# Changelog # 2.13.2 * Policy Reporter * Add `customFields` property to missing targets: `Elasticsearch`, `S3`, `Webhook`, `Kinesis` * Policy Reporter UI * Create Links out of URL property values * Monitoring * New `monitoring.serviceMonitor.honorLabels` and `monitoring.kyverno.serviceMonitor.honorLabels` value: chooses the metrics labels on collisions with target labels [[#216](https://github.com/kyverno/policy-reporter/pull/216) by [monotek](https://github.com/monotek)] # 2.13.1 * Policy Reporter * Fix persist error for duplicated IDs * Disable UI SA automount # 2.13.0 * Policy Reporter * New `certificate` config for `loki`, `elasticsearch`, `teams`, `webhook` and `ui`, to set the path to your custom certificate for the related client. * New `skipTLS` config for `loki`, `elasticsearch`, `teams`, `webhook` and `ui`, to skip tls if needed for the given target. * New `secretRef` for targets to reference a secret with the related `username`, `password`, `webhook`, `host`, `accessKeyID`, `secretAccessKey` information of the given target, instead of configure your credentials directly. * Policy Reporter UI * New value `refreshInterval` to configure the default refresh interval for API polling. Set `0` to disable polling. * Policy Reporter Kyverno Plugin * Fix the creation of duplicated results for PolicyReportResults. # 2.12.0 * Policy Reporter * New Helm Chart value to add extra volumes to PolicyReporter deployment [[#186](https://github.com/kyverno/policy-reporter/pull/186) by [preved911](https://github.com/preved911)] * HTTP Basic authentication for Elasticsearch targets with `username` and `password` configuration fields * `target.slack.customFields` map property for Slack pushes to add additional metadata to notifications like clustername * Add timestamp to Result REST APIs * Overwrite the installation target namespace via the new `global.namespace` value. # 2.11.3 * Policy Reporter * New `emailReports.smtp.secret` configuration to use an existing external secret to configure your SMTP connection * You can set all or a subset of the available keys in your secret: `host`, `port`, `username`, `password`, `from`, `encryption` * Keys available in your secret have a higher priority as your Helm release values. # 2.11.2 * Policy Reporter * Add new Severity values `info` and `critical` * Update PolicyReport ID generierung * Policy Reporter UI * Fix Grouping by Policy and Categories * Fix ReverseProxy RequestHost * New configuration `ui.clusterName` which is used in the ClusterSelect, if you configure additional Clusters * Policy Reporter Kyverno Plugin * Add `time` property to PolicyReportResults # 2.11.1 * Policy Reporter * Fix `CronJob` Resources by [[#157](https://github.com/kyverno/policy-reporter/pull/178) by [MaxRink](https://github.com/MaxRink)] * Policy Reporter UI * Fix API Proxy for APIs behind ReverseProxy (like NGINX Ingress) # 2.11.0 * Policy Reporter * High Availability support with leaderelection for necessary features like target pushes, to avoid duplicated pushes by multiple instances * Add new `role` and `rolebinding` to manage lease objects if leaderelection is enabled * Add redis configuration to the Helm Chart for external cache storage * Add PodDisruptionBudget for HA Deployments (replicaCount > 1) * Add `skipTLS` configuration for MS Teams Webhook * Policy Reporter KyvernoPlugin * High Availability support with leaderelection for necessary features like PolicyReport management for blocked resources * Add new `role` and `rolebinding` to manage lease objects if leaderelection is enabled * Add PodDisruptionBudget for HA Deployments (replicaCount > 1) * Internal refactoring for better CRD management * Policy Reporter UI * Add redis as possible log storage to support high availability deployments * Add PodDisruptionBudget for HA Deployments (replicaCount > 1) # 2.10.3 * Policy Reporter * Add new config `target.loki.path` to overwrite the deprected prom push API # 2.10.2 * Policy Reporter UI * New option `ui.clusters` makes it possible to configure additional external Policy Reporter APIs (details) * General UI improvements for loading state and error handling # 2.10.1 * Monitoring * Fix Datasource for Metrics and Filters in the preconfigured Dashboards * Add Datasource as additional Select to the preconfigured Dashboards # 2.10.0 * Policy Reporter * Email Reports * Send Summary Reports over SMTP to different E-Mails * Supports channels and filters to send different subsets of Namespaces or Sources to dedicated E-Mails * Reports are generated and send over dedicated CronJobs, this makes it easy to send the reports as often as needed * Currently a basic summary and a more detailed violation report is available and can be separatly enabled and configured * Metrics * Add `metrics.mode` for less or custom metric values, to reduce cardinality * Monitoring * Fix Source Column for result tables * Fix Warn counter for ClusterPolicyReport Details # 2.9.5 * Fix Policy Reporter Version in the Helm Chart values.yaml # 2.9.4 * Policy Reporter * Add [AWS Kinesis](https://aws.amazon.com/kinesis) compatible target * Add new Helm value `profiling.enabled` to enable pprof profiling, disabled by default * Improved Informer handling # 2.9.3 * Policy Reporter * Fix `grafana.dashboards.value` type conversion [[fix #158](https://github.com/kyverno/policy-reporter/issues/158)] # 2.9.2 * Policy Reporter * Add `grafana.dashboards.value` value to configure the ConfigMap label value for the Prometheus Operator by [[#157](https://github.com/kyverno/policy-reporter/pull/157) by [stone-z](https://github.com/stone-z)] # 2.9.1 * Policy Reporter * Name Configuration for Target (Channels) to customize UI Labels * Policy Reporter UI * Fix table on chip selection * Order labels * Return 404 Status Code for non existing URL paths # 2.9.0 * Policy Reporter * New configuration to use Redis as external result caching store * SQLite Improvement: Use batch insertion for PolicyReportResults * PolicyReport Informer Update: Use typed informer to improve performance and memory usage * Drop support for `v1alpha1` of the PolicyReport CRD * Serverside Pagination for better Dashboard performance * Concurrent PolicyReport processing * Policy Reporter UI * Serverside Pagination support * Dynamic Chart sizes * Policy Reporter Kyverno Plugin * Generate Policy Reports for enforcement violations # 2.8.0 * Policy Reporter * New target filter and channels to define multiple configurations of the same target * Filter target results by exclude and include rules for namesapces, priorities and policies * Support wildcards for policies and namespaces * New __webhook__ target * this target is a simple way to send notifications to custom tools and APIs * results are send as POST requests with a JSON representation of the result * the _headers_ properties allows you to send custom header with the request to allow for example authentication # 2.7.1 * Policy Reporter * Add Resource APIVersion to the Results REST APIs # 2.7.0 * Policy Reporter * PolicyReport Filter: * PolicyReporter CRD Filter by Namespaces * Disable ClusterPolicyReport CRD processing # 2.6.3 * Policy Reporter * Fix Debouncer has wrong reference to OldPolicyReport when a result was cached. # 2.6.2 * Policy Reporter * Update Go to 1.17.8 * Add `serviceMonitor.relabelings` and `serviceMonitor.metricRelabelings` for ServiceMonitor configuration in the `monitoring` Subchart. * Add `kyverno.serviceMonitor.relabelings` and `kyverno.serviceMonitor.metricRelabelings` for the KyvernoPlugin ServiceMonitor configuration in the `monitoring` Subchart. * Policy Reporter UI * Update Go to 1.17.8 * Policy Reporter KyvernoPlugin * Update Go to 1.17.8 # 2.6.1 * Update Policy Reporter UI to v1.3.2 * Support access over Subpaths, e.g. Rancher Reverse Proxy * Update Policy Reporter Monitoring to v2.1.0 * Fix Failing ClusterPolicyRules Columns of the PolicyReports Dashboard * Add Filter to the PolicyReports Dashboard # 2.6.0 * Add seccomp profile support [[#120](https://github.com/kyverno/policy-reporter/pull/120) by [eddycharly](https://github.com/eddycharly)] # 2.5.0 * New Policy Reporter API to get a list of available resources * New Filter for Policies, Kinds, Categories and Results APIs # 2.4.0 * Policy Reporter * Add Support for custom Loki labels # 2.3.0 * Policy Reporter * Add Support for linux/s390x [[#115](https://github.com/kyverno/policy-reporter/pull/115) by [skuethe](https://github.com/skuethe)] * Policy Reporter UI * Add Support for linux/s390x [[#98](https://github.com/kyverno/policy-reporter-ui/pull/98) by [skuethe](https://github.com/skuethe)] * Policy Reporter KyvernoPlugin * Add Support for linux/s390x [[#13](https://github.com/kyverno/policy-reporter-kyverno-plugin/pull/13) by [skuethe](https://github.com/skuethe)] # 2.2.6 * Use upper case on drop capabilities [[#113](https://github.com/kyverno/policy-reporter/pull/113) by [skuethe](https://github.com/skuethe)] # 2.2.5 * Policy Reporter * Update Go to 1.17.6 [[#110](https://github.com/kyverno/policy-reporter/pull/110) by [realshuting](https://github.com/realshuting)] * Update Helm Chart with new component versions * Update dependencies * Policy Reporter UI * Update Go to 1.17.6 [[#93](https://github.com/kyverno/policy-reporter-ui/pull/93) by [realshuting](https://github.com/realshuting)] * Update dependencies * Policy Reporter KyvernoPlugin * Update Go to 1.17.6 [[#12](https://github.com/kyverno/policy-reporter-kyverno-plugin/pull/12) by [realshuting](https://github.com/realshuting)] # 2.2.4 * Fix PolicyReport Napper - string casting # 2.2.3 * Fix Helm Chart uihost template function. # 2.2.2 * Fix Helm Chart `values.yaml`. Cleanup unused default configurations. [[#103](https://github.com/kyverno/policy-reporter/pull/103) by [AndersBennedsgaard](https://github.com/AndersBennedsgaard)] # 2.2.1 * Fix Typo in values.yaml [[#102](https://github.com/kyverno/policy-reporter-ui/pull/102) by [christophefromparis](https://github.com/christophefromparis)] # 2.2.0 * Policy Reporter UI v1.2.0 * New configurations to customize the dashboard by disable PolicyReport- or ClusterPolicyReport information # 2.1.1 * Fix KyvernoPlugin Metrics ServiceMonitor Port [[#96](https://github.com/kyverno/policy-reporter-ui/pull/96) by [z0rc](https://github.com/z0rc)] * Remove unused Port from KyvernoPlugin Deployment and Service # 2.1.0 * KyvernoPlugin v1.1.0 * New KyvernoPlugin API - VerifyImages Rules (details) * Policy Reporter UI v1.1.0 * New Kyverno VerifyImages view in Policy Reporter UI * New configurations to disable views (details) # 2.0.1 * Remove NetworkPolicy ingress rule for UI if not enabled * Update Policy Reporter UI * Fix: Show PolicyReportResult Properties in Tables # 2.0.0 ## Chart * Removed deprecated values `crdVersion`, `cleanupDebounceTime` * Simplify `policyPriorities`, `policyPriorities.enabled` was removed along with the watch feature * Priority determined mainly over severity * Add `sources` filter to target configurations * Improved `NetworkPolicy` configuration for all components * Metrics now an optional feature * Each component expose a single Port `8080` See [Migration Docs](https://kyverno.github.io/policy-reporter/guide/05-migration) for details ## Policy Reporter * modular functions for separate activation/deactivation * REST API * Metrics API * Target pushes * PolicyReports are now stored in an internal SQLite * extended REST API based on the new SQLite DB for filters and grouping of data * metrics API is now optional * metrics and REST API using the same HTTP Server (were separated before) * improved CRD watch logic with Kubernetes client informer * `Yandex` changed to a general `S3` target. ## Policy Reporter UI * Rewrite with NuxtJS * Simplified Proxy * Improved SPA file handling ## Policy Reporter Kyverno Plugin * modular functions for separate activation/deactivation * REST API * Metrics API * metrics and REST API using the same HTTP Server (were separated before) * improved CRD watch logic with Kubernetes client informer # 1.12.6 * Update Go Base Image for all Components * Policy Reporter [[#90](https://github.com/kyverno/policy-reporter-ui/pull/90) by [fjogeleit](https://github.com/fjogeleit)] * Policy Reporter UI [[#11](https://github.com/kyverno/policy-reporter-ui/pull/11) by [realshuting](https://github.com/realshuting)] * Policy Reporter Kyverno Plugin [[#9](https://github.com/kyverno/policy-reporter-ui/pull/9) by [realshuting](https://github.com/realshuting)] # 1.12.5 * Dependency Update # 1.12.4 * Fix policy-reporter-ui ServiceName function [[#87](https://github.com/kyverno/policy-reporter/pull/87) by [m-yosefpor](https://github.com/m-yosefpor)] # 1.12.3 * Fix policy-reporter-ui backend name [[#85](https://github.com/kyverno/policy-reporter/pull/85) by [m-yosefpor](https://github.com/m-yosefpor)] # 1.12.2 * Fix CRD registration for PolicyReport and ClusterPolicyReport # 1.12.0 * Add Yandex as new Target for Policy Reporter # 1.11.0 * Add Yandex as new Target for Policy Reporter # 1.10.0 * Update Policy Reporter UI to v0.15.0 * Add Filters as Query Parameters, make them shareable over links * Hosting all new Images on the GitHub Container Registry instead of DockerHub * Go Version updates to Go 1.17 of all components # 1.9.4 * Make the Image Registry configurable with `image.registry` [[#74](https://github.com/kyverno/policy-reporter/pull/74) by [stone-z](https://github.com/stone-z)] # 1.9.3 * Fix loki target messages for labels with dots # 1.9.2 * Add additional egress rules to kyvernoPlugin and UI subchart with `networkPolicy.egress` # 1.9.1 * Configure the Kubernetes API Port for NetworkPolicy with `networkPolicy.kubernetesApiPort` # 1.9.0 * Implement NetworkPolicy for Policy Reporter and related Components [[#68](https://github.com/kyverno/policy-reporter/pull/68) by [windowsrefund](https://github.com/windowsrefund)] * Customize liveness- and readinessProbe for Policy Reporter [[#67](https://github.com/kyverno/policy-reporter/pull/67) by [windowsrefund](https://github.com/windowsrefund)] # 1.8.10 * Fix ServiceMonitor Namespace overwrite with `monitoring.serviceMonitor.namespace` instead of `monitoring.namespace` # 1.8.9 * Ensure Backward Compatibility for `monitoring.namespace` configuration # 1.8.8 * Optional Namespace Configuration for Monitoring ServiceMonitor * Separat Namespace Configuration for Monitoring ConfigMaps with `monitoring.grafana.namespace` # 1.8.7 * Update Policy Reporter UI to 0.14.0 * Colored Diagrams * Suppport SubPath Configuration * Restart CRD Watches when no CRDs are found * Fix Ingress Resource in the UI Subchart * Allow to override namespace for serviceMonitor [[#57](https://github.com/kyverno/policy-reporter/pull/57) by [Issif](https://github.com/Issif)] # 1.8.6 * Update Policy Reporter UI to 0.13.1 * Hide Rule Chips if rule name is empty * Update Policy Reporter Kyvern Plugin to 0.3.2 * Improved LivenessProbe, checks now if Kyverno CRDs are available * Update Policy Reporter to 1.8.4 * Improved LivenessProbe, checks now if any PolicyReport CRD is available # 1.8.5 * Added trusted root CA's [[#52](https://github.com/kyverno/policy-reporter/pull/52) by [frezbo](https://github.com/frezbo)] # 1.8.4 * Changed Organization # 1.8.3 * Update Policy Reporter UI to 0.13.0 * Change Result Grouping between by Status and by Category * Add source filter to ClusterPolicyReports # 1.8.2 * Fix `scored` mapping for `v1alpha2/policyreports` * Disable KyvernPlugin as default as expected * Support `source` and `properties` for `policyreports/v1alpha2` in Policy Reporter UI * Update Policy Reporter UI to `0.12.0` # 1.8.1 * Customize label and annotation for Grafana dashboards [[#43](https://github.com/kyverno/policy-reporter/pull/43) by [nlamirault](https://github.com/nlamirault)] * ARM64 Support for all Components # 1.7.3 * Update Policy Reporter - Kyverno Plugin to 0.2.0 * New APIs for Liveness and Readiness Probes # 1.7.2 * Update Policy Reporter - Kyverno Plugin to 0.1.2 * Fix Handling of Validations with empty messages # 1.7.1 * Fix HelmChart - Deployment Probes for Policy Reporter # 1.7.0 * Enable REST API by default * Add `/healthz` and `/ready` APIs as new endpoints for readinessProbe and livenessProbe * Helm Chart Updates * Add `global.labels` to add `labels` on every resource created * Add default labels on every resource # 1.6.2 * Increase Result Caching Time to handle Kyverno issues with Policy reconcilation [Issue](https://github.com/kyverno/kyverno/issues/1921) * Fix golint errors # 1.6.1 * Add .global.fullnameOverride as new configuration for Policy Reporter Helm Chart * Add static manifests to install Policy Reporter without Helm or Kustomize # 1.6.0 * Internal refactoring * Unification of PolicyReports and ClusterPolicyReports processing, APIs still stable * DEPRECETED `crdVersion`, Policy Reporter handels now both versions by default * DEPRECETED `cleanupDebounceTime`, new internal caching replaced the debounce mechanism, debounce still exist with a fixed period to improve stable metric values. # 1.5.0 * Support multiple Resources for a single Result * Mapping Result with multiple Resources in multiple Results with a single Resource * Upate UI handling with Results without Resources # 1.4.1 * Update Kyverno Plugin * Fix Rule Type mapping * Update Policy Reporter UI * Fix Chart rerender when values are the same # 1.4.0 * Add Kyverno Plugins to the Helm Chart ## 1.3.4 * Configure Debounce Time in seconds for Cleanup Events over Helm Chart * Helm Value `cleanupDebounceTime` - default: 20 * Improved securityContext defaults ## 1.3.3 * Update Policy Reporter UI to v0.9.0 * expand Tables with Validation Message * Reduce log messages ## 1.3.2 * Compress REST API with GZIP * Update Policy Reporter UI to 0.8.0 * Support for GZIP Responses ## 1.3.1 * Debounce reconcile modification events for 10s to prevent resending violations ## 1.3.0 * New Helm Configuration * `crdVersion` changes the version of the PolicyReporter CRD - v1alpha1 is the current default ## 1.2.3 * Fix resend violations after KubeAPI reconnect ## 1.2.2 * Fix PolicyReportResult.timestamp parsing ## 1.2.1 * Support PolicyReportResult.status as well as PolicyReportResult.result for newer CRD versions ## 1.2.0 * Support for (Cluster)PolicyReport CRD Properties in Target Output * Support for (Cluster)PolicyReport CRD Timestamp in Target Output * Fix resend violations after Kyverno Cleanup with ResultHashes ## 1.1.0 * Added PolicyReport Category to Metrics * New (Cluster)PolicyReport filter for Grafana Dashboards * Add __All__ Selection for Policy Filter * Category Filter * Severity Filter * Kind Filter * Namespacefilter (PolicyReports only) * New (Cluster)PolicyReport filter for Policy Reporter UI * Category Filter * Severity Filter * Kind Filter ## 1.0.0 * Support Priority by Severity * high -> critical * medium -> warning * low -> information * Severity is added as label to result metrics * Severity is added in Policy Reporter UI tables * Add "Critical" as new Priority to differ between Errored Policies and Failed priorities with High Severity * Use "Warning" as new default Priority instead of Error which should now used for Policies in Error Status ## 0.22.0 * New Target Policy Reporter UI * New Log View in the Policy Reporter UI to see the latest log entries * Default: latest 200 logs with priority >= warning ## 0.21.0 * New Target MS Teams ## 0.20.2 * Policy Reporter UI update * Select All option for Policy Filter * New Namespace Filter for PolicyReport View ## 0.20.0 * [Breaking Change] rename policy-reporter-ui Subchart to ui * Simplify the customization by configure all PolicyReporter UI values under `ui` ## 0.19.0 * PolicyResult Priority mapping is now configurable over the Helm Chart ## 0.18.0 * Helm Chart updates [#16](https://github.com/kyverno/policy-reporter/pull/16) fixes [#14](https://github.com/kyverno/policy-reporter/issues/14) * Target Configuration are now configured under `target` in the HelmChart `values.yaml` * config.yaml are now deployed as Secret with encoded data body (plain stringData before) ## 0.17.0 * New Helm Linting Workflow by kolikons [#15](https://github.com/kyverno/policy-reporter/pull/15) * Improved Helm Chart by kolikons [#13](https://github.com/kyverno/policy-reporter/pull/13) * More configuration possibilities like UI Ingress, ReplicaCount * Role and RoleBindings for ConfigMaps are now optional (required for Priority configuration) ## 0.16.0 * New Optional REST API * New Optional Policy Reporter UI Helm SubChart ## 0.15.1 * Add a checksum for the target configuration secret to the deployment. This enforces a pod recreation when the configuration changed by a Helm upgrade. ## 0.15.0 * Customizable Dashboards via new Helm values for the Monitoring Subchart. ## 0.14.0 * Internal refactoring * Improved test coverage * Removed duplicated caching * Updated Dashboard * Filter zero values from Policy Report Detail after Policies / Resources are deleted ## 0.13.0 * Split the Monitoring out in a Sub Helm chart * Changed naming from `metrics` to `monitoring` * Make Annotations for the Deployment configurable * Add two new Grafana Dashboard (PolicyReport Details, ClusterPolicyReport Details) ## 0.12.0 * Add support for a special `default` key in the Policy Priority. The `default` key can be used to configure a global default priority instead of `error` ## 0.11.1 * Use a Secret instead of ConfigMap to persist target configurations ## 0.11.0 * Helm Chart Value `metrics.serviceMonitor` changed to `metrics.serviceMonitor.enabled` * New Helm Chart Value `metrics.serviceMonitor.labels` can be used to add additional `labels` to the `SeriveMonitor`. This helps to fullfil the `serviceMonitorSelector` of the `Prometheus` Resource in the MonitoringStack. ## 0.10.0 * Implement Discord as Target for PolicyReportResults ## 0.9.0 * Implement Slack as Target for PolicyReportResults ## 0.8.0 * Implement Elasticsearch as Target for PolicyReportResults * Replace CLI flags with a single `config.yaml` to manage target-configurations as separate `ConfigMap` * Set `loki.skipExistingOnStartup` default value to `true`