chart updates

Signed-off-by: Frank Jogeleit <[email protected]>
kyverno · Sep 9, 2023 · 776309b · 776309b
1 parent cb4f4a0
commit 776309b
Show file tree

Hide file tree

Showing 22 changed files with 303 additions and 236 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -19,10 +19,10 @@ jobs:
   coverage:
     runs-on: ubuntu-latest
     steps:
-      - name: Set up Go 1.19
+      - name: Set up Go 1.21
         uses: actions/setup-go@v2
         with:
-          go-version: 1.19
+          go-version: 1.21
       - name: Checkout code
         uses: actions/checkout@v2
       - name: Get dependencies

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,18 @@
 # Changelog
 
+# 2.20.0
+* Policy Reporter
+    * Support GoogleChat as new notification target
+    * Support Telegram as new notification target
+    * Support HTTP BasicAuth for API and metrics
+    * Go update to v1.21
+* Policy Reporter UI
+    * Support HTTP BasicAuth authenticated API calls
+    * Go update to v1.21
+* Policy Reporter KyvernoPlugin
+    * Support HTTP BasicAuth for API and metrics
+    * Go update to v1.21
+
 # 2.19.4
 * Helm Chart
     * Fix ingress TLS rendering

diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.19 as builder
+FROM golang:1.21 as builder
 
 ARG LD_FLAGS='-s -w -linkmode external -extldflags "-static"'
 ARG TARGETPLATFORM

diff --git a/README.md b/README.md
@@ -60,8 +60,9 @@ Policy Reporter supports the following [Targets](https://kyverno.github.io/polic
 * [MS Teams](https://kyverno.github.io/policy-reporter/core/targets#microsoft-teams)
 * [Policy Reporter UI](https://kyverno.github.io/policy-reporter/core/targets#policy-reporter-ui)
 * [S3](https://kyverno.github.io/policy-reporter/core/targets#s3-compatible-storage)
-* Google Cloud Storage
-
+* [Google Cloud Storage](https://kyverno.github.io/policy-reporter/core/targets/#google-cloud-storage)
+* Google Chat
+* Telegram
 
 ## Monitoring
 

diff --git a/charts/policy-reporter/Chart.lock b/charts/policy-reporter/Chart.lock
@@ -1,12 +1,12 @@
 dependencies:
 - name: monitoring
   repository: ""
-  version: 2.7.2
+  version: 2.8.0
 - name: ui
   repository: ""
-  version: 2.9.7
+  version: 2.10.0
 - name: kyvernoPlugin
   repository: ""
-  version: 1.5.7
-digest: sha256:1797cbd9bdbc80961ce2877ff812137bf57eb22abbbbd027db4b733feeaa58e6
-generated: "2023-07-30T11:15:57.408246+02:00"
+  version: 1.6.0
+digest: sha256:3edbe675390dbbf4dae03550414ebc1639a239fd6fefb230127fc166085334f4
+generated: "2023-09-08T17:12:54.107302+02:00"
diff --git a/charts/policy-reporter/Chart.yaml b/charts/policy-reporter/Chart.yaml
@@ -5,8 +5,8 @@ description: |
   It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord
 
 type: application
-version: 2.19.5
-appVersion: 2.15.4
+version: 2.20.0
+appVersion: 2.16.0
 
 icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png
 home: https://kyverno.github.io/policy-reporter
@@ -18,10 +18,10 @@ maintainers:
 dependencies:
   - name: monitoring
     condition: monitoring.enabled
-    version: "2.7.2"
+    version: "2.8.0"
   - name: ui
     condition: ui.enabled
-    version: "2.9.7"
+    version: "2.10.0"
   - name: kyvernoPlugin
     condition: kyvernoPlugin.enabled
-    version: "1.5.7"
+    version: "1.6.0"
diff --git a/charts/policy-reporter/README.md b/charts/policy-reporter/README.md
@@ -1,6 +1,6 @@
 # Policy Reporter
 
-![Version: v2.19.5](https://img.shields.io/badge/Version-v2.19.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v2.15.4](https://img.shields.io/badge/AppVersion-v2.15.4-informational?style=flat-square)
+![Version: v2.20.0](https://img.shields.io/badge/Version-v2.20.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v2.16.0](https://img.shields.io/badge/AppVersion-v2.16.0-informational?style=flat-square)
 
 ## Motivation
 

diff --git a/charts/policy-reporter/charts/kyvernoPlugin/Chart.yaml b/charts/policy-reporter/charts/kyvernoPlugin/Chart.yaml
@@ -3,5 +3,5 @@ name: kyvernoPlugin
 description: Policy Reporter Kyverno Plugin
 
 type: application
-version: 1.5.7
-appVersion: 1.5.1
+version: 1.6.0
+appVersion: 1.6.0
diff --git a/charts/policy-reporter/charts/kyvernoPlugin/config.yaml b/charts/policy-reporter/charts/kyvernoPlugin/config.yaml
@@ -18,3 +18,4 @@ api:
   basicAuth:
     username: {{ .Values.global.basicAuth.username }}
     password: {{ .Values.global.basicAuth.password }}
+    secretRef: {{ .Values.global.basicAuth.secretRef }}
diff --git a/charts/policy-reporter/charts/kyvernoPlugin/templates/secret-role.yaml b/charts/policy-reporter/charts/kyvernoPlugin/templates/secret-role.yaml
@@ -0,0 +1,19 @@
+{{- if and .Values.serviceAccount.create .Values.rbac.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  {{- if .Values.annotations }}
+  annotations:
+    {{- toYaml .Values.annotations | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kyvernoplugin.labels" . | nindent 4 }}
+  name: {{ include "kyvernoplugin.fullname" . }}-secret-reader
+  namespace: {{ include "kyvernoplugin.namespace" . }}
+rules:
+- apiGroups: ['']
+  resources:
+  - secrets
+  verbs:
+  - get
+{{- end -}}
diff --git a/charts/policy-reporter/charts/kyvernoPlugin/templates/secret-rolebinding.yaml b/charts/policy-reporter/charts/kyvernoPlugin/templates/secret-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- if and .Values.serviceAccount.create .Values.rbac.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "kyvernoplugin.fullname" . }}-secret-reader
+  namespace: {{ include "kyvernoplugin.namespace" . }}
+  {{- if .Values.annotations }}
+  annotations:
+    {{- toYaml .Values.annotations | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "kyvernoplugin.labels" . | nindent 4 }}
+roleRef:
+  kind: Role
+  name: {{ include "kyvernoplugin.fullname" . }}-secret-reader
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+- kind: "ServiceAccount"
+  name: {{ include "kyvernoplugin.serviceAccountName" . }}
+  namespace: {{ include "kyvernoplugin.namespace" . }}
+{{- end -}}
diff --git a/charts/policy-reporter/charts/kyvernoPlugin/values.yaml b/charts/policy-reporter/charts/kyvernoPlugin/values.yaml
@@ -2,7 +2,7 @@ image:
   registry: ghcr.io
   repository: kyverno/policy-reporter-kyverno-plugin
   pullPolicy: IfNotPresent
-  tag: 1.5.1
+  tag: 1.6.0
 
 imagePullSecrets: []
 

diff --git a/charts/policy-reporter/charts/monitoring/Chart.yaml b/charts/policy-reporter/charts/monitoring/Chart.yaml
@@ -3,5 +3,5 @@ name: monitoring
 description: Policy Reporter Monitoring with predefined ServiceMonitor and Grafana Dashboards
 
 type: application
-version: 2.7.2
+version: 2.8.0
 appVersion: 0.0.0
diff --git a/charts/policy-reporter/charts/ui/Chart.yaml b/charts/policy-reporter/charts/ui/Chart.yaml
@@ -3,5 +3,5 @@ name: ui
 description: Policy Reporter UI
 
 type: application
-version: 2.9.7
-appVersion: 1.8.4
+version: 2.10.0
+appVersion: 1.9.0
diff --git a/charts/policy-reporter/charts/ui/templates/config.yaml b/charts/policy-reporter/charts/ui/templates/config.yaml
@@ -45,6 +45,7 @@ data:
 
