Priority Mapping

Priorities are used to decide if a result should be sent to a Target with configured minimumPriority and how it should be displayed.

How Priority is determined

The priority of a PolicyReportResult depends by default on its result and severity value.

Options in ascending order are: debug < info < warning < critical < error

Defaults

  • Passed results have info priority
  • Warn results have warning priority
  • Error results have error priority
  • Fail results without severities have warning priority
  • Fail results with low severity have info priority
  • Fail results with medium severity have warning priority
  • Fail results with high severity have critical priority

Custom Policy Priorities

If you want to change the priority of PolicyReportResults based on the Policy, you can configure a priority map. This map can assign one priority per policy or a default priority which is used for all results without severity or a concrete mapping to their related policy.

Helm 3
# values.yamlpolicyPriorities:  # used for all fail results without severity or concrete mapping  default: warning  # used for all fail results of the require-ns-labels policy independent of the severity  require-ns-labels: error
config.yaml
policyPriorities:  # used for all fail results without severity or concrete mapping  default: warning  # used for all fail results of the require-ns-labels policy independent of the severity  require-ns-labels: error

Severity of Kyverno Policies

Kyverno supports several annotations for its policy CRDs to set additional information in the related PolicyReports. One of these annotations is policies.kyverno.io/severity used to set the severity of the related PolicyReportResults. Possible options are low, medium, and high.

This allows you to define the priority of your results within the Kyverno policy itself.

Table of Contents