Feature: Allow Reconfiguration when config file changes

[jescarri]

Hello, I'm trying to add a way to hot-reload kyverno-policy-reporter when the config file changes.

I have an external process that generates slack-target configuration based of namespace labels, I've been trying to add this feature but I'm a bit lost on what is the process to load and propagate the configuration.

I have some working bits, reload configuration and generate new targets but I cannot get it to propagate to the api or slack channel notification.

Let me know if this is something that can be done with the current code-base, I'm happy to add the code.

Thanks!

[fjogeleit]

Hey,

in the upcoming v3 version I added at least support for updating existing targets using secretRefs.

E.g. you have a slack target and configure the webhook via secretRef, the secret changes - it will update the target.

It depends on what you try to update/change but this would also be an entry point to add targets during runtime.

https://github.com/kyverno/policy-reporter/blob/3.x/pkg/target/collection.go
https://github.com/kyverno/policy-reporter/blob/3.x/pkg/kubernetes/secrets/informer.go

There are plans to provide CRDs for the configuration of targets in the future, but there is no timetable for this yet.

[jescarri]

interesting, I was exploring the Cobra/Viper route, I have it to a point where I can change the target config slack channel and it propagates the change, but it sends messages to the new channel + the webhook default channel.

On the api side the targets never get refreshed in fact it's strange because hiting /v1/targets never reaches the handler.TargetsHandler function only on first boot the funcion gets executed.

I will take a look at your v3 commits and see if I can figure out a way, the only thing I do not want to do is add a wrapper on the reporter to watch for the config file and restart the process, that's my last option.

I Will probably submit an MR tagged as WIP so you can see what I'm doing.

Thanks for the help and time!.

[fjogeleit]

In v3 the targets.Collection is the "source of truth" for the targets handler, pushes, etc.

So you only need a way to add a new target to the collection or update an existing one. Should be a better starting point as in v2.

[fjogeleit]

@jescarri as I read your initial use case is based on namespace labels, the new policy reporter v3 now supports namespace label selector for target filter. Maybe this could also solve your problem.