https://release-1-16-0--kyverno.netlify.app/docs/policy-reports/Recent content in Reporting on KyvernoHugoenhttps://release-1-16-0--kyverno.netlify.app/docs/policy-reports/background/Mon, 01 Jan 0001 00:00:00 +0000https://release-1-16-0--kyverno.netlify.app/docs/policy-reports/background/<p>Kyverno can validate existing resources in the cluster that may have been created before a policy was created. This can be useful when evaluating the potential effects some new policies will have on a cluster prior to changing them to <code>Enforce</code> mode. The application of policies to existing resources is referred to as <strong>background scanning</strong> and is enabled by default unless <code>spec.background</code> is set to <code>false</code> in a policy like shown below in the snippet.</p>https://release-1-16-0--kyverno.netlify.app/docs/policy-reports/openreports/Mon, 01 Jan 0001 00:00:00 +0000https://release-1-16-0--kyverno.netlify.app/docs/policy-reports/openreports/<blockquote> <p><strong>Note:</strong> OpenReports integration is available as of Kyverno 1.15. The feature is in ALPHA status</p></blockquote> <p>Kyverno supports reporting policy results using the <code>openreports.io/v1alpha1</code> API as an alternative to the default wgpolicyk8s reporting. This can be enabled using the <code>--openreportsEnabled</code> flag in the Kyverno controller.</p> <p>This is an initial step to eventually deprecate <code>wgpolicyk8s</code> and fully depend on <code>openreports.io</code> as the API group for permanent reports</p> <h3 id="enabling-openreports"> Enabling OpenReports <a href="#enabling-openreports"> <svg xmlns="http://www.w3.org/2000/svg" fill="currentColor" width="24" height="24" viewBox="0 0 24 24"><path d="M0 0h24v24H0z" fill="none"></path><path d="M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z"></path></svg> </a> </h3> <p>To enable OpenReports integration, add the <code>--openreportsEnabled</code> flag to the Kyverno reports controller.</p>https://release-1-16-0--kyverno.netlify.app/docs/policy-reports/validatingadmissionpolicy-reports/Mon, 01 Jan 0001 00:00:00 +0000https://release-1-16-0--kyverno.netlify.app/docs/policy-reports/validatingadmissionpolicy-reports/<p>Kyverno can generate reports for ValidatingAdmissionPolicies and their bindings. These reports provide information about the resources that are validated by the policies and the results of the validation. They can be used to monitor the health of the cluster and to ensure that the policies are being enforced as expected.</p> <p>To configure Kyverno to generate reports for ValidatingAdmissionPolicies, set the <code>--validatingAdmissionPolicyReports</code> flag to <code>true</code> in the reports controller. This flag is set to <code>false</code> by default.</p>https://release-1-16-0--kyverno.netlify.app/docs/policy-reports/examples/Mon, 01 Jan 0001 00:00:00 +0000https://release-1-16-0--kyverno.netlify.app/docs/policy-reports/examples/<h2 id="example-trigger-a-policyreport"> Example: Trigger a PolicyReport <a href="#example-trigger-a-policyreport"> <svg xmlns="http://www.w3.org/2000/svg" fill="currentColor" width="24" height="24" viewBox="0 0 24 24"><path d="M0 0h24v24H0z" fill="none"></path><path d="M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z"></path></svg> </a> </h2> <p>A <code>PolicyReport</code> object (Namespaced) is created in the same Namespace where resources apply to one or more Kyverno policies. Cluster wide resources will generate <code>ClusterPolicyReport</code> resources at the cluster level.</p> <p>A single Kyverno ClusterPolicy exists with a single rule which ensures Pods cannot mount Secrets as environment variables.</p>