Merge pull request #31 from adrianliechti/feature/kyverno

add Kyverno
adrianliechti · Oct 29, 2022 · b8a3683 · b8a3683
2 parents 3d3f7e9 + 7ca934f
commit b8a3683
Show file tree

Hide file tree

Showing 6 changed files with 3,013 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -16,6 +16,7 @@ devkube bootstraps feature-rich Kubernetes clusters locally using Docker or on a
 ### Optional Add-ons
 
 - [Linkerd](https://linkerd.io) - Service Mesh
+- [Kyverno](https://kyverno.io) - Kubernetes Policy Management
 - [Falco](https://falco.org) - Kubernetes threat detection engine
 - [Trivy](https://aquasecurity.github.io/trivy-operator/latest/) - Kubernetse workload vulnerability scanning
 
@@ -112,6 +113,16 @@ devkube enable trivy
 
 ![Trivy](docs/assets/trivy.png)
 
+### Kyverno
+
+Kyverno is a policy engine designed for Kubernetes. With Kyverno, policies are managed as Kubernetes resources and no new language is required to write policies.
+
+```shell
+devkube enable kyverno
+```
+
+![Trivy](docs/assets/kyverno.png)
+
 ### Falco
 
 The Falco Project is a cloud native runtime security tool. Falco makes it easy to consume kernel events, and enrich those events with information from Kubernetes and the rest of the cloud native stack.

diff --git a/app/feature/feature_disable.go b/app/feature/feature_disable.go
@@ -11,6 +11,7 @@ import (
 	"github.com/adrianliechti/devkube/pkg/kubectl"
 
 	"github.com/adrianliechti/devkube/extension/falco"
+	"github.com/adrianliechti/devkube/extension/kyverno"
 	"github.com/adrianliechti/devkube/extension/linkerd"
 	"github.com/adrianliechti/devkube/extension/trivy"
 )
@@ -60,6 +61,13 @@ func DisableCommand() *cli.Command {
 
 				return nil
 
+			case "kyverno":
+				if err := kyverno.Uninstall(c.Context, kubeconfig, app.DefaultNamespace); err != nil {
+					return err
+				}
+
+				return nil
+
 			case "linkerd":
 				if err := linkerd.Uninstall(c.Context, kubeconfig); err != nil {
 					return err

diff --git a/app/feature/feature_enable.go b/app/feature/feature_enable.go
@@ -11,6 +11,7 @@ import (
 	"github.com/adrianliechti/devkube/pkg/kubectl"
 
 	"github.com/adrianliechti/devkube/extension/falco"
+	"github.com/adrianliechti/devkube/extension/kyverno"
 	"github.com/adrianliechti/devkube/extension/linkerd"
 	"github.com/adrianliechti/devkube/extension/trivy"
 )
@@ -60,6 +61,13 @@ func EnableCommand() *cli.Command {
 
 				return nil
 
+			case "kyverno":
+				if err := kyverno.Install(c.Context, kubeconfig, app.DefaultNamespace); err != nil {
+					return err
+				}
+
+				return nil
+
 			case "linkerd":
 				if err := linkerd.Install(c.Context, kubeconfig); err != nil {
 					return err

diff --git a/docs/assets/kyverno.png b/docs/assets/kyverno.png