Skip to main content

Kyverno

Controller

This folder contains the configuration for deploying the Kyverno controller in the cluster using Flux and Helm.

Purpose

The Kyverno controller is required to enforce and manage Kubernetes policies. Kyverno acts as an admission controller that validates resources, performs mutations, and can generate new resources based on policies.

What does it do?

  • Validate: Checks whether resources meet predefined rules before they are admitted to the cluster.
  • Mutate: Automatically modifies resources according to the policies.
  • Generate: Can automatically create additional resources when certain conditions are met.

The controller is deployed using a HelmRelease resource, which pulls the necessary Helm chart from the HelmRepository.

See the Kyverno documentation for more information.

Policies

This folder contains the Kyverno policies that are applied to the Kubernetes cluster.

Why are Kyverno policies necessary?

Kyverno policies ensure that the cluster complies with security and compliance requirements by enforcing rules on resources. They help standardize configurations, enforce best practices, and prevent unwanted changes.fdwingen van best practices en het voorkomen van ongewenste wijzigingen.

What do the policies do?

  • Validate: Check whether resources meet specified requirements (such as labels, annotations, image registries).
  • Mutate: Automatically adjust resources to meet the desired standards.
  • Generate: Create additional resources if needed (such as default network policies or configmaps).

These policies are managed as code and automatically deployed via GitOps using Flux and Kyverno.