resource list exceptions

Signed-off-by: Frank Jogeleit <[email protected]>

charts/policy-reporter/Chart.yaml

@@ -5,7 +5,7 @@ description: |
   It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord
 
 type: application
-version: 3.0.0-alpha.20
+version: 3.0.0-alpha.21
 appVersion: 3.0.0-alpha
 
 icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png

charts/policy-reporter/README.md

@@ -3,7 +3,7 @@
 Policy Reporter watches for PolicyReport Resources.
 It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord
 
-![Version: 3.0.0-alpha.20](https://img.shields.io/badge/Version-3.0.0--alpha.20-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.0.0-alpha](https://img.shields.io/badge/AppVersion-3.0.0--alpha-informational?style=flat-square)
+![Version: 3.0.0-alpha.21](https://img.shields.io/badge/Version-3.0.0--alpha.21-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.0.0-alpha](https://img.shields.io/badge/AppVersion-3.0.0--alpha-informational?style=flat-square)
 
 ## Documentation
 
@@ -332,7 +332,7 @@ Check the [Documentation](https://kyverno.github.io/policy-reporter/guide/02-get
 | ui.image.registry | string | `"ghcr.io"` | Image registry |
 | ui.image.repository | string | `"kyverno/policy-reporter-ui"` | Image repository |
 | ui.image.pullPolicy | string | `"IfNotPresent"` | Image PullPolicy |
-| ui.image.tag | string | `"2.0.0-alpha.29"` | Image tag Defaults to `Chart.AppVersion` if omitted |
+| ui.image.tag | string | `"2.0.0-alpha.30"` | Image tag Defaults to `Chart.AppVersion` if omitted |
 | ui.replicaCount | int | `1` | Deployment replica count |
 | ui.tempDir | string | `"/tmp"` | Temporary Directory to persist session data for authentication |
 | ui.logging.encoding | string | `"console"` | log encoding possible encodings are console and json |
@@ -396,7 +396,7 @@ Check the [Documentation](https://kyverno.github.io/policy-reporter/guide/02-get
 | plugin.kyverno.image.registry | string | `"ghcr.io"` | Image registry |
 | plugin.kyverno.image.repository | string | `"kyverno/policy-reporter/kyverno-plugin"` | Image repository |
 | plugin.kyverno.image.pullPolicy | string | `"IfNotPresent"` | Image PullPolicy |
-| plugin.kyverno.image.tag | string | `"0.0.5"` | Image tag Defaults to `Chart.AppVersion` if omitted |
+| plugin.kyverno.image.tag | string | `"0.0.6"` | Image tag Defaults to `Chart.AppVersion` if omitted |
 | plugin.kyverno.replicaCount | int | `1` | Deployment replica count |
 | plugin.kyverno.logging.encoding | string | `"console"` | log encoding possible encodings are console and json |
 | plugin.kyverno.logging.logLevel | int | `0` | log level default info |

charts/policy-reporter/values.yaml

@@ -720,7 +720,7 @@ ui:
     pullPolicy: IfNotPresent
       # -- (string) Image tag
       # Defaults to `Chart.AppVersion` if omitted
-    tag: "2.0.0-alpha.29"
+    tag: "2.0.0-alpha.30"
 
   # -- Deployment replica count
   replicaCount: 1
@@ -974,7 +974,7 @@ plugin:
       pullPolicy: IfNotPresent
         # -- (string) Image tag
         # Defaults to `Chart.AppVersion` if omitted
-      tag: "0.0.5"
+      tag: "0.0.6"
 
     # -- Deployment replica count
     replicaCount: 1

docs/EXCEPTIONS.md

@@ -0,0 +1,64 @@
+# Policy Reporter UI - Generate Kyverno PolicyExceptions
+
+The Policy Reporter UI provides a visual overview of the policy status in your cluster, but no action you can take to change the status by default.
+
+In the case of Kyverno, you have two options for dealing with policy failure. You can either fix it or create an exception for it. While the first option is difficult to automate and not always possible, creating an exception is relatively easy and can help exclude resources from validation that you are not able to fix immediately.
+
+To support this process, the new Policy Reporter plugin system provides an Exception API that can be used to implement source-specific logic for PolicyException creation. The new Policy Reporter Kyverno plugin utilizes this API to provide an automated method for generating Kyverno PolicyException CRD resources that excludes a single or all failed policies depending on the context in the UI.
+
+## Configuration
+
+Because the Exception API is part of the Policy Reporter Kyverno Plugin, its required to install this plugin to use it and enable the exception feature.
+
+### Helm 3 Configuration
+
+```yaml
+plugin:
+  kyverno:
+    enabled: true
+
+ui:
+  enabled: true
+  sources:
+    - name: kyverno
+      exceptions: true
+      excludes:
+        namespaceKinds:
+        - Pod
+        - Job
+        - ReplicaSet
+        results:
+        - warn
+        - error
+```
+
+### UI Configuration
+
+```yaml
+# Configure the Kyverno Plugin the Cluster config
+clusters:
+- name: Default
+  host: http://policy-reporter:8080
+  plugins:
+  - name: kyverno
+    host: http://policy-reporter-kyverno-plugin:8080/api
+
+# Enable `exceptions` in the kyverno source configuration
+sources:
+  - name: kyverno
+    exceptions: true
+    excludes:
+      namespaceKinds:
+      - Pod
+      - Job
+      - ReplicaSet
+      results:
+      - warn
+      - error
+```
+
+### Examples
+
+![Exception Resource List](https://github.com/kyverno/policy-reporter/blob/3.x/docs/images/exceptions/resource-list.png)
+
+![Exception Dialog](https://github.com/kyverno/policy-reporter/blob/3.x/docs/images/exceptions/exception-dialog.png)