Policy Reporter
- Support GoogleChat as new notification target
- Support Telegram as new notification target
- Support HTTP BasicAuth for API and metrics
- Go update to v1.21
Policy Reporter UI
- Support HTTP BasicAuth authenticated API calls
- Go update to v1.21
Policy Reporter KyvernoPlugin
- Support HTTP BasicAuth for API and metrics
- Go update to v1.21
BasicAuth Summary:
Configure global HTTP BasicAuthentication via Helm:
- Username/Password can configured directly or as existing secret with
username
/password
keys - The Authentication is applied to REST APIs and metrics of the Core App and KyvernoPlugin (if enabled)
- The
Authorization
header will be set in the Policy Reporter UI automatically- External Cluster configuration also supports
secretRef
where you can setusername
/password
as well as the API endpoints (api
,kyvernoApi
) and ssl configuration (skipTLS
,certificate
)
- External Cluster configuration also supports
- If monitoring enabled the basicAuth configuration will also applied on the ServiceMonitors
- direct configuration will create a dedicated auth secret for ServiceMonitors
- secretRef will reuse the existing secret for ServiceMonitors
global:
basicAuth:
#https://github.com/kyverno/policy-reporter/releases/tag/policy-reporter-2.20.0 username: "username"
#password: "password"
secretRef: auth-secret
Example external cluster:
ui:
...
clusters:
- name: Minikube
api: http://policy-reporter:8080
kyvernoApi: http://policy-reporter-kyverno-plugin:8080
basicAuth:
username: user
password: password
- name: Secret
api: http://policy-reporter:8080
kyvernoApi: http://policy-reporter-kyverno-plugin:8080
secretRef: auth-secret
- name: Unauthorized
api: http://policy-reporter:8080
kyvernoApi: http://policy-reporter-kyverno-plugin:8080