kyverno helm release

kyverno helm

Kyverno is a policy engine for Kubernetes that enables you to define and enforce policies for your cluster resources. It provides a flexible and scalable solution for managing your cluster configuration, allowing you to enforce best practices, prevent misconfigurations, and enforce compliance requirements.

The kyverno/policies offer all kinds of security and best practice policies that you could use.

Install

Install with:

helm repo add kyverno oci://ghcr.io/kyverno/charts/ helm install kyverno kyverno/kyverno -f values.yaml

Examples

See examples from other people.

Major version:

Filter repos who also have:

Top Repositories (5 out of 53)

Name	Repo	Stars	Version	Timestamp
kyverno	buroa/k8s-gitops	212	3.3.4	8 days ago
kyverno	ishioni/homelab-ops	118	3.3.4	10 days ago
kyverno	xunholy/k8s-gitops	525	3.3.4	a month ago
kyverno	haraldkoch/kochhaus-home	125	3.3.4	a month ago
kyverno	auricom/home-ops	182	3.3.4	a month ago

Name

Repo

Stars

Version

Timestamp

kyverno

buroa/k8s-gitops

212

3.3.4

8 days ago

kyverno

ishioni/homelab-ops

118

3.3.4

10 days ago

kyverno

xunholy/k8s-gitops

525

3.3.4

a month ago

kyverno

haraldkoch/kochhaus-home

125

3.3.4

a month ago

kyverno

auricom/home-ops

182

3.3.4

a month ago

Resources

Memory request

226Mi 246Mi 443Mi

CPU Request

35m 92m 247m

Values

See the most popular values for this chart:

Key	Types
cleanupController.serviceMonitor.enabled (40) `true`	boolean, string
cleanupController.serviceMonitor.interval (1)	string
cleanupController.clusterRole.extraResources[].apiGroups[] (1)	string
cleanupController.clusterRole.extraResources[].resources[] (1)	string
cleanupController.clusterRole.extraResources[].verbs[] (1)	string
cleanupController.metricsService.create (1)	boolean
cleanupController.replicas (1)	number
grafana.enabled (40) `true`	boolean, string
grafana.annotations.grafana_folder (15) `System`	string
grafana.namespace (1)	string
reportsController.serviceMonitor.enabled (40) `true`	boolean, string
reportsController.serviceMonitor.interval (1)	string
reportsController.clusterRole.extraResources[].apiGroups[] (10) `- *`	string
reportsController.clusterRole.extraResources[].resources[] (10) `- *`	string
reportsController.clusterRole.extraResources[].verbs[] (10) `- get - list - watch`	string
reportsController.resources.limits.memory (2)	string
reportsController.metricsService.create (1)	boolean
reportsController.replicas (1)	number
admissionController.serviceMonitor.enabled (38) `true`	boolean, string
admissionController.serviceMonitor.interval (1)	string
admissionController.replicas (33) `3`	number
admissionController.rbac.clusterRole.extraResources[].apiGroups[] (27) `-`	string
admissionController.rbac.clusterRole.extraResources[].resources[] (27) `- pods`	string
admissionController.rbac.clusterRole.extraResources[].verbs[] (27) `- create - update - delete`	string
admissionController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (25) `kyverno`	string
admissionController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/component" (23) `kyverno`	string
admissionController.topologySpreadConstraints[].maxSkew (25) `1`	number
admissionController.topologySpreadConstraints[].topologyKey (25) `kubernetes.io/hostname`	string
admissionController.topologySpreadConstraints[].whenUnsatisfiable (25) `DoNotSchedule`	string
admissionController.clusterRole.extraResources[].apiGroups[] (9) `- *`	string
admissionController.clusterRole.extraResources[].resources[] (9) `- *`	string
admissionController.clusterRole.extraResources[].verbs[] (9) `- get - list - watch`	string
admissionController.container.resources.limits.memory (4)	string
admissionController.container.resources.requests.cpu (2)	string
admissionController.container.resources.requests.memory (2)	string
admissionController.tolerations[].key (2)	string
admissionController.tolerations[].operator (2)	string
admissionController.apiPriorityAndFairness (1)	boolean
admissionController.metricsService.create (1)	boolean
admissionController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].key (1)	string
admissionController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].operator (1)	string
admissionController.priorityClassName (1)	string
admissionController.resources.limits.memory (1)	string
admissionController.resources.requests.cpu (1)	string
admissionController.resources.requests.memory (1)	string
admissionController.updateStrategy.rollingUpdate.maxSurge (1)	number
admissionController.updateStrategy.type (1)	string
backgroundController.serviceMonitor.enabled (38) `true`	boolean, string
backgroundController.serviceMonitor.interval (1)	string
backgroundController.rbac.clusterRole.extraResources[].apiGroups[] (27) `-`	string
backgroundController.rbac.clusterRole.extraResources[].resources[] (27) `- pods`	string
backgroundController.rbac.clusterRole.extraResources[].verbs[] (26) `- create - update - patch - delete - get - list`	string
backgroundController.resources.limits.memory (21) `1Gi`	string
backgroundController.resources.limits.cpu (1)	string
backgroundController.resources.requests.cpu (19) `100m`	string
backgroundController.resources.requests.memory (2)	string
backgroundController.clusterRole.extraResources[].apiGroups[] (9) `- *`	string
backgroundController.clusterRole.extraResources[].resources[] (9) `- *`	string
backgroundController.clusterRole.extraResources[].verbs[] (9) `- get - list - watch`	string
backgroundController.enabled (1)	boolean
backgroundController.metricsService.create (1)	boolean
backgroundController.replicas (1)	number
backgroundController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/component" (1)	string
backgroundController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (1)	string
backgroundController.topologySpreadConstraints[].maxSkew (1)	number
backgroundController.topologySpreadConstraints[].topologyKey (1)	string
backgroundController.topologySpreadConstraints[].whenUnsatisfiable (1)	string
crds.install (38) `true`	boolean
installCRDs (8) `true`	boolean
replicaCount (8) `3`	number
serviceMonitor.enabled (8) `true`	boolean
serviceMonitor.interval (2)	string
topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (8) `kyverno`	string
topologySpreadConstraints[].maxSkew (8) `1`	number
topologySpreadConstraints[].topologyKey (8) `kubernetes.io/hostname`	string
topologySpreadConstraints[].whenUnsatisfiable (8) `DoNotSchedule`	string
updateStrategy.rollingUpdate.maxSurge (6) `1`	number
updateStrategy.type (6) `RollingUpdate`	string
resources.requests.cpu (5) `247m`	string
resources.requests.memory (5) `443M`	string
resources.limits.memory (4) `1336M`	string
config.resourceFilters[] (3)	string
config.webhooks[].objectSelector.matchExpressions[].key (3)	string
config.webhooks[].objectSelector.matchExpressions[].operator (3)	string
config.webhooks[].objectSelector.matchExpressions[].values[] (1)	string
config.metricsConfig.create (1)	boolean
extraArgs[] (2)	string
cleanupJobs.admissionReports.enabled (1)	boolean
cleanupJobs.admissionReports.threshold (1)	number
cleanupJobs.clusterAdmissionReports.enabled (1)	boolean
cleanupJobs.clusterAdmissionReports.threshold (1)	number
customLabels."egress.home.arpa/apiserver" (1)	string
customLabels."egress.home.arpa/host" (1)	string
customLabels."ingress.home.arpa/apiserver" (1)	string
customLabels."ingress.home.arpa/host" (1)	string
customLabels."prom.home.arpa/kps" (1)	string
features.logging.format (1)	string
fullnameOverride (1)	string
namespaceOverride (1)	string
upgrade.fromV2 (1)	boolean

Key

Types

cleanupController.serviceMonitor.enabled (40)

true

boolean, string

cleanupController.serviceMonitor.interval (1)

string

cleanupController.clusterRole.extraResources[].apiGroups[] (1)

string

cleanupController.clusterRole.extraResources[].resources[] (1)

string

cleanupController.clusterRole.extraResources[].verbs[] (1)

string

cleanupController.metricsService.create (1)

boolean

cleanupController.replicas (1)

number

grafana.enabled (40)

true

boolean, string

grafana.annotations.grafana_folder (15)

System

string

grafana.namespace (1)

string

reportsController.serviceMonitor.enabled (40)

true

boolean, string

reportsController.serviceMonitor.interval (1)

string

reportsController.clusterRole.extraResources[].apiGroups[] (10)

- *

string

reportsController.clusterRole.extraResources[].resources[] (10)

- *

string

reportsController.clusterRole.extraResources[].verbs[] (10)

- get
- list
- watch

string

reportsController.resources.limits.memory (2)

string

reportsController.metricsService.create (1)

boolean

reportsController.replicas (1)

number

admissionController.serviceMonitor.enabled (38)

true

boolean, string

admissionController.serviceMonitor.interval (1)

string

admissionController.replicas (33)

number

admissionController.rbac.clusterRole.extraResources[].apiGroups[] (27)

string

admissionController.rbac.clusterRole.extraResources[].resources[] (27)