     apiConfig:
       logging: {{ .Values.api.logging }}
+      secretRef: {{ .Values.global.basicAuth.secretRef }}
       basicAuth:
         username: {{ .Values.global.basicAuth.username }}
         password: {{ .Values.global.basicAuth.password }}
diff --git a/charts/policy-reporter/charts/ui/templates/deployment.yaml b/charts/policy-reporter/charts/ui/templates/deployment.yaml
@@ -39,7 +39,7 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       serviceAccountName: {{ include "ui.serviceAccountName" . }}
-      automountServiceAccountToken: false
+      automountServiceAccountToken: true
       containers:
         - name: {{ default .Chart.Name .Values.nameOverride }}
           image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
@@ -78,21 +78,11 @@ spec:
           {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
-          {{- if .Values.global.basicAuth.secretRef }}
           env:
-          - name: API_AUTH_USERNAME
+          - name: POD_NAMESPACE
             valueFrom:
-              secretKeyRef:
-                name: {{ .Values.global.basicAuth.secretRef }}
-                key: username
-                optional: false
-          - name: API_AUTH_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: {{ .Values.global.basicAuth.secretRef }}
-                key: password
-                optional: false
-          {{- end }}
+              fieldRef:
+                fieldPath: metadata.namespace
       volumes:
       - name: config-file
         configMap:

diff --git a/charts/policy-reporter/charts/ui/templates/secret-role.yaml b/charts/policy-reporter/charts/ui/templates/secret-role.yaml
@@ -0,0 +1,19 @@
+{{- if and .Values.serviceAccount.create .Values.rbac.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  {{- if .Values.annotations }}
+  annotations:
+    {{- toYaml .Values.annotations | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "ui.labels" . | nindent 4 }}
+  name: {{ include "ui.fullname" . }}-secret-reader
+  namespace: {{ include "ui.namespace" . }}
+rules:
+- apiGroups: ['']
+  resources:
+  - secrets
+  verbs:
+  - get
+{{- end -}}
diff --git a/charts/policy-reporter/charts/ui/templates/secret-rolebinding.yaml b/charts/policy-reporter/charts/ui/templates/secret-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- if and .Values.serviceAccount.create .Values.rbac.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "ui.fullname" . }}-secret-reader
+  namespace: {{ include "ui.namespace" . }}
+  {{- if .Values.annotations }}
+  annotations:
+    {{- toYaml .Values.annotations | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "ui.labels" . | nindent 4 }}
+roleRef:
+  kind: Role
+  name: {{ include "ui.fullname" . }}-secret-reader
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+- kind: "ServiceAccount"
+  name: {{ include "ui.serviceAccountName" . }}
+  namespace: {{ include "ui.namespace" . }}
+{{- end -}}
diff --git a/charts/policy-reporter/charts/ui/values.yaml b/charts/policy-reporter/charts/ui/values.yaml
@@ -9,7 +9,7 @@ image:
   registry: ghcr.io
   repository: kyverno/policy-reporter-ui
   pullPolicy: IfNotPresent
-  tag: 1.8.4
+  tag: 1.9.0
 
 # possible default displayModes: light/dark
 displayMode: ""
@@ -50,7 +50,8 @@ clusters: []
 #   kyvernoApi: https://policy-reporter-kyverno-plugin.external.cluster # (optional) reachable external Policy Reporter Kyverno Plugin REST API
 #   skipTLS: false
 #   certificate: "/app/certs/root.ca"
-#   basicAuth:
+#   secreRef: "" # name of an existing secret to read the clusterconfiguration from, supported keys: api, kyvernoApi, username, password, skipTLS, certificate
+#   basicAuth:   # added as HTTP BasicAuthentication Header for all requests against api and kyvernoApi
 #     username: ""
 #     password: ""
 

diff --git a/charts/policy-reporter/values.yaml b/charts/policy-reporter/values.yaml
@@ -5,7 +5,7 @@ image:
   registry: ghcr.io
   repository: kyverno/policy-reporter
   pullPolicy: IfNotPresent
-  tag: 2.15.4
+  tag: 2.16.0
 
 imagePullSecrets: []