PolicyReport CRD: Manage Admission Control, Runtime, and Scan Reports!


Authors:   Mritunjay Sharma, Stephen Adeniyi, Anushka Mittal, Frank Jogeleit


The presentation discusses the Policy Reporter tool for Kubernetes and its features, including a graphical user interface, monitoring solutions, and real-time notifications. The speaker also mentions future plans for the tool and encourages community involvement.
  • Policy Reporter is a tool for Kubernetes that provides a graphical user interface for viewing violations found in policy reports
  • The tool includes monitoring solutions and real-time notifications for violations
  • Future plans for the tool include mapping custom resource definitions and automating the process using a CLI, as well as creating a Kubernetes control catalog
  • Users can build their own adapters for their policy engines as long as the results are mapped to a policy report
  • The speaker encourages community involvement through mailing lists, Slack channels, GitHub, and other social media handles
The speaker demonstrates the Policy Reporter UI, which includes an overview dashboard showing all violations found in policy reports, grouped by namespace and with a counter for cluster policies. Users can click on an item to see the error message and metadata, and can also filter the table to see only failed or warning violations. The speaker also mentions real-time notifications, such as using Slack, and future plans for mapping custom resource definitions and creating a Kubernetes control catalog.


Policies help secure and automate Kubernetes. To standardize and simplify the management of policy reports across multiple tools, the Kubernetes Policy WG created a reusable PolicyReport Custom Resource Definition (CRD). In this session, Anushka, Mritunjay, and Stephen who are all LFX mentorship graduates will discuss the PolicyReport CRD and demonstrate adapters for policy and verification engines like Falco, kube-bench, KubeArmor, Kyverno, and Trivy to produce standardized policy reports. Frank will then present Policy Reporter, a Web UI with dashboards for policy reporting and integrations with Slack, Discord, Grafana, Teams, and Elasticsearch. You will learn how to easily manage policy results across admission controls, runtime, and vulnerability scanning leveraging the powerful CRD capabilities of Kubernetes.Click here to view captioning/translation in the MeetingPlay platform!


Post a comment

Related work