Demo Instructions

Kind Cluster

make kind-create-cluster

Kyverno

Add Repository

helm repo add kyverno https://kyverno.github.io/kyverno

Install

helm upgrade --install kyverno kyverno/kyverno -n kyverno --create-namespace
helm upgrade --install kyverno-policies kyverno/kyverno-policies --set podSecurityStandard=restricted

Falco

Add Repository

helm repo add falcosecurity https://falcosecurity.github.io/charts

Install

helm upgrade --install falco falcosecurity/falco --set falcosidekick.enabled=true --set falcosidekick.config.policyreport.enabled=true --set falcosidekick.image.tag=latest  --namespace falco --create-namespace

Trivy Operator

Add Repository

helm repo add aqua https://aquasecurity.github.io/helm-charts/
helm repo add trivy-operator-polr-adapter https://fjogeleit.github.io/trivy-operator-polr-adapter

Install

helm upgrade --install trivy-operator aqua/trivy-operator -n trivy-system --create-namespace --set="trivy.ignoreUnfixed=true"
helm upgrade --install trivy-operator-polr-adapter trivy-operator-polr-adapter/trivy-operator-polr-adapter -n trivy-system

Policy Reporter

Add Repository

helm repo add policy-reporter https://kyverno.github.io/policy-reporter

Install

Slack Secret

apiVersion: v1
kind: Secret
metadata:
  name: webhook-secret
  namespace: policy-reporter
type: Opaque
data:
  webhook: aHR0cHM6Ly9ob29rcy5z...

Values

plugin:
  kyverno:
    enabled: true

  trivy:
    enabled: true

ui:
  enabled: true

  ingress:
    enabled: true
    annotations:
      nginx.ingress.kubernetes.io/rewrite-target: /$1
    className: nginx
    hosts:
      - host: localhost
        paths:
        - path: "/ui/(.*)"
          pathType: ImplementationSpecific

  sources:
    - name: Trivy ConfigAudit
      type: severity
      excludes:
        results:
        - pass
        - error

    - name: Trivy Vulnerability
      type: severity
      excludes:
        results:
        - pass
        - error

    - name: Falco
      excludes:
        results:
        - pass
        - skip

target:
  slack:
    name: Kyverno Channel
    channel: kyverno
    secretRef: webhook-secret
    minimumSeverity: warning
    skipExistingOnStartup: true
    sources: [kyverno]
    filter:
      namespaces:
        exclude: ['trivy-system']
    channels:
      - name: Trivy Operator
        channel: trivy-operator
        sources: [Trivy Vulnerability]
        filter:
          namespaces:
            exclude: ['trivy-system']

helm upgrade --install policy-reporter policy-reporter/policy-reporter --create-namespace -n policy-reporter -f values.yaml --devel

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

DEMO.md

DEMO.md

Demo Instructions

Kind Cluster

Kyverno

Add Repository

Install

Falco

Add Repository

Install

Trivy Operator

Add Repository

Install

Policy Reporter

Add Repository

Install

Slack Secret

Values

Files

DEMO.md

Latest commit

History

DEMO.md

File metadata and controls

Demo Instructions

Kind Cluster

Kyverno

Add Repository

Install

Falco

Add Repository

Install

Trivy Operator

Add Repository

Install

Policy Reporter

Add Repository

Install

Slack Secret

Values