App Information
Policy Reporter
A Kyverno policy compliance dashboard for Kubernetes.
About
Policy Reporter is a tool that reads Kubernetes PolicyReport and ClusterPolicyReport resources (generated by Kyverno) and provides a web UI dashboard and metrics for visualizing policy compliance across the cluster. Self-hosting this alongside Kyverno gives visibility into which workloads violate policies without external tooling.
AlternativeTo
Self Hosted
| Tool | Open Source | Full Features | Notes |
|---|---|---|---|
| OPA/Gatekeeper | Yes | Yes | OPA-based policies instead of Kyverno |
Installation
From kustomize build k8s/apps/talos/policy-reporter:
- HelmRelease: Deployed via the
policy-reporterHelm chart with UI and Kyverno plugin enabled - Config:
ui.enabled: true,plugin.kyverno.enabled: true,metrics.enabled: truein ConfigMap values - Networking: HTTPRoute to internal gateway; no public exposure
- Storage: No persistent storage — reads from Kubernetes API
Administration
- Backups: No backup needed — stateless, reads from K8s API
- OpenID/SSO: No OIDC configuration present in manifests
- Security: SOPS-encrypted
tofu-encryptionsecret; limited to internal network access only
Usage
Access the web UI to view policy compliance reports across namespaces. Filter by policy, resource, or result status (pass/fail/warn). Metrics are scraped by the monitoring stack for alerting on policy violations. The Kyverno plugin provides additional report enrichment.