The Enterprise Kyverno Operator is a Kubernetes Operator
to manage lifecycle of Kyverno, Adapters and Nirmata supported policies. It offers comprehensive lifecycle management capabilities that go beyond just Kyverno itself, extending to related components like policies and adapters. Managing these components at scale can be challenging due to compatibility and upgrade issues. The Operator provides a seamless solution for your policy and governance ecosystem, ensuring stability and smooth operation. The Operator itself can be used with
nctl and is also available as a Helm chart
Generate the values file template
The Operator supports a wide variety of parameters to fine tune Kyverno, Adapters, and policies. To see what parameters are available, generate the values file template and update the necessary fields.
nctl operator generate helm-values
Initialize the Kyverno Operator
To initialize Kyverno Operator with default values, run the below command.
nctl operator init
This installs the operator and related components in the
nirmata-system namespace. View all operator components using,
kubectl get all -n nirmata-system
Kyverno in installed HA mode (3 replicas), and the following policysets are installed by default.
- Pod Security Standards (Baseline)
- Pod Security Standards (Restricted)
- RBAC Best Practices
Upgrading the Kyverno Operator
In order to upgrade any component of the operator, use the
upgrade command. The paramters are same as the ones listed by the
generate command above.
Note: Upgrading to Kyverno version
1.10.x is not supported by the CLI. This is because
Kyverno 1.10.x version consists of breaking changes that may affect already existing policies. Please contact Nirmata support
for upgrading to
Kyverno 1.10.x version and above.
Uninstall the Kyverno Operator
Cleaning up the operator is straightforward. Use the
uninstall command to cleanup all the resources created at the time of Operator install.
nctl operator uninstall