kyverno helm release

kyverno helm

Kyverno is a policy engine for Kubernetes that enables you to define and enforce policies for your cluster resources. It provides a flexible and scalable solution for managing your cluster configuration, allowing you to enforce best practices, prevent misconfigurations, and enforce compliance requirements.

The kyverno/policies offer all kinds of security and best practice policies that you could use.

Install

Install with:

helm repo add kyverno oci://ghcr.io/kyverno/charts/
helm install kyverno kyverno/kyverno -f values.yaml

Examples

See examples from other people.

Major version:

Filter repos who also have:

Top Repositories (5 out of 33)

Name	Repo	Stars	Version	Timestamp
kyverno	h3mmy/bloopySphere	63	3.6.4	a day ago
kyverno	xunholy/k8s-gitops	629	3.6.1	16 days ago
kyverno	ahgraber/homelab-gitops-k3s	112	3.7.1	3 months ago
kyverno	haraldkoch/kochhaus-home	171	3.7.2	3 months ago
kyverno	carpenike/k8s-gitops	313	3.1.1	5 months ago

Name

Repo

Stars

Version

Timestamp

kyverno

h3mmy/bloopySphere

3.6.4

a day ago

kyverno

xunholy/k8s-gitops

629

3.6.1

16 days ago

kyverno

ahgraber/homelab-gitops-k3s

112

3.7.1

3 months ago

kyverno

haraldkoch/kochhaus-home

171

3.7.2

3 months ago

kyverno

carpenike/k8s-gitops

313

3.1.1

5 months ago

Values

See the most popular values for this chart:

