Manage PolicyPriorities with Helm (#17)

* Manage PolicyPriorities with Helm

.github/workflows/ci.yaml

@@ -15,6 +15,10 @@ on:
       - README.md
       - charts/**
 
+  pull_request:
+    branches:
+      - main
+
 jobs:
   test:
     runs-on: ubuntu-latest

README.md

@@ -140,17 +140,33 @@ You can combine multiple targets by setting the required `host` or `webhook` con
 
 ## Configure Policy Priorities
 
-By default kyverno PolicyReports has no priority or severity for policies. So every passed rule validation will be processed as notice, a failed validation is processed as error. To customize this you can configure a mapping from policies to fail priorities. So you can send them as debug, info or warnings instead of errors. To configure the priorities enale the required `Role` and `RoleBinding` by setting `policyPriorities.enabled` to `true` and create a ConfigMap in the `policy-reporter` namespace with the name `policy-reporter-priorities`. Configure each priority as value with the __Policyname__ as key and the __Priority__ as value. This Configuration is loaded and synchronized during runtime. Any change to this configmap will automaticly synchronized, no new deployment needed.
+By default kyverno PolicyReports has no priority or severity for policies. So every passed rule validation will be processed as notice, a failed validation is processed as error. To customize this you can configure a mapping from policies to fail priorities. So you can send them as debug, info or warnings instead of errors. 
 
 A special Policyname `default` is supported. The `default` configuration can be used to set a global default priority instead of `error`.
 
-### Enable the required Role and RoleBinding
+### Configure with Helm
+
+You can configure the Policy Priorities with Helm. Configure `mapping` under `policyPriorities` with a map of __Policyname__ and __Priority__ pairs, like below.
+
+```yaml
+policyPriorities:
+  enabled: true
+  mapping:
+    default: warning
+    require-ns-labels: error
+```
+
+### Self managed ConfigMap
+
+To configure the priority `ConfigMap` on your own, enable the required `Role` and `RoleBinding` by setting `policyPriorities.enabled` to `true` and create a ConfigMap in your Release Namespace with the name `policy-reporter-priorities`. Configure each priority as value with the __Policyname__ as key and the __Priority__ as value. This Configuration is loaded and synchronized during runtime. Any change to this configmap will automaticly synchronized, no new deployment needed.
+
+#### Enable the required Role and RoleBinding
 
 ```bash
 helm install policy-reporter policy-reporter/policy-reporter --set policyPriorities.enabled=true -n policy-reporter --create-namespace
 ```
 
-### Create the ConfigMap
+#### Create the ConfigMap
 ```bash
 kubectl create configmap policy-reporter-priorities --from-literal check-label-app=warning --from-literal require-ns-labels=warning -n policy-reporter
 ```
@@ -287,6 +303,9 @@ ui:
 
 policyPriorities:
   enabled: true
+  mapping:
+    default: warning
+    require-ns-labels: error
 
 target:
   loki:

charts/policy-reporter/Chart.yaml

@@ -5,7 +5,7 @@ description: |
   It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord
 
 type: application
-version: 0.18.0
+version: 0.19.0
 appVersion: 0.12.0
 
 dependencies:

charts/policy-reporter/templates/prioritymap.yaml

@@ -0,0 +1,12 @@
+{{- if and .Values.policyPriorities.enabled .Values.policyPriorities.mapping -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: policy-reporter-priorities
+  labels:
+    {{- include "policyreporter.labels" . | nindent 4 }}
+data:
+  {{- with .Values.policyPriorities.mapping }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

charts/policy-reporter/values.yaml

@@ -93,6 +93,12 @@ api:
 # Policy Priorities
 policyPriorities:
   enabled: false
+  # configure mappings from policy to priority
+  # you can use default to configure a default priority not passing results
+  # example mapping
+  #   default: warning
+  #   require-ns-labels: error
+  mapping: {}
 
 # Supported targets for new PolicyReport Results
 target: