diff --git a/.gitignore b/.gitignore index d51fc70f..766a5ef5 100644 --- a/.gitignore +++ b/.gitignore @@ -6,4 +6,5 @@ build sqlite-database*.db values.yaml coverage.out -heap* \ No newline at end of file +heap* +/.env* \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index 9ddbb5be..d606de52 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +# 2.11.3 +* Policy Reporter + * New `emailReports.smtp.secret` configuration to use an existing external secret to configure your SMTP connection + * You can set all or a subset of the available keys in your secret: `host`, `port`, `username`, `password`, `from`, `encryption` + * Keys available in your secret have a higher priority as your Helm release values. + # 2.11.2 * Policy Reporter * Add new Severity values `info` and `critical` diff --git a/charts/policy-reporter/Chart.yaml b/charts/policy-reporter/Chart.yaml index ed09cebc..5223f225 100644 --- a/charts/policy-reporter/Chart.yaml +++ b/charts/policy-reporter/Chart.yaml @@ -5,8 +5,8 @@ description: | It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord type: application -version: 2.11.2 -appVersion: 2.8.1 +version: 2.11.3 +appVersion: 2.8.2 icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png home: https://kyverno.github.io/policy-reporter diff --git a/charts/policy-reporter/templates/cronjob-summary-report.yaml b/charts/policy-reporter/templates/cronjob-summary-report.yaml index b34b01e1..db3d25b5 100644 --- a/charts/policy-reporter/templates/cronjob-summary-report.yaml +++ b/charts/policy-reporter/templates/cronjob-summary-report.yaml @@ -68,6 +68,45 @@ spec: mountPath: /app/config.yaml subPath: config.yaml readOnly: true + {{- if .Values.emailReports.smtp.secret }} + env: + - name: EMAIL_REPORTS_SMTP_HOST + valueFrom: + secretKeyRef: + name: {{ .Values.emailReports.smtp.secret }} + key: host + optional: true + - name: EMAIL_REPORTS_SMTP_PORT + valueFrom: + secretKeyRef: + name: {{ .Values.emailReports.smtp.secret }} + key: port + optional: true + - name: EMAIL_REPORTS_SMTP_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.emailReports.smtp.secret }} + key: username + optional: true + - name: EMAIL_REPORTS_SMTP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.emailReports.smtp.secret }} + key: password + optional: true + - name: EMAIL_REPORTS_SMTP_FROM + valueFrom: + secretKeyRef: + name: {{ .Values.emailReports.smtp.secret }} + key: from + optional: true + - name: EMAIL_REPORTS_SMTP_ENCRYPTION + valueFrom: + secretKeyRef: + name: {{ .Values.emailReports.smtp.secret }} + key: encryption + optional: true + {{- end }} volumes: - name: config-file secret: diff --git a/charts/policy-reporter/templates/cronjob-violations-report.yaml b/charts/policy-reporter/templates/cronjob-violations-report.yaml index c24beb7b..05c8955b 100644 --- a/charts/policy-reporter/templates/cronjob-violations-report.yaml +++ b/charts/policy-reporter/templates/cronjob-violations-report.yaml @@ -68,6 +68,45 @@ spec: mountPath: /app/config.yaml subPath: config.yaml readOnly: true + {{- if .Values.emailReports.smtp.secret }} + env: + - name: EMAIL_REPORTS_SMTP_HOST + valueFrom: + secretKeyRef: + name: {{ .Values.emailReports.smtp.secret }} + key: host + optional: true + - name: EMAIL_REPORTS_SMTP_PORT + valueFrom: + secretKeyRef: + name: {{ .Values.emailReports.smtp.secret }} + key: port + optional: true + - name: EMAIL_REPORTS_SMTP_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.emailReports.smtp.secret }} + key: username + optional: true + - name: EMAIL_REPORTS_SMTP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.emailReports.smtp.secret }} + key: password + optional: true + - name: EMAIL_REPORTS_SMTP_FROM + valueFrom: + secretKeyRef: + name: {{ .Values.emailReports.smtp.secret }} + key: from + optional: true + - name: EMAIL_REPORTS_SMTP_ENCRYPTION + valueFrom: + secretKeyRef: + name: {{ .Values.emailReports.smtp.secret }} + key: encryption + optional: true + {{- end }} volumes: - name: config-file secret: diff --git a/charts/policy-reporter/values.yaml b/charts/policy-reporter/values.yaml index 581548ac..f17d3575 100644 --- a/charts/policy-reporter/values.yaml +++ b/charts/policy-reporter/values.yaml @@ -2,7 +2,7 @@ image: registry: ghcr.io repository: kyverno/policy-reporter pullPolicy: IfNotPresent - tag: 2.8.1 + tag: 2.8.2 imagePullSecrets: [] @@ -156,6 +156,7 @@ policyPriorities: {} emailReports: clusterName: "" # (optional) - displayed in the email report if configured smtp: + secret: "" # (optional) secret name to provide the complete or partial SMTP configuration host: "" port: 465 username: "" diff --git a/pkg/config/load.go b/pkg/config/load.go index 454633e1..e5519f03 100644 --- a/pkg/config/load.go +++ b/pkg/config/load.go @@ -2,6 +2,7 @@ package config import ( "log" + "strings" "github.com/spf13/cobra" "github.com/spf13/viper" @@ -29,6 +30,7 @@ func Load(cmd *cobra.Command) (*Config, error) { v.SetConfigName("config") } + v.SetEnvKeyReplacer(strings.NewReplacer(".", "_")) v.AutomaticEnv() if err := v.ReadInConfig(); err != nil { @@ -74,6 +76,14 @@ func Load(cmd *cobra.Command) (*Config, error) { log.Printf("[WARNING] failed to bind env POD_NAMESPACE") } + // bind SMTP config from environment vars, if existing + _ = v.BindEnv("emailReports.smtp.username", "EMAIL_REPORTS_SMTP_USERNAME") + _ = v.BindEnv("emailReports.smtp.password", "EMAIL_REPORTS_SMTP_PASSWORD") + _ = v.BindEnv("emailReports.smtp.encryption", "EMAIL_REPORTS_SMTP_ENCRYPTION") + _ = v.BindEnv("emailReports.smtp.host", "EMAIL_REPORTS_SMTP_HOST") + _ = v.BindEnv("emailReports.smtp.port", "EMAIL_REPORTS_SMTP_PORT") + _ = v.BindEnv("emailReports.smtp.from", "EMAIL_REPORTS_SMTP_FROM") + c := &Config{} err := v.Unmarshal(c)