Add global.labels and health APIs

CHANGELOG.md

@@ -1,6 +1,13 @@
 # Changelog
 
 
+# 1.7.0
+* Enable REST API by default
+    * Add `/healthz` and `/ready` APIs as new endpoints for readinessProbe and livenessProbe
+* Helm Chart Updates
+    * Add `global.labels` to add `labels` on every resource created
+    * Add default labels on every resource
+
 # 1.6.2
 * Increase Result Caching Time to handle Kyverno issues with Policy reconcilation [Issue](https://github.com/kyverno/kyverno/issues/1921)
 * Fix golint errors

charts/policy-reporter/Chart.lock

@@ -1,12 +1,12 @@
 dependencies:
 - name: monitoring
   repository: ""
-  version: 1.2.0
+  version: 1.3.0
 - name: ui
   repository: ""
-  version: 1.6.0
+  version: 1.7.0
 - name: kyvernoPlugin
   repository: ""
-  version: 0.2.0
-digest: sha256:c32c38e295ebe08651a81937858ba920212bd075aa7605189919c20820067e85
-generated: "2021-05-21T10:53:50.045598+02:00"
+  version: 0.3.0
+digest: sha256:e5b478e8c16d73531126c3b4331c92c1fb8bc89db412a46ddce22f6d45b26ccc
+generated: "2021-05-29T09:48:14.131726+02:00"

charts/policy-reporter/Chart.yaml

@@ -5,19 +5,19 @@ description: |
   It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord
 
 type: application
-version: 1.6.2
-appVersion: 1.6.1
+version: 1.7.0
+appVersion: 1.7.0
 
 dependencies:
   - name: monitoring
     condition: monitoring.enabled
     repository: ""
-    version: "1.2.0"
+    version: "1.3.0"
   - name: ui
     condition: ui.enabled
     repository: ""
-    version: "1.6.0"
+    version: "1.7.0"
   - name: kyvernoPlugin
     condition: kyvernoPlugin.enabled
     repository: ""
-    version: "0.2.0"
+    version: "0.3.0"

charts/policy-reporter/charts/kyvernoPlugin/Chart.yaml

@@ -3,5 +3,5 @@ name: kyvernoPlugin
 description: Policy Reporter Kyverno Plugin
 
 type: application
-version: 0.2.0
+version: 0.3.0
 appVersion: 0.1.1

charts/policy-reporter/charts/kyvernoPlugin/templates/_helpers.tpl

@@ -35,6 +35,9 @@ helm.sh/chart: {{ include "kyvernoplugin.chart" . }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- with .Values.global.labels }}
+{{ toYaml . }}
+{{- end -}}
 {{- end }}
 
 {{/*

charts/policy-reporter/charts/kyvernoPlugin/templates/clusterrole.yaml

@@ -4,6 +4,7 @@ kind: ClusterRole
 metadata:
   labels:
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
+    {{- include "kyvernoplugin.labels" . | nindent 4 }}
   name: {{ include "kyvernoplugin.fullname" . }}
 rules:
 - apiGroups:

charts/policy-reporter/charts/kyvernoPlugin/templates/clusterrolebinding.yaml

@@ -3,6 +3,8 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: {{ include "kyvernoplugin.fullname" . }}
+  labels:
+    {{- include "kyvernoplugin.labels" . | nindent 4 }}
 roleRef:
   kind: ClusterRole
   name: {{ include "kyvernoplugin.fullname" . }}

charts/policy-reporter/charts/kyvernoPlugin/templates/deployment.yaml

@@ -20,6 +20,9 @@ spec:
         {{- with .Values.podLabels }}
           {{- toYaml . | nindent 8 }}
         {{- end }}
+        {{- with .Values.global.labels }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
       {{- if .Values.podAnnotations }}
       annotations:
         {{- with .Values.podAnnotations }}

charts/policy-reporter/charts/monitoring/Chart.yaml

@@ -3,5 +3,5 @@ name: monitoring
 description: Policy Reporter Monitoring with predefined ServiceMonitor and Grafana Dashboards
 
 type: application
-version: 1.2.0
+version: 1.3.0
 appVersion: 0.0.0

charts/policy-reporter/charts/monitoring/templates/_helpers.tpl

@@ -13,3 +13,30 @@ If release name contains chart name it will be used as a full name.
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
 {{- end }}
 {{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "monitoring.labels" -}}
+helm.sh/chart: {{ include "policyreporter.chart" . }}
+{{ include "monitoring.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- with .Values.global.labels }}
+{{ toYaml . }}
+{{- end -}}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "monitoring.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "monitoring.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{- define "monitoring.name" -}}
+{{- "monitoring" }}
+{{- end }}

charts/policy-reporter/charts/monitoring/templates/clusterpolicy-details.dashboard.yaml

