Description Kyverno Policy Reporter FIPS is a specialized container image designed for enterprise Kubernetes environments requiring FIPS compliance. It provides comprehensive policy reporting and monitoring capabilities for Kyverno, helping organizations track and analyze policy enforcement across their clusters while maintaining strict security standards.
Key Features Core capabilities and strengths of this container
FIPS 140-2 compliant cryptographic modules Real-time policy violation reporting Integration with Kyverno policy engine Kubernetes-native monitoring capabilities Common Use Cases Typical scenarios where this container excels
Government and regulated industry compliance monitoring Enterprise Kubernetes policy enforcement Security posture monitoring and reporting Compliance audit trail generation Pull Latest Image Download the container image from the registry
docker pull clnstrt-images.cleanstart.com/$ORGANIZATION/kyverno-policy-reporter-fips:latestdocker pull clnstrt-images.cleanstart.com/$ORGANIZATION/kyverno-policy-reporter-fips:latest-devBasic Run Run the container with basic configuration
bash docker run -it --name kyverno-policy-reporter clnstrt-images.cleanstart.com/$ORGANIZATION/kyverno-policy-reporter-fips:latestProduction Deployment Deploy with production security settings
bash docker run -d --name kyverno-policy-reporter \
--read-only \
--security-opt=no-new-privileges \
--user 1000:1000 \
-p 8080:8080 \
clnstrt-images.cleanstart.com/$ORGANIZATION/kyverno-policy-reporter-fips:latestVolume Mount Mount local directory for persistent data
bash docker run -v $(pwd)/reports:/reports clnstrt-images.cleanstart.com/$ORGANIZATION/kyverno-policy-reporter-fips:latestPort Forwarding Run with custom port mappings
bash docker run -p 8080:8080 -p 9090:9090 clnstrt-images.cleanstart.com/$ORGANIZATION/kyverno-policy-reporter-fips:latestEnvironment Variables Configuration options available through environment variables
| Variable | Default | Description |
|----------|---------|-------------|
| POLICY_REPORTER_PORT | 8080 | HTTP server port |
| METRICS_PORT | 9090 | Prometheus metrics port |
| LOG_LEVEL | info | Logging level (debug, info, warn, error) |
| CLUSTER_NAME | default | Kubernetes cluster name | Security Best Practices Recommended security configurations and practices
Enable FIPS mode in your Kubernetes cluster Use RBAC to limit policy reporter access Implement network policies for traffic control Regular security scanning of container images Monitor policy violation alerts Maintain audit logs for compliance Kubernetes Security Context Recommended security context for Kubernetes deployments
yaml securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefaultDocumentation Resources Essential links and resources for further information