Kyverno Operator Management

The Enterprise Kyverno Operator is a Kubernetes Operator to manage lifecycle of Kyverno, Adapters and Nirmata supported policies. It offers comprehensive lifecycle management capabilities that go beyond just Kyverno itself, extending to related components like policies and adapters. Managing these components at scale can be challenging due to compatibility and upgrade issues. The Operator provides a seamless solution for your policy and governance ecosystem, ensuring stability and smooth operation. The Operator itself can be used with nctl and is also available as a Helm chart .

Generate the values file template

The Operator supports a wide variety of parameters to fine tune Kyverno, Adapters, and policies. To see what parameters are available, generate the values file template and update the necessary fields.

nctl operator generate helm-values

Initialize the Kyverno Operator

To initialize Kyverno Operator with default values, run the below command.

nctl operator init

This installs the operator and related components in the nirmata-system namespace. View all operator components using,

kubectl get all -n nirmata-system

Kyverno in installed HA mode (3 replicas), and the following policysets are installed by default.

  • Pod Security Standards (Baseline)
  • Pod Security Standards (Restricted)
  • RBAC Best Practices

Upgrading the Kyverno Operator

In order to upgrade any component of the operator, use the upgrade command. The paramters are same as the ones listed by the generate command above.

Note: Upgrading to Kyverno version 1.10.x is not supported by the CLI. This is because Kyverno 1.10.x version consists of breaking changes that may affect already existing policies. Please contact Nirmata support for upgrading to Kyverno 1.10.x version and above.

Uninstall the Kyverno Operator

Cleaning up the operator is straightforward. Use the uninstall command to cleanup all the resources created at the time of Operator install.

nctl operator uninstall