Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Policy Reporter Targets as CRDs #436

Open
mveitas opened this issue May 10, 2024 · 4 comments
Open

Policy Reporter Targets as CRDs #436

mveitas opened this issue May 10, 2024 · 4 comments
Labels
3.x Policy Reporter 3.x consideration possible new features Core Policy Reporter Core Application

Comments

@mveitas
Copy link

mveitas commented May 10, 2024

Currently all configuration for targets such as email, slack, etc are all done in a central location. This requires teams make a contribution to the main policy-reporter configuration and deploy the changes.

Creating a CRD that describes a target would allow teams to manage their notifications in a self-service manner. An example below:

apiVersion: kyverno.io/v1alpha1
kind: PolicyReporterTarget
spec:
   slack:
      webhook: "https://hooks.slack.com/services/123..."
      skipExistingOnStartup: true
      filter:
         namespaces:
            include: ["team-a-*"]
         priorities:
            exclude: ["info", "debug"]
         policies:
            include: ["require-*"]

Centralized configuration of SMTP server configuration would be kept within the core configuration for the Policy Reporter
@fjogeleit
Copy link
Member

Hey, thanks for your feedback.

It would make sense to offer this kind of flexibility.

My current focus is the new UI and cleanup of the current codebase. This requires most of my time right now. When this is finished I will think about the offering of CRDs to provide runtime configurations.

@fjogeleit fjogeleit added Core Policy Reporter Core Application consideration possible new features 3.x Policy Reporter 3.x labels May 10, 2024
@mveitas
Copy link
Author

mveitas commented Aug 17, 2024

If this is not something that is on your the immediate radar, I might get it started. Email reporting is the big thing that I want to be able to tackle as this is something that teams are looking for to periodically get a summary of any policy violations

@JimBugwadia
Copy link
Member

@mveitas - the plan is to eventually move all configurations to CRDs. This work has not been committed to a release, so contributions are welcome! A brief KDP would be great to get the process started.

@mveitas
Copy link
Author

mveitas commented Aug 17, 2024

With 50 or so teams running in our Kubernetes clusters, we want to allow teams to define the configuration for their email reports first and avoid having to deploy the policy reporter to update a team's configuration. We have some centrally managed metadata about teams that has Slack channels, email, etc that would drive creation of these CRDs as part of our platform. I'll create a separate issue to extraction of the email configuration along with a KDP

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3.x Policy Reporter 3.x consideration possible new features Core Policy Reporter Core Application
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mveitas @JimBugwadia @fjogeleit