Policy Reporter watches for PolicyReport Resources. It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord
- Kubernetes Cluster deployed
- Kubernetes config installed in
~/.kube/config - Helm installed
Install Helm
https://helm.sh/docs/intro/install/
- Clone down the repository
- cd into directory
helm install kyverno-reporter chart/| Key | Type | Default | Description |
|---|---|---|---|
| domain | string | "dev.bigbang.mil" |
domain to use for virtual service |
| global.fullnameOverride | string | "kyverno-reporter" |
|
| global.labels | object | {} |
|
| istio.enabled | bool | false |
|
| istio.sidecar.enabled | bool | false |
|
| istio.sidecar.outboundTrafficPolicyMode | string | "REGISTRY_ONLY" |
|
| istio.serviceEntries.custom | list | [] |
|
| istio.authorizationPolicies.enabled | bool | false |
|
| istio.authorizationPolicies.custom | list | [] |
|
| istio.mtls.mode | string | "STRICT" |
|
| routes.inbound.policy-reporter-ui.enabled | bool | true |
|
| routes.inbound.policy-reporter-ui.gateways[0] | string | "istio-gateway/public-ingressgateway" |
|
| routes.inbound.policy-reporter-ui.hosts[0] | string | "policyreporter.dev.bigbang.mil" |
|
| routes.inbound.policy-reporter-ui.service | string | "policy-reporter-ui.kyverno-reporter.svc.cluster.local" |
|
| routes.inbound.policy-reporter-ui.port | int | 8080 |
|
| networkPolicies.enabled | bool | false |
|
| networkPolicies.egress.from.kyverno-reporter.podSelector.matchLabels."app.kubernetes.io/instance" | string | "kyverno-reporter-kyverno-reporter" |
|
| networkPolicies.egress.from.kyverno-reporter.to.definition.kubeAPI | bool | true |
|
| networkPolicies.ingress.to.policy-reporter:8080.from.k8s.monitoring-monitoring-kube-prometheus@monitoring/prometheus | bool | false |
|
| networkPolicies.additionalPolicies | list | [] |
|
| bbtests.enabled | bool | false |
|
| bbtests.cypress.artifacts | bool | true |
|
| bbtests.cypress.envs.cypress_grafana_url | string | "http://grafana.monitoring.svc.cluster.local" |
|
| bbtests.cypress.envs.cypress_prometheus_url | string | "http://monitoring-kube-prometheus-prometheus.monitoring.svc.cluster.local:9090" |
|
| bbtests.cypress.envs.cypress_grafana_user | string | "admin" |
|
| bbtests.cypress.envs.cypress_grafana_pass | string | "prom-operator" |
|
| bbtests.cypress.envs.cypress_reporter_ns | string | "kyverno-reporter" |
|
| bbtests.cypress.envs.cypress_policyreporter_ui | string | "http://policy-reporter-ui.kyverno-reporter.svc.cluster.local:8080" |
|
| bbtests.scripts.image | string | "registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.34.6" |
|
| bbtests.scripts.envs.KYVERNO_REPORTER_URL | string | "http://policy-reporter.kyverno-reporter.svc:8080" |
|
| bbtests.volumes | list | [] |
|
| upstream | object | Upstream chart values | Values to pass to the upstream kyverno chart |
| upstream.monitoring.enabled | bool | true |
Enables the Prometheus Operator integration |
Please see the contributing guide if you are interested in contributing.
This file is programatically generated using helm-docs and some BigBang-specific templates. The gluon repository has instructions for regenerating package READMEs.