This is a proposal for a Policy Report Custom Resource Definition (CRD) that can be used as a common way to provide policy results to Kubernetes cluster administrators and users, using native tools.
See the proposal for background and details.
Policy Report CRD API Reference
Add the PolicyReport CRDs to your cluster (v1alpha2):
kubectl create -f https://github.com/kubernetes-sigs/wg-policy-prototypes/raw/master/policy-report/crd/v1alpha2/wgpolicyk8s.io_policyreports.yamlAdd the ClusterPolicyReport CRDs to your cluster (v1alpha2):
kubectl create -f https://github.com/kubernetes-sigs/wg-policy-prototypes/raw/master/policy-report/crd/v1alpha2/wgpolicyk8s.io_clusterpolicyreports.yamlCreate a sample policy report resource:
kubectl create -f https://github.com/kubernetes-sigs/wg-policy-prototypes/raw/master/policy-report/samples/sample-cis-k8s.yamlView policy report resources:
kubectl get policyreportsmakeThe Policy Report CRDs definitions are in the api folder and defined as Golang types with comments using the syntax of the kubebuilder controller-gen tool that can generate Kubernetes YAMLs.
To update, edit the Golang definitions and then run make to generate the Kubernetes OpenAPI schema for the CRDs.
Definitions are provided for both cluster-wide and namespaced policy report resources.
NOTE : For generating CRD documentation please follow the steps
$ git clone https://github.com/M00nF1sh/gen-crd-api-reference-docs.git
$ cd gen-crd-api-reference-docs
$ go build
$ mv gen-crd-api-reference-docs /usr/local/bin/
$ make generate