add validatingAdmissionPolicyReports flag (#1075)

* add validatingAdmissionPolicyReports flag Signed-off-by: Jim Bugwadia <jim@nirmata.com> * add a note in the reports section Signed-off-by: Jim Bugwadia <jim@nirmata.com> * Update content/en/docs/Writing policies/validate.md Co-authored-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> --------- Signed-off-by: Jim Bugwadia <jim@nirmata.com> Signed-off-by: Mariam Fahmy <mariamfahmy66@gmail.com> Co-authored-by: Mariam Fahmy <mariamfahmy66@gmail.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com>
kyverno · Dec 19, 2023 · 2c0b07c · 2c0b07c
1 parent 4e22593
commit 2c0b07c
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 4 deletions.
diff --git a/content/en/docs/Policy Reports/_index.md b/content/en/docs/Policy Reports/_index.md
@@ -82,6 +82,10 @@ Policy reports have a few configuration options available. For details, see the
 Policy reports created from background scans are not subject to the configuration of a [Namespace selector](/docs/installation/customization/#namespace-selectors) defined in the [Kyverno ConfigMap](/docs/installation/customization/#configmap-keys).
 {{% /alert %}}
 
+{{% alert title="Note" color="info" %}}
+To configure Kyverno to generate reports for Kubernetes ValidatingAdmissionPolicies enable the `--validatingAdmissionPolicyReports` flag in the reports controller. 
+{{% /alert %}}
+
 ## Report result logic
 
 Entries in a policy report contain a `result` field which can be either `pass`, `skip`, `warn`, `error`, or `fail`.

diff --git a/content/en/docs/Writing policies/validate.md b/content/en/docs/Writing policies/validate.md
@@ -1560,19 +1560,21 @@ When Kyverno manages ValidatingAdmissionPolicies and their bindings it is necess
 
 To generate ValidatingAdmissionPolicies, make sure to:
 
-1. enable `ValidatingAdmissionPolicy` [feature gate](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/).
+1. Enable `ValidatingAdmissionPolicy` [feature gate](https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/).
 
-2. for 1.27, enable `admissionregistration.k8s.io/v1alpha1` API, and for 1.28 enable both `admissionregistration.k8s.io/v1alpha1` and `admissionregistration.k8s.io/v1beta1` API.
+2. For 1.27, enable `admissionregistration.k8s.io/v1alpha1` API, and for 1.28 enable both `admissionregistration.k8s.io/v1alpha1` and `admissionregistration.k8s.io/v1beta1` API.
 
     Here is the minikube command to enable ValidatingAdmissionPolicy:
 
    ```
    minikube start --extra-config=apiserver.runtime-config=admissionregistration.k8s.io/v1beta1,apiserver.runtime-config=admissionregistration.k8s.io/v1alpha1  --feature-gates='ValidatingAdmissionPolicy=true'
    ```
 
-3. Configure Kyverno to manage ValidatingAdmissionPolicies using `--generateValidatingAdmissionPolicy=true`.
+3. Configure Kyverno to manage ValidatingAdmissionPolicies using the `--generateValidatingAdmissionPolicy=true` flag in the admission controller.
 
-4. grant the Kyverno admission controller’s ServiceAccount additional permissions to manage ValidatingAdmissionPolicies.
+4. Configure Kyverno to generate reports for ValidatingAdmissionPolicies using the `--validatingAdmissionPolicyReports=true` flag in the reports controller.
+
+5. Grant the admission controller’s ServiceAccount permissions to manage ValidatingAdmissionPolicies.
 
     Here is an aggregated cluster role you can apply: