Skip to content
Community

logo

Kyverno#

Kyverno is a powerful open-source policy engine designed specifically for Kubernetes. It allows you to define and enforce policies that govern the configuration and behavior of your Kubernetes resources, ensuring security, compliance, and operational best practices. Here's a breakdown of its key features:

  • Kubernetes Native: Kyverno is built for Kubernetes, using the same YAML format and API objects as Kubernetes itself, making it easy to learn and use.
  • Policy-as-Code: Define policies as code, enabling version control, collaboration, and automation.
  • Validation and Mutation: Kyverno can validate resources against policies before they are created or modified, and it can also mutate resources to enforce compliance.
  • Image Verification: Verify the integrity and provenance of container images, ensuring that only trusted images are deployed.
  • Resource Validation: Validate resource configurations against security and compliance standards, preventing misconfigurations.
  • RBAC Integration: Integrates with Kubernetes RBAC to control who can create, modify, and apply policies.


Looking for Commercial Support? LEARN MORE

Prerequisites#

Deploy k0rdent v1.2.0: QuickStart

Install template to k0rdent#

helm upgrade --install kyverno oci://ghcr.io/k0rdent/catalog/charts/kgst --set "chart=kyverno:3.4.4" -n kcm-system

Verify service template#

kubectl get servicetemplates -A
# NAMESPACE    NAME                            VALID
# kcm-system   kyverno-3-4-4                   true

Deploy service template#

apiVersion: k0rdent.mirantis.com/v1beta1
kind: ClusterDeployment
# kind: MultiClusterService
...
  serviceSpec:
    services:
      - template: kyverno-3-4-4
        name: kyverno
        namespace: kyverno
BACK TO CATALOG