mirror of
https://github.com/kyverno/policy-reporter.git
synced 2024-12-14 11:57:32 +00:00
f6ced8d5f0
Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
16 KiB
16 KiB
Changelog
2.9.0
- Policy Reporter
- New configuration to use Redis as external result caching store
- SQLite Improvement: Use batch insertion for PolicyReportResults
- PolicyReport Informer Update: Use typed informer to improve performance and memory usage
- Drop support for
v1alpha1
of the PolicyReport CRD
2.8.0
- Policy Reporter
- New target filter and channels to define multiple configurations of the same target
- Filter target results by exclude and include rules for namesapces, priorities and policies
- Support wildcards for policies and namespaces
- New webhook target
- this target is a simple way to send notifications to custom tools and APIs
- results are send as POST requests with a JSON representation of the result
- the headers properties allows you to send custom header with the request to allow for example authentication
- New target filter and channels to define multiple configurations of the same target
2.7.1
- Policy Reporter
- Add Resource APIVersion to the Results REST APIs
2.7.0
- Policy Reporter
- PolicyReport Filter:
- PolicyReporter CRD Filter by Namespaces
- Disable ClusterPolicyReport CRD processing
- PolicyReport Filter:
2.6.3
- Policy Reporter
- Fix Debouncer has wrong reference to OldPolicyReport when a result was cached.
2.6.2
-
Policy Reporter
- Update Go to 1.17.8
- Add
serviceMonitor.relabelings
andserviceMonitor.metricRelabelings
for ServiceMonitor configuration in themonitoring
Subchart. - Add
kyverno.serviceMonitor.relabelings
andkyverno.serviceMonitor.metricRelabelings
for the KyvernoPlugin ServiceMonitor configuration in themonitoring
Subchart.
-
Policy Reporter UI
- Update Go to 1.17.8
-
Policy Reporter KyvernoPlugin
- Update Go to 1.17.8
2.6.1
- Update Policy Reporter UI to v1.3.2
- Support access over Subpaths, e.g. Rancher Reverse Proxy
- Update Policy Reporter Monitoring to v2.1.0
- Fix Failing ClusterPolicyRules Columns of the PolicyReports Dashboard
- Add Filter to the PolicyReports Dashboard
2.6.0
- Add seccomp profile support [#120 by eddycharly]
2.5.0
- New Policy Reporter API to get a list of available resources
- New Filter for Policies, Kinds, Categories and Results APIs
2.4.0
- Policy Reporter
- Add Support for custom Loki labels
2.3.0
-
Policy Reporter
-
Policy Reporter UI
-
Policy Reporter KyvernoPlugin
2.2.6
2.2.5
-
Policy Reporter
- Update Go to 1.17.6 [#110 by realshuting]
- Update Helm Chart with new component versions
- Update dependencies
-
Policy Reporter UI
- Update Go to 1.17.6 [#93 by realshuting]
- Update dependencies
-
Policy Reporter KyvernoPlugin
- Update Go to 1.17.6 [#12 by realshuting]
2.2.4
- Fix PolicyReport Napper - string casting
2.2.3
- Fix Helm Chart uihost template function.
2.2.2
- Fix Helm Chart
values.yaml
. Cleanup unused default configurations. [#103 by AndersBennedsgaard]
2.2.1
- Fix Typo in values.yaml [#102 by christophefromparis]
2.2.0
- Policy Reporter UI v1.2.0
- New configurations to customize the dashboard by disable PolicyReport- or ClusterPolicyReport information
2.1.1
- Fix KyvernoPlugin Metrics ServiceMonitor Port [#96 by z0rc]
- Remove unused Port from KyvernoPlugin Deployment and Service
2.1.0
- KyvernoPlugin v1.1.0
- New KyvernoPlugin API - VerifyImages Rules (details)
- Policy Reporter UI v1.1.0
- New Kyverno VerifyImages view in Policy Reporter UI
- New configurations to disable views (details)
2.0.1
- Remove NetworkPolicy ingress rule for UI if not enabled
- Update Policy Reporter UI
- Fix: Show PolicyReportResult Properties in Tables
2.0.0
Chart
- Removed deprecated values
crdVersion
,cleanupDebounceTime
- Simplify
policyPriorities
,policyPriorities.enabled
was removed along with the watch feature- Priority determined mainly over severity
- Add
sources
filter to target configurations - Improved
NetworkPolicy
configuration for all components - Metrics now an optional feature
- Each component expose a single Port
8080
See Migration Docs for details
Policy Reporter
- modular functions for separate activation/deactivation
- REST API
- Metrics API
- Target pushes
- PolicyReports are now stored in an internal SQLite
- extended REST API based on the new SQLite DB for filters and grouping of data
- metrics API is now optional
- metrics and REST API using the same HTTP Server (were separated before)
- improved CRD watch logic with Kubernetes client informer
Yandex
changed to a generalS3
target.
