mirrors/policy-reporter
1
0
Fork 0
mirror of https://github.com/kyverno/policy-reporter.git synced 2024-12-14 11:57:32 +00:00
Code Activity

Add global.labels and health APIs (#40)

Browse source 
* Add global.labels and health APIs
* Fix manifest readme path
* go.mod update
This commit is contained in:
Frank Jogeleit 2021-05-29 10:57:06 +02:00 committed by GitHub
parent 4ee91e898f
commit 29049b7828
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
38 changed files with 232 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
CHANGELOG.md
View file

@ -1,6 +1,13 @@
# Changelog # Changelog
# 1.7.0
* Enable REST API by default
* Add `/healthz` and `/ready` APIs as new endpoints for readinessProbe and livenessProbe
* Helm Chart Updates
* Add `global.labels` to add `labels` on every resource created
* Add default labels on every resource
# 1.6.2 # 1.6.2
* Increase Result Caching Time to handle Kyverno issues with Policy reconcilation [Issue](https://github.com/kyverno/kyverno/issues/1921) * Increase Result Caching Time to handle Kyverno issues with Policy reconcilation [Issue](https://github.com/kyverno/kyverno/issues/1921)
* Fix golint errors * Fix golint errors

10
charts/policy-reporter/Chart.lock
View file

@ -1,12 +1,12 @@
dependencies: dependencies:
- name: monitoring - name: monitoring
repository: "" repository: ""
version: 1.2.0 version: 1.3.0
- name: ui - name: ui
repository: "" repository: ""
version: 1.6.0 version: 1.7.0
- name: kyvernoPlugin - name: kyvernoPlugin
repository: "" repository: ""
version: 0.2.0 version: 0.3.0
digest: sha256:c32c38e295ebe08651a81937858ba920212bd075aa7605189919c20820067e85 digest: sha256:e5b478e8c16d73531126c3b4331c92c1fb8bc89db412a46ddce22f6d45b26ccc
generated: "2021-05-21T10:53:50.045598+02:00" generated: "2021-05-29T09:48:14.131726+02:00"

10
charts/policy-reporter/Chart.yaml
View file

@ -5,19 +5,19 @@ description: |
It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord
type: application type: application
version: 1.6.2 version: 1.7.0
appVersion: 1.6.1 appVersion: 1.7.0
dependencies: dependencies:
- name: monitoring - name: monitoring
condition: monitoring.enabled condition: monitoring.enabled
repository: "" repository: ""
version: "1.2.0" version: "1.3.0"
- name: ui - name: ui
condition: ui.enabled condition: ui.enabled
repository: "" repository: ""
version: "1.6.0" version: "1.7.0"
- name: kyvernoPlugin - name: kyvernoPlugin
condition: kyvernoPlugin.enabled condition: kyvernoPlugin.enabled
repository: "" repository: ""
version: "0.2.0" version: "0.3.0"

2
charts/policy-reporter/charts/kyvernoPlugin/Chart.yaml
View file

@ -3,5 +3,5 @@ name: kyvernoPlugin
description: Policy Reporter Kyverno Plugin description: Policy Reporter Kyverno Plugin
type: application type: application
version: 0.2.0 version: 0.3.0
appVersion: 0.1.1 appVersion: 0.1.1

3
charts/policy-reporter/charts/kyvernoPlugin/templates/_helpers.tpl
View file

@ -35,6 +35,9 @@ helm.sh/chart: {{ include "kyvernoplugin.chart" . }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }} {{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- with .Values.global.labels }}
{{ toYaml . }}
{{- end -}}
{{- end }} {{- end }}
{{/* {{/*

1
charts/policy-reporter/charts/kyvernoPlugin/templates/clusterrole.yaml
View file

@ -4,6 +4,7 @@ kind: ClusterRole
metadata: metadata:
labels: labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
{{- include "kyvernoplugin.labels" . | nindent 4 }}
name: {{ include "kyvernoplugin.fullname" . }} name: {{ include "kyvernoplugin.fullname" . }}
rules: rules:
- apiGroups: - apiGroups:

2
charts/policy-reporter/charts/kyvernoPlugin/templates/clusterrolebinding.yaml
View file

@ -3,6 +3,8 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
name: {{ include "kyvernoplugin.fullname" . }} name: {{ include "kyvernoplugin.fullname" . }}
labels:
{{- include "kyvernoplugin.labels" . | nindent 4 }}
roleRef: roleRef:
kind: ClusterRole kind: ClusterRole
name: {{ include "kyvernoplugin.fullname" . }} name: {{ include "kyvernoplugin.fullname" . }}

3
charts/policy-reporter/charts/kyvernoPlugin/templates/deployment.yaml
View file

@ -20,6 +20,9 @@ spec:
{{- with .Values.podLabels }} {{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- with .Values.global.labels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.podAnnotations }} {{- if .Values.podAnnotations }}
annotations: annotations:
{{- with .Values.podAnnotations }} {{- with .Values.podAnnotations }}

2
charts/policy-reporter/charts/monitoring/Chart.yaml
View file

@ -3,5 +3,5 @@ name: monitoring
description: Policy Reporter Monitoring with predefined ServiceMonitor and Grafana Dashboards description: Policy Reporter Monitoring with predefined ServiceMonitor and Grafana Dashboards
type: application type: application
version: 1.2.0 version: 1.3.0
appVersion: 0.0.0 appVersion: 0.0.0

27
charts/policy-reporter/charts/monitoring/templates/_helpers.tpl
View file

@ -13,3 +13,30 @@ If release name contains chart name it will be used as a full name.
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{/*
Common labels
*/}}
{{- define "monitoring.labels" -}}
helm.sh/chart: {{ include "policyreporter.chart" . }}
{{ include "monitoring.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- with .Values.global.labels }}
{{ toYaml . }}
{{- end -}}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "monitoring.selectorLabels" -}}
app.kubernetes.io/name: {{ include "monitoring.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{- define "monitoring.name" -}}
{{- "monitoring" }}
{{- end }}

1
charts/policy-reporter/charts/monitoring/templates/clusterpolicy-details.dashboard.yaml
View file

@ -5,6 +5,7 @@ metadata:
namespace: {{ .Values.namespace }} namespace: {{ .Values.namespace }}
labels: labels:
grafana_dashboard: "1" grafana_dashboard: "1"
{{- include "monitoring.labels" . | nindent 4 }}
data: data:
cluster-policy-reporter-details-dashboard.json: | cluster-policy-reporter-details-dashboard.json: |
{ {

7
charts/policy-reporter/charts/monitoring/templates/kyverno-servicemonitor.yaml
View file

@ -3,10 +3,11 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor kind: ServiceMonitor
metadata: metadata:
name: {{ include "monitoring.fullname" . }}-kyverno-plugin name: {{ include "monitoring.fullname" . }}-kyverno-plugin
{{- if .Values.serviceMonitor.labels }}
labels: labels:
{{- toYaml .Values.serviceMonitor.labels | nindent 4 }} {{- with .Values.serviceMonitor.labels }}
{{- end }} {{- toYaml . | nindent 4 }}
{{- end }}
{{- include "monitoring.labels" . | nindent 4 }}
spec: spec:
selector: selector:
matchLabels: matchLabels:

4
charts/policy-reporter/charts/monitoring/templates/overview.dashboard.yaml
View file

@ -5,6 +5,10 @@ metadata:
namespace: {{ .Values.namespace }} namespace: {{ .Values.namespace }}
labels: labels:
grafana_dashboard: "1" grafana_dashboard: "1"
{{- with .Values.serviceMonitor.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- include "monitoring.labels" . | nindent 4 }}
data: data:
policy-reporter-dashboard.json: | policy-reporter-dashboard.json: |
{ {

4
charts/policy-reporter/charts/monitoring/templates/policy-details.dashboard.yaml
View file

@ -5,6 +5,10 @@ metadata:
namespace: {{ .Values.namespace }} namespace: {{ .Values.namespace }}
labels: labels:
grafana_dashboard: "1" grafana_dashboard: "1"
{{- with .Values.serviceMonitor.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- include "monitoring.labels" . | nindent 4 }}
data: data:
policy-reporter-details-dashboard.json: | policy-reporter-details-dashboard.json: |
{ {

7
charts/policy-reporter/charts/monitoring/templates/servicemonitor.yaml
View file

@ -2,10 +2,11 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor kind: ServiceMonitor
metadata: metadata:
name: {{ include "monitoring.fullname" . }} name: {{ include "monitoring.fullname" . }}
{{- if .Values.serviceMonitor.labels }}
labels: labels:
{{- toYaml .Values.serviceMonitor.labels | nindent 4 }} {{- include "monitoring.labels" . | nindent 4 }}
{{- end }} {{- with .Values.serviceMonitor.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec: spec:
selector: selector:
matchLabels: matchLabels:

2
charts/policy-reporter/charts/ui/Chart.yaml
View file

@ -3,5 +3,5 @@ name: ui
description: Policy Reporter UI description: Policy Reporter UI
type: application type: application
version: 1.6.0 version: 1.7.0
appVersion: 0.10.2 appVersion: 0.10.2

3
charts/policy-reporter/charts/ui/templates/_helpers.tpl
View file

@ -35,6 +35,9 @@ helm.sh/chart: {{ include "ui.chart" . }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }} {{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- with .Values.global.labels }}
{{ toYaml . }}
{{- end -}}
{{- end }} {{- end }}
{{/* {{/*

3
charts/policy-reporter/charts/ui/templates/deployment.yaml
View file

@ -20,6 +20,9 @@ spec:
{{- with .Values.podLabels }} {{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- with .Values.global.labels }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.podAnnotations }} {{- if .Values.podAnnotations }}
annotations: annotations:
{{- with .Values.podAnnotations }} {{- with .Values.podAnnotations }}

2
charts/policy-reporter/charts/ui/templates/ingress.yaml
View file

@ -10,7 +10,7 @@ kind: Ingress
metadata: metadata:
name: {{ include "ui.fullname" . }} name: {{ include "ui.fullname" . }}
labels: labels:
{{- include "ui.selectorLabels" . | nindent 4 }} {{- include "ui.labels" . | nindent 4 }}
{{- with .Values.ingress.labels }} {{- with .Values.ingress.labels }}
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}

3
charts/policy-reporter/templates/_helpers.tpl
View file

@ -35,6 +35,9 @@ helm.sh/chart: {{ include "policyreporter.chart" . }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }} {{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- with .Values.global.labels }}
{{ toYaml . }}
{{- end -}}
{{- end }} {{- end }}
{{/* {{/*

1
charts/policy-reporter/templates/clusterrole.yaml
View file

@ -4,6 +4,7 @@ kind: ClusterRole
metadata: metadata:
labels: labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
{{- include "policyreporter.labels" . | nindent 4 }}
name: {{ include "policyreporter.fullname" . }} name: {{ include "policyreporter.fullname" . }}
rules: rules:
- apiGroups: - apiGroups:

2
charts/policy-reporter/templates/clusterrolebinding.yaml
View file

@ -3,6 +3,8 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
name: {{ include "policyreporter.fullname" . }} name: {{ include "policyreporter.fullname" . }}
labels:
{{- include "policyreporter.labels" . | nindent 4 }}
roleRef: roleRef:
kind: ClusterRole kind: ClusterRole
name: {{ include "policyreporter.fullname" . }} name: {{ include "policyreporter.fullname" . }}

