kyverno helm

Kyverno is a policy engine for Kubernetes that enables you to define and enforce policies for your cluster resources. It provides a flexible and scalable solution for managing your cluster configuration, allowing you to enforce best practices, prevent misconfigurations, and enforce compliance requirements.

The kyverno/policies offer all kinds of security and best practice policies that you could use.

More popular helm chart found

kyverno from kyverno is more popular with 44 repositories.

Install

Install with:

helm repo add kyverno oci://ghcr.io/kyverno/charts/
helm install kyverno kyverno/kyverno -f values.yaml

Top Repositories (4 out of 12)

See examples from other people.

NameRepoStarsVersionTimestamp
kyvernoblackjid/k8s-gitops613.0.5a month ago
kyvernocoolguy1771/home-ops323.0.5a month ago
kyvernoszinn/k8s-homelab883.0.5a month ago
kyvernoonedr0p/home-ops12963.0.5a month ago

Values

See the most popular values for this chart:

KeyTypes
admissionController.rbac.clusterRole.extraResources[].apiGroups[] (12)
-
string
admissionController.rbac.clusterRole.extraResources[].resources[] (12)
- pods
string
admissionController.rbac.clusterRole.extraResources[].verbs[] (12)
- create
- update
- delete
string
admissionController.replicas (12)
3
number
admissionController.serviceMonitor.enabled (12)
true
boolean
admissionController.serviceMonitor.interval (1)
string
admissionController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/component" (10)
kyverno
string
admissionController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (10)
kyverno
string
admissionController.topologySpreadConstraints[].maxSkew (10)
1
number
admissionController.topologySpreadConstraints[].topologyKey (10)
kubernetes.io/hostname
string
admissionController.topologySpreadConstraints[].whenUnsatisfiable (10)
DoNotSchedule
string
admissionController.resources.limits.memory (2)
string
admissionController.resources.requests.cpu (2)
string
admissionController.resources.requests.memory (2)
string
backgroundController.rbac.clusterRole.extraResources[].apiGroups[] (12)
-
string
backgroundController.rbac.clusterRole.extraResources[].resources[] (12)
- pods
string
backgroundController.rbac.clusterRole.extraResources[].verbs[] (10)
- create
- update
- patch
- delete
- get
- list
string
backgroundController.serviceMonitor.enabled (12)
true
boolean
backgroundController.resources.limits.memory (2)
string
backgroundController.resources.requests.cpu (2)
string
backgroundController.resources.requests.memory (2)
string
cleanupController.serviceMonitor.enabled (12)
true
boolean
cleanupController.serviceMonitor.interval (1)
string
cleanupController.resources.limits.memory (1)
string
cleanupController.resources.requests.cpu (1)
string
cleanupController.resources.requests.memory (1)
string
crds.install (12)
true
boolean
grafana.enabled (12)
true
boolean
grafana.annotations.grafana_folder (10)
System
string
reportsController.serviceMonitor.enabled (12)
true
boolean
reportsController.serviceMonitor.interval (1)
string
reportsController.resources.limits.memory (1)
string
reportsController.resources.requests.cpu (1)
string
reportsController.resources.requests.memory (1)
string
updateStrategy.rollingUpdate.maxSurge (3)
1
number
updateStrategy.type (3)
RollingUpdate
string
annotations."reloader.stakater.com/search" (1)
string
nodeSelector."node-role.kubernetes.io/control-plane" (1)
string
replicaCount (1)
number
resources.limits.memory (1)
string
resources.requests.cpu (1)
string
resources.requests.memory (1)
string
serviceMonitor.annotations.grafana_folder (1)
string
serviceMonitor.enabled (1)
boolean
tolerations[].key (1)
string
tolerations[].operator (1)
string
topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (1)
string
topologySpreadConstraints[].maxSkew (1)
number
topologySpreadConstraints[].topologyKey (1)
string
topologySpreadConstraints[].whenUnsatisfiable (1)
string