1
0
Fork 0
mirror of https://github.com/kyverno/policy-reporter.git synced 2024-12-14 11:57:32 +00:00
policy-reporter/CHANGELOG.md
Frank Jogeleit 5d1b9e4c1f Support S3 PathStyle configuration
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
2022-11-10 11:11:29 +01:00

599 lines
23 KiB
Markdown

# Changelog
# 2.13.5
* Add configuration `target.s3.pathStyle` for the `S3` output
# 2.13.4
* Fix `customFields` mapping in TargetFactory
# 2.13.3
* Fix `customFields` property in values.yaml
* Fix PolicyReporter `image.tag` version
# 2.13.2
* Policy Reporter
* Add `customFields` property to missing targets: `Elasticsearch`, `S3`, `Webhook`, `Kinesis`
* Policy Reporter UI
* Create Links out of URL property values
* Monitoring
* New `monitoring.serviceMonitor.honorLabels` and `monitoring.kyverno.serviceMonitor.honorLabels` value: chooses the metrics labels on collisions with target labels [[#216](https://github.com/kyverno/policy-reporter/pull/216) by [monotek](https://github.com/monotek)]
# 2.13.1
* Policy Reporter
* Fix persist error for duplicated IDs
* Disable UI SA automount
# 2.13.0
* Policy Reporter
* New `certificate` config for `loki`, `elasticsearch`, `teams`, `webhook` and `ui`, to set the path to your custom certificate for the related client.
* New `skipTLS` config for `loki`, `elasticsearch`, `teams`, `webhook` and `ui`, to skip tls if needed for the given target.
* New `secretRef` for targets to reference a secret with the related `username`, `password`, `webhook`, `host`, `accessKeyID`, `secretAccessKey` information of the given target, instead of configure your credentials directly.
* Policy Reporter UI
* New value `refreshInterval` to configure the default refresh interval for API polling. Set `0` to disable polling.
* Policy Reporter Kyverno Plugin
* Fix the creation of duplicated results for PolicyReportResults.
# 2.12.0
* Policy Reporter
* New Helm Chart value to add extra volumes to PolicyReporter deployment [[#186](https://github.com/kyverno/policy-reporter/pull/186) by [preved911](https://github.com/preved911)]
* HTTP Basic authentication for Elasticsearch targets with `username` and `password` configuration fields
* `target.slack.customFields` map property for Slack pushes to add additional metadata to notifications like clustername
* Add timestamp to Result REST APIs
* Overwrite the installation target namespace via the new `global.namespace` value.
# 2.11.3
* Policy Reporter
* New `emailReports.smtp.secret` configuration to use an existing external secret to configure your SMTP connection
* You can set all or a subset of the available keys in your secret: `host`, `port`, `username`, `password`, `from`, `encryption`
* Keys available in your secret have a higher priority as your Helm release values.
# 2.11.2
* Policy Reporter
* Add new Severity values `info` and `critical`
* Update PolicyReport ID generierung
* Policy Reporter UI
* Fix Grouping by Policy and Categories
* Fix ReverseProxy RequestHost
* New configuration `ui.clusterName` which is used in the ClusterSelect, if you configure additional Clusters
* Policy Reporter Kyverno Plugin
* Add `time` property to PolicyReportResults
# 2.11.1
* Policy Reporter
* Fix `CronJob` Resources by [[#157](https://github.com/kyverno/policy-reporter/pull/178) by [MaxRink](https://github.com/MaxRink)]
* Policy Reporter UI
* Fix API Proxy for APIs behind ReverseProxy (like NGINX Ingress)
# 2.11.0
* Policy Reporter
* High Availability support with leaderelection for necessary features like target pushes, to avoid duplicated pushes by multiple instances
* Add new `role` and `rolebinding` to manage lease objects if leaderelection is enabled
* Add redis configuration to the Helm Chart for external cache storage
* Add PodDisruptionBudget for HA Deployments (replicaCount > 1)
* Add `skipTLS` configuration for MS Teams Webhook
* Policy Reporter KyvernoPlugin
* High Availability support with leaderelection for necessary features like PolicyReport management for blocked resources
* Add new `role` and `rolebinding` to manage lease objects if leaderelection is enabled
* Add PodDisruptionBudget for HA Deployments (replicaCount > 1)
* Internal refactoring for better CRD management
* Policy Reporter UI
* Add redis as possible log storage to support high availability deployments
* Add PodDisruptionBudget for HA Deployments (replicaCount > 1)
# 2.10.3
* Policy Reporter
* Add new config `target.loki.path` to overwrite the deprected prom push API
# 2.10.2
* Policy Reporter UI
* New option `ui.clusters` makes it possible to configure additional external Policy Reporter APIs (<a href="https://kyverno.github.io/policy-reporter/guide/helm-chart-core#external-clusters" target="_blank">details</a>)
* General UI improvements for loading state and error handling
# 2.10.1
* Monitoring
* Fix Datasource for Metrics and Filters in the preconfigured Dashboards
* Add Datasource as additional Select to the preconfigured Dashboards
# 2.10.0
* Policy Reporter
* Email Reports
* Send Summary Reports over SMTP to different E-Mails
* Supports channels and filters to send different subsets of Namespaces or Sources to dedicated E-Mails
* Reports are generated and send over dedicated CronJobs, this makes it easy to send the reports as often as needed
* Currently a basic summary and a more detailed violation report is available and can be separatly enabled and configured
* Metrics
* Add `metrics.mode` for less or custom metric values, to reduce cardinality
* Monitoring
* Fix Source Column for result tables
* Fix Warn counter for ClusterPolicyReport Details
# 2.9.5
* Fix Policy Reporter Version in the Helm Chart values.yaml
# 2.9.4
* Policy Reporter
* Add [AWS Kinesis](https://aws.amazon.com/kinesis) compatible target
* Add new Helm value `profiling.enabled` to enable pprof profiling, disabled by default
* Improved Informer handling
# 2.9.3
* Policy Reporter
* Fix `grafana.dashboards.value` type conversion [[fix #158](https://github.com/kyverno/policy-reporter/issues/158)]
# 2.9.2
* Policy Reporter
* Add `grafana.dashboards.value` value to configure the ConfigMap label value for the Prometheus Operator by [[#157](https://github.com/kyverno/policy-reporter/pull/157) by [stone-z](https://github.com/stone-z)]
# 2.9.1
* Policy Reporter
* Name Configuration for Target (Channels) to customize UI Labels
* Policy Reporter UI
* Fix table on chip selection
* Order labels
* Return 404 Status Code for non existing URL paths
# 2.9.0
* Policy Reporter
* New configuration to use Redis as external result caching store
* SQLite Improvement: Use batch insertion for PolicyReportResults
* PolicyReport Informer Update: Use typed informer to improve performance and memory usage
* Drop support for `v1alpha1` of the PolicyReport CRD
* Serverside Pagination for better Dashboard performance
* Concurrent PolicyReport processing
* Policy Reporter UI
* Serverside Pagination support
* Dynamic Chart sizes
* Policy Reporter Kyverno Plugin
* Generate Policy Reports for enforcement violations
# 2.8.0
* Policy Reporter
* New target filter and channels to define multiple configurations of the same target
* Filter target results by exclude and include rules for namesapces, priorities and policies
* Support wildcards for policies and namespaces
* New __webhook__ target
* this target is a simple way to send notifications to custom tools and APIs
* results are send as POST requests with a JSON representation of the result
* the _headers_ properties allows you to send custom header with the request to allow for example authentication
# 2.7.1
* Policy Reporter
* Add Resource APIVersion to the Results REST APIs
# 2.7.0
* Policy Reporter
* PolicyReport Filter:
* PolicyReporter CRD Filter by Namespaces
* Disable ClusterPolicyReport CRD processing
# 2.6.3
* Policy Reporter
* Fix Debouncer has wrong reference to OldPolicyReport when a result was cached.
# 2.6.2
* Policy Reporter
* Update Go to 1.17.8
* Add `serviceMonitor.relabelings` and `serviceMonitor.metricRelabelings` for ServiceMonitor configuration in the `monitoring` Subchart.
* Add `kyverno.serviceMonitor.relabelings` and `kyverno.serviceMonitor.metricRelabelings` for the KyvernoPlugin ServiceMonitor configuration in the `monitoring` Subchart.
* Policy Reporter UI
* Update Go to 1.17.8
* Policy Reporter KyvernoPlugin
* Update Go to 1.17.8
# 2.6.1
* Update Policy Reporter UI to v1.3.2
* Support access over Subpaths, e.g. Rancher Reverse Proxy
* Update Policy Reporter Monitoring to v2.1.0
* Fix Failing ClusterPolicyRules Columns of the PolicyReports Dashboard
* Add Filter to the PolicyReports Dashboard
# 2.6.0
* Add seccomp profile support [[#120](https://github.com/kyverno/policy-reporter/pull/120) by [eddycharly](https://github.com/eddycharly)]
# 2.5.0
* New Policy Reporter API to get a list of available resources
* New Filter for Policies, Kinds, Categories and Results APIs
# 2.4.0
* Policy Reporter
* Add Support for custom Loki labels
# 2.3.0
* Policy Reporter
* Add Support for linux/s390x [[#115](https://github.com/kyverno/policy-reporter/pull/115) by [skuethe](https://github.com/skuethe)]
* Policy Reporter UI
* Add Support for linux/s390x [[#98](https://github.com/kyverno/policy-reporter-ui/pull/98) by [skuethe](https://github.com/skuethe)]
* Policy Reporter KyvernoPlugin
* Add Support for linux/s390x [[#13](https://github.com/kyverno/policy-reporter-kyverno-plugin/pull/13) by [skuethe](https://github.com/skuethe)]
# 2.2.6
* Use upper case on drop capabilities [[#113](https://github.com/kyverno/policy-reporter/pull/113) by [skuethe](https://github.com/skuethe)]
# 2.2.5
* Policy Reporter
* Update Go to 1.17.6 [[#110](https://github.com/kyverno/policy-reporter/pull/110) by [realshuting](https://github.com/realshuting)]
* Update Helm Chart with new component versions
* Update dependencies
* Policy Reporter UI
* Update Go to 1.17.6 [[#93](https://github.com/kyverno/policy-reporter-ui/pull/93) by [realshuting](https://github.com/realshuting)]
* Update dependencies
* Policy Reporter KyvernoPlugin
* Update Go to 1.17.6 [[#12](https://github.com/kyverno/policy-reporter-kyverno-plugin/pull/12) by [realshuting](https://github.com/realshuting)]
# 2.2.4
* Fix PolicyReport Napper - string casting
# 2.2.3
* Fix Helm Chart uihost template function.
# 2.2.2
* Fix Helm Chart `values.yaml`. Cleanup unused default configurations. [[#103](https://github.com/kyverno/policy-reporter/pull/103) by [AndersBennedsgaard](https://github.com/AndersBennedsgaard)]
# 2.2.1
* Fix Typo in values.yaml [[#102](https://github.com/kyverno/policy-reporter-ui/pull/102) by [christophefromparis](https://github.com/christophefromparis)]
# 2.2.0
* Policy Reporter UI v1.2.0
* New configurations to customize the dashboard by disable PolicyReport- or ClusterPolicyReport information
# 2.1.1
* Fix KyvernoPlugin Metrics ServiceMonitor Port [[#96](https://github.com/kyverno/policy-reporter-ui/pull/96) by [z0rc](https://github.com/z0rc)]
* Remove unused Port from KyvernoPlugin Deployment and Service
# 2.1.0
* KyvernoPlugin v1.1.0
* New KyvernoPlugin API - VerifyImages Rules (<a href="https://kyverno.github.io/policy-reporter/guide/06-troubleshooting#readinessprobe-fails" target="_blank">details</a>)
* Policy Reporter UI v1.1.0
* New Kyverno VerifyImages view in Policy Reporter UI
* New configurations to disable views (<a href="https://kyverno.github.io/policy-reporter/guide/04-helm-chart-core#configure-views" target="_blank">details</a>)
# 2.0.1
* Remove NetworkPolicy ingress rule for UI if not enabled
* Update Policy Reporter UI
* Fix: Show PolicyReportResult Properties in Tables
# 2.0.0
## Chart
* Removed deprecated values `crdVersion`, `cleanupDebounceTime`
* Simplify `policyPriorities`, `policyPriorities.enabled` was removed along with the watch feature
* Priority determined mainly over severity
* Add `sources` filter to target configurations
* Improved `NetworkPolicy` configuration for all components
* Metrics now an optional feature
* Each component expose a single Port `8080`
See [Migration Docs](https://kyverno.github.io/policy-reporter/guide/05-migration) for details
## Policy Reporter
* modular functions for separate activation/deactivation
* REST API
* Metrics API
* Target pushes
* PolicyReports are now stored in an internal SQLite
* extended REST API based on the new SQLite DB for filters and grouping of data
* metrics API is now optional
* metrics and REST API using the same HTTP Server (were separated before)
* improved CRD watch logic with Kubernetes client informer
* `Yandex` changed to a general `S3` target.