3
charts/policy-reporter/templates/deployment.yaml
View file

@ -24,6 +24,9 @@ spec:
{{- with .Values.podLabels }} {{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- with .Values.global.labels }}
{{- toYaml . | nindent 8 }}
{{- end }}
annotations: annotations:
checksum/secret: {{ include (print .Template.BasePath "/targetssecret.yaml") . | sha256sum | quote }} checksum/secret: {{ include (print .Template.BasePath "/targetssecret.yaml") . | sha256sum | quote }}
policy-priorities/enabled: {{ .Values.policyPriorities.enabled | quote }} policy-priorities/enabled: {{ .Values.policyPriorities.enabled | quote }}

2
charts/policy-reporter/templates/role.yaml
View file

@ -3,6 +3,8 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role kind: Role
metadata: metadata:
name: {{ include "policyreporter.fullname" . }} name: {{ include "policyreporter.fullname" . }}
labels:
{{- include "policyreporter.labels" . | nindent 4 }}
rules: rules:
- apiGroups: - apiGroups:
- '' - ''

2
charts/policy-reporter/templates/rolebinding.yaml
View file

@ -3,6 +3,8 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
metadata: metadata:
name: {{ include "policyreporter.fullname" . }} name: {{ include "policyreporter.fullname" . }}
labels:
{{- include "policyreporter.labels" . | nindent 4 }}
roleRef: roleRef:
kind: Role kind: Role
name: {{ include "policyreporter.fullname" . }} name: {{ include "policyreporter.fullname" . }}

4
charts/policy-reporter/values.yaml
View file

@ -1,7 +1,7 @@
image: image:
repository: fjogeleit/policy-reporter repository: fjogeleit/policy-reporter
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
tag: 1.6.1 tag: 1.7.0
imagePullSecrets: [] imagePullSecrets: []
@ -93,6 +93,8 @@ global:
# Service Port number # Service Port number
port: 8080 port: 8080
fullnameOverride: "" fullnameOverride: ""
# additional labels added on each resource
labels: {}
# DEPRECTED - Can be removed # DEPRECTED - Can be removed
# Policy Reporter watches now for both existing versions by default # Policy Reporter watches now for both existing versions by default

2
cmd/root.go
View file

@ -26,7 +26,6 @@ func loadConfig(cmd *cobra.Command) (*config.Config, error) {
v := viper.New() v := viper.New()
v.SetDefault("namespace", "policy-reporter") v.SetDefault("namespace", "policy-reporter")
v.SetDefault("api.port", 8080)
cfgFile := "" cfgFile := ""
@ -72,7 +71,6 @@ func loadConfig(cmd *cobra.Command) (*config.Config, error) {
if flag := cmd.Flags().Lookup("apiPort"); flag != nil { if flag := cmd.Flags().Lookup("apiPort"); flag != nil {
v.BindPFlag("api.port", flag) v.BindPFlag("api.port", flag)
v.BindPFlag("api.enabled", flag)
} }
c := &config.Config{} c := &config.Config{}

6
cmd/run.go
View file

@ -66,9 +66,7 @@ func newRunCMD() *cobra.Command {
errorChan := make(chan error) errorChan := make(chan error)
if c.API.Enabled { go func() { errorChan <- resolver.APIServer().Start() }()
go func() { errorChan <- resolver.APIServer().Start() }()
}
go func() { errorChan <- client.StartWatching() }() go func() { errorChan <- client.StartWatching() }()
@ -85,7 +83,7 @@ func newRunCMD() *cobra.Command {
// For local usage // For local usage
cmd.PersistentFlags().StringP("kubeconfig", "k", "", "absolute path to the kubeconfig file") cmd.PersistentFlags().StringP("kubeconfig", "k", "", "absolute path to the kubeconfig file")
cmd.PersistentFlags().StringP("config", "c", "", "target configuration file") cmd.PersistentFlags().StringP("config", "c", "", "target configuration file")
cmd.PersistentFlags().IntP("apiPort", "a", 0, "http port for the optional rest api") cmd.PersistentFlags().IntP("apiPort", "a", 8080, "http port for the optional rest api")
flag.Parse() flag.Parse()

