Prepare Release v2.14.0

Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>

CHANGELOG.md

@@ -20,7 +20,15 @@
         - `grafana.datasource.pluginId`, default `prometheus`
     * New value `grafana.dashboards.labelFilter` to add custom report labels as dashboard filter, default `[]`. Label has to be a valid prometheus label, e.g. `created-by` => `created_by`.
     * New values `grafana.dashboards.multicluster.enabled` and `grafana.dashboards.multicluster.label` to add an optional `cluster` label.
-
+* Kyverno Plugin
+    * New HTML Compliance Reports
+        * Grouped by Policy with Details per Namespace and Resource
+        * Grouped by Namespace with Details per Policy and Resource
+    * Go update to 1.19
+* UI
+    * Integrate new Compliance Reports
+    * New PolicyReport label based filter, use `ui.labelFilter` to define a list of labels to add
+    * Go update to 1.19
 
 # 2.13.5
 * Add configuration `target.s3.pathStyle` for the `S3` output

charts/policy-reporter/Chart.lock

@@ -4,9 +4,9 @@ dependencies:
   version: 2.6.0
 - name: ui
   repository: ""
-  version: 2.6.5
+  version: 2.7.0
 - name: kyvernoPlugin
   repository: ""
-  version: 1.4.3
+  version: 1.5.0
-digest: sha256:77617b4a71b522b0b45d48f4525a3e12c1c98199a9d9e4e6eefdf06b13724641
+digest: sha256:98bcfb5c8d8346439da04d127746619cff8797ff7ca2f51974dfa42a794db357
-generated: "2022-12-01T12:00:48.595881+01:00"
+generated: "2022-12-09T15:51:33.549508+01:00"

charts/policy-reporter/Chart.yaml

@@ -21,7 +21,7 @@ dependencies:
     version: "2.6.0"
   - name: ui
     condition: ui.enabled
-    version: "2.6.5"
+    version: "2.7.0"
   - name: kyvernoPlugin
     condition: kyvernoPlugin.enabled
-    version: "1.4.3"
+    version: "1.5.0"

charts/policy-reporter/charts/kyvernoPlugin/Chart.yaml

@@ -3,5 +3,5 @@ name: kyvernoPlugin
 description: Policy Reporter Kyverno Plugin
 
 type: application
-version: 1.4.3
+version: 1.5.0
-appVersion: 1.4.2
+appVersion: 1.5.0

charts/policy-reporter/charts/kyvernoPlugin/templates/clusterrole.yaml

@@ -40,8 +40,18 @@ rules:
   - clusterpolicyreports/status
   verbs:
   - get
+  - list
   - create
   - update
   - delete
+{{- else }}
+- apiGroups:
+  - '*'
+  resources:
+  - policyreports
+  - clusterpolicyreports
+  verbs:
+  - get
+  - list
 {{- end }}
 {{- end -}}

charts/policy-reporter/charts/kyvernoPlugin/values.yaml

@@ -2,7 +2,7 @@ image:
   registry: ghcr.io
   repository: kyverno/policy-reporter-kyverno-plugin
   pullPolicy: IfNotPresent
-  tag: 1.4.2
+  tag: 1.5.0
 
 imagePullSecrets: []
 

charts/policy-reporter/charts/ui/Chart.yaml

@@ -3,5 +3,5 @@ name: ui
 description: Policy Reporter UI
 
 type: application
-version: 2.6.5
+version: 2.7.0
-appVersion: 1.6.7
+appVersion: 1.7.0

charts/policy-reporter/charts/ui/templates/config.yaml

@@ -28,6 +28,10 @@ data:
     clusters:
       {{- toYaml . | nindent 4 }}
     {{- end }}
+    {{- with .Values.labelFilter }}
+    labelFilter:
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
 
     {{- with .Values.redis }}
     redis:

charts/policy-reporter/charts/ui/values.yaml

@@ -4,7 +4,7 @@ image:
   registry: ghcr.io
   repository: kyverno/policy-reporter-ui
   pullPolicy: IfNotPresent
-  tag: 1.6.7
+  tag: 1.7.0
 
 # possible default displayModes: light/dark
 displayMode: ""
@@ -44,6 +44,22 @@ clusters: []
 #   api: https://policy-reporter.external.cluster                       # reachable external Policy Reporter REST API
 #   kyvernoApi: https://policy-reporter-kyverno-plugin.external.cluster # (optional) reachable external Policy Reporter Kyverno Plugin REST API
 
+# define custom filter for policy report results based on (Cluster)PolicyReport labels
+# exmaple - use a owner label on all reports belonging to a dedicated team and add the label as additional custom filter
+#
+# apiVersion: wgpolicyk8s.io/v1alpha2
+# kind: PolicyReport
+# metadata:
+#   labels:
+#     app.kubernetes.io/managed-by: kyverno
+#     owner: team-a
+#   name: cpol-disallow-capabilities
+#   namespace: default
+# results: [...]
+#
+# labelFilter: ["owner"]
+labelFilter: []
+
 # use redis as external log storage instead of an in memory store
 # recommended when using a HA setup with more then one replica
 # to get all logs on each instance 

manifest/policy-reporter-kyverno-ui-ha/install.yaml

@@ -238,7 +238,7 @@ spec:
       automountServiceAccountToken: true
       containers:
         - name: "kyverno-plugin"
-          image: "ghcr.io/kyverno/policy-reporter-kyverno-plugin:1.4.2"
+          image: "ghcr.io/kyverno/policy-reporter-ui:1.5.0"
           imagePullPolicy: IfNotPresent
           securityContext:
             allowPrivilegeEscalation: false
@@ -308,7 +308,7 @@ spec:
     spec:
       containers:
         - name: ui
-          image: "ghcr.io/kyverno/policy-reporter-ui:1.6.7"
+          image: "ghcr.io/kyverno/policy-reporter-ui:1.7.0"
           imagePullPolicy: IfNotPresent
           securityContext:
             allowPrivilegeEscalation: false

manifest/policy-reporter-kyverno-ui/install.yaml

@@ -158,7 +158,7 @@ spec:
       automountServiceAccountToken: true
       containers:
         - name: "kyverno-plugin"
-          image: "ghcr.io/kyverno/policy-reporter-kyverno-plugin:1.4.2"
+          image: "ghcr.io/kyverno/policy-reporter-ui:1.5.0"
           imagePullPolicy: IfNotPresent
           securityContext:
             allowPrivilegeEscalation: false
@@ -206,7 +206,7 @@ spec:
     spec:
       containers:
         - name: ui
-          image: "ghcr.io/kyverno/policy-reporter-ui:1.6.7"
+          image: "ghcr.io/kyverno/policy-reporter-ui:1.7.0"
           imagePullPolicy: IfNotPresent
           securityContext:
             allowPrivilegeEscalation: false

manifest/policy-reporter-ui/install.yaml

@@ -94,7 +94,7 @@ spec:
       automountServiceAccountToken: false
       containers:
         - name: ui
-          image: "ghcr.io/kyverno/policy-reporter-ui:1.6.7"
+          image: "ghcr.io/kyverno/policy-reporter-ui:1.7.0"
           imagePullPolicy: IfNotPresent
           securityContext:
             allowPrivilegeEscalation: false