kyverno helm

Kyverno is a policy engine for Kubernetes that enables you to define and enforce policies for your cluster resources. It provides a flexible and scalable solution for managing your cluster configuration, allowing you to enforce best practices, prevent misconfigurations, and enforce compliance requirements.

The kyverno/policies offer all kinds of security and best practice policies that you could use.

Install

Install with:

helm repo add kyverno oci://ghcr.io/kyverno/charts/
helm install kyverno kyverno/kyverno -f values.yaml

Examples

See examples from other people.

Top Repositories (5 out of 41)

NameRepoStarsVersionTimestamp
kyvernobudimanjojo/home-cluster1953.4.112 hours ago
kyvernomchestr/home-cluster1143.4.111 days ago
kyvernoaxeII/home-ops463.4.111 days ago
kyvernoharaldkoch/kochhaus-home1393.4.112 days ago
kyvernotyriis/home-ops593.4.114 days ago

Values

See the most popular values for this chart:

KeyTypes
cleanupController.serviceMonitor.enabled (31)
true
boolean, string
cleanupController.serviceMonitor.additionalLabels.release (2)
string
cleanupController.serviceMonitor.interval (1)
string
cleanupController.replicas (3)
2
number
cleanupController.rbac.clusterRole.extraResources[].apiGroups[] (2)
string
cleanupController.rbac.clusterRole.extraResources[].resources[] (2)
string
cleanupController.rbac.clusterRole.extraResources[].verbs[] (2)
string
cleanupController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/component" (2)
string
cleanupController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (2)
string
cleanupController.topologySpreadConstraints[].maxSkew (2)
number
cleanupController.topologySpreadConstraints[].topologyKey (2)
string
cleanupController.topologySpreadConstraints[].whenUnsatisfiable (2)
string
cleanupController.image.registry (1)
string
cleanupController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].key (1)
string
cleanupController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].operator (1)
string
cleanupController.podDisruptionBudget.enabled (1)
boolean
cleanupController.priorityClassName (1)
string
cleanupController.resources.limits.cpu (1)
string
cleanupController.resources.limits.memory (1)
string
cleanupController.resources.requests.cpu (1)
string
cleanupController.resources.requests.memory (1)
string
cleanupController.tolerations[].key (1)
string
cleanupController.tolerations[].operator (1)
string
reportsController.serviceMonitor.enabled (31)
true
boolean, string
reportsController.serviceMonitor.additionalLabels.release (2)
string
reportsController.serviceMonitor.interval (1)
string
reportsController.clusterRole.extraResources[].apiGroups[] (5)
- *
string
reportsController.clusterRole.extraResources[].resources[] (5)
- *
string
reportsController.clusterRole.extraResources[].verbs[] (5)
- get
- list
- watch
string
reportsController.replicas (3)
2
number
reportsController.rbac.clusterRole.extraResources[].apiGroups[] (2)
string
reportsController.rbac.clusterRole.extraResources[].resources[] (2)
string
reportsController.rbac.clusterRole.extraResources[].verbs[] (2)
string
reportsController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/component" (2)
string
reportsController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (2)
string
reportsController.topologySpreadConstraints[].maxSkew (2)
number
reportsController.topologySpreadConstraints[].topologyKey (2)
string
reportsController.topologySpreadConstraints[].whenUnsatisfiable (2)
string
reportsController.container.resources.limits.memory (1)
string
reportsController.container.resources.requests.cpu (1)
string
reportsController.container.resources.requests.memory (1)
string
reportsController.image.registry (1)
string
reportsController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].key (1)
string
reportsController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].operator (1)
string
reportsController.podDisruptionBudget.enabled (1)
boolean
reportsController.priorityClassName (1)
string
reportsController.resources.limits.cpu (1)
string
reportsController.resources.limits.memory (1)
string
reportsController.resources.requests.cpu (1)
string
reportsController.resources.requests.memory (1)
string
reportsController.tolerations[].key (1)
string
reportsController.tolerations[].operator (1)
string
admissionController.serviceMonitor.enabled (30)
true
boolean, string
admissionController.serviceMonitor.additionalLabels.release (2)
string
admissionController.replicas (24)
3
number
admissionController.rbac.clusterRole.extraResources[].apiGroups[] (20)
-
string
admissionController.rbac.clusterRole.extraResources[].resources[] (20)
- pods
string
admissionController.rbac.clusterRole.extraResources[].verbs[] (20)
- create
- update
- delete
string
admissionController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (20)
kyverno
string
admissionController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/component" (18)
kyverno
string
admissionController.topologySpreadConstraints[].maxSkew (20)
1
number
admissionController.topologySpreadConstraints[].topologyKey (20)
kubernetes.io/hostname
string
admissionController.topologySpreadConstraints[].whenUnsatisfiable (20)
DoNotSchedule
