# Changelog # 2.24.2 * Policy Reporter v2.20.2 * Fix LeaderElection without configurared pushes # 2.24.1 * Policy Reporter v2.20.1 * Propagate Slack channel Override [[#459](https://github.com/kyverno/policy-reporter/pull/459)] [[#460](https://github.com/kyverno/policy-reporter/pull/460)] by [jescarri](https://github.com/jescarri) # 2.24.0 * Helm Chart * GrafanaDashboard configuration [[#441](https://github.com/kyverno/policy-reporter/pull/441) by [nlamirault](https://github.com/nlamirault)] * Added support of sidecars and extraManifests [[#439](https://github.com/kyverno/policy-reporter/pull/439) by [wbmillogo](https://github.com/wbmillogo)] * Policy Reporter v2.20.0 * fix(S3): Make `bucket` for S3 targets mendatory and don't show error logs if WebIdentity is used. * fix(email): Fix violations "email sent to" log [[#444](https://github.com/kyverno/policy-reporter/pull/444) by [cosimomeli](https://github.com/cosimomeli)] * feature(SecurityHub): fix product name field and allow to set company name [[#446](https://github.com/kyverno/policy-reporter/pull/446) by [balonik](https://github.com/balonik)] * feature(AWS): recognize if AWS Pod Identity is present [[#452](https://github.com/kyverno/policy-reporter/pull/452) by [balonik](https://github.com/balonik)] * feature(metrics); Add kind attribute in the Metrics filter [[#442](https://github.com/kyverno/policy-reporter/pull/442) by [abdul-jabbar01](https://github.com/abdul-jabbar01)] * docs: point to ui subchart's values.yaml [[#450](https://github.com/kyverno/policy-reporter/pull/450) by [ustuehler](https://github.com/ustuehler)] # 2.23.1 * Helm Chart * Update AppVersion in `values.yaml` # 2.23.0 * Helm Chart * fix: use /healthz for liveness and /ready for readiness [[#435](https://github.com/kyverno/policy-reporter/pull/435) by [rsicart](https://github.com/rsicart)] * Policy Reporter v2.19.0 * New HTML Report API `/v1/html-report/violations` * CleanUp Listener for AWS SecurityHub * SourcConfig enables a custom ID generation logic per source * Deprecated PriorityMapping is removed, its recommanded to configure it via Severity * Support Workload Identity for GoogleCloudStorage target # 2.22.5 * Helm Chart * fix(helm): correct typo when using global.annotations [[#420](https://github.com/kyverno/policy-reporter/pull/420) by [ThomasLachaux](https://github.com/ThomasLachaux)] * Policy Reporter v2.18.2 * Add support for custom headers for the Loki target * Depdency Updates * Upgrade to Go v1.22 # 2.22.4 * Helm Chart * fix(helm): mapping of headers properties to from values.yaml to config.yaml # 2.22.3 * Helm Chart * fix(helm): typo in email report config [[#413](https://github.com/kyverno/policy-reporter/pull/413) by [sudoleg](https://github.com/sudoleg)] # 2.22.2 * Helm Chart * Policy Reporter v2.18.1 * Fix Resource Mapping in Violation Report E-Mails # 2.22.1 * Helm Chart * Fix indentation in SummaryReport CronJob # 2.22.0 * Helm Chart * Policy Reporter v2.18.0 * Support HTTP BasicAuth for Loki [[#394](https://github.com/kyverno/policy-reporter/pull/394) by [YannickTeKulve](https://github.com/YannickTeKulve)] * Update README Targets and Links [[#396](https://github.com/kyverno/policy-reporter/pull/396) by [vponoikoait](https://github.com/vponoikoait)] * AccoundID for SecurityHub is now optional if IRSA is used. * Removed unused from config.yaml. Stream name isn't a property of SecurityHub [[#403](https://github.com/kyverno/policy-reporter/pull/403) by [vponoikoait](https://github.com/vponoikoait)] * Support `certificate` and `skipTLS` configuration for SMTP Client configuration. * Policy Reporter Kyverno Plugin v1.6.3 * Fix HTML Report Details * Monitoring Chart * Add Rule filter to Grafana PolicyReport Details Dashboard [[#399](https://github.com/kyverno/policy-reporter/pull/399) by [lukashankeln](https://github.com/lukashankeln)] # 2.21.6 * Helm Chart * Policy Reporter v2.17.5 * Compatibility with elasticSearch typeless API [[#387](https://github.com/kyverno/policy-reporter/pull/387) by [guipal](https://github.com/guipal)] * Allow labels to be set on ingress [[#392](https://github.com/kyverno/policy-reporter/pull/392) by [jseiser](https://github.com/jseiser)] * Dependency Updates * Policy Reporter UI v1.9.2 * Dependency Updates * Fix Result Message Space in PolicyReportResults Table * Policy Reporter Kyverno Plugin v1.6.2 * Dependency Updates # 2.21.5 * Helm Chart * Policy Reporter UI * Add `annotations` UI values to UI deployment * Policy Reporter * Add `/tmp` volume for SQLite [[#380](https://github.com/kyverno/policy-reporter/pull/380) by [mikebryant](https://github.com/mikebryant)] # 2.21.4 * Helm Chart * Allow additional env variables to be added [[#378](https://github.com/kyverno/policy-reporter/pull/378) by [kbcbals](https://github.com/kbcbals)] # 2.21.3 * Policy Reporter v2.17.4 * Fix Result Resource mapping * Policy Reporter v2.17.3 * Fix handling if metric cache fallback * Helm Chart * Configure `resources` for email report CronJobs via `emailReports.resources` # 2.21.2 * Policy Reporter v2.17.2 * Fix ID generation for PolicyReportResults which using `scope` as resource reference * Add optional `message` metric label * Helm Chart * fix: Add chart parameters for setting `revisionHistoryLimit` [[#363](https://github.com/kyverno/policy-reporter/pull/363) by [bodgit](https://github.com/bodgit)] * fix: allow not setting `.Values.podSecurityContext` for kyvernoPlugin [[#361](https://github.com/kyverno/policy-reporter/pull/361) by [haraldsk](https://github.com/haraldsk)] # 2.21.1 * Helm Chart * Use correct namespace label based on the `monitoring.serviceMonitor.honorLabels` configuration in all Dashboards # 2.21.0 * Policy Reporter * Migrate to AWS SDK v2 * Dependency Update * Create Roles/ Rolebindings when service account is not managed [[#348](https://github.com/kyverno/policy-reporter/pull/348) by [josqu4red](https://github.com/josqu4red)] * Policy Reporter UI * Update GO dependencies * Policy Reporter Kyverno Plugin * Update GO dependencies # 2.20.1 * Policy Reporter * fix: scope kind mapping * feat: add debug http logging [[#346](https://github.com/kyverno/policy-reporter/pull/346) by [blakepettersson](https://github.com/blakepettersson)] * build: cache go mod [[#345](https://github.com/kyverno/policy-reporter/pull/345) by [blakepettersson](https://github.com/blakepettersson)] # 2.20.1 * Policy Reporter * Support GoogleChat as new notification target * Support Telegram as new notification target * Support HTTP BasicAuth for API and metrics * Go update to v1.21 * Policy Reporter UI * Support HTTP BasicAuth authenticated API calls * Go update to v1.21 * Policy Reporter KyvernoPlugin * Support HTTP BasicAuth for API and metrics * Go update to v1.21 # 2.19.4 * Helm Chart * Fix ingress TLS rendering # 2.19.3 * Helm Chart * Fix Ingress TLS block [[#317](https://github.com/kyverno/policy-reporter/pull/317) by [rufusnufus](https://github.com/rufusnufus)] * Make inverval and scrapeTimeout configurable on ServiceMonitors [[#318](https://github.com/kyverno/policy-reporter/pull/318) by [fhielpos](https://github.com/fhielpos)] # 2.19.2 * Policy Reporter * Fix mapping of `mountedSecret` for all missing targets * Implement retry for `secretRef` secret fetching # 2.19.1 * Policy Reporter * AWS IRSA Authentication Support * Add `source` attribute to JSON ouput [[#311](https://github.com/kyverno/policy-reporter/pull/311) by [nikolay-o](https://github.com/nikolay-o)] # 2.19.0 * Policy Reporter * New AWS SecurityHub push target - See [values.yaml](https://github.com/kyverno/policy-reporter/blob/main/charts/policy-reporter/values.yaml#L550) for available configurations * External DB support (PostgreSQL, MySQL, MariaDB) - See [values.yaml](https://github.com/kyverno/policy-reporter/blob/main/charts/policy-reporter/values.yaml#L172) for available configurations * HA Mode support - only leader write into the DB * Versioned Schema, autoupdated when another version is detected * Configurable over values and secrets * Cache improvements to reduce duplicated pushes * Split Category API into namespaced scoped and cluster scoped API * Support search for contained words in the results API * Policy Reporter UI * Update API requests # 2.18.3 * Policy Reporter * new value to add `priorityClassName` to pods [[#283](https://github.com/kyverno/policy-reporter/pull/283) by [boniek83](https://github.com/boniek83)] * fixed syntax error for policy reporter config.yaml [[#295](https://github.com/kyverno/policy-reporter/pull/295) by [nikolay-o](https://github.com/nikolay-o)] * fixed customFields for kinesis targets [[#295](https://github.com/kyverno/policy-reporter/pull/295) by [nikolay-o](https://github.com/nikolay-o)] * image signing and sbom generation for new Policy Reporter images # 2.18.2 * Policy Reporter UI * Container signing and SBOM generation * New config `api.overwriteHost` to control the proxy host behavior # 2.18.1 * Signed Helm Chart * Policy Reporter * New `channel` property for Slack targets to define the Slack channel to send the results too * New `mountedSecret` property to read target configs from a mounted secret [[#282](https://github.com/kyverno/policy-reporter/pull/282) by [rromic](https://github.com/rromic)] * AWS KMS support for S3 target with new properties `bucketKeyEnabled`, `kmsKeyId` and `serverSideEncryption` [[#281](https://github.com/kyverno/policy-reporter/pull/281) by [rromic](https://github.com/rromic)] * Mountet secret needs to be in json format with keys defined in kubernetes/secrets Values struct. * Monitoring * Add `namespaceSelector` to `serviceMonitor` values # 2.18.0 * Policy Reporter * Improved logging configuration * Support JSON logging * Support log level * optional API access logging with `api.logging` set to `true` * New aggregation table for API performance improvements * Helm Ingress template * New Google Cloud Storage Target * Requires `credentials` as JSON String and the `bucket` name * Added in the helm valus under `target.gcs` * Policy Reporter KyvernoPlugin * Helm Ingress template * Improved logging configuration * Support JSON logging * Support log level * Policy Reporter UI * Improved logging configuration * Support JSON logging * Support log level * Proxy Logging # 2.17.0 * Policy Reporter * Use metaclient to reduce informer memory usage * Use workerqueue to control concurrent processing of PolicyReports * Remove internal PolicyReport structures * Make sqlite volume configurable [[#255](https://github.com/kyverno/policy-reporter/pull/255) by [monotek](https://github.com/monotek)] * use defer to unlock when possible [[#259](https://github.com/kyverno/policy-reporter/pull/259) by [eddycharly](https://github.com/eddycharly)] * Policy Reporter UI * New SSL configs for external clusters * `skipTLS` to disable SSL verification * `certificate` to configure a path to a custom CA for self signed URLs * New Helm values `ui.volumes` and `ui.volumeMounts` to add your custom CAs as mounts to the UI deployment. # 2.16.0 * Add `nameOverride` to all charts [[#254](https://github.com/kyverno/policy-reporter/pull/254) by [mjnagel](https://github.com/mjnagel)] # 2.15.0 * Add values to configure `topologySpreadConstraints` for all components [[#241](https://github.com/kyverno/policy-reporter/pull/241) by [Kostavro](https://github.com/Kostavro)] * Fixing comment formats and deprecations [[#250](https://github.com/kyverno/policy-reporter/pull/250) by [fengshunli](https://github.com/fengshunli)] * Add new APIs for PolicyReport and ClusterPolicyReport metadata (`/v1/policy-reports`, `/v1/cluster-policy-reports`) [[#251](https://github.com/kyverno/policy-reporter/pull/251) * `search` filter also checks the resource kind * Use correct probes in core deployment [[#236](https://github.com/kyverno/policy-reporter/pull/236) by [rgarcia89](https://github.com/rgarcia89)] * Add source to PolicyReport Table and improve report-label API [[#252](https://github.com/kyverno/policy-reporter/pull/252) # 2.14.1 * Policy Reporter * Fix generate multiple custom metrics # 2.14.0 * Policy Reporter * Persist also PolicyReport labels * API * New API to get available labels for PolicyReports: `/v1/namespaced-resources/report-labels` * New API to get available labels for ClusterPolicyReports: `/v1/cluster-resources/report-labels` * Metrics * special syntax to add report labels to metric labels: `label:report-label-name`, special characters like `-`, `/`, `.`, `:` will be transformed to `_` in metrics * New Target Filter `reportLabel` to, filter results based on labels of the related (Cluster)PolicyReport * Monitoring * New values to disable dedicated Grafana Dashboards: - `grafana.dashboards.enable.overview`, default `true` - `grafana.dashboards.enable.policyReportDetails`, default `true` - `grafana.dashboards.enable.clusterPolicyReportDetails`, default `true` * New values to configure the Grafana Dashboard datasource label, pluginName, pluginId - `grafana.datasource.label`, default `Prometheus` - `grafana.datasource.pluginName`, default `Prometheus` - `grafana.datasource.pluginId`, default `prometheus` * New value `grafana.dashboards.labelFilter` to add custom report labels as dashboard filter, default `[]`. Label has to be a valid prometheus label, e.g. `created-by` => `created_by`. * New values `grafana.dashboards.multicluster.enabled` and `grafana.dashboards.multicluster.label` to add an optional `cluster` label. * Kyverno Plugin * New HTML Compliance Reports * Grouped by Policy with Details per Namespace and Resource * Grouped by Namespace with Details per Policy and Resource * Go update to 1.19 * UI * Integrate new Compliance Reports * New PolicyReport label based filter, use `ui.labelFilter` to define a list of labels to add * Go update to 1.19 # 2.13.5 * Add configuration `target.s3.pathStyle` for the `S3` output # 2.13.4 * Fix `customFields` mapping in TargetFactory # 2.13.3 * Fix `customFields` property in values.yaml * Fix PolicyReporter `image.tag` version # 2.13.2 * Policy Reporter * Add `customFields` property to missing targets: `Elasticsearch`, `S3`, `Webhook`, `Kinesis` * Policy Reporter UI * Create Links out of URL property values * Monitoring * New `monitoring.serviceMonitor.honorLabels` and `monitoring.kyverno.serviceMonitor.honorLabels` value: chooses the metrics labels on collisions with target labels [[#216](https://github.com/kyverno/policy-reporter/pull/216) by [monotek](https://github.com/monotek)] # 2.13.1 * Policy Reporter * Fix persist error for duplicated IDs * Disable UI SA automount # 2.13.0 * Policy Reporter * New `certificate` config for `loki`, `elasticsearch`, `teams`, `webhook` and `ui`, to set the path to your custom certificate for the related client. * New `skipTLS` config for `loki`, `elasticsearch`, `teams`, `webhook` and `ui`, to skip tls if needed for the given target. * New `secretRef` for targets to reference a secret with the related `username`, `password`, `webhook`, `host`, `accessKeyId`, `secretAccessKey` information of the given target, instead of configure your credentials directly. * Policy Reporter UI * New value `refreshInterval` to configure the default refresh interval for API polling. Set `0` to disable polling. * Policy Reporter Kyverno Plugin * Fix the creation of duplicated results for PolicyReportResults. # 2.12.0 * Policy Reporter * New Helm Chart value to add extra volumes to PolicyReporter deployment [[#186](https://github.com/kyverno/policy-reporter/pull/186) by [preved911](https://github.com/preved911)] * HTTP Basic authentication for Elasticsearch targets with `username` and `password` configuration fields * `target.slack.customFields` map property for Slack pushes to add additional metadata to notifications like clustername * Add timestamp to Result REST APIs * Overwrite the installation target namespace via the new `global.namespace` value. # 2.11.3 * Policy Reporter * New `emailReports.smtp.secret` configuration to use an existing external secret to configure your SMTP connection * You can set all or a subset of the available keys in your secret: `host`, `port`, `username`, `password`, `from`, `encryption` * Keys available in your secret have a higher priority as your Helm release values. # 2.11.2 * Policy Reporter * Add new Severity values `info` and `critical` * Update PolicyReport ID generierung * Policy Reporter UI * Fix Grouping by Policy and Categories * Fix ReverseProxy RequestHost * New configuration `ui.clusterName` which is used in the ClusterSelect, if you configure additional Clusters * Policy Reporter Kyverno Plugin * Add `time` property to PolicyReportResults # 2.11.1 * Policy Reporter * Fix `CronJob` Resources by [[#157](https://github.com/kyverno/policy-reporter/pull/178) by [MaxRink](https://github.com/MaxRink)] * Policy Reporter UI * Fix API Proxy for APIs behind ReverseProxy (like NGINX Ingress) # 2.11.0 * Policy Reporter * High Availability support with leaderelection for necessary features like target pushes, to avoid duplicated pushes by multiple instances * Add new `role` and `rolebinding` to manage lease objects if leaderelection is enabled * Add redis configuration to the Helm Chart for external cache storage * Add PodDisruptionBudget for HA Deployments (replicaCount > 1) * Add `skipTLS` configuration for MS Teams Webhook * Policy Reporter KyvernoPlugin * High Availability support with leaderelection for necessary features like PolicyReport management for blocked resources * Add new `role` and `rolebinding` to manage lease objects if leaderelection is enabled * Add PodDisruptionBudget for HA Deployments (replicaCount > 1) * Internal refactoring for better CRD management * Policy Reporter UI * Add redis as possible log storage to support high availability deployments * Add PodDisruptionBudget for HA Deployments (replicaCount > 1) # 2.10.3 * Policy Reporter * Add new config `target.loki.path` to overwrite the deprected prom push API # 2.10.2 * Policy Reporter UI * New option `ui.clusters` makes it possible to configure additional external Policy Reporter APIs (details) * General UI improvements for loading state and error handling # 2.10.1 * Monitoring * Fix Datasource for Metrics and Filters in the preconfigured Dashboards * Add Datasource as additional Select to the preconfigured Dashboards # 2.10.0 * Policy Reporter * Email Reports * Send Summary Reports over SMTP to different E-Mails * Supports channels and filters to send different subsets of Namespaces or Sources to dedicated E-Mails * Reports are generated and send over dedicated CronJobs, this makes it easy to send the reports as often as needed * Currently a basic summary and a more detailed violation report is available and can be separatly enabled and configured * Metrics * Add `metrics.mode` for less or custom metric values, to reduce cardinality * Monitoring * Fix Source Column for result tables * Fix Warn counter for ClusterPolicyReport Details # 2.9.5 * Fix Policy Reporter Version in the Helm Chart values.yaml # 2.9.4 * Policy Reporter * Add [AWS Kinesis](https://aws.amazon.com/kinesis) compatible target * Add new Helm value `profiling.enabled` to enable pprof profiling, disabled by default * Improved Informer handling # 2.9.3 * Policy Reporter * Fix `grafana.dashboards.value` type conversion [[fix #158](https://github.com/kyverno/policy-reporter/issues/158)] # 2.9.2 * Policy Reporter * Add `grafana.dashboards.value` value to configure the ConfigMap label value for the Prometheus Operator by [[#157](https://github.com/kyverno/policy-reporter/pull/157) by [stone-z](https://github.com/stone-z)] # 2.9.1 * Policy Reporter * Name Configuration for Target (Channels) to customize UI Labels * Policy Reporter UI * Fix table on chip selection * Order labels * Return 404 Status Code for non existing URL paths # 2.9.0 * Policy Reporter * New configuration to use Redis as external result caching store * SQLite Improvement: Use batch insertion for PolicyReportResults * PolicyReport Informer Update: Use typed informer to improve performance and memory usage * Drop support for `v1alpha1` of the PolicyReport CRD * Serverside Pagination for better Dashboard performance * Concurrent PolicyReport processing * Policy Reporter UI * Serverside Pagination support * Dynamic Chart sizes * Policy Reporter Kyverno Plugin * Generate Policy Reports for enforcement violations # 2.8.0 * Policy Reporter * New target filter and channels to define multiple configurations of the same target * Filter target results by exclude and include rules for namesapces, priorities and policies * Support wildcards for policies and namespaces * New __webhook__ target * this target is a simple way to send notifications to custom tools and APIs * results are send as POST requests with a JSON representation of the result * the _headers_ properties allows you to send custom header with the request to allow for example authentication # 2.7.1 * Policy Reporter * Add Resource APIVersion to the Results REST APIs # 2.7.0 * Policy Reporter * PolicyReport Filter: * PolicyReporter CRD Filter by Namespaces * Disable ClusterPolicyReport CRD processing # 2.6.3 * Policy Reporter * Fix Debouncer has wrong reference to OldPolicyReport when a result was cached. # 2.6.2 * Policy Reporter * Update Go to 1.17.8 * Add `serviceMonitor.relabelings` and `serviceMonitor.metricRelabelings` for ServiceMonitor configuration in the `monitoring` Subchart. * Add `kyverno.serviceMonitor.relabelings` and `kyverno.serviceMonitor.metricRelabelings` for the KyvernoPlugin ServiceMonitor configuration in the `monitoring` Subchart. * Policy Reporter UI * Update Go to 1.17.8 * Policy Reporter KyvernoPlugin * Update Go to 1.17.8 # 2.6.1 * Update Policy Reporter UI to v1.3.2 * Support access over Subpaths, e.g. Rancher Reverse Proxy * Update Policy Reporter Monitoring to v2.1.0 * Fix Failing ClusterPolicyRules Columns of the PolicyReports Dashboard * Add Filter to the PolicyReports Dashboard # 2.6.0 * Add seccomp profile support [[#120](https://github.com/kyverno/policy-reporter/pull/120) by [eddycharly](https://github.com/eddycharly)] # 2.5.0 * New Policy Reporter API to get a list of available resources * New Filter for Policies, Kinds, Categories and Results APIs # 2.4.0 * Policy Reporter * Add Support for custom Loki labels # 2.3.0 * Policy Reporter * Add Support for linux/s390x [[#115](https://github.com/kyverno/policy-reporter/pull/115) by [skuethe](https://github.com/skuethe)] * Policy Reporter UI * Add Support for linux/s390x [[#98](https://github.com/kyverno/policy-reporter-ui/pull/98) by [skuethe](https://github.com/skuethe)] * Policy Reporter KyvernoPlugin * Add Support for linux/s390x [[#13](https://github.com/kyverno/policy-reporter-kyverno-plugin/pull/13) by [skuethe](https://github.com/skuethe)] # 2.2.6 * Use upper case on drop capabilities [[#113](https://github.com/kyverno/policy-reporter/pull/113) by [skuethe](https://github.com/skuethe)] # 2.2.5 * Policy Reporter * Update Go to 1.17.6 [[#110](https://github.com/kyverno/policy-reporter/pull/110) by [realshuting](https://github.com/realshuting)] * Update Helm Chart with new component versions * Update dependencies * Policy Reporter UI * Update Go to 1.17.6 [[#93](https://github.com/kyverno/policy-reporter-ui/pull/93) by [realshuting](https://github.com/realshuting)] * Update dependencies * Policy Reporter KyvernoPlugin * Update Go to 1.17.6 [[#12](https://github.com/kyverno/policy-reporter-kyverno-plugin/pull/12) by [realshuting](https://github.com/realshuting)] # 2.2.4 * Fix PolicyReport Napper - string casting # 2.2.3 * Fix Helm Chart uihost template function. # 2.2.2 * Fix Helm Chart `values.yaml`. Cleanup unused default configurations. [[#103](https://github.com/kyverno/policy-reporter/pull/103) by [AndersBennedsgaard](https://github.com/AndersBennedsgaard)] # 2.2.1 * Fix Typo in values.yaml [[#102](https://github.com/kyverno/policy-reporter-ui/pull/102) by [christophefromparis](https://github.com/christophefromparis)] # 2.2.0 * Policy Reporter UI v1.2.0 * New configurations to customize the dashboard by disable PolicyReport- or ClusterPolicyReport information # 2.1.1 * Fix KyvernoPlugin Metrics ServiceMonitor Port [[#96](https://github.com/kyverno/policy-reporter-ui/pull/96) by [z0rc](https://github.com/z0rc)] * Remove unused Port from KyvernoPlugin Deployment and Service # 2.1.0 * KyvernoPlugin v1.1.0 * New KyvernoPlugin API - VerifyImages Rules (details) * Policy Reporter UI v1.1.0 * New Kyverno VerifyImages view in Policy Reporter UI * New configurations to disable views (details) # 2.0.1 * Remove NetworkPolicy ingress rule for UI if not enabled * Update Policy Reporter UI * Fix: Show PolicyReportResult Properties in Tables # 2.0.0 ## Chart * Removed deprecated values `crdVersion`, `cleanupDebounceTime` * Simplify `policyPriorities`, `policyPriorities.enabled` was removed along with the watch feature * Priority determined mainly over severity * Add `sources` filter to target configurations * Improved `NetworkPolicy` configuration for all components * Metrics now an optional feature * Each component expose a single Port `8080` See [Migration Docs](https://kyverno.github.io/policy-reporter/guide/05-migration) for details ## Policy Reporter * modular functions for separate activation/deactivation * REST API * Metrics API * Target pushes * PolicyReports are now stored in an internal SQLite * extended REST API based on the new SQLite DB for filters and grouping of data * metrics API is now optional * metrics and REST API using the same HTTP Server (were separated before) * improved CRD watch logic with Kubernetes client informer * `Yandex` changed to a general `S3` target. ## Policy Reporter UI * Rewrite with NuxtJS * Simplified Proxy * Improved SPA file handling ## Policy Reporter Kyverno Plugin * modular functions for separate activation/deactivation * REST API * Metrics API * metrics and REST API using the same HTTP Server (were separated before) * improved CRD watch logic with Kubernetes client informer # 1.12.6 * Update Go Base Image for all Components * Policy Reporter [[#90](https://github.com/kyverno/policy-reporter-ui/pull/90) by [fjogeleit](https://github.com/fjogeleit)] * Policy Reporter UI [[#11](https://github.com/kyverno/policy-reporter-ui/pull/11) by [realshuting](https://github.com/realshuting)] * Policy Reporter Kyverno Plugin [[#9](https://github.com/kyverno/policy-reporter-ui/pull/9) by [realshuting](https://github.com/realshuting)] # 1.12.5 * Dependency Update # 1.12.4 * Fix policy-reporter-ui ServiceName function [[#87](https://github.com/kyverno/policy-reporter/pull/87) by [m-yosefpor](https://github.com/m-yosefpor)] # 1.12.3 * Fix policy-reporter-ui backend name [[#85](https://github.com/kyverno/policy-reporter/pull/85) by [m-yosefpor](https://github.com/m-yosefpor)] # 1.12.2 * Fix CRD registration for PolicyReport and ClusterPolicyReport # 1.12.0 * Add Yandex as new Target for Policy Reporter # 1.11.0 * Add Yandex as new Target for Policy Reporter # 1.10.0 * Update Policy Reporter UI to v0.15.0 * Add Filters as Query Parameters, make them shareable over links * Hosting all new Images on the GitHub Container Registry instead of DockerHub * Go Version updates to Go 1.17 of all components # 1.9.4 * Make the Image Registry configurable with `image.registry` [[#74](https://github.com/kyverno/policy-reporter/pull/74) by [stone-z](https://github.com/stone-z)] # 1.9.3 * Fix loki target messages for labels with dots # 1.9.2 * Add additional egress rules to kyvernoPlugin and UI subchart with `networkPolicy.egress` # 1.9.1 * Configure the Kubernetes API Port for NetworkPolicy with `networkPolicy.kubernetesApiPort` # 1.9.0 * Implement NetworkPolicy for Policy Reporter and related Components [[#68](https://github.com/kyverno/policy-reporter/pull/68) by [windowsrefund](https://github.com/windowsrefund)] * Customize liveness- and readinessProbe for Policy Reporter [[#67](https://github.com/kyverno/policy-reporter/pull/67) by [windowsrefund](https://github.com/windowsrefund)] # 1.8.10 * Fix ServiceMonitor Namespace overwrite with `monitoring.serviceMonitor.namespace` instead of `monitoring.namespace` # 1.8.9 * Ensure Backward Compatibility for `monitoring.namespace` configuration # 1.8.8 * Optional Namespace Configuration for Monitoring ServiceMonitor * Separat Namespace Configuration for Monitoring ConfigMaps with `monitoring.grafana.namespace` # 1.8.7 * Update Policy Reporter UI to 0.14.0 * Colored Diagrams * Suppport SubPath Configuration * Restart CRD Watches when no CRDs are found * Fix Ingress Resource in the UI Subchart * Allow to override namespace for serviceMonitor [[#57](https://github.com/kyverno/policy-reporter/pull/57) by [Issif](https://github.com/Issif)] # 1.8.6 * Update Policy Reporter UI to 0.13.1 * Hide Rule Chips if rule name is empty * Update Policy Reporter Kyvern Plugin to 0.3.2 * Improved LivenessProbe, checks now if Kyverno CRDs are available * Update Policy Reporter to 1.8.4 * Improved LivenessProbe, checks now if any PolicyReport CRD is available # 1.8.5 * Added trusted root CA's [[#52](https://github.com/kyverno/policy-reporter/pull/52) by [frezbo](https://github.com/frezbo)] # 1.8.4 * Changed Organization # 1.8.3 * Update Policy Reporter UI to 0.13.0 * Change Result Grouping between by Status and by Category * Add source filter to ClusterPolicyReports # 1.8.2 * Fix `scored` mapping for `v1alpha2/policyreports` * Disable KyvernPlugin as default as expected * Support `source` and `properties` for `policyreports/v1alpha2` in Policy Reporter UI * Update Policy Reporter UI to `0.12.0` # 1.8.1 * Customize label and annotation for Grafana dashboards [[#43](https://github.com/kyverno/policy-reporter/pull/43) by [nlamirault](https://github.com/nlamirault)] * ARM64 Support for all Components # 1.7.3 * Update Policy Reporter - Kyverno Plugin to 0.2.0 * New APIs for Liveness and Readiness Probes # 1.7.2 * Update Policy Reporter - Kyverno Plugin to 0.1.2 * Fix Handling of Validations with empty messages # 1.7.1 * Fix HelmChart - Deployment Probes for Policy Reporter # 1.7.0 * Enable REST API by default * Add `/healthz` and `/ready` APIs as new endpoints for readinessProbe and livenessProbe * Helm Chart Updates * Add `global.labels` to add `labels` on every resource created * Add default labels on every resource # 1.6.2 * Increase Result Caching Time to handle Kyverno issues with Policy reconcilation [Issue](https://github.com/kyverno/kyverno/issues/1921) * Fix golint errors # 1.6.1 * Add .global.fullnameOverride as new configuration for Policy Reporter Helm Chart * Add static manifests to install Policy Reporter without Helm or Kustomize # 1.6.0 * Internal refactoring * Unification of PolicyReports and ClusterPolicyReports processing, APIs still stable * DEPRECETED `crdVersion`, Policy Reporter handels now both versions by default * DEPRECETED `cleanupDebounceTime`, new internal caching replaced the debounce mechanism, debounce still exist with a fixed period to improve stable metric values. # 1.5.0 * Support multiple Resources for a single Result * Mapping Result with multiple Resources in multiple Results with a single Resource * Upate UI handling with Results without Resources # 1.4.1 * Update Kyverno Plugin * Fix Rule Type mapping * Update Policy Reporter UI * Fix Chart rerender when values are the same # 1.4.0 * Add Kyverno Plugins to the Helm Chart ## 1.3.4 * Configure Debounce Time in seconds for Cleanup Events over Helm Chart * Helm Value `cleanupDebounceTime` - default: 20 * Improved securityContext defaults ## 1.3.3 * Update Policy Reporter UI to v0.9.0 * expand Tables with Validation Message * Reduce log messages ## 1.3.2 * Compress REST API with GZIP * Update Policy Reporter UI to 0.8.0 * Support for GZIP Responses ## 1.3.1 * Debounce reconcile modification events for 10s to prevent resending violations ## 1.3.0 * New Helm Configuration * `crdVersion` changes the version of the PolicyReporter CRD - v1alpha1 is the current default ## 1.2.3 * Fix resend violations after KubeAPI reconnect ## 1.2.2 * Fix PolicyReportResult.timestamp parsing ## 1.2.1 * Support PolicyReportResult.status as well as PolicyReportResult.result for newer CRD versions ## 1.2.0 * Support for (Cluster)PolicyReport CRD Properties in Target Output * Support for (Cluster)PolicyReport CRD Timestamp in Target Output * Fix resend violations after Kyverno Cleanup with ResultHashes ## 1.1.0 * Added PolicyReport Category to Metrics * New (Cluster)PolicyReport filter for Grafana Dashboards * Add __All__ Selection for Policy Filter * Category Filter * Severity Filter * Kind Filter * Namespacefilter (PolicyReports only) * New (Cluster)PolicyReport filter for Policy Reporter UI * Category Filter * Severity Filter * Kind Filter ## 1.0.0 * Support Priority by Severity * high -> critical * medium -> warning * low -> information * Severity is added as label to result metrics * Severity is added in Policy Reporter UI tables * Add "Critical" as new Priority to differ between Errored Policies and Failed priorities with High Severity * Use "Warning" as new default Priority instead of Error which should now used for Policies in Error Status ## 0.22.0 * New Target Policy Reporter UI * New Log View in the Policy Reporter UI to see the latest log entries * Default: latest 200 logs with priority >= warning ## 0.21.0 * New Target MS Teams ## 0.20.2 * Policy Reporter UI update * Select All option for Policy Filter * New Namespace Filter for PolicyReport View ## 0.20.0 * [Breaking Change] rename policy-reporter-ui Subchart to ui * Simplify the customization by configure all PolicyReporter UI values under `ui` ## 0.19.0 * PolicyResult Priority mapping is now configurable over the Helm Chart ## 0.18.0 * Helm Chart updates [#16](https://github.com/kyverno/policy-reporter/pull/16) fixes [#14](https://github.com/kyverno/policy-reporter/issues/14) * Target Configuration are now configured under `target` in the HelmChart `values.yaml` * config.yaml are now deployed as Secret with encoded data body (plain stringData before) ## 0.17.0 * New Helm Linting Workflow by kolikons [#15](https://github.com/kyverno/policy-reporter/pull/15) * Improved Helm Chart by kolikons [#13](https://github.com/kyverno/policy-reporter/pull/13) * More configuration possibilities like UI Ingress, ReplicaCount * Role and RoleBindings for ConfigMaps are now optional (required for Priority configuration) ## 0.16.0 * New Optional REST API * New Optional Policy Reporter UI Helm SubChart ## 0.15.1 * Add a checksum for the target configuration secret to the deployment. This enforces a pod recreation when the configuration changed by a Helm upgrade. ## 0.15.0 * Customizable Dashboards via new Helm values for the Monitoring Subchart. ## 0.14.0 * Internal refactoring * Improved test coverage * Removed duplicated caching * Updated Dashboard * Filter zero values from Policy Report Detail after Policies / Resources are deleted ## 0.13.0 * Split the Monitoring out in a Sub Helm chart * Changed naming from `metrics` to `monitoring` * Make Annotations for the Deployment configurable * Add two new Grafana Dashboard (PolicyReport Details, ClusterPolicyReport Details) ## 0.12.0 * Add support for a special `default` key in the Policy Priority. The `default` key can be used to configure a global default priority instead of `error` ## 0.11.1 * Use a Secret instead of ConfigMap to persist target configurations ## 0.11.0 * Helm Chart Value `metrics.serviceMonitor` changed to `metrics.serviceMonitor.enabled` * New Helm Chart Value `metrics.serviceMonitor.labels` can be used to add additional `labels` to the `SeriveMonitor`. This helps to fullfil the `serviceMonitorSelector` of the `Prometheus` Resource in the MonitoringStack. ## 0.10.0 * Implement Discord as Target for PolicyReportResults ## 0.9.0 * Implement Slack as Target for PolicyReportResults ## 0.8.0 * Implement Elasticsearch as Target for PolicyReportResults * Replace CLI flags with a single `config.yaml` to manage target-configurations as separate `ConfigMap` * Set `loki.skipExistingOnStartup` default value to `true`