Kyverno is an admission controller offering policy enforcement as a validating or mutating webhook. It audits or enforces policies for cluster resources, and produces reports about the compliance of the cluster.
It is used to enforce Pod Security Standards (PSS) as a replacement for Pod Security Policies (PSPs), as well as many other community-supported policies for various use cases. For more information on the switch from PSP to PSS, see our blog post.
There are 3 ways to install this app onto a workload cluster.
- Using our web interface
- Using our API
- Directly creating the App custom resource on the management cluster.
Please see the Kyverno docs or the configuration reference in this chart for configurable values.
See our full reference page on how to configure applications for more details.
This repo contains subtrees from giantswarm/kyverno and giantswarm/policy-reporter.
Note: There is automation in place to update both upstream fork and app charts on a monthly basis. However, you can manually trigger them if needed.
-
Make sure that giantswarm/kyverno is up to date and has the desired tag.
-
Trigger the sync-from-upstream action from the
main
branch. -
Review the PR generated by the actions bot.