## Policy Reporter UI
* Rewrite with NuxtJS
* Simplified Proxy
* Improved SPA file handling
## Policy Reporter Kyverno Plugin
* modular functions for separate activation/deactivation
* REST API
* Metrics API
* metrics and REST API using the same HTTP Server (were separated before)
* improved CRD watch logic with Kubernetes client informer
# 1.12.6
* Update Go Base Image for all Components
* Policy Reporter [[#90](https://github.com/kyverno/policy-reporter-ui/pull/90) by [fjogeleit](https://github.com/fjogeleit)]
* Policy Reporter UI [[#11](https://github.com/kyverno/policy-reporter-ui/pull/11) by [realshuting](https://github.com/realshuting)]
* Policy Reporter Kyverno Plugin [[#9](https://github.com/kyverno/policy-reporter-ui/pull/9) by [realshuting](https://github.com/realshuting)]
# 1.12.5
* Dependency Update
# 1.12.4
* Fix policy-reporter-ui ServiceName function [[#87](https://github.com/kyverno/policy-reporter/pull/87) by [m-yosefpor](https://github.com/m-yosefpor)]
# 1.12.3
* Fix policy-reporter-ui backend name [[#85](https://github.com/kyverno/policy-reporter/pull/85) by [m-yosefpor](https://github.com/m-yosefpor)]
# 1.12.2
* Fix CRD registration for PolicyReport and ClusterPolicyReport
# 1.12.0
* Add Yandex as new Target for Policy Reporter
# 1.11.0
* Add Yandex as new Target for Policy Reporter
# 1.10.0
* Update Policy Reporter UI to v0.15.0
* Add Filters as Query Parameters, make them shareable over links
* Hosting all new Images on the GitHub Container Registry instead of DockerHub
* Go Version updates to Go 1.17 of all components
# 1.9.4
* Make the Image Registry configurable with `image.registry` [[#74](https://github.com/kyverno/policy-reporter/pull/74) by [stone-z](https://github.com/stone-z)]
# 1.9.3
* Fix loki target messages for labels with dots
# 1.9.2
* Add additional egress rules to kyvernoPlugin and UI subchart with `networkPolicy.egress`
# 1.9.1
* Configure the Kubernetes API Port for NetworkPolicy with `networkPolicy.kubernetesApiPort`
# 1.9.0
* Implement NetworkPolicy for Policy Reporter and related Components [[#68](https://github.com/kyverno/policy-reporter/pull/68) by [windowsrefund](https://github.com/windowsrefund)]
* Customize liveness- and readinessProbe for Policy Reporter [[#67](https://github.com/kyverno/policy-reporter/pull/67) by [windowsrefund](https://github.com/windowsrefund)]
# 1.8.10
* Fix ServiceMonitor Namespace overwrite with `monitoring.serviceMonitor.namespace` instead of `monitoring.namespace`
# 1.8.9
* Ensure Backward Compatibility for `monitoring.namespace` configuration
# 1.8.8
* Optional Namespace Configuration for Monitoring ServiceMonitor
* Separat Namespace Configuration for Monitoring ConfigMaps with `monitoring.grafana.namespace`
# 1.8.7
* Update Policy Reporter UI to 0.14.0
* Colored Diagrams
* Suppport SubPath Configuration
* Restart CRD Watches when no CRDs are found
* Fix Ingress Resource in the UI Subchart
* Allow to override namespace for serviceMonitor [[#57](https://github.com/kyverno/policy-reporter/pull/57) by [Issif](https://github.com/Issif)]
# 1.8.6
* Update Policy Reporter UI to 0.13.1
* Hide Rule Chips if rule name is empty
* Update Policy Reporter Kyvern Plugin to 0.3.2
* Improved LivenessProbe, checks now if Kyverno CRDs are available
* Update Policy Reporter to 1.8.4
* Improved LivenessProbe, checks now if any PolicyReport CRD is available
# 1.8.5
* Added trusted root CA's [[#52](https://github.com/kyverno/policy-reporter/pull/52) by [frezbo](https://github.com/frezbo)]