string
admissionController.container.resources.limits.memory (6)
512Mi
string
admissionController.container.resources.requests.cpu (5)
500m
string
admissionController.container.resources.requests.memory (5)
384Mi
string
admissionController.container.extraArgs.clientRateLimitBurst (1)
number
admissionController.container.extraArgs.clientRateLimitQPS (1)
number
admissionController.container.image.registry (1)
string
admissionController.clusterRole.extraResources[].apiGroups[] (5)
- *
string
admissionController.clusterRole.extraResources[].resources[] (5)
- *
string
admissionController.clusterRole.extraResources[].verbs[] (5)
- get
- list
- watch
string
admissionController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].key (3)
node-role.kubernetes.io/control-plane
string
admissionController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].operator (3)
Exists
string
admissionController.tolerations[].key (3)
node-role.kubernetes.io/control-plane
string
admissionController.tolerations[].operator (3)
Exists
string
admissionController.updateStrategy.rollingUpdate.maxSurge (2)
number
admissionController.updateStrategy.type (2)
string
admissionController.initContainer.image.registry (1)
string
admissionController.podDisruptionBudget.enabled (1)
boolean
admissionController.priorityClassName (1)
string
admissionController.resources.limits.cpu (1)
string
admissionController.resources.limits.memory (1)
string
admissionController.resources.requests.cpu (1)
string
admissionController.resources.requests.memory (1)
string
backgroundController.serviceMonitor.enabled (30)
true
boolean, string
backgroundController.serviceMonitor.additionalLabels.release (2)
string
backgroundController.serviceMonitor.interval (1)
string
backgroundController.rbac.clusterRole.extraResources[].apiGroups[] (21)
-
string
backgroundController.rbac.clusterRole.extraResources[].resources[] (21)
- pods
string
backgroundController.rbac.clusterRole.extraResources[].verbs[] (20)
- create
- update
- patch
- delete
- get
- list
string
backgroundController.resources.limits.memory (17)
1Gi
string
backgroundController.resources.limits.cpu (1)
string
backgroundController.resources.requests.cpu (16)
100m
string
backgroundController.resources.requests.memory (5)
128Mi
string
backgroundController.clusterRole.extraResources[].apiGroups[] (5)
- *
string
backgroundController.clusterRole.extraResources[].resources[] (5)
- *
string
backgroundController.clusterRole.extraResources[].verbs[] (5)
- get
- list
- watch
string
backgroundController.replicas (3)
2
number
backgroundController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/component" (2)
string
backgroundController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (2)
string
backgroundController.topologySpreadConstraints[].maxSkew (2)
number
backgroundController.topologySpreadConstraints[].topologyKey (2)
string
backgroundController.topologySpreadConstraints[].whenUnsatisfiable (2)
string
backgroundController.backgroundScan.backgroundScanInterval (1)
string
backgroundController.enabled (1)
boolean
backgroundController.image.registry (1)
string
backgroundController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].key (1)
string
backgroundController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].operator (1)
string
backgroundController.podDisruptionBudget.enabled (1)
boolean
backgroundController.priorityClassName (1)
string
backgroundController.tolerations[].key (1)
string
backgroundController.tolerations[].operator (1)
string
grafana.enabled (28)
true
boolean, string
grafana.annotations.grafana_folder (10)
Infrastructure
string
grafana.annotations.grafana_dashboard_folder (2)
string
grafana.annotations.grafana_dashboard (1)
string
grafana.annotations."grafana.io/folder" (1)
string
grafana.namespace (1)
string
crds.install (26)
true
boolean
crds.migration.image.registry (1)
string
serviceMonitor.enabled (6)
true
boolean
serviceMonitor.interval (2)
string
installCRDs (5)
false
boolean
topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (5)
kyverno
string
topologySpreadConstraints[].maxSkew (5)
1
number
topologySpreadConstraints[].topologyKey (5)
kubernetes.io/hostname
string
topologySpreadConstraints[].whenUnsatisfiable (5)
DoNotSchedule
string
replicaCount (4)
3
number
config.resourceFilters[] (2)
string
config.excludeKyvernoNamespace (1)
boolean
config.metricsConfig.create (1)
boolean
config.webhooks[].objectSelector.matchExpressions[].key (1)
string
config.webhooks[].objectSelector.matchExpressions[].operator (1)
string
extraArgs[] (2)
string
global.image.registry (2)
string
policyReportsCleanup.image.registry (2)
string
resources.requests.cpu (2)
string
resources.requests.memory (2)
string
resources.limits.memory (1)
string
updateStrategy.rollingUpdate.maxSurge (2)
number
updateStrategy.type (2)
string
webhooksCleanup.image.registry (2)
string
cleanupJobs.admissionReports.enabled (1)
boolean
cleanupJobs.admissionReports.threshold (1)
number
cleanupJobs.clusterAdmissionReports.enabled (1)
boolean
cleanupJobs.clusterAdmissionReports.threshold (1)
number
features.logging.format (1)
string
fullnameOverride (1)
string
migration.image.registry (1)
string
upgrade.fromV2 (1)
boolean