Key Features Core capabilities and strengths of this container
FIPS 140-2 compliant implementation Seamless integration with Kyverno policy engine Enhanced security reporting capabilities Real-time policy violation monitoring Common Use Cases Typical scenarios where this container excels
Government and regulated industry compliance monitoring Enterprise security policy enforcement Kubernetes cluster policy reporting Compliance audit trail generation Pull Latest Image Download the container image from the registry
docker pull clnstrt-images.cleanstart.com/$ORGANIZATION/kyverno-policy-reporter-kyverno-plugin-fips:latestdocker pull clnstrt-images.cleanstart.com/$ORGANIZATION/kyverno-policy-reporter-kyverno-plugin-fips:latest-devBasic Run Run the container with basic configuration
bash docker run -it --name kyverno-policy-reporter-kyverno-plugin-fips-test clnstrt-images.cleanstart.com/$ORGANIZATION/kyverno-policy-reporter-kyverno-plugin-fips:latest-devProduction Deployment Deploy with production security settings
bash docker run -d --name kyverno-policy-reporter-kyverno-plugin-fips-prod \
--read-only \
--security-opt=no-new-privileges \
--user 1000:1000 \
clnstrt-images.cleanstart.com/$ORGANIZATION/kyverno-policy-reporter-kyverno-plugin-fips:latestVolume Mount Mount local directory for persistent data
bash docker run -v $(pwd)/data:/data clnstrt-images.cleanstart.com/$ORGANIZATION/kyverno-policy-reporter-kyverno-plugin-fips:latestPort Forwarding Run with custom port mappings
bash docker run -p 8080:80 clnstrt-images.cleanstart.com/$ORGANIZATION/kyverno-policy-reporter-kyverno-plugin-fips:latestEnvironment Variables Configuration options available through environment variables
KYVERNO_PLUGIN_PORT Port for the Kyverno plugin service 8080LOG_LEVEL Logging level (debug, info, warn, error) infoMETRICS_ENABLED Enable/disable metrics collection trueREPORT_INTERVAL Report generation interval in seconds 300Security Best Practices Recommended security configurations and practices
Verify FIPS mode is properly enabled Implement proper RBAC policies Enable audit logging Regular security compliance checks Monitor policy violation reports Implement network policies Regular container image updates Secure secrets management Kubernetes Security Context Recommended security context for Kubernetes deployments
yaml securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]Documentation Resources Essential links and resources for further information