kyverno helm

Kyverno is a policy engine for Kubernetes that enables you to define and enforce policies for your cluster resources. It provides a flexible and scalable solution for managing your cluster configuration, allowing you to enforce best practices, prevent misconfigurations, and enforce compliance requirements.

The kyverno/policies offer all kinds of security and best practice policies that you could use.

Install

Install with:

helm repo add kyverno-charts https://kyverno.github.io/kyverno/
helm install kyverno kyverno-charts/kyverno -f values.yaml

Top Repositories (5 out of 44)

See examples from other people.

NameRepoStarsVersionTimestamp
kyvernobjw-s/home-ops2772.7.14 days ago
kyvernoonedr0p/home-ops10562.7.15 days ago
kyvernoauricom/home-ops742.7.16 days ago
kyvernotruxnell/home-cluster992.7.111 days ago
kyvernoharaldkoch/kochhaus-home342.7.111 days ago

Values

See the most popular values for this chart:

KeyTypes
serviceMonitor.enabled (33)
true
boolean
serviceMonitor.interval (4)
1m
string
replicaCount (32)
3
number
topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (29)
kyverno
string
topologySpreadConstraints[].maxSkew (29)
1
number
topologySpreadConstraints[].topologyKey (29)
kubernetes.io/hostname
string
topologySpreadConstraints[].whenUnsatisfiable (29)
DoNotSchedule
string
installCRDs (23)
false
boolean
resources.requests.cpu (14)
247m
string
resources.requests.memory (13)
443M
string
resources.limits.memory (13)
1336M
string
resources.limits.cpu (1)
string
backgroundController.serviceMonitor.enabled (11)
true
boolean
backgroundController.serviceMonitor.interval (2)
string
cleanupController.serviceMonitor.enabled (10)
true
boolean
cleanupController.serviceMonitor.interval (2)
string
reportsController.serviceMonitor.enabled (10)
true
boolean
reportsController.serviceMonitor.interval (2)
string
crds.install (9)
true
boolean
grafana.enabled (9)
true
boolean
updateStrategy.rollingUpdate.maxSurge (7)
1
number
updateStrategy.type (7)
RollingUpdate
string
extraArgs[] (5)
- --autogenInternals=false
- --clientRateLimitQPS=30
- --clientRateLimitBurst=60
string
tolerations[].key (2)
string
tolerations[].operator (2)
string
annotations."reloader.stakater.com/search" (1)
string
nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].key (1)
string
nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].operator (1)
string
nodeSelector."node-role.kubernetes.io/control-plane" (1)
string