@@ -5,6 +5,7 @@ metadata:
   namespace: {{ .Values.namespace }}
   labels:
     grafana_dashboard: "1"
+    {{- include "monitoring.labels" . | nindent 4 }}
 data:
   cluster-policy-reporter-details-dashboard.json: |
     {

charts/policy-reporter/charts/monitoring/templates/kyverno-servicemonitor.yaml

@@ -3,10 +3,11 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
   name: {{ include "monitoring.fullname" . }}-kyverno-plugin
-  {{- if .Values.serviceMonitor.labels }}
   labels:
-    {{- toYaml .Values.serviceMonitor.labels | nindent 4 }} 
-  {{- end }}
+    {{- with .Values.serviceMonitor.labels }}
+        {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- include "monitoring.labels" . | nindent 4 }}
 spec:
   selector:
     matchLabels:

charts/policy-reporter/charts/monitoring/templates/overview.dashboard.yaml

@@ -5,6 +5,10 @@ metadata:
   namespace: {{ .Values.namespace }}
   labels:
     grafana_dashboard: "1"
+    {{- with .Values.serviceMonitor.labels }}
+        {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- include "monitoring.labels" . | nindent 4 }}
 data:
   policy-reporter-dashboard.json: |
     {

charts/policy-reporter/charts/monitoring/templates/policy-details.dashboard.yaml

@@ -5,6 +5,10 @@ metadata:
   namespace: {{ .Values.namespace }}
   labels:
     grafana_dashboard: "1"
+    {{- with .Values.serviceMonitor.labels }}
+        {{- toYaml . | nindent 4 }}
+    {{- end }}
+    {{- include "monitoring.labels" . | nindent 4 }}
 data:
   policy-reporter-details-dashboard.json: |
     {

charts/policy-reporter/charts/monitoring/templates/servicemonitor.yaml

@@ -2,10 +2,11 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
   name: {{ include "monitoring.fullname" . }}
-  {{- if .Values.serviceMonitor.labels }}
   labels:
-    {{- toYaml .Values.serviceMonitor.labels | nindent 4 }} 
-  {{- end }}
+    {{- include "monitoring.labels" . | nindent 4 }}
+    {{- with .Values.serviceMonitor.labels }}
+        {{- toYaml . | nindent 4 }}
+    {{- end }}
 spec:
   selector:
     matchLabels:

charts/policy-reporter/charts/ui/Chart.yaml

@@ -3,5 +3,5 @@ name: ui
 description: Policy Reporter UI
 
 type: application
-version: 1.6.0
+version: 1.7.0
 appVersion: 0.10.2

charts/policy-reporter/charts/ui/templates/_helpers.tpl

@@ -35,6 +35,9 @@ helm.sh/chart: {{ include "ui.chart" . }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- with .Values.global.labels }}
+{{ toYaml . }}
+{{- end -}}
 {{- end }}
 
 {{/*

charts/policy-reporter/charts/ui/templates/deployment.yaml

@@ -20,6 +20,9 @@ spec:
         {{- with .Values.podLabels }}
           {{- toYaml . | nindent 8 }}
         {{- end }}
+        {{- with .Values.global.labels }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
       {{- if .Values.podAnnotations }}
       annotations:
         {{- with .Values.podAnnotations }}

charts/policy-reporter/charts/ui/templates/ingress.yaml

@@ -10,7 +10,7 @@ kind: Ingress
 metadata:
   name: {{ include "ui.fullname" . }}
   labels:
-    {{- include "ui.selectorLabels" . | nindent 4 }}
+    {{- include "ui.labels" . | nindent 4 }}
     {{- with .Values.ingress.labels }}
       {{- toYaml . | nindent 4 }}
     {{- end }}

charts/policy-reporter/templates/_helpers.tpl

@@ -35,6 +35,9 @@ helm.sh/chart: {{ include "policyreporter.chart" . }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- with .Values.global.labels }}
+{{ toYaml . }}
+{{- end -}}
 {{- end }}
 
