policy-reporter-2.21.3

Policy Reporter watches for PolicyReport Resources. It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord

policy-reporter-2.21.2

Policy Reporter

• Fix ID generation for Policy Reports which using scope as resource reference

Helm Chart

• fix: Add chart parameters for setting revisionHistoryLimit [#363 by bodgit]
• fix: allow not setting .Values.podSecurityContext for kyvernoPlugin [#361 by haraldsk]

policy-reporter-2.21.1

Policy Reporter watches for PolicyReport Resources. It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord

policy-reporter-2.21.0

Policy Reporter watches for PolicyReport Resources. It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord

policy-reporter-2.20.1

• Policy Reporter
  • fix: scope kind mapping
  • feat: add debug http logging [#346 by blakepettersson]
  • build: cache go mod [#345 by blakepettersson]

policy-reporter-2.20.0

Policy Reporter

• Support GoogleChat as new notification target
• Support Telegram as new notification target
• Support HTTP BasicAuth for API and metrics
• Go update to v1.21

Policy Reporter UI

• Support HTTP BasicAuth authenticated API calls
• Go update to v1.21

Policy Reporter KyvernoPlugin

• Support HTTP BasicAuth for API and metrics
• Go update to v1.21

BasicAuth Summary:

Configure global HTTP BasicAuthentication via Helm:

• Username/Password can configured directly or as existing secret with username / password keys
• The Authentication is applied to REST APIs and metrics of the Core App and KyvernoPlugin (if enabled)
• The Authorization header will be set in the Policy Reporter UI automatically
  • External Cluster configuration also supports secretRef where you can set username / password as well as the API endpoints (api, kyvernoApi) and ssl configuration (skipTLS, certificate)
• If monitoring enabled the basicAuth configuration will also applied on the ServiceMonitors
  • direct configuration will create a dedicated auth secret for ServiceMonitors
  • secretRef will reuse the existing secret for ServiceMonitors

global:
  basicAuth:
    #https://github.com/kyverno/policy-reporter/releases/tag/policy-reporter-2.20.0 username: "username"
    #password: "password"
    secretRef: auth-secret

Example external cluster:

ui:
  ...
  clusters:
  - name: Minikube
    api: http://policy-reporter:8080
    kyvernoApi: http://policy-reporter-kyverno-plugin:8080
    basicAuth:
      username: user
      password: password
  - name: Secret
    api: http://policy-reporter:8080
    kyvernoApi: http://policy-reporter-kyverno-plugin:8080
    secretRef: auth-secret
  - name: Unauthorized
    api: http://policy-reporter:8080
    kyvernoApi: http://policy-reporter-kyverno-plugin:8080

policy-reporter-2.19.4

Policy Reporter watches for PolicyReport Resources. It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord

policy-reporter-2.19.3

Policy Reporter watches for PolicyReport Resources. It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord

policy-reporter-2.19.2

Policy Reporter watches for PolicyReport Resources. It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord

policy-reporter-2.19.1

Policy Reporter watches for PolicyReport Resources. It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord