1.7.0" imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false @@ -279,7 +279,6 @@ spec: runAsUser: 1234 args: - --config=/app/config.yaml - - --apiPort=8080 ports: - name: http containerPort: 2112 @@ -289,12 +288,12 @@ spec: protocol: TCP livenessProbe: httpGet: - path: /metrics - port: http + path: /ready + port: rest readinessProbe: httpGet: - path: /metrics - port: http + path: /healthz + port: rest resources: {} volumeMounts: diff --git a/manifest/policy-reporter/install.yaml b/manifest/policy-reporter/install.yaml index 4f7b1a3b..c3568e4c 100644 --- a/manifest/policy-reporter/install.yaml +++ b/manifest/policy-reporter/install.yaml @@ -84,7 +84,7 @@ spec: automountServiceAccountToken: true containers: - name: policy-reporter - image: "fjogeleit/policy-reporter:1.6.1" + image: "fjogeleit/policy-reporter:1.7.0" imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false @@ -101,14 +101,17 @@ spec: - name: http containerPort: 2112 protocol: TCP + - name: rest + containerPort: 8080 + protocol: TCP livenessProbe: httpGet: - path: /metrics - port: http + path: /healthz + port: rest readinessProbe: httpGet: - path: /metrics - port: http + path: /ready + port: rest resources: {} volumeMounts: diff --git a/pkg/api/handler.go b/pkg/api/handler.go index b2697d85..7c90bb88 100644 --- a/pkg/api/handler.go +++ b/pkg/api/handler.go @@ -8,6 +8,34 @@ import ( "github.com/fjogeleit/policy-reporter/pkg/report" ) +// HealthzHandler for the Halthz REST API +func HealthzHandler() http.HandlerFunc { + return func(w http.ResponseWriter, req *http.Request) { + w.Header().Set("Content-Type", "application/json; charset=UTF-8") + w.WriteHeader(http.StatusOK) + fmt.Fprint(w, "{}") + } +} + +// ReadyHandler for the Halthz REST API +func ReadyHandler(s *report.PolicyReportStore) http.HandlerFunc { + return func(w http.ResponseWriter, req *http.Request) { + if len(s.List(report.PolicyReportType))+len(s.List(report.ClusterPolicyReportType)) == 0 { + w.Header().Set("Content-Type", "application/json; charset=UTF-8") + w.WriteHeader(http.StatusServiceUnavailable) + + fmt.Fprint(w, "{}") + + return + } + + w.Header().Set("Content-Type", "application/json; charset=UTF-8") + w.WriteHeader(http.StatusOK) + + fmt.Fprint(w, "{}") + } +} + // PolicyReportHandler for the PolicyReport REST API func PolicyReportHandler(s *report.PolicyReportStore) http.HandlerFunc { return func(w http.ResponseWriter, req *http.Request) { diff --git a/pkg/api/handler_test.go b/pkg/api/handler_test.go index 86dd6f91..9d2686a9 100644 --- a/pkg/api/handler_test.go +++ b/pkg/api/handler_test.go @@ -195,3 +195,85 @@ func Test_ClusterPolicyReportAPI(t *testing.T) { } }) } + +func Test_HealthzAPI(t *testing.T) { + t.Run("Respose", func(t *testing.T) { + req, err := http.NewRequest("GET", "/healthz", nil) + if err != nil { + t.Fatal(err) + } + + rr := httptest.NewRecorder() + handler := http.HandlerFunc(api.HealthzHandler()) + + handler.ServeHTTP(rr, req) + + if status := rr.Code; status != http.StatusOK { + t.Errorf("handler returned wrong status code: got %v want %v", status, http.StatusOK) + } + }) +} + +func Test_ReadyAPI(t *testing.T) { + t.Run("Success Respose", func(t *testing.T) { + req, err := http.NewRequest("GET", "/ready", nil) + if err != nil { + t.Fatal(err) + } + + result := report.Result{ + Message: "validation error: requests and limits required. Rule autogen-check-for-requests-and-limits failed at path /spec/template/spec/containers/0/resources/requests/", + Policy: "require-requests-and-limits-required", + Rule: "autogen-check-for-requests-and-limits", + Priority: report.ErrorPriority, + Status: report.Fail, + Category: "resources", + Scored: true, + Resource: report.Resource{ + APIVersion: "v1", + Kind: "Deployment", + Name: "nginx", + Namespace: "test", + UID: "536ab69f-1b3c-4bd9-9ba4-274a56188409", + }, + } + + preport := report.PolicyReport{ + Name: "polr-test", + Namespace: "test", + Results: map[string]report.Result{"": result}, + Summary: report.Summary{}, + CreationTimestamp: time.Now(), + } + + store := report.NewPolicyReportStore() + store.Add(preport) + + rr := httptest.NewRecorder() + handler := http.HandlerFunc(api.ReadyHandler(store)) + + handler.ServeHTTP(rr, req) + + if status := rr.Code; status != http.StatusOK { + t.Errorf("handler returned wrong status code: got %v want %v", status, http.StatusOK) + } + }) + + t.Run("Unavailable Respose", func(t *testing.T) { + req, err := http.NewRequest("GET", "/ready", nil) + if err != nil { + t.Fatal(err) + } + + store := report.NewPolicyReportStore() + + rr := httptest.NewRecorder() + handler := http.HandlerFunc(api.ReadyHandler(store)) + + handler.ServeHTTP(rr, req) + + if status := rr.Code; status != http.StatusServiceUnavailable { + t.Errorf("handler returned wrong status code: got %v want %v", status, http.StatusServiceUnavailable) + } + }) +} diff --git a/pkg/api/server.go b/pkg/api/server.go index 7d84a913..502017be 100644 --- a/pkg/api/server.go +++ b/pkg/api/server.go @@ -25,6 +25,8 @@ func (s *httpServer) registerHandler() { s.mux.HandleFunc("/policy-reports", Gzip(PolicyReportHandler(s.store))) s.mux.HandleFunc("/cluster-policy-reports", Gzip(ClusterPolicyReportHandler(s.store))) s.mux.HandleFunc("/targets", Gzip(TargetsHandler(s.targets))) + s.mux.HandleFunc("/healthz", HealthzHandler()) + s.mux.HandleFunc("/ready", ReadyHandler(s.store)) } func (s *httpServer) Start() error { diff --git a/pkg/config/config.go b/pkg/config/config.go index 4a87ebb3..27681077 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -46,8 +46,7 @@ type UI struct { // API configuration type API struct { - Enabled bool `mapstructure:"enabled"` - Port int `mapstructure:"port"` + Port int `mapstructure:"port"` } // Config of the PolicyReporter