Kyverno ships with two types of validation. You can either enforce a rule or audit it. If you don't want to block developers or if you want to try out a new rule, you can use the audit functionality. The audit configuration creates PolicyReports which you can access with kubectl. Because I can't find a simple solution to get a general overview of this PolicyReports and PolicyReportResults, I created this tool to send information about PolicyReports to different targets like Grafana Loki, Elasticsearch or Slack.

You can find detailed Information and Screens about Features and Configurations in the Documentation.

Installation via Helm Repository

helm repo add policy-reporter https://kyverno.github.io/policy-reporter
helm repo update

The basic installation provides an Prometheus Metrics Endpoint and different REST APIs, for more details have a look at the Documentation.

helm install policy-reporter policy-reporter/policy-reporter -n policy-reporter --create-namespace

You can use the Policy Reporter as standalone Application along with the optional UI SubChart.

helm install policy-reporter policy-reporter/policy-reporter --set kyvernoPlugin.enabled=true --set ui.enabled=true --set ui.plugins.kyverno=true -n policy-reporter --create-namespace
kubectl port-forward service/policy-reporter-ui 8082:8080 -n policy-reporter

Open http:https://localhost:8082/ in your browser.

Check the Documentation for Screens and additional Information

• [Video] 37. #EveryoneCanContribute cafe: Policy reporter for Kyverno
• [Video] Rawkode Live: Hands on Policy Reporter
• [Blog] Monitor Security and Best Practices with Kyverno and Policy Reporter