Everyone can contribute! Learn DevOps and Cloud Native in our cafe ☕
Technology is moving fast in the DevOps and Cloud Native community.
Join the conversation and add your thoughts, tips, experiences, stories.
"Everyone Can Contribute" is inspired by GitLab's mission.
37. #EveryoneCanContribute cafe: Policy reporter for Kyverno
Frank Jogeleit dives deep into the policy reporter for Kyverno, and how to monitor and view the policy reports in your Kubernetes cluster, with Kyverno as plugin and Loki as log backend integration.
Recording
Enjoy the session! 🦊
Highlights
Frank walked us trough creating a policy report, which is a CRD in Kyverno at the moment. The Kubernetes Policy Prototype WG aims to make this a standard.
The Policy reporter will be installed with Helm, and needs a configuration file to enable Kyverno, the UI, and Grafana Loki. The UI shows two types of policy reports: Namespace and cluster.
Kyverno is integrated as plugin, and shows the Kyverno policies and more insights. You can use the policy reporter standalone with kubebench for example.
Question: Donate the policy reporter to Kyverno itself?
Use the Prometheus Operator to the install the monitoring stack with Prometheus and Grafana in Kubernetes, create a custom ServiceMonitor CRD, and open the policy reporter dashboards in Grafana.
Integrations with Kube-bench integration into the policy reporter UI - cluster policy reports. Kubewarden can use the same CRDs, or someone contributes a specific plugin. Follow the Kyverno plugin to map the CRDs, and create a REST API the UI can consume.