Description The Kyverno Background Controller FIPS container provides background processing capabilities for the Kyverno policy engine with FIPS 140-2 compliance. It handles background scan operations, cleanup tasks, and policy report generation while maintaining security standards required for regulated environments.
Key Features Core capabilities and strengths of this container
FIPS 140-2 compliant background processing Automated policy report generation Resource cleanup and optimization Secure background scan operations Common Use Cases Typical scenarios where this container excels
Regulated environment policy enforcement Kubernetes cluster security compliance Automated security posture management Continuous policy validation Pull Latest Image Download the container image from the registry
docker pull clnstrt-images.cleanstart.com/$ORGANIZATION/kyverno-background-controller-fips:latestdocker pull clnstrt-images.cleanstart.com/$ORGANIZATION/kyverno-background-controller-fips:latest-devBasic Run Run the container with basic configuration
bash docker run -it --name kyverno-background-controller-fips clnstrt-images.cleanstart.com/$ORGANIZATION/kyverno-background-controller-fips:latestProduction Deployment Deploy with production security settings
bash docker run -d --name kyverno-background-controller-fips \
--read-only \
--security-opt=no-new-privileges \
--user 1000:1000 \
clnstrt-images.cleanstart.com/$ORGANIZATION/kyverno-background-controller-fips:latestVolume Mount Mount local directory for persistent data
bash docker run -v $(pwd)/policies:/policies clnstrt-images.cleanstart.com/$ORGANIZATION/kyverno-background-controller-fips:latestPort Forwarding Run with custom port mappings
bash docker run -p 9443:9443 clnstrt-images.cleanstart.com/$ORGANIZATION/kyverno-background-controller-fips:latestEnvironment Variables Configuration options available through environment variables
KYVERNO_NAMESPACE Namespace where Kyverno is installed kyvernoMETRICS_PORT Port for metrics endpoint 9443LOG_LEVEL Logging level configuration infoFIPS_MODE FIPS mode configuration enabledSecurity Best Practices Recommended security configurations and practices
Enable FIPS mode in production environments Configure proper RBAC permissions Use secure communication channels Implement resource quotas and limits Regular security scanning and updates Monitor policy enforcement metrics Kubernetes Security Context Recommended security context for Kubernetes deployments
yaml securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefaultDocumentation Resources Essential links and resources for further information