General question about persistance in Policy Reporter

[Pilotindream]

Hello, Community.
I am totally new to policy-reporter, so because of that I am wondering whether some Persistance is needed for Policy-reporter to save it`s data after reboot?
I am curious about that since I tried to deploy some pod that violate my policy "disallow-latest-tag". Later in "Logs" tab into "Policy-Reporter UI" I found entry about violation. But after reboot of deployments of policy reporter and policy reporter ui, this log entry disappeared.
Maybe logs entries is not so important but another stuff like (Cluster) Policy Reports is important.

So my question: Is it possible and is it needed to add some persistence(persistent volumes) to policy-reporter/ui, for saving some important data like (Cluster) Policy Reports, after reboot/fail/disruption.

Thanks in advance!

[fjogeleit]

Hey, in general you don't need additional persistence.

The Logs page is an simple in memory notification target, to show case the notification feature. Notifications are only send for new results, after a restarted the already existing targets are skipped, to not spam the targets with duplicates.

But the internal Database and Views are recover from the (Cluster)PolicyReports in your cluster after a restart. The PolicyReport view should show the some results as before.

If you want a persistent Logs view, you can configure a Redis cache for it but I would recommend to use metrics or another target for timeseries information like Loki or Elasticsearch.

For the other UI pages additional persistence is not required.

[Pilotindream]

Hello @fjogeleit! Thanks for reply.
Maybe you know how to send to Slack notification with Information that i see in "Logs" tab? For example I deploy some resource that are not compliant with some policy and this resource was blocked by policy. And I want to receive slack notification about this. But I don`t want to receive notifications for (Cluster) Policy result that visible into UI, only when something is was blocked by policy.
Thanks in advance!

[fjogeleit]

You need to enable the kyverno plugin for this. Because Kyverno does not create policy reports for blocked resources by default.

See: https://kyverno.github.io/policy-reporter/guide/helm-chart-core#enable-enforce-violation-policyreports-requires-kyverno-170

In the slack notification config you can set the source filter to only send Kyverno Event events. So only blocked resources create a notification.

[Pilotindream]

Thanks @fjogeleit , it`s working!
Maybe you know is there a way to specify from which cluster the notification received?
For example, I have two different EKS clusters and single Slack channel to receive notifications. In notification I see only pod name but there no information about which cluster the notification coming from.

[fjogeleit]

Alle notification targets have a customFields config which you can use to add static information to the notification like:

target:
  slack:
    minimumPriority: "warning"
    skipExistingOnStartup: true
    customFields:
      cluster: dev-1

[Pilotindream]

@fjogeleit is it possible to show correct time in the Policy Reporter UI? Since in every event I see something like on screenshot.

[fjogeleit]

I will take a look

[fjogeleit]

I created a new plugin version, you can set it in your values.yaml at this path: kyvernoPlugin.image.tag: 1.6.4.

It should fix the time for new created entries.