Update to stable chart

Signed-off-by: Frank Jogeleit <frank.jogeleit@web.de>
kyverno · Oct 7, 2024 · db3aea2 · db3aea2
1 parent eee05de
commit db3aea2
Show file tree

Hide file tree

Showing 5 changed files with 121 additions and 9 deletions.
diff --git a/docs/.vitepress/config.mts b/docs/.vitepress/config.mts
@@ -51,6 +51,7 @@ export default defineConfig({
           { text: 'Authentication', link: '/policy-reporter-ui/authentication' },
           { text: 'Custom Boards', link: '/policy-reporter-ui/custom-boards' },
           { text: 'Multi Tenant', link: '/policy-reporter-ui/multi-tenant' },
+          { text: 'App Configuration', link: '/policy-reporter-ui/configuration' },
         ]
       },
       {

diff --git a/docs/getting-started/installation.md b/docs/getting-started/installation.md
@@ -14,7 +14,7 @@ helm repo update
 Installs the Policy Reporter Core application with metrics enabled.
 
 ````bash
-helm install policy-reporter policy-reporter/policy-reporter-preview --create-namespace -n policy-reporter --devel --set metrics.enabled=true
+helm install policy-reporter policy-reporter/policy-reporter --create-namespace -n policy-reporter --devel --set metrics.enabled=true
 ````
 
 Access the metrics endpoint on [http://localhost:8080/metrics](http://127.0.0.1:8080/metrics) via kubectl port forward:
@@ -28,7 +28,7 @@ kubectl port-forward service/policy-reporter 8080:8080 -n policy-reporter
 Installs the Policy Reporter Core + Policy Reporter UI application.
 
 ````bash
-helm install policy-reporter policy-reporter/policy-reporter-preview --create-namespace -n policy-reporter --devel --set ui.enabled=true
+helm install policy-reporter policy-reporter/policy-reporter --create-namespace -n policy-reporter --devel --set ui.enabled=true
 ````
 
 Access the Policy Reporter UI endpoint on [http://localhost:8080/](http://127.0.0.1:8080/) via kubectl port forward:
@@ -44,7 +44,7 @@ kubectl port-forward service/policy-reporter-ui 8080:8080 -n policy-reporter
 Installs the Policy Reporter Core, Policy Reporter UI and Policy Reporter Kyverno Plugin application. The plugin provides additional information for Kyverno policies like descriptions, configuration and YAML declaration.
 
 ````bash
-helm install policy-reporter policy-reporter/policy-reporter-preview --create-namespace -n policy-reporter --devel --set ui.enabled=true --set plugin.kyverno.enabled=true
+helm install policy-reporter policy-reporter/policy-reporter --create-namespace -n policy-reporter --devel --set ui.enabled=true --set plugin.kyverno.enabled=true
 ````
 
 Access the Policy Reporter UI endpoint on [http://localhost:8080/](http://127.0.0.1:8080/) via kubectl port forward:

diff --git a/docs/policy-reporter-ui/authentication.md b/docs/policy-reporter-ui/authentication.md
@@ -2,10 +2,6 @@
 
 With Policy Reporter UI v2 it is possible to use either OAuth2 or OpenIDConnect as authentication mechanism.
 
-::: warning
-Its not possible to reduce or configure view permission based on roles or any other information yet. Authentication ensures that no unauthorized person is able to open the UI at all.
-:::
-
 ## OAuth2
 
 Policy Reporter UI v2 supports a fixed set of oauth2 providers. If the provider of your choice is not yet supported, you can submit a feature request for it.
@@ -115,3 +111,51 @@ ui:
 ```
 
 :::
+
+## Access Control
+
+The current MVP provides a basic machanism to manage access control for custom boards and and generated dashboards.
+
+*More fine grained and flexible access control is planned for later releases.*
+
+### Allow E-Mail List
+
+It is possible to define a list of user emails per custom board that are allowed to access it. It is also possible to define a list of user emails that are allowed to access all generated dashboards, access to a subset of dashboards is not yet supported.
+
+### Example
+
+* Allow a set of users to access all generated resource- and policy dashboards.
+* Allow a set of users to access the **Infrastructure** custom board.
+
+::: code-group
+
+```yaml [values.yaml]
+ui:
+  boards:
+    accessControl:
+      emails: ['admin@company.com']
+
+  customBoards:
+  - name: Infrastructure
+    namespaces:
+      selector:
+        team: infra
+    accessControl:
+      emails: ['user@company.com']
+```
+
+```yaml [config.yaml]
+boards:
+  accessControl:
+    emails: ['admin@company.com']
+
+customBoards:
+- name: Infrastructure
+  namespaces:
+    selector:
+      team: infra
+  accessControl:
+    emails: ['user@company.com']
+```
+
+:::
diff --git a/docs/policy-reporter-ui/configuration.md b/docs/policy-reporter-ui/configuration.md
@@ -0,0 +1,65 @@
+# App Configuration
+
+## Logging
+
+Configure additional request logging, output format and log level.
+
+::: code-group
+
+```yaml [values.yaml]
+ui:
+  logging:
+    # -- enables external api request logging
+    api: false
+    # -- enables server access logging
+    server: false
+    # -- log encoding
+    # possible encodings are console and json
+    encoding: console
+    # -- log level
+    # default info
+    logLevel: 0
+```
+
+```yaml [config.yaml]
+logging:
+  # -- Enables external api request logging
+  api: false
+  # -- Enables server access logging
+  server: false
+  # -- Log encoding
+  # possible encodings are console and json
+  encoding: console
+  # -- Log level
+  # default info
+  logLevel: 0
+```
+:::
+
+## Server
+
+Customize server related configurations
+
+::: code-group
+
+```yaml [values.yaml]
+ui:
+  server:
+    # -- Application port
+    port: 8080
+    # -- Enables CORS header
+    cors: true
+    # -- Overwrites Request Host with Proxy Host and adds `X-Forwarded-Host` and `X-Origin-Host` headers
+    overwriteHost: true
+```
+
+```yaml [values.yaml]
+server:
+  # -- Application port
+  port: 8080
+  # -- Enabled CORS header
+  cors: true
+  # -- Overwrites Request Host with Proxy Host and adds `X-Forwarded-Host` and `X-Origin-Host` headers
+  overwriteHost: true
+```
+:::
diff --git a/docs/upgrade-guide/helm.md b/docs/upgrade-guide/helm.md
@@ -225,8 +225,10 @@ ui:
 
   server: # [!code ++]
     port: 8080 # [!code ++]
-    logging: false # [!code ++]
     overwriteHost: true # [!code ++]
+
+  logging: # [!code ++]
+    api: true # [!code ++]
 ```
 
 ### Redis
@@ -285,6 +287,7 @@ The configuration of `api` and `port` are now combined under `server`. The REST
 ```yaml
 kyvernoPlugin: # [!code --]
   enabled: true # [!code --]
+
   port: # [!code --]
     name: rest # [!code --]
     number: 8080 # [!code --]
@@ -298,7 +301,6 @@ plugin: # [!code ++]
     enabled: true # [!code ++]
     server: # [!code ++]
       port: 8080 # [!code ++]
-      logging: false # [!code ++]
 ```
 
 ### Metrics