# 1.8.4
* Changed Organization
# 1.8.3
* Update Policy Reporter UI to 0.13.0
* Change Result Grouping between by Status and by Category
* Add source filter to ClusterPolicyReports
# 1.8.2
* Fix `scored` mapping for `v1alpha2/policyreports`
* Disable KyvernPlugin as default as expected
* Support `source` and `properties` for `policyreports/v1alpha2` in Policy Reporter UI
* Update Policy Reporter UI to `0.12.0`
# 1.8.1
* Customize label and annotation for Grafana dashboards [[#43](https://github.com/kyverno/policy-reporter/pull/43) by [nlamirault](https://github.com/nlamirault)]
* ARM64 Support for all Components
# 1.7.3
* Update Policy Reporter - Kyverno Plugin to 0.2.0
* New APIs for Liveness and Readiness Probes
# 1.7.2
* Update Policy Reporter - Kyverno Plugin to 0.1.2
* Fix Handling of Validations with empty messages
# 1.7.1
* Fix HelmChart - Deployment Probes for Policy Reporter
# 1.7.0
* Enable REST API by default
* Add `/healthz` and `/ready` APIs as new endpoints for readinessProbe and livenessProbe
* Helm Chart Updates
* Add `global.labels` to add `labels` on every resource created
* Add default labels on every resource
# 1.6.2
* Increase Result Caching Time to handle Kyverno issues with Policy reconcilation [Issue](https://github.com/kyverno/kyverno/issues/1921)
* Fix golint errors
# 1.6.1
* Add .global.fullnameOverride as new configuration for Policy Reporter Helm Chart
* Add static manifests to install Policy Reporter without Helm or Kustomize
# 1.6.0
* Internal refactoring
* Unification of PolicyReports and ClusterPolicyReports processing, APIs still stable
* DEPRECETED `crdVersion`, Policy Reporter handels now both versions by default
* DEPRECETED `cleanupDebounceTime`, new internal caching replaced the debounce mechanism, debounce still exist with a fixed period to improve stable metric values.
# 1.5.0
* Support multiple Resources for a single Result
* Mapping Result with multiple Resources in multiple Results with a single Resource
* Upate UI handling with Results without Resources
# 1.4.1
* Update Kyverno Plugin
* Fix Rule Type mapping
* Update Policy Reporter UI
* Fix Chart rerender when values are the same
# 1.4.0
* Add Kyverno Plugins to the Helm Chart
## 1.3.4
* Configure Debounce Time in seconds for Cleanup Events over Helm Chart
* Helm Value `cleanupDebounceTime` - default: 20
* Improved securityContext defaults
## 1.3.3
* Update Policy Reporter UI to v0.9.0
* expand Tables with Validation Message
* Reduce log messages
## 1.3.2
* Compress REST API with GZIP
* Update Policy Reporter UI to 0.8.0
* Support for GZIP Responses
## 1.3.1
* Debounce reconcile modification events for 10s to prevent resending violations
## 1.3.0
* New Helm Configuration
* `crdVersion` changes the version of the PolicyReporter CRD - v1alpha1 is the current default
## 1.2.3
* Fix resend violations after KubeAPI reconnect
## 1.2.2
* Fix PolicyReportResult.timestamp parsing
## 1.2.1
* Support PolicyReportResult.status as well as PolicyReportResult.result for newer CRD versions
## 1.2.0
* Support for (Cluster)PolicyReport CRD Properties in Target Output
* Support for (Cluster)PolicyReport CRD Timestamp in Target Output
* Fix resend violations after Kyverno Cleanup with ResultHashes
## 1.1.0
* Added PolicyReport Category to Metrics
* New (Cluster)PolicyReport filter for Grafana Dashboards
* Add __All__ Selection for Policy Filter
* Category Filter
* Severity Filter
* Kind Filter