Policy Reporter UI
- Rewrite with NuxtJS
- Simplified Proxy
- Improved SPA file handling
Policy Reporter Kyverno Plugin
- modular functions for separate activation/deactivation
- REST API
- Metrics API
- metrics and REST API using the same HTTP Server (were separated before)
- improved CRD watch logic with Kubernetes client informer
1.12.6
- Update Go Base Image for all Components
- Policy Reporter [#90 by fjogeleit]
- Policy Reporter UI [#11 by realshuting]
- Policy Reporter Kyverno Plugin [#9 by realshuting]
1.12.5
- Dependency Update
1.12.4
- Fix policy-reporter-ui ServiceName function [#87 by m-yosefpor]
1.12.3
- Fix policy-reporter-ui backend name [#85 by m-yosefpor]
1.12.2
- Fix CRD registration for PolicyReport and ClusterPolicyReport
1.12.0
- Add Yandex as new Target for Policy Reporter
1.11.0
- Add Yandex as new Target for Policy Reporter
1.10.0
- Update Policy Reporter UI to v0.15.0
- Add Filters as Query Parameters, make them shareable over links
- Hosting all new Images on the GitHub Container Registry instead of DockerHub
- Go Version updates to Go 1.17 of all components
1.9.4
1.9.3
- Fix loki target messages for labels with dots
1.9.2
- Add additional egress rules to kyvernoPlugin and UI subchart with
networkPolicy.egress
1.9.1
- Configure the Kubernetes API Port for NetworkPolicy with
networkPolicy.kubernetesApiPort
1.9.0
- Implement NetworkPolicy for Policy Reporter and related Components [#68 by windowsrefund]
- Customize liveness- and readinessProbe for Policy Reporter [#67 by windowsrefund]
1.8.10
- Fix ServiceMonitor Namespace overwrite with
monitoring.serviceMonitor.namespace
instead ofmonitoring.namespace
1.8.9
- Ensure Backward Compatibility for
monitoring.namespace
configuration
1.8.8
- Optional Namespace Configuration for Monitoring ServiceMonitor
- Separat Namespace Configuration for Monitoring ConfigMaps with
monitoring.grafana.namespace
1.8.7
- Update Policy Reporter UI to 0.14.0
- Colored Diagrams
- Suppport SubPath Configuration
- Restart CRD Watches when no CRDs are found
- Fix Ingress Resource in the UI Subchart
- Allow to override namespace for serviceMonitor [#57 by Issif]
1.8.6
- Update Policy Reporter UI to 0.13.1
- Hide Rule Chips if rule name is empty
- Update Policy Reporter Kyvern Plugin to 0.3.2
- Improved LivenessProbe, checks now if Kyverno CRDs are available
- Update Policy Reporter to 1.8.4
- Improved LivenessProbe, checks now if any PolicyReport CRD is available
1.8.5
1.8.4
- Changed Organization
1.8.3
- Update Policy Reporter UI to 0.13.0
- Change Result Grouping between by Status and by Category
- Add source filter to ClusterPolicyReports
1.8.2
- Fix
scored
mapping forv1alpha2/policyreports
- Disable KyvernPlugin as default as expected
- Support
source
andproperties
forpolicyreports/v1alpha2
in Policy Reporter UI- Update Policy Reporter UI to
0.12.0
- Update Policy Reporter UI to
1.8.1
- Customize label and annotation for Grafana dashboards [#43 by nlamirault]
- ARM64 Support for all Components
1.7.3
- Update Policy Reporter - Kyverno Plugin to 0.2.0
- New APIs for Liveness and Readiness Probes
1.7.2
- Update Policy Reporter - Kyverno Plugin to 0.1.2
- Fix Handling of Validations with empty messages
1.7.1
- Fix HelmChart - Deployment Probes for Policy Reporter
1.7.0
- Enable REST API by default
- Add
/healthz
and/ready
APIs as new endpoints for readinessProbe and livenessProbe
- Add
- Helm Chart Updates
- Add
global.labels
to addlabels
on every resource created - Add default labels on every resource
- Add
1.6.2
- Increase Result Caching Time to handle Kyverno issues with Policy reconcilation Issue
- Fix golint errors
1.6.1
- Add .global.fullnameOverride as new configuration for Policy Reporter Helm Chart
- Add static manifests to install Policy Reporter without Helm or Kustomize
1.6.0
- Internal refactoring
- Unification of PolicyReports and ClusterPolicyReports processing, APIs still stable
- DEPRECETED
crdVersion
, Policy Reporter handels now both versions by default - DEPRECETED
cleanupDebounceTime
, new internal caching replaced the debounce mechanism, debounce still exist with a fixed period to improve stable metric values.
