--- title: "Kyverno \u0026 Policy Health" diataxis: reference applies_to: product: "nirmata-control-hub" audience: ["platform-engineer"] last_updated: 2026-03-25 url: https://docs.nirmata.io/docs/control-hub/monitoring/health/ --- The Kyverno Health Check feature in Nirmata Control Hub provides visibility into the operational health and configuration best practices of your Kyverno installation. It continuously analyzes Kyverno deployments across your clusters and offers a detailed health score based on four key categories: * Security * Availability * Scalability * Observability Each category is evaluated independently and flagged as Healthy, Warning, or Critical based on current configurations. The overall health score is then calculated and displayed prominently in the UI. ## Key Benefits * **Instant Health Grade**: See at-a-glance how well Kyverno is configured in your environment. * **Detailed Diagnostics**: Get category-wise breakdowns with precise issues and configuration gaps. * **Remediation Guidance**: View recommended changes to restore Kyverno to optimal health. * **Proactive Alerts**: Identify and resolve misconfigurations before they affect policy enforcement. ## Health Categories Overview ### Security Evaluates security-related configurations including: * **RBAC Validation**: Role-based access control configurations * **Network Policy**: Network segmentation and traffic controls * **Cluster-Admin Binding**: Excessive privilege assignments ### Availability Assesses deployment resilience and reliability: * **Resource Configuration**: CPU and memory requests/limits * **High Availability**: Pod disruption budgets and replica counts * **Runtime Stability**: Pod restart patterns and health ### Scalability Reviews auto-scaling and performance configurations: * **Auto-scaling**: Horizontal Pod Autoscaler setup * **ETCD Optimization**: Reports server deployment status * **Replica Management**: Controller replica distribution ### Observability Monitors health and monitoring capabilities: * **Controller Health**: Component operational status * **Pod Health Probes**: Readiness and liveness probe configuration ## Using the Kyverno Health Dashboard ### Accessing Health Information 1. **Navigate to Health Tab** - Go to **Control Hub** → **Select Cluster** → **Health** tab - View your overall Kyverno Health Grade (e.g., Score: 8/16, Status: F) 2. **Understanding Health Status** - **Healthy** (Green): Component meets best practice standards - **Warning** (Yellow): Minor issues that should be addressed post measuring the impact - **Critical** (Red): Serious problems requiring immediate attention ### Interpreting Health Results #### Overall Health Score - The health score shows how many checks passed out of total checks - Letter grades (A-F) provide quick assessment of overall health - Hover over the score for additional context #### Category-Specific Analysis 1. **Expand each category** (Security, Availability, Scalability, Observability) 2. **Review individual checks** within each category 3. **Check status indicators** for each component ### Finding Recommendations and Solutions #### Using Info Buttons - **Click the info (ℹī¸) icon** next to any health check item - **View detailed explanations** of what the check evaluates - **Access step-by-step remediation guidance** provided by the system or - **Reach out to support for personalized guidance at support@nirmata.com** ### Health Check Navigation Tips #### Prioritizing Issues - **Start with Critical findings** as they impact cluster stability - **Address Warning items** during maintenance windows - **Use the severity indicators** to plan remediation order #### Best Practices for Regular Monitoring - **Check health status weekly** for production clusters - **Review after any major changes** to Kyverno configuration - **Include health scores in operational reports** - **Set up alerts** for critical health score drops ## Getting Additional Support For environment-specific remediation strategies and best practices tailored to your infrastructure, reach out to support for personalized guidance. ## Additional Notes * Health checks are **non-intrusive and read-only** * Evaluations are **refreshed periodically** based on scan frequency * **No cluster modifications** are made by the health check process * Remediation guidance is **accessible through the dashboard interface** ## Policy Health ### Policies Tab The **Policies** tab provides a comprehensive view of all Kyverno policies deployed in your cluster, displaying their current health status, type (validate/mutate), and last update timestamps. Each policy is evaluated for its operational health, configuration correctness, and performance impact, with status indicators showing whether policies are functioning as expected or require attention. This view helps administrators quickly identify problematic policies, track policy deployment success, and ensure that security and governance rules are actively enforced across the cluster environment. ### Policy Exceptions Tab The **Policy Exceptions** tab displays all active policy exceptions in your cluster, showing their name, target namespace, current state, and expiration dates. Policy exceptions allow you to temporarily or permanently exclude specific resources from policy enforcement while maintaining audit trails and governance oversight. This centralized view enables administrators to monitor exception usage, track their lifecycle, ensure exceptions are properly justified and time-bounded, and maintain security posture by preventing exception sprawl across the cluster infrastructure.