Skip to content

Creates Prometheus Metrics for PolicyReports and ClusterPolicyReports. Ships with an optional Web UI and can send new Results to different Clients like Loki and Elasticsearch. Provides a optional Monitoring Subchart with a ServiceMonitor and Grafana Dashboards for the Prometheus Operator.

main
Switch branches/tags
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
cmd
 
 
 
 
pkg
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Policy Reporter

CI Go Report Card Coverage Status

Motivation

Kyverno ships with two types of validation. You can either enforce a rule or audit it. If you don't want to block developers or if you want to try out a new rule, you can use the audit functionality. The audit configuration creates PolicyReports which you can access with kubectl. Because I can't find a simple solution to get a general overview of this PolicyReports and PolicyReportResults, I created this tool to send information about PolicyReports to different targets like Grafana Loki, Elasticsearch or Slack.

Policy Reporter provides also a Prometheus Metrics API as well as an standalone mode along with the Policy Reporter UI.

This project is in an early stage. Please let me know if anything did not work as expected or if you want to send your audits to unsupported targets.

Documentation

You can find detailed Information and Screens about Features and Configurations in the Documentation.

Getting Started

Installation with Helm v3

Installation via Helm Repository

Add the Helm repository

helm repo add policy-reporter https://fjogeleit.github.io/policy-reporter
helm repo update

Basic Installation - Provides Prometheus Metrics

helm install policy-reporter policy-reporter/policy-reporter -n policy-reporter --create-namespace

Policy Reporter UI

You can use the Policy Reporter as standalone Application along with the optional UI SubChart.

Installation with Policy Reporter UI enabled

helm install policy-reporter policy-reporter/policy-reporter --set ui.enabled=true -n policy-reporter --create-namespace
kubectl port-forward service/policy-reporter-ui 8082:8080 -n policy-reporter

Open http://localhost:8082/ in your browser.

Check the Documentation for Screens and additional Information

Targets

Policy Reporter supports the following Targets to send new (Cluster)PolicyReport Results too:

Monitoring

The Helm Chart includes optional SubChart for Prometheus Operator Integration. The provided Dashboards working without Loki and are only based on the Prometheus Metrics.

Have a look into the Documentation for details.

Grafana Dashboard Import

If you are not using the MonitoringStack you can import the dashboards from Grafana

Resources

About

Creates Prometheus Metrics for PolicyReports and ClusterPolicyReports. Ships with an optional Web UI and can send new Results to different Clients like Loki and Elasticsearch. Provides a optional Monitoring Subchart with a ServiceMonitor and Grafana Dashboards for the Prometheus Operator.

Topics

Resources

License

Languages