diff --git a/charts/ui/.helmignore b/charts/ui/.helmignore deleted file mode 100644 index ced94a2..0000000 --- a/charts/ui/.helmignore +++ /dev/null @@ -1,24 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -README.md.gotmpl diff --git a/charts/ui/Chart.lock b/charts/ui/Chart.lock deleted file mode 100644 index bc8c375..0000000 --- a/charts/ui/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: kyverno-plugin - repository: oci://ghcr.io/kyverno/charts/policy-reporter - version: 0.0.1 -- name: trivy-plugin - repository: oci://ghcr.io/kyverno/charts/policy-reporter - version: 0.0.3 -digest: sha256:9f4e6239b8b32e665c59bc45a76835db6af21b1023e7ff41f50717c3d2841ba7 -generated: "2024-01-14T17:23:14.856361+01:00" diff --git a/charts/ui/Chart.yaml b/charts/ui/Chart.yaml deleted file mode 100644 index 5095609..0000000 --- a/charts/ui/Chart.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v2 -name: ui -description: Policy Reporter UI -type: application -version: 0.0.24 -appVersion: "2.0.0-alpha.18" - -icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png -home: https://kyverno.github.io/policy-reporter-ui -sources: - - https://github.com/kyverno/policy-reporter-ui -maintainers: - - name: Frank Jogeleit diff --git a/charts/ui/README.md b/charts/ui/README.md deleted file mode 100644 index 20c6bac..0000000 --- a/charts/ui/README.md +++ /dev/null @@ -1,93 +0,0 @@ -# ui - -Policy Reporter UI - -![Version: 0.0.24](https://img.shields.io/badge/Version-0.0.24-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0-alpha.18](https://img.shields.io/badge/AppVersion-2.0.0--alpha.18-informational?style=flat-square) - -## Documentation - -You can find detailed Information and Screens about Features and Configurations in the [Documentation](https://kyverno.github.io/policy-reporter). - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| image.registry | string | `"ghcr.io"` | Image registry | -| image.repository | string | `"kyverno/policy-reporter-ui"` | Image repository | -| image.pullPolicy | string | `"IfNotPresent"` | Image PullPolicy | -| image.tag | string | `""` | Image tag Defaults to `Chart.AppVersion` if omitted | -| replicaCount | int | `1` | Deployment replica count | -| tempDir | string | `"/tmp"` | Temporary Directory to persist session data for authentication | -| logging.encoding | string | `"console"` | log encoding possible encodings are console and json | -| logging.logLevel | int | `0` | log level default info | -| server.port | int | `8080` | Application port | -| server.logging | bool | `false` | Enables Access logging | -| server.basicAuth.username | string | `""` | HTTP BasicAuth username | -| server.basicAuth.password | string | `""` | HTTP BasicAuth password | -| server.basicAuth.secretRef | string | `""` | Read HTTP BasicAuth credentials from secret | -| openIDConnect.enabled | bool | `false` | Enable openID Connect authentication | -| openIDConnect.discoveryUrl | string | `""` | OpenID Connect Discovery URL | -| openIDConnect.callbackUrl | string | `""` | OpenID Connect Callback URL | -| openIDConnect.clientId | string | `""` | OpenID Connect ClientID | -| openIDConnect.clientSecret | string | `""` | OpenID Connect ClientSecret | -| openIDConnect.scopes | list | `[]` | OpenID Connect allowed Scopes | -| openIDConnect.secretRef | string | `""` | Provide OpenID Connect configuration via Secret supported keys: `discoveryUrl`, `clientId`, `clientSecret` | -| oauth.enabled | bool | `false` | Enable openID Connect authentication | -| oauth.provider | string | `""` | OAuth2 Provider supported: amazon, gitlab, github, apple, google, yandex, azuread | -| oauth.callbackUrl | string | `""` | OpenID Connect Callback URL | -| oauth.clientId | string | `""` | OpenID Connect ClientID | -| oauth.clientSecret | string | `""` | OpenID Connect ClientSecret | -| oauth.scopes | list | `[]` | OpenID Connect allowed Scopes | -| oauth.secretRef | string | `""` | Provide OpenID Connect configuration via Secret supported keys: `provider`, `clientId`, `clientSecret` | -| ui.displayMode | string | `""` | DisplayMode dark/light uses the OS configured prefered color scheme as default | -| customBoards | list | `[]` | Additional customizable dashboards | -| sources | list | `[{"excludes":{"namespaceKinds":["Pod","Job","ReplicaSet"]},"name":"kyverno"}]` | source specific configurations | -| sources[0] | object | `{"excludes":{"namespaceKinds":["Pod","Job","ReplicaSet"]},"name":"kyverno"}` | exclude Pod, Job and Replica resources from kyverno results by default if no kinds are specified | -| clusters | list | `[]` | Connected Policy Reporter APIs | -| imagePullSecrets | list | `[]` | Image pull secrets for image verification policies, this will define the `--imagePullSecrets` argument | -| nameOverride | string | `""` | Override the name of the chart | -| fullnameOverride | string | `""` | Override the expanded name of the chart | -| serviceAccount.create | bool | `true` | Create ServiceAccount | -| serviceAccount.automount | bool | `true` | Enable ServiceAccount automaount | -| serviceAccount.annotations | object | `{}` | Annotations for the ServiceAccount | -| serviceAccount.name | string | `""` | The ServiceAccount name | -| podAnnotations | object | `{}` | Additional annotations to add to each pod | -| podLabels | object | `{}` | Additional labels to add to each pod | -| updateStrategy | object | `{}` | Deployment update strategy. Ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy | -| revisionHistoryLimit | int | `10` | The number of revisions to keep | -| podSecurityContext | object | `{"runAsGroup":1234,"runAsUser":1234}` | Security context for the pod | -| envVars | list | `[]` | Allow additional env variables to be added | -| rbac.enabled | bool | `true` | Create RBAC resources | -| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":1234,"seccompProfile":{"type":"RuntimeDefault"}}` | Container security context | -| service.type | string | `"ClusterIP"` | Service type. | -| service.port | int | `8080` | Service port. | -| service.annotations | object | `{}` | Service annotations. | -| service.labels | object | `{}` | Service labels. | -| ingress.enabled | bool | `false` | Create ingress resource. | -| ingress.className | string | `""` | Ingress class name. | -| ingress.labels | object | `{}` | Ingress labels. | -| ingress.annotations | object | `{}` | Ingress annotations. | -| ingress.hosts | list | `[]` | List of ingress host configurations. | -| ingress.tls | list | `[]` | List of ingress TLS configurations. | -| networkPolicy.enabled | bool | `false` | When true, use a NetworkPolicy to allow ingress to the webhook This is useful on clusters using Calico and/or native k8s network policies in a default-deny setup. | -| networkPolicy.egress | list | `[{"ports":[{"port":6443,"protocol":"TCP"}]}]` | A list of valid from selectors according to https://kubernetes.io/docs/concepts/services-networking/network-policies. Enables Kubernetes API Server by default | -| networkPolicy.ingress | list | `[]` | A list of valid from selectors according to https://kubernetes.io/docs/concepts/services-networking/network-policies. | -| resources | object | `{}` | | -| podDisruptionBudget.minAvailable | int | `1` | Configures the minimum available pods for kyvernoPlugin disruptions. Cannot be used if `maxUnavailable` is set. | -| podDisruptionBudget.maxUnavailable | string | `nil` | Configures the maximum unavailable pods for kyvernoPlugin disruptions. Cannot be used if `minAvailable` is set. | -| nodeSelector | object | `{}` | Node labels for pod assignment | -| tolerations | list | `[]` | List of node taints to tolerate | -| affinity | object | `{}` | Affinity constraints. | - -## Source Code - -* - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Frank Jogeleit | | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) \ No newline at end of file diff --git a/charts/ui/README.md.gotmpl b/charts/ui/README.md.gotmpl deleted file mode 100644 index da8c138..0000000 --- a/charts/ui/README.md.gotmpl +++ /dev/null @@ -1,19 +0,0 @@ -{{ template "chart.header" . }} -{{ template "chart.deprecationWarning" . }} -{{ template "chart.description" . }} - -{{ template "chart.badgesSection" . }} - -## Documentation - -You can find detailed Information and Screens about Features and Configurations in the [Documentation](https://kyverno.github.io/policy-reporter). - -{{ template "chart.valuesSection" . }} - -{{ template "chart.sourcesSection" . }} - -{{ template "chart.requirementsSection" . }} - -{{ template "chart.maintainersSection" . }} - -{{ template "helm-docs.versionFooter" . }} \ No newline at end of file diff --git a/charts/ui/config.tmpl b/charts/ui/config.tmpl deleted file mode 100644 index 4e532f9..0000000 --- a/charts/ui/config.tmpl +++ /dev/null @@ -1,40 +0,0 @@ -namespace: {{ .Release.Namespace }} - -tempDir: {{ .Values.tempDir }} - -logging: - encoding: {{ .Values.logging.encoding }} - logLevel: {{ .Values.logging.logLevel }} - -server: - port: {{ .Values.server.port }} - logging: {{ .Values.server.logging }} - overwriteHost: {{ .Values.server.overwriteHost }} - -ui: - displayMode: {{ .Values.ui.displayMode }} - -{{- with .Values.clusters }} -clusters: - {{- toYaml . | nindent 4 }} -{{- end }} - -{{- with .Values.customBoards }} -customBoards: - {{- toYaml . | nindent 4 }} -{{- end }} - -{{- with .Values.sources }} -sources: - {{- toYaml . | nindent 4 }} -{{- end }} - -{{- with .Values.openIDConnect }} -openIDConnect: - {{- toYaml . | nindent 4 }} -{{- end }} - -{{- with .Values.oauth }} -oauth: - {{- toYaml . | nindent 4 }} -{{- end }} \ No newline at end of file diff --git a/charts/ui/templates/NOTES.txt b/charts/ui/templates/NOTES.txt deleted file mode 100644 index 7ee947f..0000000 --- a/charts/ui/templates/NOTES.txt +++ /dev/null @@ -1,22 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ui.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "ui.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "ui.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "ui.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} diff --git a/charts/ui/templates/_helpers.tpl b/charts/ui/templates/_helpers.tpl deleted file mode 100644 index 5626045..0000000 --- a/charts/ui/templates/_helpers.tpl +++ /dev/null @@ -1,76 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "ui.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "ui.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "ui.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "ui.labels" -}} -helm.sh/chart: {{ include "ui.chart" . }} -{{ include "ui.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "ui.selectorLabels" -}} -app.kubernetes.io/name: {{ include "ui.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "ui.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "ui.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{- define "ui.podDisruptionBudget" -}} -{{- if and .Values.podDisruptionBudget.minAvailable .Values.podDisruptionBudget.maxUnavailable }} -{{- fail "Cannot set both .Values.podDisruptionBudget.minAvailable and .Values.podDisruptionBudget.maxUnavailable" -}} -{{- end }} -{{- if not .Values.podDisruptionBudget.maxUnavailable }} -minAvailable: {{ default 1 .Values.podDisruptionBudget.minAvailable }} -{{- end }} -{{- if .Values.podDisruptionBudget.maxUnavailable }} -maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} -{{- end }} -{{- end }} - -{{- define "ui.checksums" -}}{{- end }} diff --git a/charts/ui/templates/config-secret.yaml b/charts/ui/templates/config-secret.yaml deleted file mode 100644 index dcdbdb3..0000000 --- a/charts/ui/templates/config-secret.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "ui.fullname" . }}-config - labels: - {{- include "ui.labels" . | nindent 4 }} -type: Opaque -data: - config.yaml: {{ tpl (.Files.Get "config.tmpl") . | b64enc }} \ No newline at end of file diff --git a/charts/ui/templates/deployment.yaml b/charts/ui/templates/deployment.yaml deleted file mode 100644 index 4728a9d..0000000 --- a/charts/ui/templates/deployment.yaml +++ /dev/null @@ -1,95 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "ui.fullname" . }} - labels: - {{- include "ui.labels" . | nindent 4 }} -spec: - replicas: {{ .Values.replicaCount }} - revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} - {{- with .Values.updateStrategy }} - strategy: - {{- toYaml . | nindent 4 }} - {{- end }} - selector: - matchLabels: - {{- include "ui.selectorLabels" . | nindent 6 }} - template: - metadata: - annotations: - checksum/secret: {{ include (print .Template.BasePath "/config-secret.yaml") . | sha256sum | quote }} - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- include "ui.checksums" . | nindent 8 }} - labels: - {{- include "ui.labels" . | nindent 8 }} - {{- with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "ui.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - - run - - --config=/app/config.yaml - - --port={{ .Values.server.port }} - ports: - - name: http - containerPort: {{ .Values.server.port }} - protocol: TCP - livenessProbe: - httpGet: - path: / - port: http - readinessProbe: - httpGet: - path: / - port: http - resources: - {{- toYaml .Values.resources | nindent 12 }} - volumeMounts: - - name: config-file - mountPath: /app/config.yaml - subPath: config.yaml - readOnly: true - - name: tmp - mountPath: /tmp - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- with .Values.envVars }} - {{- . | toYaml | trim | nindent 10 }} - {{- end }} - volumes: - - name: config-file - secret: - secretName: {{ include "ui.fullname" . }}-config - optional: true - - name: tmp - emptyDir: {} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/ui/templates/ingress.yaml b/charts/ui/templates/ingress.yaml deleted file mode 100644 index 2b40769..0000000 --- a/charts/ui/templates/ingress.yaml +++ /dev/null @@ -1,64 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "ui.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - {{- include "ui.labels" . | nindent 4 }} - {{- with .Values.ingress.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} - {{- end }} - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/ui/templates/networkpolicy.yaml b/charts/ui/templates/networkpolicy.yaml deleted file mode 100644 index 12da020..0000000 --- a/charts/ui/templates/networkpolicy.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.networkPolicy.enabled }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: {{- include "ui.labels" . | nindent 4 }} - name: {{ include "ui.fullname" . }} -spec: - podSelector: - matchLabels: {{- include "ui.selectorLabels" . | nindent 6 }} - policyTypes: - - Ingress - - Egress - {{- with .Values.networkPolicy.ingress }} - ingress: - {{- toYaml . | nindent 2 }} - {{- end }} - {{- with .Values.networkPolicy.egress }} - egress: - {{- toYaml . | nindent 2 }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/ui/templates/poddisruptionbudget.yaml b/charts/ui/templates/poddisruptionbudget.yaml deleted file mode 100644 index 365c953..0000000 --- a/charts/ui/templates/poddisruptionbudget.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if (gt (int .Values.replicaCount) 1) }} -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} -apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} -kind: PodDisruptionBudget -metadata: - name: {{ include "ui.fullname" . }} - labels: - {{- include "ui.labels" . | nindent 4 }} -spec: -{{- include "ui.podDisruptionBudget" . | indent 2 }} - selector: - matchLabels: - {{- include "ui.selectorLabels" . | nindent 6 }} -{{- end }} \ No newline at end of file diff --git a/charts/ui/templates/secret-role.yaml b/charts/ui/templates/secret-role.yaml deleted file mode 100644 index fea2907..0000000 --- a/charts/ui/templates/secret-role.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and .Values.serviceAccount.create .Values.rbac.enabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - {{- include "ui.labels" . | nindent 4 }} - name: {{ include "ui.fullname" . }}-secret-reader -rules: -- apiGroups: [''] - resources: - - secrets - verbs: - - get -{{- end -}} \ No newline at end of file diff --git a/charts/ui/templates/secret-rolebinding.yaml b/charts/ui/templates/secret-rolebinding.yaml deleted file mode 100644 index e1f00ef..0000000 --- a/charts/ui/templates/secret-rolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if and .Values.serviceAccount.create .Values.rbac.enabled -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "ui.fullname" . }}-secret-reader - labels: - {{- include "ui.labels" . | nindent 4 }} -roleRef: - kind: Role - name: {{ include "ui.fullname" . }}-secret-reader - apiGroup: rbac.authorization.k8s.io -subjects: -- kind: "ServiceAccount" - name: {{ include "ui.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} \ No newline at end of file diff --git a/charts/ui/templates/service.yaml b/charts/ui/templates/service.yaml deleted file mode 100644 index bbeb1de..0000000 --- a/charts/ui/templates/service.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "ui.fullname" . }} - labels: - {{- include "ui.labels" . | nindent 4 }} - {{- with .Values.service.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} - {{- with .Values.service.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - {{- include "ui.selectorLabels" . | nindent 4 }} diff --git a/charts/ui/templates/serviceaccount.yaml b/charts/ui/templates/serviceaccount.yaml deleted file mode 100644 index 14322ea..0000000 --- a/charts/ui/templates/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "ui.serviceAccountName" . }} - labels: - {{- include "ui.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -automountServiceAccountToken: {{ .Values.serviceAccount.automount }} -{{- end }} diff --git a/charts/ui/values.yaml b/charts/ui/values.yaml deleted file mode 100644 index bc870ae..0000000 --- a/charts/ui/values.yaml +++ /dev/null @@ -1,254 +0,0 @@ -image: - # -- (string) Image registry - registry: ghcr.io - # -- (string) Image repository - repository: kyverno/policy-reporter-ui - # -- (string) Image PullPolicy - pullPolicy: IfNotPresent - # -- (string) Image tag - # Defaults to `Chart.AppVersion` if omitted - tag: "" - -# -- Deployment replica count -replicaCount: 1 - -# -- Temporary Directory to persist session data for authentication -tempDir: "/tmp" - -logging: - # -- log encoding - # possible encodings are console and json - encoding: console - # -- log level - # default info - logLevel: 0 - -server: - # -- Application port - port: 8080 - # -- Enables Access logging - logging: false - basicAuth: - # -- HTTP BasicAuth username - username: "" - # -- HTTP BasicAuth password - password: "" - # -- Read HTTP BasicAuth credentials from secret - secretRef: "" - -openIDConnect: - # -- Enable openID Connect authentication - enabled: false - # -- OpenID Connect Discovery URL - discoveryUrl: "" - # -- OpenID Connect Callback URL - callbackUrl: "" - # -- OpenID Connect ClientID - clientId: "" - # -- OpenID Connect ClientSecret - clientSecret: "" - # -- OpenID Connect allowed Scopes - scopes: [] - # -- Provide OpenID Connect configuration via Secret - # supported keys: `discoveryUrl`, `clientId`, `clientSecret` - secretRef: "" - -oauth: - # -- Enable openID Connect authentication - enabled: false - # -- OAuth2 Provider - # supported: amazon, gitlab, github, apple, google, yandex, azuread - provider: "" - # -- OpenID Connect Callback URL - callbackUrl: "" - # -- OpenID Connect ClientID - clientId: "" - # -- OpenID Connect ClientSecret - clientSecret: "" - # -- OpenID Connect allowed Scopes - scopes: [] - # -- Provide OpenID Connect configuration via Secret - # supported keys: `provider`, `clientId`, `clientSecret` - secretRef: "" - -ui: - # -- DisplayMode dark/light - # uses the OS configured prefered color scheme as default - displayMode: "" - -# -- Additional customizable dashboards -customBoards: [] -# - name: Team A -# namespaces: -# # -- list of displayed namespaces -# list: [] -# # -- selector for displayed namespaces -# selector: -# team: team-a -# sources: -# # -- list of displayed sources -# list: [] -# clusterScope: -# # -- disply cluster scoped resources and results -# enabled: false - -# -- source specific configurations -sources: - # -- exclude Pod, Job and Replica resources from kyverno results by default if no kinds are specified - - name: kyverno - excludes: - namespaceKinds: - - Pod - - Job - - ReplicaSet - -# -- Connected Policy Reporter APIs -clusters: [] -# - name: default -# host: http://policy-reporter:8080 -# secretRef: "" -# skipTLS: false -# certificate: "" -# plugins: -# - name: kyverno -# host: http://policy-reporter-kyverno-plugin:8080 - -# -- Image pull secrets for image verification policies, this will define the `--imagePullSecrets` argument -imagePullSecrets: [] - # regcred: - # registry: foo.example.com - # username: foobar - # password: secret - -# -- (string) Override the name of the chart -nameOverride: "" -# -- (string) Override the expanded name of the chart -fullnameOverride: "" - -serviceAccount: - # -- Create ServiceAccount - create: true - # -- Enable ServiceAccount automaount - automount: true - # -- Annotations for the ServiceAccount - annotations: {} - # -- The ServiceAccount name - name: "" - -# -- Additional annotations to add to each pod -podAnnotations: {} - -# -- Additional labels to add to each pod -podLabels: {} - -# -- Deployment update strategy. -# Ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy -updateStrategy: {} -# rollingUpdate: -# maxSurge: 1 -# maxUnavailable: 40% -# type: RollingUpdate - -# -- The number of revisions to keep -revisionHistoryLimit: 10 - -# -- Security context for the pod -podSecurityContext: - runAsUser: 1234 - runAsGroup: 1234 - -# -- Allow additional env variables to be added -envVars: [] - -rbac: - # -- Create RBAC resources - enabled: true - -# -- Container security context -securityContext: - runAsUser: 1234 - runAsNonRoot: true - privileged: false - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - -service: - # -- Service type. - type: ClusterIP - # -- Service port. - port: 8080 - # -- Service annotations. - annotations: {} - # -- Service labels. - labels: {} - -ingress: - # -- Create ingress resource. - enabled: false - # -- Ingress class name. - className: "" - # -- Ingress labels. - labels: {} - # -- Ingress annotations. - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # -- List of ingress host configurations. - hosts: [] - # - host: chart-example.local - # paths: - # - path: / - # pathType: ImplementationSpecific - # -- List of ingress TLS configurations. - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -networkPolicy: - # -- When true, use a NetworkPolicy to allow ingress to the webhook - # This is useful on clusters using Calico and/or native k8s network policies in a default-deny setup. - enabled: false - # -- A list of valid from selectors according to https://kubernetes.io/docs/concepts/services-networking/network-policies. - # Enables Kubernetes API Server by default - egress: - - ports: - - protocol: TCP - port: 6443 - # -- A list of valid from selectors according to https://kubernetes.io/docs/concepts/services-networking/network-policies. - ingress: [] - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -# enabled if replicaCount > 1 -podDisruptionBudget: - # -- Configures the minimum available pods for kyvernoPlugin disruptions. - # Cannot be used if `maxUnavailable` is set. - minAvailable: 1 - # -- Configures the maximum unavailable pods for kyvernoPlugin disruptions. - # Cannot be used if `minAvailable` is set. - maxUnavailable: - -# -- Node labels for pod assignment -nodeSelector: {} - -# -- List of node taints to tolerate -tolerations: [] - - # -- Affinity constraints. -affinity: {} diff --git a/frontend/modules/core/components/form/ClusterKindAutocomplete.vue b/frontend/modules/core/components/form/ClusterKindAutocomplete.vue index 843730a..8f2fc02 100644 --- a/frontend/modules/core/components/form/ClusterKindAutocomplete.vue +++ b/frontend/modules/core/components/form/ClusterKindAutocomplete.vue @@ -41,5 +41,5 @@ const emit = defineEmits<{ 'update:modelValue': [kinds: string[]] }>() watch(selected, (current) => { emit('update:modelValue', current) -}); +}, { immediate: true }); diff --git a/frontend/modules/core/components/form/KindAutocomplete.vue b/frontend/modules/core/components/form/KindAutocomplete.vue index f0fb071..105d931 100644 --- a/frontend/modules/core/components/form/KindAutocomplete.vue +++ b/frontend/modules/core/components/form/KindAutocomplete.vue @@ -40,5 +40,5 @@ const emit = defineEmits<{ 'update:modelValue': [kinds: string[]] }>() watch(selected, (current) => { emit('update:modelValue', current) -}); +}, { immediate: true }); diff --git a/frontend/modules/core/components/policy/StatusCharts.vue b/frontend/modules/core/components/policy/StatusCharts.vue index 324d716..197b116 100644 --- a/frontend/modules/core/components/policy/StatusCharts.vue +++ b/frontend/modules/core/components/policy/StatusCharts.vue @@ -15,7 +15,7 @@ -