Export Policy Version (e.g., via Annotations) to Grafana/Prometheus

[thefakestefan]

Hi team,

I’m currently using the Kyverno Policy Reporter and I’d like to ask if there is a way to export the version of each policy to monitoring tools like Grafana/Prometheus. A possible approach could be to include the policy version as part of the annotations in the respective policies, which can then be exposed via metrics. Exporting policy version information would allow:

• Enhanced monitoring and observability by displaying policy versions in Grafana/Prometheus dashboards.
• Improved tracking of policy updates and their impact on cluster compliance over time.
• Better debugging and correlation between policy versions and metrics/events.

Thanks for considering this request and for the excellent work on the project!

Best regards,
Stefan

[fjogeleit]

Hey Stefan,

Metrics of Policy Reporter only using PolicyReport(s) as source of the metrics. Its not possible to include information from the Policy CRD directly.

So it would be required to add your Policy Version as e.g. property to the related PolicyReportResults.

Policy Reporter allows to add custom metric labels out of PolicyReport Labels and PolicyReportResult Properties:

https://kyverno.github.io/policy-reporter-docs/policy-reporter/metrics.html#append-policyreportresult-property

One way to add details to PolicyReportResult Properties in Kyverno would be reportProperties:

https://kyverno.io/blog/2024/10/30/announcing-kyverno-release-1.13/#custom-data-in-reports