1
0
Fork 0
mirror of https://github.com/kyverno/policy-reporter.git synced 2024-12-14 11:57:32 +00:00
Monitoring and Observability Tool for the PolicyReport CRD with an optional UI.
Find a file
2021-02-20 14:25:42 +01:00
charts/policy-reporter prepare first release 2021-02-20 13:57:14 +01:00
cmd feat(Support ClusterPolicy) 2021-02-20 13:54:02 +01:00
docs/images Add concurrency to metrics and loki client 2021-02-20 11:00:10 +01:00
pkg Fix missing caching update 2021-02-20 14:25:42 +01:00
.dockerignore Add concurrency to metrics and loki client 2021-02-20 11:00:10 +01:00
.gitignore init 2021-02-20 00:58:01 +01:00
config.example.yaml init 2021-02-20 00:58:01 +01:00
Dockerfile init 2021-02-20 00:58:01 +01:00
go.mod init 2021-02-20 00:58:01 +01:00
go.sum init 2021-02-20 00:58:01 +01:00
LICENSE.md init 2021-02-20 00:58:01 +01:00
main.go init 2021-02-20 00:58:01 +01:00
Makefile init 2021-02-20 00:58:01 +01:00
README.md feat(Support ClusterPolicy) 2021-02-20 13:54:02 +01:00

PolicyReporter

Motivation

Kyverno ships with two types of validation. You can either enforce a rule or audit it. If you don't want to block developers or if you want to try out a new rule, you can use the audit functionality. The audit configuration creates PolicyReports which you can access with kubectl. Because I can't find a simple solution to get a general overview of this PolicyReports and PolicyReportResults, I created this tool to send information from PolicyReports to Grafana Loki. As additional feature this tool provides an http server with Prometheus Metrics about ReportPolicy Summaries and ReportPolicyRules.

This project is in an early stage. Please let me know if anything did not work as expected or if you want so send your audits to other targets then Loki.

Installation with Helm v3

Clone the repository and use the following command:

git clone https://github.com/fjogeleit/policy-reporter.git

cd policy-reporter

helm install policy-reporter ./charts/policy-reporter --set loki=http://lokihost:3100 -n policy-reporter --create-namespace

You can also customize the ./charts/policy-reporter/values.yaml to change the default configurations.

Configure policyPriorities

By default kyverno PolicyReports has no priority or severity for policies. So every passed rule validation will be processed as notice, a failed validation is processed as error. To customize this you can configure a mapping from policies to fail priorities. So you can send them as warnings instead of errors.

# values.yaml
# policyPriorities example diff

policyPriorities:
    check-label-app: warning

Example Outputs

Grafana Loki

Prometheus Metrics

Todos

  • Support for ClusterPolicyReports
  • Additional Targets