1.7 KiB
documentation / Installation
Installation
To install Kyverno in your cluster run the following command on a host with kubectl access:
kubectl create -f https://github.com/nirmata/kyverno/raw/master/definitions/install.yaml
To check the Kyverno controller status, run the command:
kubectl get pods -n kyverno
If the Kyverno controller is not running, you can check its status and logs for errors:
kubectl describe pod <kyverno-pod-name> -n kyverno
kubectl logs <kyverno-pod-name> -n kyverno
Installing in a Development Environment
To build and run Kyverno in a development environment see: https://github.com/nirmata/kyverno/wiki/Building
To check if the controller is working, find it in the list of kyverno pods:
kubectl get pods -n kyverno
Try Kyverno without a Kubernetes cluster
The Kyverno CLI allows you to write and test policies without installing Kyverno in a Kubernetes cluster.
Pre-Requisites
Configure controller manager certificate signer
When the cluster ca & key is not passed as arguments(mostly for in-cluster mode), the TLS communicate between admission webhook and api-server a certificate signer configured to issue certificate to a certificate signing request(CSR) generated by Kyverno. The Kubernetes controller manager provides a default implementation of a signer. To verify if it is enabled, check if the command args --cluster-signing-cert-file and --cluster-signing-key-file are passed to the controller manager with paths to your Certificate Authority’s keypair.
Read Next >> Writing Policies