search string side menu

BRIX On-Premises > BRIX On-Premises Enterprise > Install add-on components for BRIX / Install Kyverno

Install Kyverno

Kyverno allows for the management of specific environmental configurations independently from resource configurations, applying advanced configuration methods for clusters, in particular by blocking or altering API requests.

The installation consists of three steps:

  1. Download the Helm chart and the configuration file.
  2. Set up the policy and fill in the configuration file.
  3. Install the Kyverno chart using helm in a Kubernetes cluster.

Step 1: Download the Helm chart and the configuration file

To install via the internet, obtain the configuration file values-kyverno.yaml by executing the command:

helm repo add elma365 https://charts.elma365.tech
helm repo update
helm show values elma365/kyverno > values-kyverno.yaml

Obtaining the configuration file for installation in a closed loop without internet access

  1. On a computer with internet access, download the BRIX images and upload them to the local image registry by executing the following command:

helm repo add elma365 https://charts.elma365.tech
helm repo update
helm pull elma365/kyverno

For more details, see Download BRIX images.

  1. Copy the obtained chart archive kyverno-X.Y.Z.tgz to the server where the installation will be carried out.
  1. Unpack this chart and copy the default configuration file values.yaml to values-kyverno.yaml:

tar -xf kyverno-X.Y.Z.tgz
cp kyverno/values.yaml values-kyverno.yaml

Step 2: Set up the policy and fill in the configuration file

Fill in the configuration file values-kyverno.yaml to enable the required policies.

Step 3: Install the Kyverno chart using helm in a Kubernetes cluster

Install the Kyverno chart in namespace, which was created in step 1 (in this article it's referred to as kyverno).

For online installation:

helm upgrade --install kyverno elma365/kyverno -f values-kyverno.yaml -n kyverno --create-namespace 

For offline installation without internet access:

helm upgrade --install kyverno ./kyverno -f values-kyverno.yaml -n kyverno --create-namespace

Начало внимание:

The installation of the Kyverno add-on component does not automatically attach the volume containing the CA certificate to the already running pods of the BRIX application.

After installing Kyverno, do not forget to restart the BRIX application services.

Конец внимание

Delete Kyverno chart using helm in a Kubernetes cluster

Начало внимание

Before deleting Kyverno, reconfigure the BRIX application to receive the CA certificate from other sources or disable TLS

Конец внимание

To delete the Kyverno chart in namespace kyverno, execute the command.

helm uninstall kyverno -n kyverno

install-keda.html ca-certificates-adding-policy.html