Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: opt-in creating wg-policy PolicyReport #1030

Merged
merged 1 commit into from
Jul 19, 2024
Merged

feat: opt-in creating wg-policy PolicyReport #1030

merged 1 commit into from
Jul 19, 2024

Conversation

erikgb
Copy link
Member

@erikgb erikgb commented Jul 17, 2024
edited
Loading

This PR adds our first feature gate! 🎉 The feature gate is currently disabled by default. If the feature gate is enabled, the operator will create wgpolicyk8s.io/v1alpha2 PolicyReport resources for completed scan jobs.

The proposed mapping from the Trivy scan results to the policy report is inspired by trivy-operator-polr-adapter.

The Kubernetes policy working group has defined newer/improved PolicyReport APIs, but the proposed group/version is currently used, and CRD is installed, by Kyverno (version 1.12.5). The API is also the only API currently supported by policy-reporter - making the choice rather simple. I have filed an issue to support newer APIs, kyverno/policy-reporter#461, but the suggested API seems like our best choice now.

Tests of this new opt-in is currently limited, and we should probably also add some docs to indicate that the feature is there and how it is supposed to be used. I hope to do this in a follow-up PR.

@erikgb erikgb force-pushed the policy-report branch 2 times, most recently from 4005e59 to ce41f56 Compare July 17, 2024 15:45
@erikgb erikgb changed the title WIP: feat: opt-in creating wg-policy PolicyReport feat: opt-in creating wg-policy PolicyReport Jul 17, 2024
@erikgb erikgb force-pushed the policy-report branch 10 times, most recently from a991dad to 946b995 Compare July 17, 2024 19:40
@erikgb erikgb marked this pull request as ready for review July 17, 2024 20:02
@erikgb erikgb requested a review from a team as a code owner July 17, 2024 20:02
@erikgb erikgb requested a review from tenstad July 17, 2024 20:03
@erikgb erikgb mentioned this pull request Jul 18, 2024
Merged
@erikgb erikgb merged commit ba74679 into statnett:main Jul 19, 2024
10 checks passed
@statnett-bot statnett-bot bot mentioned this pull request Jul 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tenstad tenstad tenstad approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@erikgb @tenstad