kyverno helm release

kyverno helm

Kyverno is a policy engine for Kubernetes that enables you to define and enforce policies for your cluster resources. It provides a flexible and scalable solution for managing your cluster configuration, allowing you to enforce best practices, prevent misconfigurations, and enforce compliance requirements.

The kyverno/policies offer all kinds of security and best practice policies that you could use.

Install

Install with:

helm repo add kyverno oci://ghcr.io/kyverno/charts/ helm install kyverno kyverno/kyverno -f values.yaml

Examples

See examples from other people.

Major version:

Filter repos who also have:

Top Repositories (5 out of 55)

Name	Repo	Stars	Version	Timestamp
kyverno	buroa/k8s-gitops	134	3.2.2	a day ago
kyverno	haraldkoch/kochhaus-home	93	3.2.2	a day ago
kyverno	ishioni/homelab-ops	73	3.2.2	2 days ago
kyverno	Diaoul/home-ops	57	3.2.2	7 days ago
kyverno	xunholy/k8s-gitops	449	3.2.2	8 days ago

Name

Repo

Stars

Version

Timestamp

kyverno

buroa/k8s-gitops

134

3.2.2

a day ago

kyverno

haraldkoch/kochhaus-home

3.2.2

a day ago

kyverno

ishioni/homelab-ops

3.2.2

2 days ago

kyverno

Diaoul/home-ops

3.2.2

7 days ago

kyverno

xunholy/k8s-gitops

449

3.2.2

8 days ago

Resources

Memory request

226Mi 246Mi 443Mi

CPU Request

35m 92m 247m

Values

See the most popular values for this chart:

