Targets
Policy Reporter supports different targets to send new PolicyReport Results too. You can configure as many targets as you want.
Currently supported are:
By default PolicyReports have no priority for Results. So every passed rule validation will be processed as notice, a failed validation is processed as error. To customize this behavior you can configure a mapping from policies to fail priority. This makes it possible to send a rule violation as debug, info, warning or error.
A special mapping key default is supported. The default configuration can be used to set another global default priority instead of error.
To use custom Policy Priorities you have to enable them by setting policyPriorities.enabled to true. This creates a Role and RoleBinding for the Policy Reporter ServiceAccount with permissions to read and watch ConfigMaps in the ReleaseNamespace. The permissions are needed because the mapping ConfigMap is accessed via the Kubernetes API instead of mounting into the pod. This enables Policy Reporter to update the mapping at runtime. No new deployment is needed to use an updated configuration.
Configure mapping under policyPriorities with a mapping of Policyname and Priority pairs, like below.
# values.yaml
policyPriorities:
enabled: true
mapping:
default: warning
require-ns-labels: errorCreate a ConfigMap in your ReleaseNamespace with the name policy-reporter-priorities. Configure each priority as value with the Policyname as key and the Priority as value.
helm install policy-reporter policy-reporter/policy-reporter --set policyPriorities.enabled=true -n policy-reporter --create-namespaceor
# values.yaml
policyPriorities:
enabled: truekubectl create configmap policy-reporter-priorities --from-literal check-label-app=warning --from-literal require-ns-labels=warning -n policy-reporteror
apiVersion: v1
kind: ConfigMap
metadata:
name: policy-reporter-priorities
namespace: policy-reporter
data:
default: debug
check-label-app: warning
require-ns-labels: warning
