Getting started
Policy Reporter can easily installed with Helm 3 or with the provided static manifest files. It consists of four parts and can be installed and configured as needed.
Installation
Helm Repository
helm repo add policy-reporter https://kyverno.github.io/policy-reporterhelm repo updateCore Installation
Install only the core application to get REST APIs and/or a metrics endpoint. Both are optional and disabled by default.
helm upgrade --install policy-reporter policy-reporter/policy-reporter --create-namespace -n policy-reporter --set metrics.enabled=true --set api.enabled=trueAccess your metrics endpoint on http://localhost:8080/metrics via Port Forward:
kubectl port-forward service/policy-reporter 8080:8080 -n policy-reporterAccess your REST API endpoints at http://localhost:8080/v1/targets via port forwarding:
kubectl port-forward service/policy-reporter 8080:8080 -n policy-reporterSee API Reference for all available endpoints.
Core + Policy Reporter UI
Install the Policy Reporter core application and the Policy Reporter UI. This installation also sets Policy Reporter UI as an alert target for new violations.
helm upgrade --install policy-reporter policy-reporter/policy-reporter --create-namespace -n policy-reporter --set ui.enabled=trueAccess Policy Reporter at http://localhost:8081 via port forwarding:
kubectl port-forward service/policy-reporter-ui 8081:8080 -n policy-reporter
Core + Policy Reporter UI + Kyverno Plugin
Install the Policy Reporter core application, Policy Reporter Kyverno Plugin, and the Policy Reporter UI with the Kyverno views enabled. This installation also sets Policy Reporter UI as an alert target for new violations.
helm upgrade --install policy-reporter policy-reporter/policy-reporter --create-namespace -n policy-reporter --set kyvernoPlugin.enabled=true --set ui.enabled=true --set ui.plugins.kyverno=trueAccess Policy Reporter at http://localhost:8081 via port forwarding:
kubectl port-forward service/policy-reporter-ui 8081:8080 -n policy-reporter
Policy Reporter + Prometheus Operator
Install Policy Reporter core application with metrics enabled and the monitoring subchart to install a ServiceMonitor and three pre-configured Grafana Dashboards. Change the monitoring.grafana.namespace as needed as well as monitoring.serviceMonitor.labels to match the serviceMonitorSelector of your Prometheus CRD.
See Helm Chart - Monitoring for details.
helm upgrade --install policy-reporter policy-reporter/policy-reporter --set monitoring.enabled=true --set monitoring.grafana.namespace=monitoring --set monitoring.serviceMonitor.labels.release=monitoring -n policy-reporter --create-namespace