Key	Types
admissionController.serviceMonitor.enabled (24) `true`	boolean, string
admissionController.serviceMonitor.additionalLabels.release (2)	string
admissionController.serviceMonitor.interval (1)	string
admissionController.serviceMonitor.namespace (1)	string
admissionController.replicas (20) `3`	number
admissionController.rbac.clusterRole.extraResources[].apiGroups[] (17) `-`	string
admissionController.rbac.clusterRole.extraResources[].resources[] (17) `- pods`	string
admissionController.rbac.clusterRole.extraResources[].verbs[] (17) `- create - update - delete`	string
admissionController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (15) `kyverno`	string
admissionController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/component" (14) `kyverno`	string
admissionController.topologySpreadConstraints[].maxSkew (15) `1`	number
admissionController.topologySpreadConstraints[].topologyKey (15) `kubernetes.io/hostname`	string
admissionController.topologySpreadConstraints[].whenUnsatisfiable (15) `DoNotSchedule`	string
admissionController.container.resources.limits.memory (6) `512Mi`	string
admissionController.container.resources.requests.cpu (6) `500m`	string
admissionController.container.resources.requests.memory (6) `384Mi`	string
admissionController.container.extraArgs.clientRateLimitBurst (1)	number
admissionController.container.extraArgs.clientRateLimitQPS (1)	number
admissionController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].key (4) `node-role.kubernetes.io/control-plane`	string
admissionController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].operator (4) `Exists`	string
admissionController.tolerations[].key (4) `node-role.kubernetes.io/control-plane`	string
admissionController.tolerations[].operator (4) `Exists`	string
admissionController.clusterRole.extraResources[].apiGroups[] (3) `- *`	string
admissionController.clusterRole.extraResources[].resources[] (3) `- *`	string
admissionController.clusterRole.extraResources[].verbs[] (3) `- get - list - watch`	string
admissionController.resources.limits.memory (2)	string
admissionController.resources.limits.cpu (1)	string
admissionController.resources.requests.cpu (2)	string
admissionController.resources.requests.memory (2)	string
admissionController.certManager.enabled (1)	boolean
admissionController.networkPolicy.enabled (1)	boolean
admissionController.podDisruptionBudget.enabled (1)	boolean
admissionController.priorityClassName (1)	string
admissionController.updateStrategy.rollingUpdate.maxSurge (1)	number
admissionController.updateStrategy.type (1)	string
cleanupController.serviceMonitor.enabled (24) `true`	boolean, string
cleanupController.serviceMonitor.additionalLabels.release (2)	string
cleanupController.serviceMonitor.interval (1)	string
cleanupController.serviceMonitor.namespace (1)	string
cleanupController.resources.limits.memory (6)	string
cleanupController.resources.limits.cpu (1)	string
cleanupController.resources.requests.cpu (6) `50m`	string
cleanupController.resources.requests.memory (6) `128Mi`	string
cleanupController.replicas (5) `2`	number
cleanupController.rbac.clusterRole.extraResources[].apiGroups[] (2)	string
cleanupController.rbac.clusterRole.extraResources[].resources[] (2)	string
cleanupController.rbac.clusterRole.extraResources[].verbs[] (2)	string
cleanupController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/component" (2)	string
cleanupController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (2)	string
cleanupController.topologySpreadConstraints[].maxSkew (2)	number
cleanupController.topologySpreadConstraints[].topologyKey (2)	string
cleanupController.topologySpreadConstraints[].whenUnsatisfiable (2)	string
cleanupController.networkPolicy.enabled (1)	boolean
cleanupController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].key (1)	string
cleanupController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].operator (1)	string
cleanupController.podDisruptionBudget.enabled (1)	boolean
cleanupController.priorityClassName (1)	string
cleanupController.tolerations[].key (1)	string
cleanupController.tolerations[].operator (1)	string
reportsController.serviceMonitor.enabled (24) `true`	boolean, string
reportsController.serviceMonitor.additionalLabels.release (2)	string
reportsController.serviceMonitor.interval (1)	string
reportsController.serviceMonitor.namespace (1)	string
reportsController.resources.limits.memory (6)	string
reportsController.resources.limits.cpu (1)	string
reportsController.resources.requests.cpu (6) `50m`	string
reportsController.resources.requests.memory (6) `128Mi`	string
reportsController.replicas (5) `2`	number
reportsController.clusterRole.extraResources[].apiGroups[] (3) `- *`	string
reportsController.clusterRole.extraResources[].resources[] (3) `- *`	string
reportsController.clusterRole.extraResources[].verbs[] (3) `- get - list - watch`	string
reportsController.rbac.clusterRole.extraResources[].apiGroups[] (2)	string
reportsController.rbac.clusterRole.extraResources[].resources[] (2)	string
reportsController.rbac.clusterRole.extraResources[].verbs[] (2)	string
reportsController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/component" (2)	string
reportsController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (2)	string
reportsController.topologySpreadConstraints[].maxSkew (2)	number
reportsController.topologySpreadConstraints[].topologyKey (2)	string
reportsController.topologySpreadConstraints[].whenUnsatisfiable (2)	string
reportsController.container.resources.limits.memory (1)	string
reportsController.container.resources.requests.cpu (1)	string
reportsController.container.resources.requests.memory (1)	string
reportsController.networkPolicy.enabled (1)	boolean
reportsController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].key (1)	string
reportsController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].operator (1)	string
reportsController.podDisruptionBudget.enabled (1)	boolean
reportsController.priorityClassName (1)	string
reportsController.tolerations[].key (1)	string
reportsController.tolerations[].operator (1)	string
backgroundController.serviceMonitor.enabled (23) `true`	boolean, string
backgroundController.serviceMonitor.additionalLabels.release (2)	string
backgroundController.serviceMonitor.namespace (1)	string
backgroundController.rbac.clusterRole.extraResources[].apiGroups[] (16) `-`	string
backgroundController.rbac.clusterRole.extraResources[].resources[] (16) `- pods`	string
backgroundController.rbac.clusterRole.extraResources[].verbs[] (16) `- create - update - patch - delete - get - list`	string
backgroundController.resources.limits.memory (12) `1Gi`	string
backgroundController.resources.limits.cpu (1)	string
backgroundController.resources.requests.cpu (11) `50m`	string
backgroundController.resources.requests.memory (7) `128Mi`	string
backgroundController.replicas (5) `2`	number
backgroundController.clusterRole.extraResources[].apiGroups[] (3) `- *`	string
backgroundController.clusterRole.extraResources[].resources[] (3) `- *`	string
backgroundController.clusterRole.extraResources[].verbs[] (3) `- get - list - watch`	string
backgroundController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/component" (2)	string
backgroundController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (2)	string
backgroundController.topologySpreadConstraints[].maxSkew (2)	number
backgroundController.topologySpreadConstraints[].topologyKey (2)	string
backgroundController.topologySpreadConstraints[].whenUnsatisfiable (2)	string
backgroundController.backgroundScan.backgroundScanInterval (1)	string
backgroundController.enabled (1)	boolean
backgroundController.networkPolicy.enabled (1)	boolean
backgroundController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].key (1)	string
backgroundController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].operator (1)	string
backgroundController.podDisruptionBudget.enabled (1)	boolean
backgroundController.priorityClassName (1)	string
backgroundController.tolerations[].key (1)	string
backgroundController.tolerations[].operator (1)	string
grafana.enabled (22) `true`	boolean, string
grafana.annotations.grafana_folder (10) `Kyverno`	string
grafana.annotations.grafana_dashboard_folder (2)	string
grafana.annotations."grafana.io/folder" (1)	string
grafana.namespace (2)	string
crds.install (19) `true`	boolean
global.image.registry (5) `ghcr.io`	string
topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (4) `kyverno`	string
topologySpreadConstraints[].maxSkew (4) `1`	number
topologySpreadConstraints[].topologyKey (4) `kubernetes.io/hostname`	string
topologySpreadConstraints[].whenUnsatisfiable (4) `DoNotSchedule`	string
config.resourceFilters[] (3)	string
config.metricsConfig.create (1)	boolean
config.updateRequestThreshold (1)	string
config.webhooks.namespaceSelector.matchExpressions[].key (1)	string
config.webhooks.namespaceSelector.matchExpressions[].operator (1)	string
config.webhooks.namespaceSelector.matchExpressions[].values[] (1)	string
installCRDs (3)	boolean
policyReportsCleanup.image.registry (3) `registry.k8s.io`	string
policyReportsCleanup.image.repository (3) `kubectl`	string
replicaCount (3) `3`	number
serviceMonitor.enabled (3) `true`	boolean
serviceMonitor.interval (1)	string
updateStrategy.rollingUpdate.maxSurge (3) `1`	number
updateStrategy.type (3) `RollingUpdate`	string
webhooksCleanup.image.registry (3) `registry.k8s.io`	string
webhooksCleanup.image.repository (3) `kubectl`	string
resources.requests.cpu (2)	string
resources.requests.memory (2)	string
resources.limits.memory (1)	string
cleanupJobs.admissionReports.enabled (1)	boolean
cleanupJobs.admissionReports.threshold (1)	number
cleanupJobs.clusterAdmissionReports.enabled (1)	boolean
cleanupJobs.clusterAdmissionReports.threshold (1)	number
extraArgs[] (1)	string
features.logging.format (1)	string
features.mutatingAdmissionPolicies.enabled (1)	boolean
features.policyExceptions.enabled (1)	boolean
features.policyExceptions.namespace (1)	string
fullnameOverride (1)	string
upgrade.fromV2 (1)	boolean

Key

Types

admissionController.serviceMonitor.enabled (24)

true

boolean, string

admissionController.serviceMonitor.additionalLabels.release (2)

string

admissionController.serviceMonitor.interval (1)

string

admissionController.serviceMonitor.namespace (1)

string

admissionController.replicas (20)

number

admissionController.rbac.clusterRole.extraResources[].apiGroups[] (17)

string

admissionController.rbac.clusterRole.extraResources[].resources[] (17)

- pods

string

admissionController.rbac.clusterRole.extraResources[].verbs[] (17)

- create
- update
- delete

string

admissionController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (15)

kyverno

string

admissionController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/component" (14)

kyverno

string

admissionController.topologySpreadConstraints[].maxSkew (15)

number

admissionController.topologySpreadConstraints[].topologyKey (15)

kubernetes.io/hostname

string

admissionController.topologySpreadConstraints[].whenUnsatisfiable (15)

DoNotSchedule

string

admissionController.container.resources.limits.memory (6)

512Mi

string

admissionController.container.resources.requests.cpu (6)

500m

string

admissionController.container.resources.requests.memory (6)

384Mi

string

admissionController.container.extraArgs.clientRateLimitBurst (1)

number

admissionController.container.extraArgs.clientRateLimitQPS (1)

number

admissionController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].key (4)

node-role.kubernetes.io/control-plane

string

admissionController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].operator (4)

Exists

string

admissionController.tolerations[].key (4)

node-role.kubernetes.io/control-plane

string

admissionController.tolerations[].operator (4)

Exists

string

admissionController.clusterRole.extraResources[].apiGroups[] (3)

- *

string

admissionController.clusterRole.extraResources[].resources[] (3)

- *

string

admissionController.clusterRole.extraResources[].verbs[] (3)

- get
- list
- watch

string

admissionController.resources.limits.memory (2)

string

admissionController.resources.limits.cpu (1)

string

admissionController.resources.requests.cpu (2)

string

admissionController.resources.requests.memory (2)

string

admissionController.certManager.enabled (1)

boolean

admissionController.networkPolicy.enabled (1)

boolean

admissionController.podDisruptionBudget.enabled (1)

boolean

admissionController.priorityClassName (1)

string

admissionController.updateStrategy.rollingUpdate.maxSurge (1)

number

admissionController.updateStrategy.type (1)

string

cleanupController.serviceMonitor.enabled (24)

true

boolean, string

cleanupController.serviceMonitor.additionalLabels.release (2)

string

cleanupController.serviceMonitor.interval (1)

string

cleanupController.serviceMonitor.namespace (1)

string

cleanupController.resources.limits.memory (6)

string

cleanupController.resources.limits.cpu (1)

string

cleanupController.resources.requests.cpu (6)

50m

string

cleanupController.resources.requests.memory (6)

128Mi

string

cleanupController.replicas (5)

number

cleanupController.rbac.clusterRole.extraResources[].apiGroups[] (2)

string

cleanupController.rbac.clusterRole.extraResources[].resources[] (2)

string

cleanupController.rbac.clusterRole.extraResources[].verbs[] (2)

string

cleanupController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/component" (2)

string

cleanupController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (2)

string

cleanupController.topologySpreadConstraints[].maxSkew (2)

number

cleanupController.topologySpreadConstraints[].topologyKey (2)

string

cleanupController.topologySpreadConstraints[].whenUnsatisfiable (2)

string

cleanupController.networkPolicy.enabled (1)

boolean

cleanupController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].key (1)

string

cleanupController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].operator (1)

string

cleanupController.podDisruptionBudget.enabled (1)

boolean

cleanupController.priorityClassName (1)

string

cleanupController.tolerations[].key (1)

string

cleanupController.tolerations[].operator (1)

string

reportsController.serviceMonitor.enabled (24)

true

boolean, string

reportsController.serviceMonitor.additionalLabels.release (2)

string

reportsController.serviceMonitor.interval (1)

string

reportsController.serviceMonitor.namespace (1)

string

reportsController.resources.limits.memory (6)

string

reportsController.resources.limits.cpu (1)

string

reportsController.resources.requests.cpu (6)

50m

string

reportsController.resources.requests.memory (6)

128Mi

string

reportsController.replicas (5)

number

reportsController.clusterRole.extraResources[].apiGroups[] (3)

- *

string

reportsController.clusterRole.extraResources[].resources[] (3)

- *

string

reportsController.clusterRole.extraResources[].verbs[] (3)

- get
- list
- watch

string

reportsController.rbac.clusterRole.extraResources[].apiGroups[] (2)

string

reportsController.rbac.clusterRole.extraResources[].resources[] (2)

string

reportsController.rbac.clusterRole.extraResources[].verbs[] (2)

string

reportsController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/component" (2)

string

reportsController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (2)

string

reportsController.topologySpreadConstraints[].maxSkew (2)

number

reportsController.topologySpreadConstraints[].topologyKey (2)

string

reportsController.topologySpreadConstraints[].whenUnsatisfiable (2)

string

reportsController.container.resources.limits.memory (1)

string

reportsController.container.resources.requests.cpu (1)

string

reportsController.container.resources.requests.memory (1)

string

reportsController.networkPolicy.enabled (1)

boolean

reportsController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].key (1)

string

reportsController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].operator (1)

string

reportsController.podDisruptionBudget.enabled (1)

boolean

reportsController.priorityClassName (1)

string

reportsController.tolerations[].key (1)

string

reportsController.tolerations[].operator (1)

string

backgroundController.serviceMonitor.enabled (23)

true

boolean, string

backgroundController.serviceMonitor.additionalLabels.release (2)

string

backgroundController.serviceMonitor.namespace (1)

string

backgroundController.rbac.clusterRole.extraResources[].apiGroups[] (16)

string

backgroundController.rbac.clusterRole.extraResources[].resources[] (16)

- pods

string

backgroundController.rbac.clusterRole.extraResources[].verbs[] (16)

- create
- update
- patch
- delete
- get
- list

string

backgroundController.resources.limits.memory (12)

1Gi

string

backgroundController.resources.limits.cpu (1)

string

backgroundController.resources.requests.cpu (11)

50m

string

backgroundController.resources.requests.memory (7)

128Mi

string

backgroundController.replicas (5)

number

backgroundController.clusterRole.extraResources[].apiGroups[] (3)

- *

string

backgroundController.clusterRole.extraResources[].resources[] (3)

- *

string

backgroundController.clusterRole.extraResources[].verbs[] (3)

- get
- list
- watch

string

backgroundController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/component" (2)

string

backgroundController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (2)

string

backgroundController.topologySpreadConstraints[].maxSkew (2)

number

backgroundController.topologySpreadConstraints[].topologyKey (2)

string

backgroundController.topologySpreadConstraints[].whenUnsatisfiable (2)

string

backgroundController.backgroundScan.backgroundScanInterval (1)

string

backgroundController.enabled (1)

boolean

backgroundController.networkPolicy.enabled (1)

boolean

backgroundController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].key (1)

string

backgroundController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].operator (1)

string

backgroundController.podDisruptionBudget.enabled (1)

boolean

backgroundController.priorityClassName (1)

string

backgroundController.tolerations[].key (1)

string

backgroundController.tolerations[].operator (1)

string

grafana.enabled (22)

true

boolean, string

grafana.annotations.grafana_folder (10)

Kyverno

string

grafana.annotations.grafana_dashboard_folder (2)

string

grafana.annotations."grafana.io/folder" (1)

string

grafana.namespace (2)

string

crds.install (19)

true

boolean

global.image.registry (5)

ghcr.io

string

topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (4)

kyverno

string

topologySpreadConstraints[].maxSkew (4)

number

topologySpreadConstraints[].topologyKey (4)

kubernetes.io/hostname

string

topologySpreadConstraints[].whenUnsatisfiable (4)

DoNotSchedule

string

config.resourceFilters[] (3)

string

config.metricsConfig.create (1)

boolean

config.updateRequestThreshold (1)

string

config.webhooks.namespaceSelector.matchExpressions[].key (1)

string

config.webhooks.namespaceSelector.matchExpressions[].operator (1)

string

config.webhooks.namespaceSelector.matchExpressions[].values[] (1)

string

installCRDs (3)

boolean

policyReportsCleanup.image.registry (3)

registry.k8s.io

string

policyReportsCleanup.image.repository (3)

kubectl

string

replicaCount (3)

number

serviceMonitor.enabled (3)

true

boolean

serviceMonitor.interval (1)

string

updateStrategy.rollingUpdate.maxSurge (3)

number

updateStrategy.type (3)

RollingUpdate

string

webhooksCleanup.image.registry (3)

registry.k8s.io

string

webhooksCleanup.image.repository (3)

kubectl

string

resources.requests.cpu (2)

string

resources.requests.memory (2)

string

resources.limits.memory (1)

string

cleanupJobs.admissionReports.enabled (1)

boolean

cleanupJobs.admissionReports.threshold (1)

number

cleanupJobs.clusterAdmissionReports.enabled (1)

boolean

cleanupJobs.clusterAdmissionReports.threshold (1)

number

extraArgs[] (1)

string

features.logging.format (1)

string

features.mutatingAdmissionPolicies.enabled (1)

boolean

features.policyExceptions.enabled (1)

boolean

features.policyExceptions.namespace (1)

string

fullnameOverride (1)

string

upgrade.fromV2 (1)

boolean