* Namespacefilter (PolicyReports only)
* New (Cluster)PolicyReport filter for Policy Reporter UI
* Category Filter
* Severity Filter
* Kind Filter
## 1.0.0
* Support Priority by Severity
* high -> critical
* medium -> warning
* low -> information
* Severity is added as label to result metrics
* Severity is added in Policy Reporter UI tables
* Add "Critical" as new Priority to differ between Errored Policies and Failed priorities with High Severity
* Use "Warning" as new default Priority instead of Error which should now used for Policies in Error Status
## 0.22.0
* New Target Policy Reporter UI
* New Log View in the Policy Reporter UI to see the latest log entries
* Default: latest 200 logs with priority >= warning
## 0.21.0
* New Target MS Teams
## 0.20.2
* Policy Reporter UI update
* Select All option for Policy Filter
* New Namespace Filter for PolicyReport View
## 0.20.0
* [Breaking Change] rename policy-reporter-ui Subchart to ui
* Simplify the customization by configure all PolicyReporter UI values under `ui`
## 0.19.0
* PolicyResult Priority mapping is now configurable over the Helm Chart
## 0.18.0
* Helm Chart updates [#16](https://github.com/kyverno/policy-reporter/pull/16) fixes [#14](https://github.com/kyverno/policy-reporter/issues/14)
* Target Configuration are now configured under `target` in the HelmChart `values.yaml`
* config.yaml are now deployed as Secret with encoded data body (plain stringData before)
## 0.17.0
* New Helm Linting Workflow by kolikons [#15](https://github.com/kyverno/policy-reporter/pull/15)
* Improved Helm Chart by kolikons [#13](https://github.com/kyverno/policy-reporter/pull/13)
* More configuration possibilities like UI Ingress, ReplicaCount
* Role and RoleBindings for ConfigMaps are now optional (required for Priority configuration)
## 0.16.0
* New Optional REST API
* New Optional Policy Reporter UI Helm SubChart
## 0.15.1
* Add a checksum for the target configuration secret to the deployment. This enforces a pod recreation when the configuration changed by a Helm upgrade.
## 0.15.0
* Customizable Dashboards via new Helm values for the Monitoring Subchart.
## 0.14.0
* Internal refactoring
* Improved test coverage
* Removed duplicated caching
* Updated Dashboard
* Filter zero values from Policy Report Detail after Policies / Resources are deleted
## 0.13.0
* Split the Monitoring out in a Sub Helm chart
* Changed naming from `metrics` to `monitoring`
* Make Annotations for the Deployment configurable
* Add two new Grafana Dashboard (PolicyReport Details, ClusterPolicyReport Details)
## 0.12.0
* Add support for a special `default` key in the Policy Priority. The `default` key can be used to configure a global default priority instead of `error`
## 0.11.1
* Use a Secret instead of ConfigMap to persist target configurations
## 0.11.0
* Helm Chart Value `metrics.serviceMonitor` changed to `metrics.serviceMonitor.enabled`
* New Helm Chart Value `metrics.serviceMonitor.labels` can be used to add additional `labels` to the `SeriveMonitor`. This helps to fullfil the `serviceMonitorSelector` of the `Prometheus` Resource in the MonitoringStack.
## 0.10.0
* Implement Discord as Target for PolicyReportResults
## 0.9.0
* Implement Slack as Target for PolicyReportResults
## 0.8.0
* Implement Elasticsearch as Target for PolicyReportResults
* Replace CLI flags with a single `config.yaml` to manage target-configurations as separate `ConfigMap`
* Set `loki.skipExistingOnStartup` default value to `true`