mirrors/policy-reporter
1
0
Fork 0
mirror of https://github.com/kyverno/policy-reporter.git synced 2024-12-14 11:57:32 +00:00
Code Activity

Update Dashboards and KyvernoPlugin configurations

Browse source 
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
This commit is contained in:
Frank Jogeleit 2022-05-24 14:47:32 +02:00
parent 5c5309a183
commit 80600cd06d
12 changed files with 150 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
charts/policy-reporter/Chart.lock
View file

@ -7,6 +7,6 @@ dependencies:
version: 2.4.0
- name: kyvernoPlugin
repository: ""
version: 1.3.0
digest: sha256:d81ac0d4a8d210125f61fb0cf321aace5ee0fa1638b6d67e7f043268c6223052
generated: "2022-05-18T22:27:07.069375+02:00"
version: 1.3.1
digest: sha256:7a734be2c2f509c2e8424949509f176278a279d75600f89ec81c0b41ac27041f
generated: "2022-05-23T16:49:26.121035+02:00"

2
charts/policy-reporter/Chart.yaml
View file

@ -24,4 +24,4 @@ dependencies:
version: "2.4.0"
- name: kyvernoPlugin
condition: kyvernoPlugin.enabled
version: "1.3.0"
version: "1.3.1"

4
charts/policy-reporter/charts/kyvernoPlugin/Chart.yaml
View file

@ -3,5 +3,5 @@ name: kyvernoPlugin
description: Policy Reporter Kyverno Plugin
type: application
version: 1.3.0
appVersion: 1.3.0
version: 1.3.1
appVersion: 1.3.1

2
charts/policy-reporter/charts/kyvernoPlugin/config.yaml Normal file
View file

@ -0,0 +1,2 @@
blockReports:
{{- toYaml .Values.blockReports | nindent 2 }}

22
charts/policy-reporter/charts/kyvernoPlugin/templates/clusterrole.yaml
View file

@ -22,4 +22,26 @@ rules:
- get
- list
- watch
{{- if .Values.blockReports.enabled }}
- apiGroups:
- ""
resources:
- events
verbs:
- get
- list
- watch
- apiGroups:
- '*'
resources:
- policyreports
- policyreports/status
- clusterpolicyreports
- clusterpolicyreports/status
verbs:
- get
- create
- update
- delete
{{- end }}
{{- end -}}

13
charts/policy-reporter/charts/kyvernoPlugin/templates/config-secret.yaml Normal file
View file

@ -0,0 +1,13 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "kyvernoplugin.fullname" . }}-config
{{- if .Values.annotations }}
annotations:
{{- toYaml .Values.annotations | nindent 4 }}
{{- end }}
labels:
{{- include "kyvernoplugin.labels" . | nindent 4 }}
type: Opaque
data:
config.yaml: {{ tpl (.Files.Get "config.yaml") . | b64enc }}

17
charts/policy-reporter/charts/kyvernoPlugin/templates/deployment.yaml
View file

@ -2,10 +2,11 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "kyvernoplugin.fullname" . }}
{{- if .Values.annotations }}
annotations:
{{- toYaml .Values.annotations | nindent 4 }}
{{- end }}
checksum/secret: {{ include (print .Template.BasePath "/config-secret.yaml") . | sha256sum | quote }}
{{- if .Values.annotations }}
{{- toYaml .Values.annotations | nindent 4 }}
{{- end }}
labels:
{{- include "kyvernoplugin.labels" . | nindent 4 }}
spec:
@ -64,6 +65,16 @@ spec:
{{- toYaml .Values.readinessProbe | nindent 12 }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- name: config-file
mountPath: /app/config.yaml
subPath: config.yaml
readOnly: true
volumes:
- name: config-file
secret:
secretName: {{ include "kyvernoplugin.fullname" . }}-config
optional: true
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}

9
charts/policy-reporter/charts/kyvernoPlugin/values.yaml
View file

@ -2,7 +2,7 @@ image:
registry: ghcr.io
repository: kyverno/policy-reporter-kyverno-plugin
pullPolicy: IfNotPresent
tag: 1.3.0
tag: 1.3.1
imagePullSecrets: []
@ -110,6 +110,13 @@ rest:
metrics:
enabled: true
blockReports:
enabled: false
eventNamespace: default
results:
maxPerReport: 200
keepOnlyLatest: false
# Enable a NetworkPolicy for this chart. Useful on clusters where Network Policies are
# used and configured in a default-deny fashion.
networkPolicy:

38
charts/policy-reporter/charts/monitoring/templates/clusterpolicy-details.dashboard.yaml
View file

@ -119,7 +119,7 @@ data:
"pluginVersion": "7.1.5",
"targets": [
{
"expr": "sum(cluster_policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", kind=~\"$kind\", status=\"pass\"})",
"expr": "sum(cluster_policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", source=~\"$source\", kind=~\"$kind\", status=\"pass\"})",
"instant": true,
"interval": "",
"legendFormat": "",
@ -175,7 +175,7 @@ data:
"pluginVersion": "7.1.5",
"targets": [
{
"expr": "sum(policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", kind=~\"$kind\", status=\"warn\"})",
"expr": "sum(policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", source=~\"$source\", kind=~\"$kind\", status=\"warn\"})",
"instant": true,
"interval": "",
"legendFormat": "",
@ -231,7 +231,7 @@ data:
"pluginVersion": "7.1.5",
"targets": [
{
"expr": "sum(cluster_policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", kind=~\"$kind\", status=\"fail\"})",
"expr": "sum(cluster_policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", source=~\"$source\", kind=~\"$kind\", status=\"fail\"})",
"instant": true,
"interval": "",
"legendFormat": "",
@ -287,7 +287,7 @@ data:
"pluginVersion": "7.1.5",
"targets": [
{
"expr": "sum(cluster_policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", kind=~\"$kind\", status=\"error\"})",
"expr": "sum(cluster_policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", source=~\"$source\", kind=~\"$kind\", status=\"error\"})",
"instant": true,
"interval": "",
"legendFormat": "",
@ -348,7 +348,7 @@ data:
"steppedLine": false,
"targets": [
{
"expr": "sum(cluster_policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", kind=~\"$kind\"} > 0) by (status)",
"expr": "sum(cluster_policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", source=~\"$source\", kind=~\"$kind\"} > 0) by (status)",
"interval": "",
"legendFormat": "{{`{{ status }}`}}",
"refId": "A"
@ -435,7 +435,7 @@ data:
"pluginVersion": "7.1.5",
"targets": [
{
"expr": "sum(cluster_policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", kind=~\"$kind\", status=\"pass\"}) by (policy,rule,kind,name,status,severity,category)",
"expr": "sum(cluster_policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", kind=~\"$kind\", source=~\"$source\", status=\"pass\"}) by (policy,rule,kind,name,status,severity,category,source)",
"format": "table",
"instant": true,
"interval": "",
@ -512,7 +512,7 @@ data:
"pluginVersion": "7.1.5",
"targets": [
{
"expr": "sum(cluster_policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", kind=~\"$kind\", status=\"fail\"}) by (policy,rule,kind,name,status,severity,category)",
"expr": "sum(cluster_policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", source=~\"$source\", kind=~\"$kind\", status=\"fail\"}) by (policy,rule,kind,name,status,severity,category,source)",
"format": "table",
"instant": true,
"interval": "",
@ -586,7 +586,7 @@ data:
"pluginVersion": "7.1.5",
"targets": [
{
"expr": "sum(cluster_policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", kind=~\"$kind\", status=\"warn\"}) by (policy,rule,kind,name,status,severity,category)",
"expr": "sum(cluster_policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", source=~\"$source\", kind=~\"$kind\", status=\"warn\"}) by (policy,rule,kind,name,status,severity,category,source)",
"format": "table",
"instant": true,
"interval": "",
@ -660,7 +660,7 @@ data:
"pluginVersion": "7.1.5",
"targets": [
{
"expr": "sum(cluster_policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", kind=~\"$kind\", status=\"error\"}) by (policy,rule,kind,name,status,severity,category)",
"expr": "sum(cluster_policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", source=~\"$source\", kind=~\"$kind\", status=\"error\"}) by (policy,rule,kind,name,status,severity,category,source)",
"format": "table",
"instant": true,
"interval": "",
@ -788,6 +788,26 @@ data:
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": ".*",
"definition": "label_values(cluster_policy_report_result, source)",
"hide": 0,
"includeAll": true,
"label": "Source",
"multi": true,
"name": "source",
"options": [],
"query": "label_values(cluster_policy_report_result, source)",
"refresh": 2,
"regex": "",
"skipUrlSync": false,
"sort": 5,
"tagValuesQuery": "",
"tags": [],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},

32
charts/policy-reporter/charts/monitoring/templates/overview.dashboard.yaml
View file

@ -111,7 +111,7 @@ data:
"pluginVersion": "7.1.5",
"targets": [
{
"expr": "sum(policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", kind=~\"$kind\", exported_namespace=~\"$namespace\", status=~\"fail|error\"} > 0) by (exported_namespace)",
"expr": "sum(policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", source=~\"$source\", kind=~\"$kind\", exported_namespace=~\"$namespace\", status=~\"fail|error\"} > 0) by (exported_namespace)",
"instant": true,
"interval": "",
"legendFormat": "{{`{{ exported_namespace }}`}}",
@ -172,7 +172,7 @@ data:
"pluginVersion": "7.1.5",
"targets": [
{
"expr": "sum(cluster_policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", kind=~\"$kind\", status=~\"fail|error\"} > 0) by (status)",
"expr": "sum(cluster_policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", source=~\"$source\", kind=~\"$kind\", status=~\"fail|error\"} > 0) by (status)",
"format": "time_series",
"interval": "",
"intervalFactor": 1,
@ -234,13 +234,13 @@ data:
"steppedLine": false,
"targets": [
{
"expr": "sum(cluster_policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", kind=~\"$kind\", status=~\"fail|error\"} > 0) by (policy)",
"expr": "sum(cluster_policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", source=~\"$source\", kind=~\"$kind\", status=~\"fail|error\"} > 0) by (policy)",
"interval": "",
"legendFormat": "{{`{{ policy }}`}}",
"refId": "A"
},
{
"expr": "sum(policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", kind=~\"$kind\", exported_namespace=~\"$namespace\", status=~\"fail|error\"} > 0) by (policy)",
"expr": "sum(policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", source=~\"$source\", kind=~\"$kind\", exported_namespace=~\"$namespace\", status=~\"fail|error\"} > 0) by (policy)",
"interval": "",
"legendFormat": "{{`{{ policy }}`}}",
"refId": "B"
@ -325,7 +325,7 @@ data:
"pluginVersion": "7.1.5",
"targets": [
{
"expr": "sum(policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", kind=~\"$kind\", exported_namespace=~\"$namespace\", status=~\"fail|error\"}) by (exported_namespace,policy,rule,kind,name,status,category,severity)",
"expr": "sum(policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", source=~\"$source\", kind=~\"$kind\", exported_namespace=~\"$namespace\", status=~\"fail|error\"}) by (exported_namespace,policy,rule,kind,name,status,category,severity,source)",
"format": "table",
"instant": true,
"interval": "",
@ -399,7 +399,7 @@ data:
"pluginVersion": "7.1.5",
"targets": [
{
"expr": "sum(cluster_policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", kind=~\"$kind\", status=~\"fail|error\"}) by (policy,rule,kind,name,status,category,severity)",
"expr": "sum(cluster_policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", source=~\"$source\", kind=~\"$kind\", status=~\"fail|error\"}) by (policy,rule,kind,name,status,category,severity,source)",
"format": "table",
"instant": true,
"interval": "",
@ -549,6 +549,26 @@ data:
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": ".*",
"definition": "label_values({__name__=~ \"policy_report_result|cluster_policy_report_result\", status=~\"fail|error\"}, source)",
"hide": 0,
"includeAll": true,
"label": "Source",
"multi": true,
"name": "source",
"options": [],
"query": "label_values({__name__=~ \"policy_report_result|cluster_policy_report_result\", status=~\"fail|error\"}, source)",
"refresh": 2,
"regex": "",
"skipUrlSync": false,
"sort": 5,
"tagValuesQuery": "",
"tags": [],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},

38
charts/policy-reporter/charts/monitoring/templates/policy-details.dashboard.yaml
View file

@ -120,7 +120,7 @@ data:
"pluginVersion": "7.1.5",
"targets": [
{
"expr": "sum(policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", kind=~\"$kind\", exported_namespace=~\"$namespace\", status=\"pass\"} > 0) by (exported_namespace)",
"expr": "sum(policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", source=~\"$source\", kind=~\"$kind\", exported_namespace=~\"$namespace\", status=\"pass\"} > 0) by (exported_namespace)",
"instant": true,
"interval": "",
"legendFormat": "{{`{{ exported_namespace }}`}}",
@ -174,7 +174,7 @@ data:
"pluginVersion": "7.1.5",
"targets": [
{
"expr": "sum(policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", kind=~\"$kind\", exported_namespace=~\"$namespace\", status=\"fail\"} > 0) by (exported_namespace)",
"expr": "sum(policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", source=~\"$source\", kind=~\"$kind\", exported_namespace=~\"$namespace\", status=\"fail\"} > 0) by (exported_namespace)",
"instant": true,
"interval": "",
"legendFormat": "{{`{{ exported_namespace }}`}}",
@ -229,7 +229,7 @@ data:
"pluginVersion": "7.1.5",
"targets": [
{
"expr": "sum(policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", kind=~\"$kind\", exported_namespace=~\"$namespace\", status=\"warn\"} > 0) by (exported_namespace)",
"expr": "sum(policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", source=~\"$source\", kind=~\"$kind\", exported_namespace=~\"$namespace\", status=\"warn\"} > 0) by (exported_namespace)",
"instant": true,
"interval": "",
"legendFormat": "{{`{{ exported_namespace }}`}}",
@ -283,7 +283,7 @@ data:
"pluginVersion": "7.1.5",
"targets": [
{
"expr": "sum(policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", kind=~\"$kind\", exported_namespace=~\"$namespace\", status=\"error\"} > 0) by (exported_namespace)",
"expr": "sum(policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", source=~\"$source\", kind=~\"$kind\", exported_namespace=~\"$namespace\", status=\"error\"} > 0) by (exported_namespace)",
"instant": true,
"interval": "",
"legendFormat": "{{`{{ exported_namespace }}`}}",
@ -345,7 +345,7 @@ data:
"steppedLine": false,
"targets": [
{
"expr": "sum(policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", kind=~\"$kind\", exported_namespace=~\"$namespace\"} > 0) by (status, exported_namespace)",
"expr": "sum(policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", source=~\"$source\", kind=~\"$kind\", exported_namespace=~\"$namespace\"} > 0) by (status, exported_namespace)",
"interval": "",
"legendFormat": "{{`{{ exported_namespace }}`}} {{`{{ status }}`}}",
"refId": "A"
@ -432,7 +432,7 @@ data:
"pluginVersion": "7.1.5",
"targets": [
{
"expr": "sum(policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", kind=~\"$kind\", exported_namespace=~\"$namespace\", status=\"pass\"}) by (exported_namespace,category,policy,rule,kind,name,severity,status)",
"expr": "sum(policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", source=~\"$source\", kind=~\"$kind\", exported_namespace=~\"$namespace\", status=\"pass\"}) by (exported_namespace,category,policy,rule,kind,name,severity,status,source)",
"format": "table",
"instant": true,
"interval": "",
@ -510,7 +510,7 @@ data:
"pluginVersion": "7.1.5",
"targets": [
{
"expr": "sum(policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", kind=~\"$kind\", exported_namespace=~\"$namespace\", status=\"fail\"}) by (exported_namespace,category,policy,rule,kind,name,severity,status)",
"expr": "sum(policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", source=~\"$source\", kind=~\"$kind\", exported_namespace=~\"$namespace\", status=\"fail\"}) by (exported_namespace,category,policy,rule,kind,name,severity,status)",
"format": "table",
"instant": true,
"interval": "",
@ -585,7 +585,7 @@ data:
"pluginVersion": "7.1.5",
"targets": [
{
"expr": "sum(policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", kind=~\"$kind\", exported_namespace=~\"$namespace\", status=\"warn\"}) by (exported_namespace,category,policy,rule,kind,name,severity,status)",
"expr": "sum(policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", source=~\"$source\", kind=~\"$kind\", exported_namespace=~\"$namespace\", status=\"warn\"}) by (exported_namespace,category,policy,rule,kind,name,severity,status,source)",
"format": "table",
"instant": true,
"interval": "",
@ -660,7 +660,7 @@ data:
"pluginVersion": "7.1.5",
"targets": [
{
"expr": "sum(policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", kind=~\"$kind\", exported_namespace=~\"$namespace\", status=\"error\"}) by (exported_namespace,category,policy,rule,kind,name,severity,status)",
"expr": "sum(policy_report_result{policy=~\"$policy\", category=~\"$category\", severity=~\"$severity\", source=~\"$source\", kind=~\"$kind\", exported_namespace=~\"$namespace\", status=\"error\"}) by (exported_namespace,category,policy,rule,kind,name,severity,status,source)",
"format": "table",
"instant": true,
"interval": "",
@ -808,6 +808,26 @@ data:
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": ".*",
"definition": "label_values(policy_report_result, source)",
"hide": 0,
"includeAll": true,
"label": "Source",
"multi": true,
"name": "source",
"options": [],
"query": "label_values(policy_report_result, source)",
"refresh": 2,
"regex": "",
"skipUrlSync": false,
"sort": 5,
"tagValuesQuery": "",
"tags": [],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},

2
charts/policy-reporter/templates/deployment.yaml
View file

@ -93,7 +93,7 @@ spec:
{{- else }}
secretName: {{ include "policyreporter.fullname" . }}-config
{{- end }}
optional: true
optional: true
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}