 {{/*

charts/policy-reporter/templates/clusterrole.yaml

@@ -4,6 +4,7 @@ kind: ClusterRole
 metadata:
   labels:
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
+    {{- include "policyreporter.labels" . | nindent 4 }}
   name: {{ include "policyreporter.fullname" . }}
 rules:
 - apiGroups:

charts/policy-reporter/templates/clusterrolebinding.yaml

@@ -3,6 +3,8 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: {{ include "policyreporter.fullname" . }}
+  labels:
+    {{- include "policyreporter.labels" . | nindent 4 }}
 roleRef:
   kind: ClusterRole
   name: {{ include "policyreporter.fullname" . }}

charts/policy-reporter/templates/deployment.yaml

@@ -24,6 +24,9 @@ spec:
         {{- with .Values.podLabels }}
           {{- toYaml . | nindent 8 }}
         {{- end }}
+        {{- with .Values.global.labels }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
       annotations:
         checksum/secret: {{ include (print .Template.BasePath "/targetssecret.yaml") . | sha256sum | quote }}
         policy-priorities/enabled: {{ .Values.policyPriorities.enabled | quote }}

charts/policy-reporter/templates/role.yaml

@@ -3,6 +3,8 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: {{ include "policyreporter.fullname" . }}
+  labels:
+    {{- include "policyreporter.labels" . | nindent 4 }}
 rules:
 - apiGroups:
   - ''

charts/policy-reporter/templates/rolebinding.yaml

@@ -3,6 +3,8 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: {{ include "policyreporter.fullname" . }}
+  labels:
+    {{- include "policyreporter.labels" . | nindent 4 }}
 roleRef:
   kind: Role
   name: {{ include "policyreporter.fullname" . }}

charts/policy-reporter/values.yaml

@@ -1,7 +1,7 @@
 image:
   repository: fjogeleit/policy-reporter
   pullPolicy: IfNotPresent
-  tag: 1.6.1
+  tag: 1.7.0
 
 imagePullSecrets: []
 
@@ -93,6 +93,8 @@ global:
   # Service Port number
   port: 8080
   fullnameOverride: ""
+  # additional labels added on each resource
+  labels: {}
 
 # DEPRECTED - Can be removed
 # Policy Reporter watches now for both existing versions by default

cmd/root.go

@@ -26,7 +26,6 @@ func loadConfig(cmd *cobra.Command) (*config.Config, error) {
 	v := viper.New()
 
 	v.SetDefault("namespace", "policy-reporter")
-	v.SetDefault("api.port", 8080)
 
 	cfgFile := ""
 
@@ -72,7 +71,6 @@ func loadConfig(cmd *cobra.Command) (*config.Config, error) {
 
 	if flag := cmd.Flags().Lookup("apiPort"); flag != nil {
 		v.BindPFlag("api.port", flag)
-		v.BindPFlag("api.enabled", flag)
 	}
 
 	c := &config.Config{}

cmd/run.go

@@ -66,9 +66,7 @@ func newRunCMD() *cobra.Command {
 
 			errorChan := make(chan error)
 
-			if c.API.Enabled {
-				go func() { errorChan <- resolver.APIServer().Start() }()
-			}
+			go func() { errorChan <- resolver.APIServer().Start() }()
 
 			go func() { errorChan <- client.StartWatching() }()
 
@@ -85,7 +83,7 @@ func newRunCMD() *cobra.Command {
 	// For local usage
 	cmd.PersistentFlags().StringP("kubeconfig", "k", "", "absolute path to the kubeconfig file")
 	cmd.PersistentFlags().StringP("config", "c", "", "target configuration file")
-	cmd.PersistentFlags().IntP("apiPort", "a", 0, "http port for the optional rest api")
+	cmd.PersistentFlags().IntP("apiPort", "a", 8080, "http port for the optional rest api")
 
 	flag.Parse()
 

manifest/default-policy-reporter-ui/install.yaml

@@ -148,7 +148,7 @@ spec:
       automountServiceAccountToken: true
       containers:
         - name: policy-reporter
-          image: "fjogeleit/policy-reporter:1.6.1"
+          image: "fjogeleit/policy-reporter:1.7.0"
           imagePullPolicy: IfNotPresent
           securityContext:
             allowPrivilegeEscalation: false
@@ -161,7 +161,6 @@ spec:
             runAsUser: 1234
           args:
             - --config=/app/config.yaml
-            - --apiPort=8080
           ports:
             - name: http
               containerPort: 2112
@@ -171,12 +170,12 @@ spec:
               protocol: TCP
           livenessProbe:
             httpGet:
-              path: /metrics
-              port: http
+              path: /healthz
+              port: rest
           readinessProbe:
             httpGet:
-              path: /metrics
-              port: http
+              path: /ready
+              port: rest
           resources:
             {}
           volumeMounts: