kyverno/documentation/installation.md

<small>*[documentation](/README.md#documentation) / Installation*</small>

# Installation

To install Kyverno in your cluster run the following command on a host with kubectl access:

````sh
kubectl create -f https://github.com/nirmata/kyverno/raw/master/definitions/install.yaml
````

To check the Kyverno controller status, run the command:

````sh
kubectl get pods -n kyverno
````

If the Kyverno controller is not running, you can check its status and logs for errors:

````sh
kubectl describe pod <kyverno-pod-name> -n kyverno
````

````sh
kubectl logs <kyverno-pod-name> -n kyverno
````

# Installing in a Development Environment

To build and run Kyverno in a development environment see: https://github.com/nirmata/kyverno/wiki/Building

To check if the controller is working, find it in the list of kyverno pods:

`kubectl get pods -n kyverno`

# Try Kyverno without a Kubernetes cluster

The [Kyverno CLI](documentation/testing-policies-cli.md) allows you to write and test policies without installing Kyverno in a Kubernetes cluster.

# Pre-Requisites
## Configure controller manager certificate signer
When the cluster ca & key is not passed as arguments(mostly for in-cluster mode), the TLS communicate between admission webhook and api-server a certificate signer configured to issue certificate to a certificate signing request(CSR) generated by Kyverno.
The Kubernetes controller manager provides a default implementation of a signer. To verify if it is enabled, check if the command args --cluster-signing-cert-file and --cluster-signing-key-file are passed to the controller manager with paths to your Certificate Authority’s keypair. 

---
<small>*Read Next >> [Writing Policies](/documentation/writing-policies.md)*</small>