The public version of the Playground is available at https://playground.kyverno.io.
The Kyverno Playground is a web service that simulates Kyverno behaviour, you can experiment and play with Kyverno policies directly in your browser
The service receives a configuration, resource and policies definitions, runs the Kyverno engine, and returns the results of evaluating policies against resources.
The playground currently supports:
- Validation rules
- Mutation rules
- Image verification rules
- Generate rules
NOTES:
- This tool only works with public image registries
- No data is gathered, stored, or shared
The playground frontend offers a rich feature set:
- Supports admission information like
username
,groups
,roles
andcluster roles
- Saving and loading state from the local storage
- Loading policies and resources from the Kyverno catalog
- Sharing state with simple links
- Comes with a tutorial to learn Kyverno easily
It is currently not possible to add variables from external resources or do actual API calls.
It is only possible to mock variables using the variables configuration in the context input.
It is supported to define multiple policies and/or resources as inputs.
Context and variables will be shared for all executions.
The "File" Button loads a local YAML file as input.
The "URL" Button loads a manifest from an external URL, example: https://raw.githubusercontent.com/kyverno/policies/main/best-practices/disallow-latest-tag/disallow-latest-tag.yaml
Kyverno Playground releases are available at https://github.com/kyverno/playground/releases.
Additionaly we publish docker images at ghcr.io/kyverno/playground and an helm chart repository is available at https://kyverno.github.io/playground.
Add kyverno-playground
Helm repository:
helm repo add kyverno-playground https://kyverno.github.io/playground/
Install kyverno-playground
Helm chart:
helm upgrade --install kyverno-playground --namespace kyverno --create-namespace --wait kyverno-playground/kyverno-playground
Install kyverno-playground
Helm chart (without configuring an Helm repository):
helm upgrade --install kyverno-playground --namespace kyverno --create-namespace --wait --repo https://kyverno.github.io/playground kyverno-playground
Install kyverno-playground
local Helm chart:
helm upgrade --install kyverno-playground --namespace kyverno --create-namespace --wait ./charts/kyverno-playground
Alternatively, you can install and run the Playground locally. This will allow you to connect the Playground to a real cluster.
Please read the Cluster connected docs.
The Playground uses openapi schemas to load resources from yaml content. To load a resource correctly the Playground needs the corresponding openapi schema.
By default, all Kubernetes builtin resources are supported. To work with custom resources you need to provide the custom resource definition.
Providing custom resource definitions can be done in different ways:
- Using the
--engine-builtin-crds
flag in the backend (see the list of supported built-in CRDs) - Using the
--engine-local-crds
flag in the backend, pointing to a directory containing yaml CRD definitions - Paste your CRD yaml definitions directly in the frontend
The following CRDs are embedded in the Playground backend and can be enabled with the --builtin-crds
flag:
Name | Flag |
---|---|
ArgoCD | --builtin-crds=argocd |
Cert Manager | --builtin-crds=cert-manager |
Tekton Pipeline | --builtin-crds=tekton-pipeline |
Prometheus Operator | --builtin-crds=prometheus-operator |
(Cluster)PolicyReports | --builtin-crds=wgpolicyk8s |
Instructions for building and running the Playground from source code is available in the docs section.