This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Kyverno

Kyverno is a policy engine for Kubernetes designed to enforce, validate, and mutate configurations of Kubernetes resources

    Kyverno Overview

    Kyverno is a policy engine for Kubernetes designed to enforce, validate, and mutate configurations of Kubernetes resources. It allows administrators to define policies as Kubernetes custom resources (CRDs) without requiring users to learn a new language or system.

    Key Uses

    1. Policy Enforcement: Kyverno ensures resources comply with security, operational, or organizational policies, such as requiring specific labels, annotations, or resource limits.
    2. Validation: It checks resources against predefined rules, ensuring configurations are correct before they are applied to the cluster.
    3. Mutation: Kyverno can automatically modify resources on-the-fly, adding missing fields or values to Kubernetes objects.
    4. Generation: It can generate resources like ConfigMaps or Secrets automatically when needed, helping to maintain consistency.

    Kyverno simplifies governance and compliance in Kubernetes environments by automating policy management and ensuring best practices are followed.

    Prerequisites

    Same as for idpbuilder installation

    • Docker Engine
    • Go
    • kubectl
    • kind

    Installation

    Build process

    For building idpbuilder the source code needs to be downloaded and compiled:

    git clone https://github.com/cnoe-io/idpbuilder.git
cd idpbuilder
go build

    Start idpbuilder

    To start the idpbuilder with kyverno integration execute the following command:

    idpbuilder create --use-path-routing -p https://github.com/cnoe-io/stacks//ref-implementation -p https://github.com/cnoe-io/stacks//kyverno-integration

    After this step, you can see in ArgoCD that kyverno was installed