New SubChart

CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## 0.16.0
+
+* New Optional REST API
+* New Optional Policy Reporter UI Helm SubChart
+
 ## 0.15.1
 
 * Add a checksum for the target configuration secret to the deployment. This enforces a pod recreation when the configuration changed by a Helm upgrade.

README.md

@@ -16,6 +16,7 @@ This project is in an early stage. Please let me know if anything did not work a
   * [Customization](#customization)
 * [Configure Policy Priorities](#configure-policy-priorities)
 * [Configure Monitoring](#monitoring)
+* [Policy Report UI](#policy-report-ui)
 
 ## Installation with Helm v3
 
@@ -236,6 +237,36 @@ If you are not using the MonitoringStack you can import the dashboards from [Gra
 
 ![ClusterPolicyReporter Details Grafana Dashboard](https://github.com/fjogeleit/policy-reporter/blob/main/docs/images/cluster-policy-details.png?raw=true)
 
+## Policy Report UI
+
+If you don't have any supported Monitoring solution running, you can use the standalone Policy Report UI.
+
+The UI is provided as optional Helm Sub Chart and can be enabled by setting `ui.enabled` to `true`. 
+
+### Installation
+
+```bash
+helm install policy-reporter policy-reporter/policy-reporter --set ui.enabled=true -n policy-reporter --create-namespace
+```
+
+### Access it with Port Forward on localhost
+
+```bash
+kubectl port-forward service/policy-reporter-ui 8082:8080 -n policy-reporter
+```
+
+Open `http://localhost:8082/` in your browser.
+
+### Exmaple
+
+The UI is an optional application and provides three different views with informations about the validation status of your audit policies.
+
+![Dashboard](https://github.com/fjogeleit/policy-reporter-ui/blob/main/docs/images/dashboard.png?raw=true)
+
+![Policy Reports](https://github.com/fjogeleit/policy-reporter-ui/blob/main/docs/images/policy-report.png?raw=true)
+
+![ClusterPolicyReports](https://github.com/fjogeleit/policy-reporter-ui/blob/main/docs/images/cluster-policy-report.png?raw=true)
+
 # Todos
 * ~~Support for ClusterPolicyReports~~
 * ~~Additional Targets~~

charts/policy-reporter/Chart.yaml

@@ -3,9 +3,11 @@ name: policy-reporter
 description: K8s PolicyReporter watches for wgpolicyk8s.io/v1alpha1.PolicyReport resources. It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord
 
 type: application
-version: 0.15.1
-appVersion: 0.11.1
+version: 0.16.0
+appVersion: 0.12.0
 
 dependencies:
   - name: monitoring
-    condition: monitoring.enabled
+    condition: monitoring.enabled
+  - name: policy-reporter-ui
+    condition: ui.enabled

charts/policy-reporter/charts/policy-reporter-ui/Chart.yaml

@@ -0,0 +1,7 @@
+apiVersion: v2
+name: policy-reporter-ui
+description: Policy Reporter UI
+
+type: application
+version: 0.1.0
+appVersion: 0.1.0

charts/policy-reporter/charts/policy-reporter-ui/templates/_helpers.tpl

@@ -0,0 +1,51 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "ui.fullname" -}}
+{{- $name := .Chart.Name }}
+{{- if contains .Release.Name $name }}
+{{- $name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+
+{{- define "ui.name" -}}
+{{- "policy-reporter-ui" }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "ui.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "ui.labels" -}}
+helm.sh/chart: {{ include "ui.chart" . }}
+{{ include "ui.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "ui.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "ui.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "ui.serviceAccountName" -}}
+{{ include "ui.fullname" . }}-sa
+{{- end }}

charts/policy-reporter/charts/policy-reporter-ui/templates/deployment.yaml

@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "ui.fullname" . }}
+  labels:
+    {{- include "ui.labels" . | nindent 4 }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      {{- include "ui.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "ui.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "ui.serviceAccountName" . }}
+      automountServiceAccountToken: true
+      containers:
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          args:
+            - -backend={{ .Values.backend }}
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}

charts/policy-reporter/charts/policy-reporter-ui/templates/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "ui.fullname" . }}
+  labels:
+    {{- include "ui.labels" . | nindent 4 }}
+spec:
+  type: ClusterIP
+  ports:
+    - port: 8080
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "ui.selectorLabels" . | nindent 4 }}

