This tutorial demonstrates how Kyverno can be leveraged effectively to implement organization-specific policies within a running Kubernetes cluster.
Our reference scenario for demonstration purposes will be an adaptation of the "you build it, you run it" principle, where application development teams declare ownership of the Kubernetes resources that they manage via Argo CD, and Prometheus is able to route alerts to the appropriate team using custom labels attached to the managed resources. In this scenario, a dedicated "platform operations" team will receive and handle only the alerts which pertain to infrastructure-level resources and are not application-specific.
Kyverno will play an essential role in ensuring that the Alertmanager component of Prometheus can make informed routing decisions based on alert labels while minimizing the required effort for application development and platform operations teams to implement and maintain the solution.
💡 While this tutorial primarily relies on Argo CD and Helm for Kubernetes resource management, the solution itself is not very specific to this particular combination of tools. In fact, you may notice that a wide range of resource management tools such as Kustomize, Jsonnet, or Flux CD will either work just as well out of the box, or can easily be supported with minimal changes to our Kyverno policies.
The easiest way to run this tutorial is to open the project in GitHub Codespaces (using a cloud-based temporary environment). Alternatively, you can also open it locally in Visual Studio Code with Docker installed, and recommended extensions enabled.
Use the following link from within Visual Studio Code to begin:
You may see an error while the recommended extensions are still being installed. In that case, just wait, and try again later.
Kyverno Tutorial © 2024 by Uwe Stuehler is licensed under CC BY 4.0.