Everyone can contribute! Let's learn together in a weekly cafe ☕


We love to break things, make mistakes, debug, analyse, fix problems together. Live and unfiltered on Youtube.

Community members and thought leaders regularly join and share their projects and ideas.

"Everyone Can Contribute" is inspired by GitLab's mission.

37. #EveryoneCanContribute cafe: Policy reporter for Kyverno


Frank Jogeleit dives deep into the policy reporter for Kyverno, and how to monitor and view the policy reports in your Kubernetes cluster, with Kyverno as plugin and Loki as log backend integration.

Recording

Enjoy the session! 🦊


Highlights

Frank walked us trough creating a policy report, which is a CRD in Kyverno at the moment. The Kubernetes Policy Prototype WG aims to make this a standard.

The Policy reporter will be installed with Helm, and needs a configuration file to enable Kyverno, the UI, and Grafana Loki. The UI shows two types of policy reports: Namespace and cluster.

Kyverno is integrated as plugin, and shows the Kyverno policies and more insights. You can use the policy reporter standalone with kubebench for example.

Question: Donate the policy reporter to Kyverno itself?

Use the Prometheus Operator to the install the monitoring stack with Prometheus and Grafana in Kubernetes, create a custom ServiceMonitor CRD, and open the policy reporter dashboards in Grafana.

Integrations with Kube-bench integration into the policy reporter UI - cluster policy reports. Kubewarden can use the same CRDs, or someone contributes a specific plugin. Follow the Kyverno plugin to map the CRDs, and create a REST API the UI can consume.

Insights


Date published: July 7, 2021

Tags: Kyverno, Policy, Prometheus, Kubernetes, Metrics