44 lines
1.8 KiB
Markdown
44 lines
1.8 KiB
Markdown
---
|
|
title: Kyverno
|
|
description: Kyverno is a policy engine for Kubernetes designed to enforce, validate, and mutate configurations of Kubernetes resources
|
|
---
|
|
|
|
## Kyverno Overview
|
|
|
|
Kyverno is a policy engine for Kubernetes designed to enforce, validate, and mutate configurations of Kubernetes resources. It allows administrators to define policies as Kubernetes custom resources (CRDs) without requiring users to learn a new language or system.
|
|
|
|
### Key Uses
|
|
|
|
1. **Policy Enforcement**: Kyverno ensures resources comply with security, operational, or organizational policies, such as requiring specific labels, annotations, or resource limits.
|
|
2. **Validation**: It checks resources against predefined rules, ensuring configurations are correct before they are applied to the cluster.
|
|
3. **Mutation**: Kyverno can automatically modify resources on-the-fly, adding missing fields or values to Kubernetes objects.
|
|
4. **Generation**: It can generate resources like ConfigMaps or Secrets automatically when needed, helping to maintain consistency.
|
|
|
|
Kyverno simplifies governance and compliance in Kubernetes environments by automating policy management and ensuring best practices are followed.
|
|
|
|
## Prerequisites
|
|
Same as for idpbuilder installation
|
|
- Docker Engine
|
|
- Go
|
|
- kubectl
|
|
- kind
|
|
|
|
## Installation
|
|
### Build process
|
|
For building idpbuilder the source code needs to be downloaded and compiled:
|
|
|
|
```
|
|
git clone https://github.com/cnoe-io/idpbuilder.git
|
|
cd idpbuilder
|
|
go build
|
|
```
|
|
|
|
### Start idpbuilder
|
|
|
|
To start the idpbuilder with kyverno integration execute the following command:
|
|
|
|
```
|
|
idpbuilder create --use-path-routing -p https://github.com/cnoe-io/stacks//ref-implementation -p https://github.com/cnoe-io/stacks//kyverno-integration
|
|
```
|
|
|
|
After this step, you can see in ArgoCD that kyverno was installed
|