cleanstart/kyverno-background-controller

Verified Publisher

By CleanStart

•Updated about 14 hours ago

Secure by Design, Built for Speed, Hardened Container Images on a minimal base CleanStart OS.

Image
Developer tools
0

10K+

cleanstart/kyverno-background-controller repository overview

Container Documentation for Kyverno-Background-Controller

The Kyverno Background Controller container provides background processing capabilities for the Kyverno policy engine. It handles background scanning, report generation, and policy enforcement tasks while maintaining strict security standards required for government and regulated enterprise environments.

šŸ“Œ Base Foundation: Security-hardened, minimal base OS designed for enterprise containerized environments from Cleanstart Registry.

Image Path: cleanstart/kyverno-background-controller Registry: cleanstart Registry

Key Features Core capabilities and strengths of this container

  • 140-2 compliant background processing
    
  • Automated policy enforcement and scanning
  • Secure report generation and storage
  • Enterprise-grade security controls

Common Use Cases Typical scenarios where this container excels

  • Government and regulated industry deployments
  • Continuous policy compliance monitoring
  • Automated security posture management
  • Enterprise Kubernetes security enforcement

Pull Latest Image Download the container image from the registry

docker pull cleanstart/kyverno-background-controller:latest
docker pull cleanstart/kyverno-background-controller:latest-dev

Basic Run Run the container with basic configuration

docker run -it --name kyverno-background-controller cleanstart/kyverno-background-controller:latest

Production Deployment Deploy with production security settings

docker run -d --name kyverno-background-controller   \
  --read-only \
  --security-opt=no-new-privileges \
  --user 1000:1000 \
  -v /etc/kyverno:/etc/kyverno \
  cleanstart/kyverno-background-controller:latest

Volume Mount Mount configuration and data directories

docker run -v /etc/kyverno:/etc/kyverno -v /var/lib/kyverno:/var/lib/kyverno cleanstart/kyverno-background-controller:latest

Port Forwarding Run with metrics and monitoring ports

docker run -p 9090:9090 cleanstart/kyverno-background-controller:latest

Environment Variables Configuration options available through environment variables

VariableDefaultDescription
KYVERNO_NAMESPACEkyvernoNamespace for Kyverno deployment
METRICS_PORT9090Port for Prometheus metrics
LOG_LEVELINFOLogging level configuration
_MODEenabledmode enforcement

Security Best Practices Recommended security configurations and practices

  • Enable mode in production environments
  • Use secure TLS communication for all endpoints
  • Implement proper RBAC policies
  • Regular security scanning and updates
  • Monitor policy enforcement metrics
  • Backup configuration and policy data

Kubernetes Security Context Recommended security context for Kubernetes deployments

securityContext:
  runAsNonRoot: true
  runAsUser: 1000
  runAsGroup: 1000
  readOnlyRootFilesystem: true
  allowPrivilegeEscalation: false
  capabilities:
    drop: ["ALL"]
  seccompProfile:
    type: RuntimeDefault

⁠Documentation Resources

Essential links and resources for further information

CleanStart Images: https://images.cleanstart.com/⁠

Community Images:
Docker Hub: https://hub.docker.com/u/cleanstart⁠
GitHub: https://github.com/cleanstart-containers⁠
AWS ECR Public Gallery: https://gallery.ecr.aws/cleanstart/⁠

Presence on Social Media:
Community: https://www.linkedin.com/groups/18324021/⁠
YouTube: https://www.youtube.com/@CleanStartOfficial⁠

Contribute to Container Use Cases: https://github.com/cleanstart-dev/cleanstart-use-cases/⁠


Vulnerability Disclaimer

CleanStart offers Docker images that include third-party open-source libraries and packages maintained by independent contributors. While CleanStart maintains these images and applies industry-standard security practices, it cannot guarantee the security or integrity of upstream components beyond its control.

Users acknowledge and agree that open-source software may contain undiscovered vulnerabilities or introduce new risks through updates. CleanStart shall not be liable for security issues originating from third-party libraries, including but not limited to zero-day exploits, supply chain attacks, or contributor-introduced risks.

Security remains a shared responsibility: CleanStart provides updated images and guidance where possible, while users are responsible for evaluating deployments and implementing appropriate controls.

Tag summary

Content type

Image

Digest

sha256:2ce8a4c07…

Size

97.6 MB

Last updated

about 14 hours ago

docker pull cleanstart/kyverno-background-controller:1.18.1-amd64