1.5.0
- Support multiple Resources for a single Result
- Mapping Result with multiple Resources in multiple Results with a single Resource
- Upate UI handling with Results without Resources
1.4.1
- Update Kyverno Plugin
- Fix Rule Type mapping
- Update Policy Reporter UI
- Fix Chart rerender when values are the same
1.4.0
- Add Kyverno Plugins to the Helm Chart
1.3.4
- Configure Debounce Time in seconds for Cleanup Events over Helm Chart
- Helm Value
cleanupDebounceTime
- default: 20
- Helm Value
- Improved securityContext defaults
1.3.3
- Update Policy Reporter UI to v0.9.0
- expand Tables with Validation Message
- Reduce log messages
1.3.2
- Compress REST API with GZIP
- Update Policy Reporter UI to 0.8.0
- Support for GZIP Responses
1.3.1
- Debounce reconcile modification events for 10s to prevent resending violations
1.3.0
- New Helm Configuration
crdVersion
changes the version of the PolicyReporter CRD - v1alpha1 is the current default
1.2.3
- Fix resend violations after KubeAPI reconnect
1.2.2
- Fix PolicyReportResult.timestamp parsing
1.2.1
- Support PolicyReportResult.status as well as PolicyReportResult.result for newer CRD versions
1.2.0
- Support for (Cluster)PolicyReport CRD Properties in Target Output
- Support for (Cluster)PolicyReport CRD Timestamp in Target Output
- Fix resend violations after Kyverno Cleanup with ResultHashes
1.1.0
- Added PolicyReport Category to Metrics
- New (Cluster)PolicyReport filter for Grafana Dashboards
- Add All Selection for Policy Filter
- Category Filter
- Severity Filter
- Kind Filter
- Namespacefilter (PolicyReports only)
- New (Cluster)PolicyReport filter for Policy Reporter UI
- Category Filter
- Severity Filter
- Kind Filter
1.0.0
- Support Priority by Severity
- high -> critical
- medium -> warning
- low -> information
- Severity is added as label to result metrics
- Severity is added in Policy Reporter UI tables
- Add "Critical" as new Priority to differ between Errored Policies and Failed priorities with High Severity
- Use "Warning" as new default Priority instead of Error which should now used for Policies in Error Status
0.22.0
- New Target Policy Reporter UI
- New Log View in the Policy Reporter UI to see the latest log entries
- Default: latest 200 logs with priority >= warning
0.21.0
- New Target MS Teams
0.20.2
- Policy Reporter UI update
- Select All option for Policy Filter
- New Namespace Filter for PolicyReport View
0.20.0
- [Breaking Change] rename policy-reporter-ui Subchart to ui
- Simplify the customization by configure all PolicyReporter UI values under
ui
- Simplify the customization by configure all PolicyReporter UI values under
0.19.0
- PolicyResult Priority mapping is now configurable over the Helm Chart
0.18.0
- Helm Chart updates #16 fixes #14
- Target Configuration are now configured under
target
in the HelmChartvalues.yaml
- config.yaml are now deployed as Secret with encoded data body (plain stringData before)
- Target Configuration are now configured under
0.17.0
- New Helm Linting Workflow by kolikons #15
- Improved Helm Chart by kolikons #13
- More configuration possibilities like UI Ingress, ReplicaCount
- Role and RoleBindings for ConfigMaps are now optional (required for Priority configuration)
0.16.0
- New Optional REST API
- New Optional Policy Reporter UI Helm SubChart
0.15.1
- Add a checksum for the target configuration secret to the deployment. This enforces a pod recreation when the configuration changed by a Helm upgrade.
0.15.0
- Customizable Dashboards via new Helm values for the Monitoring Subchart.
0.14.0
- Internal refactoring
- Improved test coverage
- Removed duplicated caching
- Updated Dashboard
- Filter zero values from Policy Report Detail after Policies / Resources are deleted
0.13.0
- Split the Monitoring out in a Sub Helm chart
- Changed naming from
metrics
tomonitoring
- Changed naming from
- Make Annotations for the Deployment configurable
- Add two new Grafana Dashboard (PolicyReport Details, ClusterPolicyReport Details)
0.12.0
- Add support for a special
default
key in the Policy Priority. Thedefault
key can be used to configure a global default priority instead oferror
0.11.1
- Use a Secret instead of ConfigMap to persist target configurations
0.11.0
- Helm Chart Value
metrics.serviceMonitor
changed tometrics.serviceMonitor.enabled
- New Helm Chart Value
metrics.serviceMonitor.labels
can be used to add additionallabels
to theSeriveMonitor
. This helps to fullfil theserviceMonitorSelector
of thePrometheus
Resource in the MonitoringStack.
0.10.0
- Implement Discord as Target for PolicyReportResults
0.9.0
- Implement Slack as Target for PolicyReportResults
0.8.0
- Implement Elasticsearch as Target for PolicyReportResults
- Replace CLI flags with a single
config.yaml
to manage target-configurations as separateConfigMap
- Set
loki.skipExistingOnStartup
default value totrue