Add kyverno monitoring to default stack

[FaGru3n]

Reason With kyverno in our cluster, we need to make sure that it is easy to be aware of policie issues.

To do so, we will add monitoring to our default stack so that our internal customers can easily see if there are issues with kyverno.

AC

• Add kyverno default dashboard https://kyverno.io/docs/monitoring/
• Add kyverno metric "deny" to product default dashboard
• Add kyverno metric "deny" to infra dashboard for all namespaces
• Has to be available on all environments

Additional information / links

[carslen]

Kyverno needs to be upgraded, as the documentation doesn't match with our deployed Kyverno version. Kyverno introduced breaking changes with version (AppVersion/Helm Chart Version) 1.10.0/3.0.0 and documentation is based on v1.10.0.

Current deployed Kyverno Version in our envs

• Helm Chart Version: 2.6.0
• Kyverno Version: v1.8.0

Resources

• Release Notes Kyverno v1.10.0
• Helm Chart migration guide
• New Helm values with Chart version v3
• Upgrade option 1 - Uninstallation and Reinstallation
• Upgrade option 2 - Scale to Zero

As we've not yet deployed any policies we'll follow the recommended upgrade option 1 (uninstall - reinstall).

[carslen]

Kyverno upgraded to v1.10.3 (Helm Chart v3.0.5).

[carslen]

Documented way of configuring might be outdated, as kyverno/grafana-dashboard has been archived and references back to the v3 Helm Chart. There are settings how to implement/deploy the dashboard. Investigating.

[carslen]

kyverno dashboard deployed as configMap to monitoring namespace and added dashboard to grafana config.

https://grafana.devsecops-testing.demo.catena-x.net/d/Rg8lWBG7k/kyverno-metrics?orgId=1

pls review

[carslen]

🛎 Please review PR: https://github.com/catenax-ng/k8s-cluster-stack/pull/438

[SebastianBezold]

PR merged, Dashboard present, so from my point of view this issue is done. What do you think @carslen?