Kyverno & Policy Health

The Kyverno Health Check feature in NCH provides visibility into the operational health and configuration best practices of your Kyverno installation. It continuously analyzes Kyverno deployments across your clusters and offers a detailed health score based on four key categories:

Security
Availability
Scalability
Observability

Each category is evaluated independently and flagged as Healthy, Warning, or Critical based on current configurations. The overall health score is then calculated and displayed prominently in the UI.

Key Benefits

Instant Health Grade: See at-a-glance how well Kyverno is configured in your environment.
Detailed Diagnostics: Get category-wise breakdowns with precise issues and configuration gaps.
Remediation Guidance: View recommended changes to restore Kyverno to optimal health.
Proactive Alerts: Identify and resolve misconfigurations before they affect policy enforcement.

Example Kyverno Health Categories

Security
- RBAC Validation
- NetworkPolicy Validation
Availability
- Resource Configuration
- High Availability
- Runtime Stability
Scalability
- Auto-scaling
- etcd Optimization
Observability
- Kyverno Controller Health
- Pod Health Probes

Using the Kyverno Health Dashboard

Navigate to Control Hub → Seclect Cluster → Health tab
View your Kyverno Health Grade (e.g., Score: 7/16, Status: F)
Expand individual categories to view findings and recommended fixes

Additional Notes

Health checks are non-intrusive and read-only
Evaluations are refreshed periodically (based on scan frequency)

Policy Health

Policy Health enables you to monitor policies deployed on Nirmata. As an admin or operator, monitoring policy health is essential for effective policy lifecycle management. Policy Health displays the overall health status of policies at the cluster level.

On the Health page, click on the Policies tab to view the health of Kyverno policies.