- pods

string

admissionController.rbac.clusterRole.extraResources[].verbs[] (27)

- create
- update
- delete

string

admissionController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (25)

kyverno

string

admissionController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/component" (23)

kyverno

string

admissionController.topologySpreadConstraints[].maxSkew (25)

number

admissionController.topologySpreadConstraints[].topologyKey (25)

kubernetes.io/hostname

string

admissionController.topologySpreadConstraints[].whenUnsatisfiable (25)

DoNotSchedule

string

admissionController.clusterRole.extraResources[].apiGroups[] (9)

- *

string

admissionController.clusterRole.extraResources[].resources[] (9)

- *

string

admissionController.clusterRole.extraResources[].verbs[] (9)

- get
- list
- watch

string

admissionController.container.resources.limits.memory (4)

string

admissionController.container.resources.requests.cpu (2)

string

admissionController.container.resources.requests.memory (2)

string

admissionController.tolerations[].key (2)

string

admissionController.tolerations[].operator (2)

string

admissionController.apiPriorityAndFairness (1)

boolean

admissionController.metricsService.create (1)

boolean

admissionController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].key (1)

string

admissionController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].operator (1)

string

admissionController.priorityClassName (1)

string

admissionController.resources.limits.memory (1)

string

admissionController.resources.requests.cpu (1)

string

admissionController.resources.requests.memory (1)

string

admissionController.updateStrategy.rollingUpdate.maxSurge (1)

number

admissionController.updateStrategy.type (1)

string

backgroundController.serviceMonitor.enabled (38)

true

boolean, string

backgroundController.serviceMonitor.interval (1)

string

backgroundController.rbac.clusterRole.extraResources[].apiGroups[] (27)

string

backgroundController.rbac.clusterRole.extraResources[].resources[] (27)

- pods

string

backgroundController.rbac.clusterRole.extraResources[].verbs[] (26)

- create
- update
- patch
- delete
- get
- list

string

backgroundController.resources.limits.memory (21)

1Gi

string

backgroundController.resources.limits.cpu (1)

string

backgroundController.resources.requests.cpu (19)

100m

string

backgroundController.resources.requests.memory (2)

string

backgroundController.clusterRole.extraResources[].apiGroups[] (9)

- *

string

backgroundController.clusterRole.extraResources[].resources[] (9)

- *

string

backgroundController.clusterRole.extraResources[].verbs[] (9)

- get
- list
- watch

string

backgroundController.enabled (1)

boolean

backgroundController.metricsService.create (1)

boolean

backgroundController.replicas (1)

number

backgroundController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/component" (1)

string

backgroundController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (1)

string

backgroundController.topologySpreadConstraints[].maxSkew (1)

number

backgroundController.topologySpreadConstraints[].topologyKey (1)

string

backgroundController.topologySpreadConstraints[].whenUnsatisfiable (1)

string

crds.install (38)

true

boolean

installCRDs (8)

true

boolean

replicaCount (8)

number

serviceMonitor.enabled (8)

true

boolean

serviceMonitor.interval (2)

string

topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (8)

kyverno

string

topologySpreadConstraints[].maxSkew (8)

number

topologySpreadConstraints[].topologyKey (8)

kubernetes.io/hostname

string

topologySpreadConstraints[].whenUnsatisfiable (8)

DoNotSchedule

string

updateStrategy.rollingUpdate.maxSurge (6)

number

updateStrategy.type (6)

RollingUpdate

string

resources.requests.cpu (5)

247m

string

resources.requests.memory (5)

443M

string

resources.limits.memory (4)

1336M

string

config.resourceFilters[] (3)

string

config.webhooks[].objectSelector.matchExpressions[].key (3)

string

config.webhooks[].objectSelector.matchExpressions[].operator (3)

string

config.webhooks[].objectSelector.matchExpressions[].values[] (1)

string

config.metricsConfig.create (1)

boolean

extraArgs[] (2)

string

cleanupJobs.admissionReports.enabled (1)

boolean

cleanupJobs.admissionReports.threshold (1)

number

cleanupJobs.clusterAdmissionReports.enabled (1)

boolean

cleanupJobs.clusterAdmissionReports.threshold (1)

number

customLabels."egress.home.arpa/apiserver" (1)

string

customLabels."egress.home.arpa/host" (1)

string

customLabels."ingress.home.arpa/apiserver" (1)

string

customLabels."ingress.home.arpa/host" (1)

string

customLabels."prom.home.arpa/kps" (1)

string

features.logging.format (1)

string

fullnameOverride (1)

string

namespaceOverride (1)

string

upgrade.fromV2 (1)

boolean