charts/policy-reporter/charts/policy-reporter-ui/templates/serviceaccount.yaml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "ui.serviceAccountName" . }}
+  labels:
+    {{- include "ui.labels" . | nindent 4 }}

charts/policy-reporter/charts/policy-reporter-ui/values.yaml

@@ -0,0 +1,18 @@
+enabled: false
+
+image:
+  repository: fjogeleit/policy-reporter-ui
+  pullPolicy: IfNotPresent
+  tag: 0.1.0
+
+imagePullSecrets: []
+
+backend: http://policy-reporter:8080
+
+resources:
+  requests:
+    memory: 50Mi
+    cpu: 10m
+  limits:
+    memory: 100Mi
+    cpu: 50m

charts/policy-reporter/templates/deployment.yaml

@@ -32,13 +32,18 @@ spec:
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           args:
             - --config=/app/config.yaml
-            {{- if .Values.api.enabled }}
-            - --apiPort={{ .Values.api.port }}
+            {{- if or .Values.api.enabled .Values.ui.enabled }}
+            - --apiPort=8080
             {{- end }}
           ports:
             - name: http
               containerPort: 2112
               protocol: TCP
+            {{- if or .Values.api.enabled .Values.ui.enabled }}
+            - name: rest
+              containerPort: 8080
+              protocol: TCP
+            {{- end }}
           livenessProbe:
             httpGet:
               path: /metrics

charts/policy-reporter/templates/service.yaml

@@ -5,11 +5,17 @@ metadata:
   labels:
     {{- include "policyreporter.labels" . | nindent 4 }}
 spec:
-  type: {{ .Values.service.type }}
+  type: ClusterIP
   ports:
-    - port: {{ .Values.service.port }}
+    - port: 2112
       targetPort: http
       protocol: TCP
       name: http
+    {{- if or .Values.api.enabled .Values.ui.enabled }}
+    - port: 8080
+      targetPort: rest
+      protocol: TCP
+      name: rest
+    {{- end }}
   selector:
     {{- include "policyreporter.selectorLabels" . | nindent 4 }}

charts/policy-reporter/values.yaml

@@ -1,17 +1,13 @@
 image:
   repository: fjogeleit/policy-reporter
   pullPolicy: IfNotPresent
-  tag: 0.11.1
+  tag: 0.12.0
 
 imagePullSecrets: []
 
 deployment:
   annotations: {}
 
-service:
-  type: ClusterIP
-  port: 2112
-
 resources:
   requests:
     memory: 50Mi
@@ -29,7 +25,6 @@ monitoring:
     labels: {}
 
 api:
-  port: 8080
   enabled: false
 
 loki:

pkg/api/handler.go

@@ -8,7 +8,8 @@ import (
 	"github.com/fjogeleit/policy-reporter/pkg/report"
 )
 
-func policyReportHandler(s *report.PolicyReportStore) http.HandlerFunc {
+// PolicyReportHandler for the PolicyReport REST API
+func PolicyReportHandler(s *report.PolicyReportStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, req *http.Request) {
 		w.Header().Set("Content-Type", "application/json; charset=UTF-8")
 		w.WriteHeader(http.StatusOK)
@@ -32,7 +33,8 @@ func policyReportHandler(s *report.PolicyReportStore) http.HandlerFunc {
 	}
 }
 
-func clusterPolicyReportHandler(s *report.ClusterPolicyReportStore) http.HandlerFunc {
+// ClusterPolicyReportHandler for the ClusterPolicyReport REST API
+func ClusterPolicyReportHandler(s *report.ClusterPolicyReportStore) http.HandlerFunc {
 	return func(w http.ResponseWriter, req *http.Request) {
 		w.Header().Set("Content-Type", "application/json; charset=UTF-8")
 		w.WriteHeader(http.StatusOK)
@@ -56,7 +58,8 @@ func clusterPolicyReportHandler(s *report.ClusterPolicyReportStore) http.Handler
 	}
 }
 
-func targetsHandler(targets []Target) http.HandlerFunc {
+// TargetsHandler for the Targets REST API
+func TargetsHandler(targets []Target) http.HandlerFunc {
 	return func(w http.ResponseWriter, req *http.Request) {
 		w.Header().Set("Content-Type", "application/json; charset=UTF-8")
 		w.WriteHeader(http.StatusOK)