Kyverno is a Kubernetes-native policy engine created by Nirmata. Nirmata Enterprise for Kyverno offers a hardened distribution of Kyverno built for enterprises and includes Nirmata-maintained downstream distribution of Kyverno with critical fixes including fixes for any CVEs, and priority feature enhancements for enterprise Kubernetes security & governance. It also offers long term support, service level agreements, an operations pack for management, visibility and policy tamper detection, data adapters for integrations, curated policy sets, as well as training and enablement services. This article explains how to install and get up and running with Nirmata Enterprise for Kyverno.
Start by adding the Helm repository corresponding to the chart, and then update and pull the chart so that it is available to you.
Next, get the images that are appropriate for this chart and mirror those into your own enterprise registry. Nirmata Enterprise for Kyverno is simple to install as another Helm chart.
Once the chart has been installed, watch the Kyverno Pods to ensure that they are coming up successfully.
Once Kyverno is in a running state, deploy Kyverno policies to test its functionality. Installing the Kyverno Pod Security Standard policies is yet another Helm chart, and they’ve been conveniently packaged together. Here, you can set the validation failure action to enforce which will block any Pods that are in violation of any of those policies from the restricted profile. Now install this chart.
Once the Kyverno policies have been installed, get these policies and make sure that they are in a ready status.
With the policies ready, you can test them by creating a Pod which violates one or more of these policies. You will observe that Kyverno detects a bad pod and blocks it by citing not only the policies, not only the rules, but also the reason why the Pod has been blocked.
Watch this full video below with instructions to get started with enterprise Kubernetes security & governance via Kyverno: