Description Kyverno Pre-validation webhook container with FIPS compliance for enterprise Kubernetes policy management. This container provides policy validation, security controls, and compliance enforcement for Kubernetes clusters, specifically designed for environments requiring FIPS 140-2 compliance.
Key Features Core capabilities and strengths of this container
FIPS 140-2 compliant cryptographic modules Pre-validation webhook for Kubernetes policy enforcement Real-time policy validation and security controls Enterprise-grade compliance monitoring Common Use Cases Typical scenarios where this container excels
Government and regulated industry deployments requiring FIPS compliance Enterprise Kubernetes policy management Security compliance automation Resource validation and governance Pull Latest Image Download the container image from the registry
docker pull clnstrt-images.cleanstart.com/$ORGANIZATION/kyverno-kyvernopre-fips:latestdocker pull clnstrt-images.cleanstart.com/$ORGANIZATION/kyverno-kyvernopre-fips:1.0.0-fipsBasic Run Run the container with basic configuration
bash docker run -it --name kyverno-pre-fips clnstrt-images.cleanstart.com/$ORGANIZATION/kyverno-kyvernopre-fips:latestProduction Deployment Deploy with production security settings
bash docker run -d --name kyverno-pre-fips \
--read-only \
--security-opt=no-new-privileges \
--user 1000:1000 \
-v /etc/kyverno:/etc/kyverno \
clnstrt-images.cleanstart.com/$ORGANIZATION/kyverno-kyvernopre-fips:latestVolume Mount Mount configuration directory for Kyverno
bash docker run -v $(pwd)/policies:/policies clnstrt-images.cleanstart.com/$ORGANIZATION/kyverno-kyvernopre-fips:latestPort Forwarding Run with webhook port mapping
bash docker run -p 9443:9443 clnstrt-images.cleanstart.com/$ORGANIZATION/kyverno-kyvernopre-fips:latestEnvironment Variables Configuration options available through environment variables
| Variable | Default | Description |
|----------|---------|-------------|
| KYVERNO_NAMESPACE | kyverno | Namespace for Kyverno deployment |
| KYVERNO_METRICS_PORT | 9443 | Port for metrics endpoint |
| KYVERNO_LEADER_ELECTION | true | Enable/disable leader election |
| KYVERNO_POLICY_EXCEPTION | false | Enable/disable policy exceptions | Security Best Practices Recommended security configurations and practices
Use FIPS-validated cryptographic modules only Implement strict RBAC policies Enable audit logging for all policy decisions Regular security scanning of deployed policies Maintain separate environments for policy testing Use signed and verified container images Monitor policy enforcement metrics Regular updates for security patches Kubernetes Security Context Recommended security context for Kubernetes deployments
yaml securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefaultDocumentation Resources Essential links and resources for further information