diff --git a/charts/grafana-dashboards/kyverno-teams/kyverno-teams.json b/charts/grafana-dashboards/kyverno-teams/kyverno-teams.json new file mode 100644 index 0000000000..e77afcaf58 --- /dev/null +++ b/charts/grafana-dashboards/kyverno-teams/kyverno-teams.json @@ -0,0 +1,593 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "datasource", + "uid": "$datasource" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "Dashboard to view kyverno published metrics", + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 1, + "id": 4, + "links": [], + "liveNow": false, + "panels": [ + { + "collapsed": false, + "datasource": { + "type": "datasource", + "uid": "$datasource" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 43, + "panels": [], + "targets": [ + { + "datasource": { + "type": "datasource", + "uid": "$datasource" + }, + "refId": "A" + } + ], + "title": "Summary of security policy rule compliance", + "type": "row" + }, + { + "datasource": { + "default": false, + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "green", + "mode": "fixed" + }, + "mappings": [], + "noValue": "0", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "blue", + "value": 1 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 0, + "y": 1 + }, + "id": 60, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.2.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "disableTextWrap": false, + "editorMode": "code", + "exemplar": false, + "expr": "count (count by (rule_name, policy_name) (kyverno_policy_results_total{rule_result=\"pass\", policy_namespace=\"$namespace\"}))", + "fullMetaSearch": false, + "includeNullMetadata": true, + "instant": true, + "interval": "$__interval", + "legendFormat": "__auto", + "refId": "A", + "useBackend": false + } + ], + "title": "PASS", + "type": "stat" + }, + { + "datasource": { + "default": false, + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "yellow", + "mode": "fixed" + }, + "mappings": [], + "noValue": "0", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "yellow", + "value": 1 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 4, + "y": 1 + }, + "id": 49, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.2.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "editorMode": "code", + "exemplar": false, + "expr": "count (count by (rule_name, policy_name) (kyverno_policy_results_total{rule_result=\"skip\", policy_namespace=\"$namespace\"}))", + "instant": true, + "interval": "$__interval", + "legendFormat": "__auto", + "refId": "A" + } + ], + "title": "SKIP", + "type": "stat" + }, + { + "datasource": { + "default": false, + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "orange", + "mode": "fixed" + }, + "mappings": [], + "noValue": "0", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "orange", + "value": 0 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 8, + "y": 1 + }, + "id": 50, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.2.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "editorMode": "code", + "exemplar": false, + "expr": "count (count by (rule_name, policy_name) (kyverno_policy_results_total{rule_result=\"warn\", policy_namespace=\"$namespace\"}))", + "instant": true, + "interval": "$__interval", + "legendFormat": "__auto", + "refId": "A" + } + ], + "title": "WARN", + "type": "stat" + }, + { + "datasource": { + "default": false, + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "red", + "mode": "fixed" + }, + "mappings": [], + "noValue": "0", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 12, + "y": 1 + }, + "id": 51, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.2.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "editorMode": "code", + "exemplar": false, + "expr": "count (count by (rule_name, policy_name) (kyverno_policy_results_total{rule_result=\"fail\", policy_namespace=\"$namespace\"}))", + "instant": true, + "interval": "$__interval", + "legendFormat": "__auto", + "refId": "A" + } + ], + "title": "FAIL", + "type": "stat" + }, + { + "datasource": { + "default": false, + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "fixed" + }, + "mappings": [], + "noValue": "0", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "purple", + "value": 1 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 8, + "x": 16, + "y": 1 + }, + "id": 52, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.2.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "editorMode": "code", + "exemplar": false, + "expr": "count (count by (rule_name, policy_name) (kyverno_policy_results_total{rule_result=\"unknown\", policy_namespace=\"$namespace\"}))", + "instant": true, + "interval": "$__interval", + "legendFormat": "__auto", + "refId": "A" + } + ], + "title": "ERROR", + "type": "stat" + }, + { + "datasource": { + "default": false, + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 15, + "gradientMode": "opacity", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "blue", + "value": 1 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 13, + "w": 24, + "x": 0, + "y": 5 + }, + "id": 61, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "8.5.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "editorMode": "code", + "exemplar": false, + "expr": "count (count by (policy_name, rule_name) (kyverno_policy_results_total{rule_result=\"fail\", policy_namespace=\"$namespace\"})) by (policy_name, rule_name)", + "instant": false, + "interval": "$__interval", + "legendFormat": "{{severity}}", + "range": true, + "refId": "A" + } + ], + "title": "Non-compliant rules by policy name", + "type": "timeseries" + } + ], + "refresh": "30s", + "schemaVersion": 39, + "tags": [ + "kyverno", + "security" + ], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "default", + "value": "default" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "queryValue": "", + "refresh": 1, + "regex": "default", + "skipUrlSync": false, + "type": "datasource" + }, + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "definition": "label_values(namespace)", + "hide": 0, + "includeAll": false, + "multi": false, + "name": "namespace", + "options": [], + "query": { + "query": "label_values(namespace)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "/(.*team\\-#TEAM#.*)/", + "skipUrlSync": false, + "sort": 1, + "type": "query" + } + ] + }, + "time": { + "from": "now-12h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Policy compliance", + "uid": "kyverno", + "version": 3, + "weekStart": "" +} \ No newline at end of file diff --git a/charts/grafana-dashboards/kyverno/kyverno.json b/charts/grafana-dashboards/kyverno/kyverno.json new file mode 100644 index 0000000000..fc7f53944b --- /dev/null +++ b/charts/grafana-dashboards/kyverno/kyverno.json @@ -0,0 +1,4342 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "", + "editable": true, + "fiscalYearStartMonth": 0, + "gnetId": 15987, + "graphTooltip": 0, + "id": 24, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "gridPos": { + "h": 6, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 42, + "options": { + "code": { + "language": "plaintext", + "showLineNumbers": false, + "showMiniMap": false + }, + "content": "# Kyverno\nA Kubernetes-native policy management engine\n\n#### About this dashboard\n\nThis dashboard represents generic insights which can be extracted and made well use of from a cluster with Kyverno in action.\n\n#### For more details around the metrics\n\nCheckout the [official docs of Kyverno metrics](https://kyverno.io/docs/monitoring-kyverno-with-prometheus-metrics/)", + "mode": "markdown" + }, + "pluginVersion": "11.2.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "refId": "A" + } + ], + "transparent": true, + "type": "text" + }, + { + "collapsed": false, + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 6 + }, + "id": 12, + "panels": [], + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "refId": "A" + } + ], + "title": "Latest Status", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "red", + "value": null + }, + { + "color": "red", + "value": 50 + }, + { + "color": "#EAB839", + "value": 75 + }, + { + "color": "green", + "value": 100 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 6, + "x": 0, + "y": 7 + }, + "id": 29, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "sizing": "auto", + "text": {} + }, + "pluginVersion": "11.2.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "sum(kyverno_policy_results_total{rule_result=\"pass\"})*100/sum(kyverno_policy_results_total{})", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Rule Execution Success Rate", + "transparent": true, + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "noValue": "0", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 5, + "w": 4, + "x": 8, + "y": 7 + }, + "id": 2, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "text": {}, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.2.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "count(count(kyverno_policy_rule_info_total{policy_type=\"cluster\"}==1) by (policy_name))", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Cluster Policies", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "noValue": "0", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 5, + "w": 4, + "x": 12, + "y": 7 + }, + "id": 3, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "text": {}, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.2.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "count(count(kyverno_policy_rule_info_total{policy_type=\"namespaced\"}==1) by (policy_name))", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Policies", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "red", + "value": null + }, + { + "color": "red", + "value": 50 + }, + { + "color": "#EAB839", + "value": 75 + }, + { + "color": "green", + "value": 100 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 6, + "x": 18, + "y": 7 + }, + "id": 28, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "sizing": "auto", + "text": {} + }, + "pluginVersion": "11.2.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "sum(kyverno_policy_results_total{rule_result=\"pass\", policy_background_mode=\"true\"})*100/sum(kyverno_policy_results_total{policy_background_mode=\"true\"})", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Background Scans Success Rate", + "transparent": true, + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "noValue": "0", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 6, + "y": 12 + }, + "id": 4, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "text": {}, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.2.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "count(kyverno_policy_rule_info_total{rule_type=\"validate\"}==1)", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Validate Rules", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "noValue": "0", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 10, + "y": 12 + }, + "id": 23, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "text": {}, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.2.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "count(kyverno_policy_rule_info_total{rule_type=\"mutate\"}==1)", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Mutate Rules", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "noValue": "0", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 4, + "x": 14, + "y": 12 + }, + "id": 6, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "text": {}, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.2.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "count(kyverno_policy_rule_info_total{rule_type=\"generate\"}==1)", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Generate Rules", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 3, + "y": 16 + }, + "id": 59, + "interval": "1m", + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.2.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": false, + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{namespace=\"$kyvernoNS\"}) / sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", namespace=\"$kyvernoNS\", resource=\"cpu\"})", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "title": "CPU Utilisation (from requests)", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 7, + "y": 16 + }, + "id": 61, + "interval": "1m", + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.2.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": false, + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{namespace=\"$kyvernoNS\"}) / sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", namespace=\"$kyvernoNS\", resource=\"cpu\"})", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "title": "CPU Utilisation (from limits)", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 11, + "y": 16 + }, + "id": 63, + "interval": "1m", + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.2.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": false, + "expr": "sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", namespace=\"$kyvernoNS\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_requests{job=\"kube-state-metrics\", namespace=\"$kyvernoNS\", resource=\"memory\"})", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "title": "Memory Utilisation (from requests)", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 15, + "y": 16 + }, + "id": 65, + "interval": "1m", + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.2.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": false, + "expr": "sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", namespace=\"$kyvernoNS\",container!=\"\", image!=\"\"}) / sum(kube_pod_container_resource_limits{job=\"kube-state-metrics\", namespace=\"$kyvernoNS\", resource=\"memory\"})", + "format": "time_series", + "instant": true, + "interval": "", + "intervalFactor": 2, + "legendFormat": "", + "refId": "A" + } + ], + "title": "Memory Utilisation (from limits)", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 0, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "quota - requests" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#F2495C", + "mode": "fixed" + } + }, + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineWidth", + "value": 2 + }, + { + "id": "custom.stacking", + "value": { + "group": "A", + "mode": "none" + } + }, + { + "id": "custom.lineStyle", + "value": { + "dash": [ + 10, + 10 + ], + "fill": "dash" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "quota - limits" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#FF9830", + "mode": "fixed" + } + }, + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineWidth", + "value": 2 + }, + { + "id": "custom.stacking", + "value": { + "group": "A", + "mode": "none" + } + }, + { + "id": "custom.lineStyle", + "value": { + "dash": [ + 10, + 10 + ], + "fill": "dash" + } + } + ] + } + ] + }, + "gridPos": { + "h": 6, + "w": 12, + "x": 0, + "y": 19 + }, + "id": 67, + "interval": "1m", + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "8.4.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "sum(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_irate{namespace=\"$kyvernoNS\"}) by (pod)", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{ pod }}", + "refId": "A", + "step": 10 + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "scalar(kube_resourcequota{namespace=\"$kyvernoNS\", type=\"hard\",resource=\"requests.cpu\"})", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "quota - requests", + "refId": "B", + "step": 10 + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "scalar(kube_resourcequota{namespace=\"$kyvernoNS\", type=\"hard\",resource=\"limits.cpu\"})", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "quota - limits", + "refId": "C", + "step": 10 + } + ], + "title": "CPU Usage", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 0, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "quota - requests" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#F2495C", + "mode": "fixed" + } + }, + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineWidth", + "value": 2 + }, + { + "id": "custom.stacking", + "value": { + "group": "A", + "mode": "none" + } + }, + { + "id": "custom.lineStyle", + "value": { + "dash": [ + 10, + 10 + ], + "fill": "dash" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "quota - limits" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#FF9830", + "mode": "fixed" + } + }, + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineWidth", + "value": 2 + }, + { + "id": "custom.stacking", + "value": { + "group": "A", + "mode": "none" + } + }, + { + "id": "custom.lineStyle", + "value": { + "dash": [ + 10, + 10 + ], + "fill": "dash" + } + } + ] + } + ] + }, + "gridPos": { + "h": 6, + "w": 12, + "x": 12, + "y": 19 + }, + "id": 69, + "interval": "1m", + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "8.4.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "sum(container_memory_working_set_bytes{job=\"kubelet\", metrics_path=\"/metrics/cadvisor\", namespace=\"$kyvernoNS\", container!=\"\", image!=\"\"}) by (pod)", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{pod}}", + "refId": "A", + "step": 10 + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "scalar(kube_resourcequota{namespace=\"$kyvernoNS\", type=\"hard\",resource=\"requests.memory\"})", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "quota - requests", + "refId": "B", + "step": 10 + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "scalar(kube_resourcequota{namespace=\"$kyvernoNS\", type=\"hard\",resource=\"limits.memory\"})", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "quota - limits", + "refId": "C", + "step": 10 + } + ], + "title": "Memory Usage (w/o cache)", + "type": "timeseries" + }, + { + "collapsed": false, + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 25 + }, + "id": 26, + "panels": [], + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "refId": "A" + } + ], + "title": "Policy-Rule Results", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "pass" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "rgb(43, 219, 23)", + "mode": "fixed" + } + }, + { + "id": "custom.lineStyle", + "value": { + "dash": [ + 10, + 10 + ], + "fill": "dash" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "fail" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#F2495C", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 0, + "y": 26 + }, + "id": 15, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "8.4.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "sum(kyverno_policy_results_total{rule_execution_cause=\"admission_request\"}) by (rule_result)", + "interval": "", + "legendFormat": "{{rule_result}}", + "refId": "A" + } + ], + "title": "Admission Review Results (per-rule)", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "pass" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "rgb(43, 219, 23)", + "mode": "fixed" + } + }, + { + "id": "custom.lineStyle", + "value": { + "dash": [ + 10, + 10 + ], + "fill": "dash" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "fail" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#F2495C", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 8, + "y": 26 + }, + "id": 17, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "8.4.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "sum(kyverno_policy_results_total{rule_execution_cause=\"background_scan\"}) by (rule_result)", + "interval": "", + "legendFormat": "{{rule_result}}", + "refId": "A" + } + ], + "title": "Background Scan Results (per-rule)", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "cluster" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#5794F2", + "mode": "fixed" + } + }, + { + "id": "custom.lineStyle", + "value": { + "dash": [ + 10, + 10 + ], + "fill": "dash" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "namespaced" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#F2495C", + "mode": "fixed" + } + }, + { + "id": "custom.lineStyle", + "value": { + "dash": [ + 10, + 10 + ], + "fill": "dash" + } + } + ] + }, + { + "__systemRef": "hideSeriesFrom", + "matcher": { + "id": "byNames", + "options": { + "mode": "exclude", + "names": [ + "namespaced" + ], + "prefix": "All except:", + "readOnly": true + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": false, + "tooltip": false, + "viz": true + } + } + ] + } + ] + }, + "gridPos": { + "h": 16, + "w": 8, + "x": 16, + "y": 26 + }, + "id": 30, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "8.4.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "sum(sum(kyverno_policy_results_total{rule_result=\"fail\"}) by (policy_name, policy_type)) by (policy_type)", + "interval": "", + "legendFormat": "{{policy_type}}", + "refId": "A" + } + ], + "title": "Policy Failures", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "pass" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "rgb(43, 219, 23)", + "mode": "fixed" + } + }, + { + "id": "custom.lineStyle", + "value": { + "dash": [ + 10, + 10 + ], + "fill": "dash" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "fail" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#F2495C", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 0, + "y": 34 + }, + "id": 31, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "8.4.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "sum(sum(kyverno_policy_results_total{rule_execution_cause=\"admission_request\"}) by (policy_name, rule_result)) by (rule_result)", + "interval": "", + "legendFormat": "{{rule_result}}", + "refId": "A" + } + ], + "title": "Admission Review Results (per-policy)", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "pass" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "rgb(43, 219, 23)", + "mode": "fixed" + } + }, + { + "id": "custom.lineStyle", + "value": { + "dash": [ + 10, + 10 + ], + "fill": "dash" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "fail" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#F2495C", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 8, + "y": 34 + }, + "id": 32, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "8.4.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "sum(sum(kyverno_policy_results_total{rule_execution_cause=\"background_scan\"}) by (policy_name, rule_result)) by (rule_result)", + "interval": "", + "legendFormat": "{{rule_result}}", + "refId": "A" + } + ], + "title": "Background Scan Results (per-policy)", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisGridShow": true, + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 8, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 24, + "x": 0, + "y": 42 + }, + "id": 57, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "count(kyverno_policy_results_total{rule_result=\"fail\"}) by (resource_namespace,policy_name)", + "interval": "", + "legendFormat": "Policy={{ policy_name }}, Namespace={{ resource_namespace }}", + "refId": "A" + } + ], + "title": "Cluster Policies and Namespaces w/Failed", + "type": "timeseries" + }, + { + "collapsed": false, + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 48 + }, + "id": 19, + "panels": [], + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "refId": "A" + } + ], + "title": "Policy-Rule Info", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "cluster" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#5794F2", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "namespaced" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#FF7383", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 0, + "y": 49 + }, + "id": 16, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "8.4.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "count(count(kyverno_policy_rule_info_total{}==1) by (policy_name, policy_type)) by (policy_type)", + "interval": "", + "legendFormat": "{{policy_type}}", + "refId": "A" + } + ], + "title": "Active Policies (by policy type)", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "audit" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#37872D", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "enforce" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#FF9830", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 8, + "y": 49 + }, + "id": 20, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "8.4.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "count(count(kyverno_policy_rule_info_total{}==1) by (policy_name, policy_validation_mode)) by (policy_validation_mode)", + "interval": "", + "legendFormat": "audit", + "refId": "A" + } + ], + "title": "Active Policies (by policy validation action)", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "cluster" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#B877D9", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 16, + "y": 49 + }, + "id": 24, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "8.4.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "count(count(kyverno_policy_rule_info_total{policy_background_mode=\"true\"}==1) by (policy_name, policy_type)) by (policy_type)", + "interval": "", + "legendFormat": "{{policy_type}}", + "refId": "A" + } + ], + "title": "Active Policies running in background mode", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 0, + "y": 57 + }, + "id": 21, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "8.4.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "count(count(kyverno_policy_rule_info_total{policy_namespace!=\"-\"}==1) by (policy_name, policy_namespace)) by (policy_namespace)", + "interval": "", + "legendFormat": "{{policy_namespace}}", + "refId": "A" + } + ], + "title": "Active Namespaced Policies (by namespaces)", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "mutate" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "rgb(169, 58, 227)", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "validate" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "rgb(255, 232, 0)", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 10, + "x": 8, + "y": 57 + }, + "id": 14, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "8.4.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "count(kyverno_policy_rule_info_total{}==1) by (rule_type)", + "interval": "", + "legendFormat": "{{rule_type}}", + "refId": "A" + } + ], + "title": "Active Rules (by rule type)", + "type": "timeseries" + }, + { + "collapsed": false, + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 65 + }, + "id": 34, + "panels": [], + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "refId": "A" + } + ], + "title": "Policy-Rule Execution Latency", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 9, + "x": 0, + "y": 66 + }, + "id": 36, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "8.4.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "avg(kyverno_policy_execution_duration_seconds_sum{}) by (rule_type)", + "interval": "", + "legendFormat": "{{rule_type}}", + "refId": "A" + } + ], + "title": "Average Rule Execution Latency", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "clocks" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "cluster" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#5794F2", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "namespaced" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#F2495C", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 9, + "x": 9, + "y": 66 + }, + "id": 37, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "8.4.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "avg(sum(kyverno_policy_execution_duration_seconds_sum{}) by (policy_name, policy_type)) by (policy_type)", + "interval": "", + "legendFormat": "{{policy_type}}", + "refId": "A" + } + ], + "title": "Average Policy Execution Latency", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "purple", + "value": null + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 18, + "y": 66 + }, + "id": 39, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "text": {}, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.2.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "avg(kyverno_policy_execution_duration_seconds_sum{})", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Overall Average Rule Execution Latency", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue", + "value": null + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 18, + "y": 70 + }, + "id": 40, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "text": {}, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.2.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "avg(sum(kyverno_policy_execution_duration_seconds_sum{}) by (policy_name, policy_type))", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Overall Average Policy Execution Latency", + "type": "stat" + }, + { + "collapsed": false, + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 74 + }, + "id": 52, + "panels": [], + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "refId": "A" + } + ], + "title": "Admission Review Latency", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 9, + "x": 0, + "y": 75 + }, + "id": 53, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "8.4.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "avg(kyverno_admission_requests_total{}) by (resource_request_operation)", + "interval": "", + "legendFormat": "Resource Operation: {{resource_request_operation}}", + "refId": "A" + } + ], + "title": "Avg - Admission Review Duration (by operation)", + "transparent": true, + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 9, + "x": 9, + "y": 75 + }, + "id": 54, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "8.4.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "sum(kyverno_admission_requests_total{}) by (resource_kind)", + "interval": "", + "legendFormat": "Resource Kind: {{resource_kind}}", + "refId": "A" + } + ], + "title": "Avg - Admission Review Duration (by resource kind)", + "transparent": true, + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 18, + "y": 75 + }, + "id": 50, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "text": {}, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.2.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "sum(rate(kyverno_admission_requests_total{}[5m]))", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Rate - Incoming Admission Requests (last 5m)", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "purple", + "value": null + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 18, + "y": 79 + }, + "id": 55, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "text": {}, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.2.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "avg(kyverno_admission_review_duration_seconds_sum{})", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Avg - Overall Admission Review Duration", + "type": "stat" + }, + { + "collapsed": false, + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 83 + }, + "id": 8, + "panels": [], + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "refId": "A" + } + ], + "title": "Policy Changes", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Change type: created" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#5794F2", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 9, + "x": 0, + "y": 84 + }, + "id": 10, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "8.4.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "sum(kyverno_policy_changes_total{}) by (policy_change_type)", + "interval": "", + "legendFormat": "Change type: {{policy_change_type}}", + "refId": "A" + } + ], + "title": "Policy Changes (by change type)", + "transparent": true, + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "cluster" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#F2495C", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 9, + "x": 9, + "y": 84 + }, + "id": 13, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "8.4.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "sum(kyverno_policy_changes_total{}) by (policy_type)", + "interval": "", + "legendFormat": "{{policy_type}}", + "refId": "A" + } + ], + "title": "Policy Changes (by policy type)", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "orange", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 18, + "y": 84 + }, + "id": 49, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "text": {}, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.2.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "sum(kyverno_policy_changes_total{})", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Total Policy Changes", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "red", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 6, + "x": 18, + "y": 88 + }, + "id": 48, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "text": {}, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.2.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "sum(rate(kyverno_admission_requests_total{}[5m]))", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Rate - Policy Changes Happening (last 5m)", + "type": "stat" + }, + { + "collapsed": false, + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 92 + }, + "id": 44, + "panels": [], + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "refId": "A" + } + ], + "title": "Admission Requests", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Change type: created" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#5794F2", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 9, + "x": 0, + "y": 93 + }, + "id": 45, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "8.4.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "sum(kyverno_admission_requests_total{}) by (resource_request_operation)", + "interval": "", + "legendFormat": "Resource Operation: {{resource_request_operation}}", + "refId": "A" + } + ], + "title": "Admission Requests (by operation)", + "transparent": true, + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Change type: created" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#5794F2", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 9, + "x": 9, + "y": 93 + }, + "id": 46, + "options": { + "legend": { + "calcs": [ + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "8.4.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "sum(kyverno_admission_requests_total{}) by (resource_kind)", + "interval": "", + "legendFormat": "Resource Kind: {{resource_kind}}", + "refId": "A" + } + ], + "title": "Admission Requests (by resource kind)", + "transparent": true, + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "semi-dark-green", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 18, + "y": 93 + }, + "id": 47, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "text": {}, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "11.2.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "exemplar": true, + "expr": "sum(kyverno_admission_requests_total{})", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Total Admission Requests", + "type": "stat" + } + ], + "refresh": "5s", + "schemaVersion": 39, + "tags": [ + "kyverno", + "security" + ], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "kyverno", + "value": "kyverno" + }, + "datasource": { + "type": "prometheus", + "uid": "P98FD586FDD5909DA" + }, + "definition": "label_values(kube_namespace_status_phase{job=\"kube-state-metrics\",}, namespace)", + "hide": 0, + "includeAll": false, + "multi": false, + "name": "kyvernoNS", + "options": [], + "query": { + "query": "label_values(kube_namespace_status_phase{job=\"kube-state-metrics\",}, namespace)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "^kyverno$", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": { + "selected": true, + "text": "default", + "value": "default" + }, + "hide": 0, + "includeAll": false, + "label": "Datasource", + "multi": false, + "name": "DS_PROMETHEUS", + "options": [], + "query": "prometheus", + "queryValue": "", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + } + ] + }, + "time": { + "from": "now-24h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Kyverno", + "uid": "Rg8lWBG7k", + "version": 1, + "weekStart": "" + } \ No newline at end of file diff --git a/charts/grafana-dashboards/values.yaml b/charts/grafana-dashboards/values.yaml index 9796b7c496..97d327cf25 100644 --- a/charts/grafana-dashboards/values.yaml +++ b/charts/grafana-dashboards/values.yaml @@ -11,6 +11,8 @@ folders: - trivy - trivy-teams - velero + - kyverno-teams + - kyverno sidecar: dashboards: diff --git a/charts/team-ns/templates/policies/baseline/disallow-capabilities.yaml b/charts/team-ns/templates/policies/baseline/disallow-capabilities.yaml index 80ad630cf3..1c59b640e5 100644 --- a/charts/team-ns/templates/policies/baseline/disallow-capabilities.yaml +++ b/charts/team-ns/templates/policies/baseline/disallow-capabilities.yaml @@ -25,6 +25,26 @@ spec: - resources: kinds: - Pod + exclude: + any: + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} preconditions: all: - key: "{{`{{ request.operation || 'BACKGROUND' }}`}}" diff --git a/charts/team-ns/templates/policies/baseline/disallow-host-namespaces.yaml b/charts/team-ns/templates/policies/baseline/disallow-host-namespaces.yaml index 4713bfa8d5..2f1dd5de83 100644 --- a/charts/team-ns/templates/policies/baseline/disallow-host-namespaces.yaml +++ b/charts/team-ns/templates/policies/baseline/disallow-host-namespaces.yaml @@ -28,6 +28,26 @@ spec: - resources: kinds: - Pod + exclude: + any: + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} skipBackgroundRequests: true validate: message: >- diff --git a/charts/team-ns/templates/policies/baseline/disallow-host-path.yaml b/charts/team-ns/templates/policies/baseline/disallow-host-path.yaml index 72f8959c8a..9c79918544 100644 --- a/charts/team-ns/templates/policies/baseline/disallow-host-path.yaml +++ b/charts/team-ns/templates/policies/baseline/disallow-host-path.yaml @@ -28,6 +28,26 @@ spec: - resources: kinds: - Pod + exclude: + any: + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} skipBackgroundRequests: true validate: message: >- diff --git a/charts/team-ns/templates/policies/baseline/disallow-host-ports.yaml b/charts/team-ns/templates/policies/baseline/disallow-host-ports.yaml index 6b9a2c71b5..8c97223c27 100644 --- a/charts/team-ns/templates/policies/baseline/disallow-host-ports.yaml +++ b/charts/team-ns/templates/policies/baseline/disallow-host-ports.yaml @@ -29,6 +29,26 @@ spec: - resources: kinds: - Pod + exclude: + any: + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} skipBackgroundRequests: true validate: message: >- diff --git a/charts/team-ns/templates/policies/baseline/disallow-host-process.yaml b/charts/team-ns/templates/policies/baseline/disallow-host-process.yaml index fe5116ff91..1ebcac62bd 100644 --- a/charts/team-ns/templates/policies/baseline/disallow-host-process.yaml +++ b/charts/team-ns/templates/policies/baseline/disallow-host-process.yaml @@ -29,6 +29,26 @@ spec: - resources: kinds: - Pod + exclude: + any: + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} skipBackgroundRequests: true validate: message: >- diff --git a/charts/team-ns/templates/policies/baseline/disallow-privileged-containers.yaml b/charts/team-ns/templates/policies/baseline/disallow-privileged-containers.yaml index 1286ef44fc..50500702f5 100644 --- a/charts/team-ns/templates/policies/baseline/disallow-privileged-containers.yaml +++ b/charts/team-ns/templates/policies/baseline/disallow-privileged-containers.yaml @@ -28,6 +28,26 @@ spec: - resources: kinds: - Pod + exclude: + any: + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} skipBackgroundRequests: true validate: message: >- diff --git a/charts/team-ns/templates/policies/baseline/disallow-proc-mount.yaml b/charts/team-ns/templates/policies/baseline/disallow-proc-mount.yaml index ab9b854cfd..15570f0a2e 100644 --- a/charts/team-ns/templates/policies/baseline/disallow-proc-mount.yaml +++ b/charts/team-ns/templates/policies/baseline/disallow-proc-mount.yaml @@ -29,6 +29,26 @@ spec: - resources: kinds: - Pod + exclude: + any: + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} skipBackgroundRequests: true validate: message: >- diff --git a/charts/team-ns/templates/policies/baseline/disallow-selinux.yaml b/charts/team-ns/templates/policies/baseline/disallow-selinux.yaml index 8c9ba3f4e9..90b1deb7b2 100644 --- a/charts/team-ns/templates/policies/baseline/disallow-selinux.yaml +++ b/charts/team-ns/templates/policies/baseline/disallow-selinux.yaml @@ -27,6 +27,26 @@ spec: - resources: kinds: - Pod + exclude: + any: + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} skipBackgroundRequests: true validate: message: >- @@ -57,6 +77,26 @@ spec: - resources: kinds: - Pod + exclude: + any: + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} skipBackgroundRequests: true validate: message: >- diff --git a/charts/team-ns/templates/policies/baseline/restrict-apparmor-profiles.yaml b/charts/team-ns/templates/policies/baseline/restrict-apparmor-profiles.yaml index 63f10fb2d8..f9b7c3e618 100644 --- a/charts/team-ns/templates/policies/baseline/restrict-apparmor-profiles.yaml +++ b/charts/team-ns/templates/policies/baseline/restrict-apparmor-profiles.yaml @@ -31,6 +31,26 @@ spec: - resources: kinds: - Pod + exclude: + any: + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} skipBackgroundRequests: true validate: message: >- diff --git a/charts/team-ns/templates/policies/baseline/restrict-seccomp.yaml b/charts/team-ns/templates/policies/baseline/restrict-seccomp.yaml index 1f30b52bb9..d91c65854b 100644 --- a/charts/team-ns/templates/policies/baseline/restrict-seccomp.yaml +++ b/charts/team-ns/templates/policies/baseline/restrict-seccomp.yaml @@ -29,6 +29,26 @@ spec: - resources: kinds: - Pod + exclude: + any: + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} skipBackgroundRequests: true validate: message: >- diff --git a/charts/team-ns/templates/policies/baseline/restrict-sysctls.yaml b/charts/team-ns/templates/policies/baseline/restrict-sysctls.yaml index dffb55329c..3138570675 100644 --- a/charts/team-ns/templates/policies/baseline/restrict-sysctls.yaml +++ b/charts/team-ns/templates/policies/baseline/restrict-sysctls.yaml @@ -31,6 +31,26 @@ spec: - resources: kinds: - Pod + exclude: + any: + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} skipBackgroundRequests: true validate: message: >- diff --git a/charts/team-ns/templates/policies/best-practice/allowed-image-repos.yaml b/charts/team-ns/templates/policies/best-practice/allowed-image-repos.yaml index 0422295070..b794ba85e7 100644 --- a/charts/team-ns/templates/policies/best-practice/allowed-image-repos.yaml +++ b/charts/team-ns/templates/policies/best-practice/allowed-image-repos.yaml @@ -40,6 +40,24 @@ spec: - resources: annotations: tekton.dev/tags: git + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} skipBackgroundRequests: true validate: message: >- diff --git a/charts/team-ns/templates/policies/best-practice/disallow-latest-tag.yaml b/charts/team-ns/templates/policies/best-practice/disallow-latest-tag.yaml index 5cdb8eb342..b6971afb73 100644 --- a/charts/team-ns/templates/policies/best-practice/disallow-latest-tag.yaml +++ b/charts/team-ns/templates/policies/best-practice/disallow-latest-tag.yaml @@ -29,6 +29,26 @@ spec: - resources: kinds: - Pod + exclude: + any: + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} skipBackgroundRequests: true validate: message: "An image tag is required." @@ -47,6 +67,24 @@ spec: - resources: annotations: policy.otomi.io/ignore: banned-image-tags + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} skipBackgroundRequests: true validate: message: "Using a mutable image tag e.g. 'latest' is not allowed." diff --git a/charts/team-ns/templates/policies/best-practice/require-limits.yaml b/charts/team-ns/templates/policies/best-practice/require-limits.yaml index d9210c749f..5212f88e3e 100644 --- a/charts/team-ns/templates/policies/best-practice/require-limits.yaml +++ b/charts/team-ns/templates/policies/best-practice/require-limits.yaml @@ -31,6 +31,26 @@ spec: - resources: kinds: - Pod + exclude: + any: + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} skipBackgroundRequests: true validate: message: "CPU and memory resource requests and limits are required." diff --git a/charts/team-ns/templates/policies/best-practice/require-pod-liveness-probe.yaml b/charts/team-ns/templates/policies/best-practice/require-pod-liveness-probe.yaml index b4f9173172..fbcd25fdd5 100644 --- a/charts/team-ns/templates/policies/best-practice/require-pod-liveness-probe.yaml +++ b/charts/team-ns/templates/policies/best-practice/require-pod-liveness-probe.yaml @@ -40,6 +40,24 @@ spec: - resources: annotations: tekton.dev/tags: git + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} preconditions: all: - key: "{{`{{request.operation || 'BACKGROUND'}}`}}" diff --git a/charts/team-ns/templates/policies/best-practice/require-pod-readiness-probe.yaml b/charts/team-ns/templates/policies/best-practice/require-pod-readiness-probe.yaml index bbfcdacec5..ec68b4b21a 100644 --- a/charts/team-ns/templates/policies/best-practice/require-pod-readiness-probe.yaml +++ b/charts/team-ns/templates/policies/best-practice/require-pod-readiness-probe.yaml @@ -40,6 +40,24 @@ spec: - resources: annotations: tekton.dev/tags: git + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} preconditions: all: - key: "{{`{{request.operation || 'BACKGROUND'}}`}}" diff --git a/charts/team-ns/templates/policies/best-practice/require-pod-startup-probe.yaml b/charts/team-ns/templates/policies/best-practice/require-pod-startup-probe.yaml index f987d3e915..697d5c0ff7 100644 --- a/charts/team-ns/templates/policies/best-practice/require-pod-startup-probe.yaml +++ b/charts/team-ns/templates/policies/best-practice/require-pod-startup-probe.yaml @@ -43,6 +43,24 @@ spec: - resources: annotations: tekton.dev/tags: git + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} preconditions: all: - key: "{{`{{request.operation || 'BACKGROUND'}}`}}" diff --git a/charts/team-ns/templates/policies/best-practice/require-requests.yaml b/charts/team-ns/templates/policies/best-practice/require-requests.yaml index 8c132407e6..87feb01a5a 100644 --- a/charts/team-ns/templates/policies/best-practice/require-requests.yaml +++ b/charts/team-ns/templates/policies/best-practice/require-requests.yaml @@ -31,6 +31,35 @@ spec: - resources: kinds: - Pod + exclude: + any: + - resources: + annotations: + tekton.dev/tags: image-build + - resources: + annotations: + tekton.dev/tags: CLI, grype + - resources: + annotations: + tekton.dev/tags: git + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} skipBackgroundRequests: true validate: message: "CPU and memory resource requests and limits are required." diff --git a/charts/team-ns/templates/policies/other/require-non-root-groups.yaml b/charts/team-ns/templates/policies/other/require-non-root-groups.yaml index 9bfd3b1bcb..d0b3c2edca 100644 --- a/charts/team-ns/templates/policies/other/require-non-root-groups.yaml +++ b/charts/team-ns/templates/policies/other/require-non-root-groups.yaml @@ -40,6 +40,24 @@ spec: - resources: annotations: tekton.dev/tags: 'CLI, grype' + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} skipBackgroundRequests: true validate: message: >- @@ -69,6 +87,26 @@ spec: - resources: kinds: - Pod + exclude: + any: + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} skipBackgroundRequests: true validate: message: >- @@ -85,6 +123,26 @@ spec: - resources: kinds: - Pod + exclude: + any: + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} skipBackgroundRequests: true validate: message: >- diff --git a/charts/team-ns/templates/policies/other/required-label.yaml b/charts/team-ns/templates/policies/other/required-label.yaml index fc9bac192a..567e434eb9 100644 --- a/charts/team-ns/templates/policies/other/required-label.yaml +++ b/charts/team-ns/templates/policies/other/required-label.yaml @@ -37,6 +37,24 @@ spec: - resources: annotations: tekton.dev/tags: git + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} skipBackgroundRequests: true validate: message: "Setting an app label is required for the workload." diff --git a/charts/team-ns/templates/policies/restricted/disallow-capabilities-strict.yaml b/charts/team-ns/templates/policies/restricted/disallow-capabilities-strict.yaml index aa0f90e8ce..0162f73f1f 100644 --- a/charts/team-ns/templates/policies/restricted/disallow-capabilities-strict.yaml +++ b/charts/team-ns/templates/policies/restricted/disallow-capabilities-strict.yaml @@ -39,6 +39,24 @@ spec: - resources: annotations: tekton.dev/tags: 'CLI, grype' + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} preconditions: all: - key: "{{`{{ request.operation || 'BACKGROUND' }}`}}" @@ -69,6 +87,26 @@ spec: - resources: kinds: - Pod + exclude: + any: + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} skipBackgroundRequests: true validate: message: >- diff --git a/charts/team-ns/templates/policies/restricted/disallow-privilege-escalation.yaml b/charts/team-ns/templates/policies/restricted/disallow-privilege-escalation.yaml index 89157e2b42..4b45bfd5ef 100644 --- a/charts/team-ns/templates/policies/restricted/disallow-privilege-escalation.yaml +++ b/charts/team-ns/templates/policies/restricted/disallow-privilege-escalation.yaml @@ -38,6 +38,24 @@ spec: - resources: annotations: tekton.dev/tags: 'CLI, grype' + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} skipBackgroundRequests: true validate: message: >- diff --git a/charts/team-ns/templates/policies/restricted/require-run-as-non-root-user.yaml b/charts/team-ns/templates/policies/restricted/require-run-as-non-root-user.yaml index 82e0a09324..7577081243 100644 --- a/charts/team-ns/templates/policies/restricted/require-run-as-non-root-user.yaml +++ b/charts/team-ns/templates/policies/restricted/require-run-as-non-root-user.yaml @@ -38,6 +38,24 @@ spec: - resources: annotations: tekton.dev/tags: 'CLI, grype' + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} skipBackgroundRequests: true validate: message: >- diff --git a/charts/team-ns/templates/policies/restricted/require-run-as-nonroot.yaml b/charts/team-ns/templates/policies/restricted/require-run-as-nonroot.yaml index 2334ab548b..a19a3c3ac0 100644 --- a/charts/team-ns/templates/policies/restricted/require-run-as-nonroot.yaml +++ b/charts/team-ns/templates/policies/restricted/require-run-as-nonroot.yaml @@ -37,6 +37,24 @@ spec: - resources: annotations: tekton.dev/tags: 'CLI, grype' + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} skipBackgroundRequests: true validate: message: >- diff --git a/charts/team-ns/templates/policies/restricted/restrict-seccomp-strict.yaml b/charts/team-ns/templates/policies/restricted/restrict-seccomp-strict.yaml index 4fcb580a47..378964e77d 100644 --- a/charts/team-ns/templates/policies/restricted/restrict-seccomp-strict.yaml +++ b/charts/team-ns/templates/policies/restricted/restrict-seccomp-strict.yaml @@ -41,6 +41,24 @@ spec: - resources: annotations: tekton.dev/tags: 'CLI, grype' + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} skipBackgroundRequests: true validate: message: >- diff --git a/charts/team-ns/templates/policies/restricted/restrict-volume-types.yaml b/charts/team-ns/templates/policies/restricted/restrict-volume-types.yaml index b80747466f..c8bada759c 100644 --- a/charts/team-ns/templates/policies/restricted/restrict-volume-types.yaml +++ b/charts/team-ns/templates/policies/restricted/restrict-volume-types.yaml @@ -29,6 +29,26 @@ spec: - resources: kinds: - Pod + exclude: + any: + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: prometheus-{{ $v.teamId }} + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: {{ $v.teamId }}-po-alertmanager + - resources: + kinds: + - Pod + selector: + matchLabels: + app.kubernetes.io/instance: tekton-dashboard-{{ $v.teamId }} preconditions: all: - key: "{{`{{ request.operation || 'BACKGROUND' }}`}}" diff --git a/helmfile.d/helmfile-60.teams.yaml b/helmfile.d/helmfile-60.teams.yaml index 5727d96c68..33ad5091a8 100644 --- a/helmfile.d/helmfile-60.teams.yaml +++ b/helmfile.d/helmfile-60.teams.yaml @@ -227,12 +227,12 @@ releases: {{- if $v.apps.falco.enabled }} - falco-teams {{- end }} - {{- if and (eq $v.cluster.provider "azure") ($team | get "azureMonitor" ($v | get "azure.monitor" nil)) }} - - azure - {{- end }} {{- if $v.apps.trivy.enabled }} - trivy-teams {{- end }} + {{- if $v.apps.kyverno.enabled }} + - kyverno-teams + {{- end }} - name: team-ns-{{ $teamId }} installed: true namespace: team-{{ $teamId }} diff --git a/values/grafana-dashboards/grafana-dashboards.gotmpl b/values/grafana-dashboards/grafana-dashboards.gotmpl index 1c4c261e80..a3e3323cb7 100644 --- a/values/grafana-dashboards/grafana-dashboards.gotmpl +++ b/values/grafana-dashboards/grafana-dashboards.gotmpl @@ -27,3 +27,6 @@ folders: {{- if $v.apps.thanos.enabled }} - thanos {{- end }} + {{- if $v.apps.kyverno.enabled }} + - kyverno + {{- end }} \ No newline at end of file diff --git a/values/kyverno/kyverno.gotmpl b/values/kyverno/kyverno.gotmpl index 7cc6cb53ed..97843fabad 100644 --- a/values/kyverno/kyverno.gotmpl +++ b/values/kyverno/kyverno.gotmpl @@ -27,7 +27,7 @@ admissionController: serviceMonitor: enabled: true additionalLabels: - prometheus: systen + prometheus: system container: resources: {{- $kv.resources.admissionController | toYaml | nindent 6 }} @@ -39,6 +39,10 @@ cleanupController: replicas: 3 {{- end }} resources: {{- $kv.resources.cleanupController | toYaml | nindent 4 }} + serviceMonitor: + enabled: true + additionalLabels: + prometheus: system backgroundController: {{- if eq $kv.mode "DevTest" }} @@ -51,7 +55,7 @@ backgroundController: serviceMonitor: enabled: true additionalLabels: - prometheus: systen + prometheus: system reportsController: {{- if eq $kv.mode "DevTest" }} @@ -61,6 +65,10 @@ reportsController: replicas: 2 {{- end }} resources: {{- $kv.resources.reportsController | toYaml | nindent 4 }} + serviceMonitor: + enabled: true + additionalLabels: + prometheus: system features: logging: @@ -74,4 +82,12 @@ config: # -- Exclude Kyverno namespace # Determines if default Kyverno namespace exclusion is enabled for webhooks and resourceFilters # required for nodeAffinity (alse force kyverno to disired nodes) - excludeKyvernoNamespace: true \ No newline at end of file + excludeKyvernoNamespace: true + +metricsConfig: + namespaces: + include: + {{- range $id, $team := $v.teamConfig }} + - team-{{ $id }} + {{- end }} + \ No newline at end of file diff --git a/versions.yaml b/versions.yaml index 2be9bf10a7..55514f2de2 100644 --- a/versions.yaml +++ b/versions.yaml @@ -1,5 +1,5 @@ api: 3.4.0 -console: 3.3.1 +console: APL-453 consoleLogin: v3.0.0 tasks: 3.4.0 tools: 2.7.0