3
go.mod
View file

@ -7,7 +7,7 @@ require (
github.com/google/gofuzz v1.2.0 // indirect github.com/google/gofuzz v1.2.0 // indirect
github.com/magiconair/properties v1.8.4 // indirect github.com/magiconair/properties v1.8.4 // indirect
github.com/mitchellh/mapstructure v1.4.1 // indirect github.com/mitchellh/mapstructure v1.4.1 // indirect
github.com/patrickmn/go-cache v2.1.0+incompatible // indirect github.com/patrickmn/go-cache v2.1.0+incompatible
github.com/pelletier/go-toml v1.8.1 // indirect github.com/pelletier/go-toml v1.8.1 // indirect
github.com/prometheus/client_golang v1.9.0 github.com/prometheus/client_golang v1.9.0
github.com/prometheus/client_model v0.2.0 github.com/prometheus/client_model v0.2.0
@ -17,7 +17,6 @@ require (
github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/spf13/jwalterweatherman v1.1.0 // indirect
github.com/spf13/viper v1.7.1 github.com/spf13/viper v1.7.1
golang.org/x/net v0.0.0-20210220033124-5f55cee0dc0d // indirect golang.org/x/net v0.0.0-20210220033124-5f55cee0dc0d // indirect
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9
golang.org/x/sys v0.0.0-20210218155724-8ebf48af031b // indirect golang.org/x/sys v0.0.0-20210218155724-8ebf48af031b // indirect
golang.org/x/text v0.3.5 // indirect golang.org/x/text v0.3.5 // indirect
gopkg.in/ini.v1 v1.62.0 // indirect gopkg.in/ini.v1 v1.62.0 // indirect

1
go.sum
View file

@ -552,7 +552,6 @@ golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9 h1:SQFwaSi55rU7vdNs9Yr0Z324VNlrF+0wMqRXT4St8ck=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=

4
manifest/README.md
View file

@ -27,8 +27,8 @@ Configures Policy Reporter UI as Target for Policy Reporter.
### Installation ### Installation
```bash ```bash
kubectl apply -f https://raw.githubusercontent.com/fjogeleit/policy-reporter/main/manifest/kyverno-policy-reporter-ui/namespace.yaml kubectl apply -f https://raw.githubusercontent.com/fjogeleit/policy-reporter/main/manifest/default-policy-reporter-ui/namespace.yaml
kubectl apply -f https://raw.githubusercontent.com/fjogeleit/policy-reporter/main/manifest/kyverno-policy-reporter-ui/target-secret.yaml kubectl apply -f https://raw.githubusercontent.com/fjogeleit/policy-reporter/main/manifest/default-policy-reporter-ui/target-secret.yaml
kubectl apply -f https://raw.githubusercontent.com/fjogeleit/policy-reporter/main/manifest/default-policy-reporter-ui/install.yaml kubectl apply -f https://raw.githubusercontent.com/fjogeleit/policy-reporter/main/manifest/default-policy-reporter-ui/install.yaml
``` ```

11
manifest/default-policy-reporter-ui/install.yaml
View file

@ -148,7 +148,7 @@ spec:
automountServiceAccountToken: true automountServiceAccountToken: true
containers: containers:
- name: policy-reporter - name: policy-reporter
image: "fjogeleit/policy-reporter:1.6.1" image: "fjogeleit/policy-reporter:1.7.0"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
@ -161,7 +161,6 @@ spec:
runAsUser: 1234 runAsUser: 1234
args: args:
- --config=/app/config.yaml - --config=/app/config.yaml
- --apiPort=8080
ports: ports:
- name: http - name: http
containerPort: 2112 containerPort: 2112
@ -171,12 +170,12 @@ spec:
protocol: TCP protocol: TCP
livenessProbe: livenessProbe:
httpGet: httpGet:
path: /metrics path: /healthz
port: http port: rest
readinessProbe: readinessProbe:
httpGet: httpGet:
path: /metrics path: /ready
port: http port: rest
resources: resources:
{} {}
volumeMounts: volumeMounts:

11
manifest/kyverno-policy-reporter-ui/install.yaml
View file

@ -266,7 +266,7 @@ spec:
automountServiceAccountToken: true automountServiceAccountToken: true
containers: containers:
- name: policy-reporter - name: policy-reporter
image: "fjogeleit/policy-reporter:1.6.1" image: "fjogeleit/policy-reporter:1.7.0"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
@ -279,7 +279,6 @@ spec:
runAsUser: 1234 runAsUser: 1234
args: args:
- --config=/app/config.yaml - --config=/app/config.yaml
- --apiPort=8080
ports: ports:
- name: http - name: http
containerPort: 2112 containerPort: 2112
@ -289,12 +288,12 @@ spec:
protocol: TCP protocol: TCP
livenessProbe: livenessProbe:
httpGet: httpGet:
path: /metrics path: /ready
port: http port: rest
readinessProbe: readinessProbe:
httpGet: httpGet:
path: /metrics path: /healthz
port: http port: rest
resources: resources:
{} {}
volumeMounts: volumeMounts:

13
manifest/policy-reporter/install.yaml
View file

@ -84,7 +84,7 @@ spec:
automountServiceAccountToken: true automountServiceAccountToken: true
containers: containers:
- name: policy-reporter - name: policy-reporter
image: "fjogeleit/policy-reporter:1.6.1" image: "fjogeleit/policy-reporter:1.7.0"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
@ -101,14 +101,17 @@ spec:
- name: http - name: http
containerPort: 2112 containerPort: 2112
protocol: TCP protocol: TCP
- name: rest
containerPort: 8080
protocol: TCP
livenessProbe: livenessProbe:
httpGet: httpGet:
path: /metrics path: /healthz
port: http port: rest
readinessProbe: readinessProbe:
httpGet: httpGet:
path: /metrics path: /ready
port: http port: rest
resources: resources:
{} {}
volumeMounts: volumeMounts:

28
pkg/api/handler.go
View file

@ -8,6 +8,34 @@ import (
"github.com/fjogeleit/policy-reporter/pkg/report" "github.com/fjogeleit/policy-reporter/pkg/report"
) )
// HealthzHandler for the Halthz REST API
func HealthzHandler() http.HandlerFunc {
return func(w http.ResponseWriter, req *http.Request) {
w.Header().Set("Content-Type", "application/json; charset=UTF-8")
w.WriteHeader(http.StatusOK)
fmt.Fprint(w, "{}")
}
}
// ReadyHandler for the Halthz REST API
func ReadyHandler(s *report.PolicyReportStore) http.HandlerFunc {
return func(w http.ResponseWriter, req *http.Request) {
if len(s.List(report.PolicyReportType))+len(s.List(report.ClusterPolicyReportType)) == 0 {
w.Header().Set("Content-Type", "application/json; charset=UTF-8")
w.WriteHeader(http.StatusServiceUnavailable)
fmt.Fprint(w, "{}")
return
}
w.Header().Set("Content-Type", "application/json; charset=UTF-8")
w.WriteHeader(http.StatusOK)
fmt.Fprint(w, "{}")
}
}
// PolicyReportHandler for the PolicyReport REST API // PolicyReportHandler for the PolicyReport REST API
func PolicyReportHandler(s *report.PolicyReportStore) http.HandlerFunc { func PolicyReportHandler(s *report.PolicyReportStore) http.HandlerFunc {
return func(w http.ResponseWriter, req *http.Request) { return func(w http.ResponseWriter, req *http.Request) {

82
pkg/api/handler_test.go
View file

@ -195,3 +195,85 @@ func Test_ClusterPolicyReportAPI(t *testing.T) {
} }
}) })
} }
func Test_HealthzAPI(t *testing.T) {
t.Run("Respose", func(t *testing.T) {
req, err := http.NewRequest("GET", "/healthz", nil)
if err != nil {
t.Fatal(err)
}
rr := httptest.NewRecorder()
handler := http.HandlerFunc(api.HealthzHandler())
handler.ServeHTTP(rr, req)
if status := rr.Code; status != http.StatusOK {
t.Errorf("handler returned wrong status code: got %v want %v", status, http.StatusOK)
}
})
}
func Test_ReadyAPI(t *testing.T) {
t.Run("Success Respose", func(t *testing.T) {
req, err := http.NewRequest("GET", "/ready", nil)
if err != nil {
t.Fatal(err)
}
result := report.Result{
Message: "validation error: requests and limits required. Rule autogen-check-for-requests-and-limits failed at path /spec/template/spec/containers/0/resources/requests/",
Policy: "require-requests-and-limits-required",
Rule: "autogen-check-for-requests-and-limits",
Priority: report.ErrorPriority,
Status: report.Fail,
Category: "resources",
Scored: true,
Resource: report.Resource{
APIVersion: "v1",
Kind: "Deployment",
Name: "nginx",
Namespace: "test",
UID: "536ab69f-1b3c-4bd9-9ba4-274a56188409",
},
}
preport := report.PolicyReport{
Name: "polr-test",
Namespace: "test",
Results: map[string]report.Result{"": result},
Summary: report.Summary{},
CreationTimestamp: time.Now(),
}
store := report.NewPolicyReportStore()
store.Add(preport)
rr := httptest.NewRecorder()
handler := http.HandlerFunc(api.ReadyHandler(store))
handler.ServeHTTP(rr, req)
if status := rr.Code; status != http.StatusOK {
t.Errorf("handler returned wrong status code: got %v want %v", status, http.StatusOK)
}
})
t.Run("Unavailable Respose", func(t *testing.T) {
req, err := http.NewRequest("GET", "/ready", nil)
if err != nil {
t.Fatal(err)
}
store := report.NewPolicyReportStore()
rr := httptest.NewRecorder()
handler := http.HandlerFunc(api.ReadyHandler(store))
handler.ServeHTTP(rr, req)
if status := rr.Code; status != http.StatusServiceUnavailable {
t.Errorf("handler returned wrong status code: got %v want %v", status, http.StatusServiceUnavailable)
}
})
}

2
pkg/api/server.go
View file

@ -25,6 +25,8 @@ func (s *httpServer) registerHandler() {
s.mux.HandleFunc("/policy-reports", Gzip(PolicyReportHandler(s.store))) s.mux.HandleFunc("/policy-reports", Gzip(PolicyReportHandler(s.store)))
s.mux.HandleFunc("/cluster-policy-reports", Gzip(ClusterPolicyReportHandler(s.store))) s.mux.HandleFunc("/cluster-policy-reports", Gzip(ClusterPolicyReportHandler(s.store)))
s.mux.HandleFunc("/targets", Gzip(TargetsHandler(s.targets))) s.mux.HandleFunc("/targets", Gzip(TargetsHandler(s.targets)))
s.mux.HandleFunc("/healthz", HealthzHandler())
s.mux.HandleFunc("/ready", ReadyHandler(s.store))
} }
func (s *httpServer) Start() error { func (s *httpServer) Start() error {

3
pkg/config/config.go
View file

@ -46,8 +46,7 @@ type UI struct {
// API configuration // API configuration
type API struct { type API struct {
Enabled bool `mapstructure:"enabled"` Port int `mapstructure:"port"`
Port int `mapstructure:"port"`
} }
// Config of the PolicyReporter // Config of the PolicyReporter