Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add support for kyverno addon including reporter UI and baseline policies #910

Merged
merged 22 commits into from
Sep 23, 2022
Merged

feat: Add support for kyverno addon including reporter UI and baseline policies #910

merged 22 commits into from
Sep 23, 2022

Conversation

zeagord
Copy link
Contributor

@zeagord zeagord commented Aug 30, 2022
edited by bryantbiggs
Loading

What does this PR do?

  • Adds kyverno baseline policies
  • Adds kyverno policy reporter UI

Closes #620

Motivation

Kyverno is used widely to enforce policies in kubernetes environments, having this module part of EKS Blueprints will be extremely useful for many.

More

  • Yes, I have tested the PR using my local account setup (Provide any test evidence report under Additional Notes)
  • Yes, I have added a new example under examples to support my PR
  • Yes, I have created another PR for add-ons under add-ons repo (if applicable) - There is already one available there
  • Yes, I have updated the docs for this feature
  • Yes, I ran pre-commit run -a with this PR

Note: Not all the PRs required examples and docs except a new pattern or add-on added.

For Moderators

  • E2E Test successfully complete before merge?

Additional Notes

zeagord and others added 4 commits August 30, 2022 15:10
@zeagord @macirculado
Adds kyverno module
ba0c389 
Adds kyverno baseline policies
Adds kyverno policy reporter UI

Co-authored-by:  Maria Ana Circulado  <anacirc@amazon.ph>
@zeagord
Fixes pre commit checks
370e75e
@zeagord @macirculado
Fixes pre commit checks
7d34127 
Co-authored-by:  Maria Ana Circulado  <anacirc@amazon.ph>
@zeagord
Merge branch 'main' of github.com:zeagord/terraform-aws-eks-blueprints
ead7b3e
vara-bonthu
vara-bonthu reviewed Aug 30, 2022
View reviewed changes
Copy link
Contributor

@vara-bonthu vara-bonthu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR 👍 few comments needs addressing.

  1. Add this to complete addon example. Show some examples of how to use Kyverno with policies
  2. GitHub pages required for all addons. Add doc under docs folder

modules/kubernetes-addons/kyverno/locals.tf Outdated Show resolved Hide resolved
modules/kubernetes-addons/kyverno/variables.tf Outdated Show resolved Hide resolved
modules/kubernetes-addons/main.tf Outdated Show resolved Hide resolved
modules/kubernetes-addons/variables.tf Show resolved Hide resolved
@bryantbiggs bryantbiggs changed the title Adds kyverno feat: Add support for kyverno addon including reporter UI and baseline policies Aug 30, 2022
@zeagord
Incorporates review comments and adds documentation and examples
44b037e 
Co-authored-by:  Maria Ana Circulado  <anacirc@amazon.ph>
@zeagord
Fixes helm config references in module
a368d80 
Co-authored-by:  Maria Ana Circulado  <anacirc@amazon.ph>
@zeagord
Fixes helm config references in module
2cfab04 
Co-authored-by:  Maria Ana Circulado  <anacirc@amazon.ph>
@zeagord
Fixes typo in helm config attribute
8322d64 
Co-authored-by:  Maria Ana Circulado  <anacirc@amazon.ph>
@zeagord @macirculado
Adds an option to enable or disable kyverno ui and policies
dfaaf14 
Co-authored-by:  Maria Ana Circulado  <anacirc@amazon.ph>
bryantbiggs
bryantbiggs reviewed Sep 15, 2022
View reviewed changes
modules/kubernetes-addons/kyverno/locals.tf Outdated
)


argocd_gitops_config = {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we will need to:

  1. Update the version of Kyverno here https://github.com/aws-samples/eks-blueprints-add-ons/blob/main/add-ons/kyverno/Chart.yaml#L19
  2. Add an enable flag for the policies and reporter
  3. Add policies and reporter dependencies to https://github.com/aws-samples/eks-blueprints-add-ons/blob/main/add-ons/kyverno/Chart.yaml#L17 similar to what was done here https://github.com/kyverno/policy-reporter/blob/main/charts/policy-reporter/Chart.yaml#L18
  4. Update https://github.com/aws-samples/eks-blueprints-add-ons/blob/main/chart/values.yaml to match

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Created a PR for this which applies the items above: aws-samples/eks-blueprints-add-ons#83

@macirculado macirculado mentioned this pull request Sep 19, 2022
Merged
@bryantbiggs bryantbiggs temporarily deployed to EKS Blueprints Test September 23, 2022 20:59 Inactive
@bryantbiggs bryantbiggs temporarily deployed to EKS Blueprints Test September 23, 2022 23:02 Inactive
bryantbiggs
bryantbiggs approved these changes Sep 23, 2022
View reviewed changes
Copy link
Contributor

@bryantbiggs bryantbiggs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you, this looks awesome!

@bryantbiggs bryantbiggs merged commit 4ddf74b into aws-ia:main Sep 23, 2022
allamand pushed a commit to allamand/terraform-aws-eks-blueprints that referenced this pull request Dec 15, 2022
@zeagord @allamand
feat: Add support for kyverno addon including reporter UI and basel…
9cb0ca9 
…ine policies (aws-ia#910)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vara-bonthu vara-bonthu vara-bonthu left review comments

@macirculado macirculado macirculado left review comments

@bryantbiggs bryantbiggs bryantbiggs approved these changes

@askulkarni2 askulkarni2 Awaiting requested review from askulkarni2

@kcoleman731 kcoleman731 Awaiting requested review from kcoleman731

@Zvikan Zvikan Awaiting requested review from Zvikan

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[FEATURE] [ADDON] Add Kyverno Addon
4 participants
@zeagord @macirculado @bryantbiggs @vara-bonthu