mirrors/policy-reporter
1
0
Fork 0
mirror of https://github.com/kyverno/policy-reporter.git synced 2024-12-14 11:57:32 +00:00
Code Activity

Configure SMTP as secret

Browse source 
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
This commit is contained in:
Frank Jogeleit 2022-08-26 18:27:08 +02:00
parent 3359bb125c
commit 323eb9f4db
7 changed files with 100 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.gitignore vendored
View file

@ -6,4 +6,5 @@ build
sqlite-database*.db sqlite-database*.db
values.yaml values.yaml
coverage.out coverage.out
heap* heap*
/.env*

6
CHANGELOG.md
View file

@ -1,5 +1,11 @@
# Changelog # Changelog
# 2.11.3
* Policy Reporter
* New `emailReports.smtp.secret` configuration to use an existing external secret to configure your SMTP connection
* You can set all or a subset of the available keys in your secret: `host`, `port`, `username`, `password`, `from`, `encryption`
* Keys available in your secret have a higher priority as your Helm release values.
# 2.11.2 # 2.11.2
* Policy Reporter * Policy Reporter
* Add new Severity values `info` and `critical` * Add new Severity values `info` and `critical`

4
charts/policy-reporter/Chart.yaml
View file

@ -5,8 +5,8 @@ description: |
It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord
type: application type: application
version: 2.11.2 version: 2.11.3
appVersion: 2.8.1 appVersion: 2.8.2
icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png
home: https://kyverno.github.io/policy-reporter home: https://kyverno.github.io/policy-reporter

39
charts/policy-reporter/templates/cronjob-summary-report.yaml
View file

@ -68,6 +68,45 @@ spec:
mountPath: /app/config.yaml mountPath: /app/config.yaml
subPath: config.yaml subPath: config.yaml
readOnly: true readOnly: true
{{- if .Values.emailReports.smtp.secret }}
env:
- name: EMAIL_REPORTS_SMTP_HOST
valueFrom:
secretKeyRef:
name: {{ .Values.emailReports.smtp.secret }}
key: host
optional: true
- name: EMAIL_REPORTS_SMTP_PORT
valueFrom:
secretKeyRef:
name: {{ .Values.emailReports.smtp.secret }}
key: port
optional: true
- name: EMAIL_REPORTS_SMTP_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.emailReports.smtp.secret }}
key: username
optional: true
- name: EMAIL_REPORTS_SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.emailReports.smtp.secret }}
key: password
optional: true
- name: EMAIL_REPORTS_SMTP_FROM
valueFrom:
secretKeyRef:
name: {{ .Values.emailReports.smtp.secret }}
key: from
optional: true
- name: EMAIL_REPORTS_SMTP_ENCRYPTION
valueFrom:
secretKeyRef:
name: {{ .Values.emailReports.smtp.secret }}
key: encryption
optional: true
{{- end }}
volumes: volumes:
- name: config-file - name: config-file
secret: secret:

39
charts/policy-reporter/templates/cronjob-violations-report.yaml
View file

@ -68,6 +68,45 @@ spec:
mountPath: /app/config.yaml mountPath: /app/config.yaml
subPath: config.yaml subPath: config.yaml
readOnly: true readOnly: true
{{- if .Values.emailReports.smtp.secret }}
env:
- name: EMAIL_REPORTS_SMTP_HOST
valueFrom:
secretKeyRef:
name: {{ .Values.emailReports.smtp.secret }}
key: host
optional: true
- name: EMAIL_REPORTS_SMTP_PORT
valueFrom:
secretKeyRef:
name: {{ .Values.emailReports.smtp.secret }}
key: port
optional: true
- name: EMAIL_REPORTS_SMTP_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.emailReports.smtp.secret }}
key: username
optional: true
- name: EMAIL_REPORTS_SMTP_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.emailReports.smtp.secret }}
key: password
optional: true
- name: EMAIL_REPORTS_SMTP_FROM
valueFrom:
secretKeyRef:
name: {{ .Values.emailReports.smtp.secret }}
key: from
optional: true
- name: EMAIL_REPORTS_SMTP_ENCRYPTION
valueFrom:
secretKeyRef:
name: {{ .Values.emailReports.smtp.secret }}
key: encryption
optional: true
{{- end }}
volumes: volumes:
- name: config-file - name: config-file
secret: secret:

3
charts/policy-reporter/values.yaml
View file

@ -2,7 +2,7 @@ image:
registry: ghcr.io registry: ghcr.io
repository: kyverno/policy-reporter repository: kyverno/policy-reporter
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
tag: 2.8.1 tag: 2.8.2
imagePullSecrets: [] imagePullSecrets: []
@ -156,6 +156,7 @@ policyPriorities: {}
emailReports: emailReports:
clusterName: "" # (optional) - displayed in the email report if configured clusterName: "" # (optional) - displayed in the email report if configured
smtp: smtp:
secret: "" # (optional) secret name to provide the complete or partial SMTP configuration
host: "" host: ""
port: 465 port: 465
username: "" username: ""

10
pkg/config/load.go
View file

@ -2,6 +2,7 @@ package config
import ( import (
"log" "log"
"strings"
"github.com/spf13/cobra" "github.com/spf13/cobra"
"github.com/spf13/viper" "github.com/spf13/viper"
@ -29,6 +30,7 @@ func Load(cmd *cobra.Command) (*Config, error) {
v.SetConfigName("config") v.SetConfigName("config")
} }
v.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
v.AutomaticEnv() v.AutomaticEnv()
if err := v.ReadInConfig(); err != nil { if err := v.ReadInConfig(); err != nil {
@ -74,6 +76,14 @@ func Load(cmd *cobra.Command) (*Config, error) {
log.Printf("[WARNING] failed to bind env POD_NAMESPACE") log.Printf("[WARNING] failed to bind env POD_NAMESPACE")
} }
// bind SMTP config from environment vars, if existing
_ = v.BindEnv("emailReports.smtp.username", "EMAIL_REPORTS_SMTP_USERNAME")
_ = v.BindEnv("emailReports.smtp.password", "EMAIL_REPORTS_SMTP_PASSWORD")
_ = v.BindEnv("emailReports.smtp.encryption", "EMAIL_REPORTS_SMTP_ENCRYPTION")
_ = v.BindEnv("emailReports.smtp.host", "EMAIL_REPORTS_SMTP_HOST")
_ = v.BindEnv("emailReports.smtp.port", "EMAIL_REPORTS_SMTP_PORT")
_ = v.BindEnv("emailReports.smtp.from", "EMAIL_REPORTS_SMTP_FROM")
c := &Config{} c := &Config{}
err := v.Unmarshal(c) err := v.Unmarshal(c)