diff --git a/apps/kyverno/enforce-replica.yaml b/apps/kyverno/enforce-replica.yaml
new file mode 100644
index 0000000..e458de7
--- /dev/null
+++ b/apps/kyverno/enforce-replica.yaml
@@ -0,0 +1,17 @@
+apiVersion: "kyverno.io/v1"
+kind: "ClusterPolicy"
+metadata:
+  name: "enforce-replicas"
+spec:
+  background: true
+  rules:
+  - name: "set-replicas"
+    match:
+      resources:
+        kinds:
+        - "Deployment"
+    mutate:
+      patchStrategicMerge:
+        spec:
+          replicas: 3
+
diff --git a/apps/kyverno/kustomization.yaml b/apps/kyverno/kustomization.yaml
new file mode 100644
index 0000000..6b1c4b6
--- /dev/null
+++ b/apps/kyverno/kustomization.yaml
@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - enforce-replica.yaml
diff --git a/infra/kustomization.yaml b/infra/kustomization.yaml
index caaea26..6aed2bf 100644
--- a/infra/kustomization.yaml
+++ b/infra/kustomization.yaml
@@ -5,6 +5,7 @@ resources:
   - descheduler
   - external-dns
   - kured
+  - kyverno
   - metallb
   - rook-ceph
   - secret-generator
diff --git a/infra/kyverno/helm-release.yaml b/infra/kyverno/helm-release.yaml
new file mode 100644
index 0000000..33358cd
--- /dev/null
+++ b/infra/kyverno/helm-release.yaml
@@ -0,0 +1,20 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: kyverno
+spec:
+  interval: 1h
+  chart:
+    spec:
+      chart: kyverno
+      sourceRef:
+        kind: HelmRepository
+        name: kyverno
+      interval: 1h
+  values:
+    admissionController:
+      replicas: 3
+    backgroundController:
+      replicas: 3
+    reportsController:
+      replicas: 3
diff --git a/infra/kyverno/helm-repository.yaml b/infra/kyverno/helm-repository.yaml
new file mode 100644
index 0000000..908cbbc
--- /dev/null
+++ b/infra/kyverno/helm-repository.yaml
@@ -0,0 +1,7 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: kyverno
+spec:
+  url: https://kyverno.github.io/kyverno/
+  interval: 1h
diff --git a/infra/kyverno/kustomization.yaml b/infra/kyverno/kustomization.yaml
new file mode 100644
index 0000000..73faec8
--- /dev/null
+++ b/infra/kyverno/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kyverno
+resources:
+- helm-release.yaml
+- helm-repository.yaml
+- namespace.yaml
diff --git a/infra/kyverno/namespace.yaml b/infra/kyverno/namespace.yaml
new file mode 100644
index 0000000..b61ec8b
--- /dev/null
+++ b/infra/kyverno/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kyverno