Key	Types
backgroundController.serviceMonitor.enabled (35) `true`	boolean
backgroundController.serviceMonitor.interval (2)	string
backgroundController.rbac.clusterRole.extraResources[].apiGroups[] (33) `-`	string
backgroundController.rbac.clusterRole.extraResources[].resources[] (33) `- pods`	string
backgroundController.rbac.clusterRole.extraResources[].verbs[] (31) `- create - update - patch - delete - get - list`	string
backgroundController.resources.limits.memory (13) `1Gi`	string
backgroundController.resources.limits.cpu (1)	string
backgroundController.resources.requests.cpu (11) `100m`	string
backgroundController.resources.requests.memory (7)	string
backgroundController.metricsService.create (1)	boolean
backgroundController.replicas (1)	number
backgroundController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/component" (1)	string
backgroundController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (1)	string
backgroundController.topologySpreadConstraints[].maxSkew (1)	number
backgroundController.topologySpreadConstraints[].topologyKey (1)	string
backgroundController.topologySpreadConstraints[].whenUnsatisfiable (1)	string
cleanupController.serviceMonitor.enabled (35) `true`	boolean
cleanupController.serviceMonitor.interval (3) `1m`	string
cleanupController.resources.limits.memory (2)	string
cleanupController.resources.requests.cpu (2)	string
cleanupController.resources.requests.memory (2)	string
cleanupController.metricsService.create (1)	boolean
cleanupController.replicas (1)	number
crds.install (35) `true`	boolean
grafana.enabled (35) `true`	boolean
grafana.annotations.grafana_folder (21) `System`	string
grafana.annotations."grafana.io/folder" (1)	string
grafana.namespace (1)	string
reportsController.serviceMonitor.enabled (35) `true`	boolean
reportsController.serviceMonitor.interval (3) `1m`	string
reportsController.resources.limits.memory (4)	string
reportsController.resources.requests.cpu (2)	string
reportsController.resources.requests.memory (2)	string
reportsController.metricsService.create (1)	boolean
reportsController.replicas (1)	number
admissionController.replicas (33) `3`	number
admissionController.serviceMonitor.enabled (33) `true`	boolean
admissionController.serviceMonitor.interval (2)	string
admissionController.rbac.clusterRole.extraResources[].apiGroups[] (31) `-`	string
admissionController.rbac.clusterRole.extraResources[].resources[] (31) `- pods`	string
admissionController.rbac.clusterRole.extraResources[].verbs[] (31) `- create - update - delete`	string
admissionController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (30) `kyverno`	string
admissionController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/component" (27) `kyverno`	string
admissionController.topologySpreadConstraints[].maxSkew (30) `1`	number
admissionController.topologySpreadConstraints[].topologyKey (30) `kubernetes.io/hostname`	string
admissionController.topologySpreadConstraints[].whenUnsatisfiable (30) `DoNotSchedule`	string
admissionController.container.resources.limits.memory (7)	string
admissionController.container.resources.requests.cpu (4)	string
admissionController.container.resources.requests.memory (4)	string
admissionController.container.extraArgs.clientRateLimitBurst (1)	number
admissionController.container.extraArgs.clientRateLimitQPS (1)	number
admissionController.resources.limits.memory (3)	string
admissionController.resources.requests.cpu (3)	string
admissionController.resources.requests.memory (3)	string
admissionController.tolerations[].key (3) `node-role.kubernetes.io/control-plane`	string
admissionController.tolerations[].operator (3) `Exists`	string
admissionController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].key (2)	string
admissionController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].operator (2)	string
admissionController.updateStrategy.rollingUpdate.maxSurge (2)	number
admissionController.updateStrategy.type (2)	string
admissionController.apiPriorityAndFairness (1)	boolean
admissionController.metricsService.create (1)	boolean
admissionController.priorityClassName (1)	string
admissionController.requests.cpu (1)	string
admissionController.requests.memory (1)	string
serviceMonitor.enabled (14) `true`	boolean
serviceMonitor.interval (3) `1m`	string
topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (14) `kyverno`	string
topologySpreadConstraints[].maxSkew (14) `1`	number
topologySpreadConstraints[].topologyKey (14) `kubernetes.io/hostname`	string
topologySpreadConstraints[].whenUnsatisfiable (14) `DoNotSchedule`	string
installCRDs (13) `true`	boolean
replicaCount (12) `3`	number
updateStrategy.rollingUpdate.maxSurge (8) `1`	number
updateStrategy.type (8) `RollingUpdate`	string
config.webhooks[].objectSelector.matchExpressions[].key (5) `webhooks.kyverno.io/exclude`	string
config.webhooks[].objectSelector.matchExpressions[].operator (5) `DoesNotExist`	string
config.webhooks[].objectSelector.matchExpressions[].values[] (1)	string
config.webhooks[].namespaceSelector.matchExpressions[].key (1)	string
config.webhooks[].namespaceSelector.matchExpressions[].operator (1)	string
config.webhooks[].namespaceSelector.matchExpressions[].values[] (1)	string
config.excludeKyvernoNamespace (1)	boolean
resources.requests.cpu (5) `247m`	string
resources.requests.memory (5) `443M`	string
resources.limits.memory (4) `1336M`	string
extraArgs[] (2)	string
upgrade.fromV2 (2)	boolean
cleanupJobs.admissionReports.enabled (1)	boolean
cleanupJobs.admissionReports.threshold (1)	number
cleanupJobs.clusterAdmissionReports.enabled (1)	boolean
cleanupJobs.clusterAdmissionReports.threshold (1)	number
customLabels."egress.home.arpa/apiserver" (1)	string
customLabels."egress.home.arpa/host" (1)	string
customLabels."ingress.home.arpa/apiserver" (1)	string
customLabels."ingress.home.arpa/host" (1)	string
customLabels."prom.home.arpa/kps" (1)	string
features.logging.format (1)	string
namespaceOverride (1)	string

Key

Types

backgroundController.serviceMonitor.enabled (35)

true

boolean

backgroundController.serviceMonitor.interval (2)

string

backgroundController.rbac.clusterRole.extraResources[].apiGroups[] (33)

string

backgroundController.rbac.clusterRole.extraResources[].resources[] (33)

- pods

string

backgroundController.rbac.clusterRole.extraResources[].verbs[] (31)

- create
- update
- patch
- delete
- get
- list

string

backgroundController.resources.limits.memory (13)

1Gi

string

backgroundController.resources.limits.cpu (1)

string

backgroundController.resources.requests.cpu (11)

100m

string

backgroundController.resources.requests.memory (7)

string

backgroundController.metricsService.create (1)

boolean

backgroundController.replicas (1)

number

backgroundController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/component" (1)

string

backgroundController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (1)

string

backgroundController.topologySpreadConstraints[].maxSkew (1)

number

backgroundController.topologySpreadConstraints[].topologyKey (1)

string

backgroundController.topologySpreadConstraints[].whenUnsatisfiable (1)

string

cleanupController.serviceMonitor.enabled (35)

true

boolean

cleanupController.serviceMonitor.interval (3)

1m

string

cleanupController.resources.limits.memory (2)

string

cleanupController.resources.requests.cpu (2)

string

cleanupController.resources.requests.memory (2)

string

cleanupController.metricsService.create (1)

boolean

cleanupController.replicas (1)

number

crds.install (35)

true

boolean

grafana.enabled (35)

true

boolean

grafana.annotations.grafana_folder (21)

System

string

grafana.annotations."grafana.io/folder" (1)

string

grafana.namespace (1)

string

reportsController.serviceMonitor.enabled (35)

true

boolean

reportsController.serviceMonitor.interval (3)

1m

string

reportsController.resources.limits.memory (4)

string

reportsController.resources.requests.cpu (2)

string

reportsController.resources.requests.memory (2)

string

reportsController.metricsService.create (1)

boolean

reportsController.replicas (1)

number

admissionController.replicas (33)

number

admissionController.serviceMonitor.enabled (33)

true

boolean

admissionController.serviceMonitor.interval (2)

string

admissionController.rbac.clusterRole.extraResources[].apiGroups[] (31)

string

admissionController.rbac.clusterRole.extraResources[].resources[] (31)

- pods

string

admissionController.rbac.clusterRole.extraResources[].verbs[] (31)

- create
- update
- delete

string

admissionController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (30)

kyverno

string

admissionController.topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/component" (27)

kyverno

string

admissionController.topologySpreadConstraints[].maxSkew (30)

number

admissionController.topologySpreadConstraints[].topologyKey (30)

kubernetes.io/hostname

string

admissionController.topologySpreadConstraints[].whenUnsatisfiable (30)

DoNotSchedule

string

admissionController.container.resources.limits.memory (7)

string

admissionController.container.resources.requests.cpu (4)

string

admissionController.container.resources.requests.memory (4)

string

admissionController.container.extraArgs.clientRateLimitBurst (1)

number

admissionController.container.extraArgs.clientRateLimitQPS (1)

number

admissionController.resources.limits.memory (3)

string

admissionController.resources.requests.cpu (3)

string

admissionController.resources.requests.memory (3)

string

admissionController.tolerations[].key (3)

node-role.kubernetes.io/control-plane

string

admissionController.tolerations[].operator (3)

Exists

string

admissionController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].key (2)

string

admissionController.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms[].matchExpressions[].operator (2)

string

admissionController.updateStrategy.rollingUpdate.maxSurge (2)

number

admissionController.updateStrategy.type (2)

string

admissionController.apiPriorityAndFairness (1)

boolean

admissionController.metricsService.create (1)

boolean

admissionController.priorityClassName (1)

string

admissionController.requests.cpu (1)

string

admissionController.requests.memory (1)

string

serviceMonitor.enabled (14)

true

boolean

serviceMonitor.interval (3)

1m

string

topologySpreadConstraints[].labelSelector.matchLabels."app.kubernetes.io/instance" (14)

kyverno

string

topologySpreadConstraints[].maxSkew (14)

number

topologySpreadConstraints[].topologyKey (14)

kubernetes.io/hostname

string

topologySpreadConstraints[].whenUnsatisfiable (14)

DoNotSchedule

string

installCRDs (13)

true

boolean

replicaCount (12)

number

updateStrategy.rollingUpdate.maxSurge (8)

number

updateStrategy.type (8)

RollingUpdate

string

config.webhooks[].objectSelector.matchExpressions[].key (5)

webhooks.kyverno.io/exclude

string

config.webhooks[].objectSelector.matchExpressions[].operator (5)

DoesNotExist

string

config.webhooks[].objectSelector.matchExpressions[].values[] (1)

string

config.webhooks[].namespaceSelector.matchExpressions[].key (1)

string

config.webhooks[].namespaceSelector.matchExpressions[].operator (1)

string

config.webhooks[].namespaceSelector.matchExpressions[].values[] (1)

string

config.excludeKyvernoNamespace (1)

boolean

resources.requests.cpu (5)

247m

string

resources.requests.memory (5)

443M

string

resources.limits.memory (4)

1336M

string

extraArgs[] (2)

string

upgrade.fromV2 (2)

boolean

cleanupJobs.admissionReports.enabled (1)

boolean

cleanupJobs.admissionReports.threshold (1)

number

cleanupJobs.clusterAdmissionReports.enabled (1)

boolean

cleanupJobs.clusterAdmissionReports.threshold (1)

number

customLabels."egress.home.arpa/apiserver" (1)

string

customLabels."egress.home.arpa/host" (1)

string

customLabels."ingress.home.arpa/apiserver" (1)

string

customLabels."ingress.home.arpa/host" (1)

string

customLabels."prom.home.arpa/kps" (1)

string

features.logging.format (1)

string

namespaceOverride (1)

string