Merge pull request #6 from tks98/metrics-docs

Documentation update
tks98 · Nov 1, 2022 · 6ec212b · 6ec212b
2 parents b476046 + 47e1970
commit 6ec212b
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -11,7 +11,7 @@ kube-sentry is a validating admission webhook for Kubernetes that scans incoming
 
 ## Installation
 
-kube-sentry can be installed with the included helm chart
+kube-sentry can be installed with the included helm chart. 
 
 ![kube-sentry-demo](docs/demo/demo.gif)
 
@@ -23,6 +23,10 @@ helm install kube-sentry -n kube-sentry . --wait
 
 kube-sentry requires a remote trivy server for scanning container images. By default, it is installed as a chart dependency. 
 
+## Documentation
+
+The documentation directory "docs" contains information on how to configure kube-sentry certificates, validation-rules, and metrics. 
+
 ## Configuration
 
 | Argument          | Description                                                           |

diff --git a/deploy/kube-sentry/Chart.yaml b/deploy/kube-sentry/Chart.yaml
@@ -2,8 +2,8 @@ apiVersion: v2
 name: kube-sentry
 description: Defend against high-risk workloads and gain visibility into vulnerable containers running on Kubernetes
 type: application
-version: 1.0.0
-appVersion: "1.0.0"
+version: 0.1.0
+appVersion: "0.1.0"
 sources:
   - https://github.com/tks98/kube-sentry
 maintainers:

diff --git a/docs/metrics/metrics.md b/docs/metrics/metrics.md
@@ -0,0 +1,22 @@
+# Vulnerability Results and Metrics
+
+### Prometheus Metrics
+After an image is scanned, the scan results will be exported to prometheus. The labels to export can be configured. 
+
+By default, all labels are enabled.
+```yaml
+metricsLabels: "report_name, image_namespace, image_registry, image_repository, 
+image_tag,image_digest, severity, vulnerability_id, vulnerable_resource_name, 
+installed_resource_version, fixed_resource_version, vulnerability_title, 
+vulnerability_link"
+```
+
+Prometheus queries can be used to gain insight into image vulnerabilities on your cluster. This can be useful for auditing purposes.
+A metric is exported for every vulnerability detected in each container image. 
+
+![prometheus](prometheus.png)
+
+Labels can be used to narrow down and filter results.
+
+![prometheus](prometheus_labels.png)
+
diff --git a/docs/metrics/prometheus.png b/docs/metrics/prometheus.png
diff --git a/docs/metrics/prometheus_labels.png b/docs/metrics/prometheus_labels.png