Troubleshooting

Processes for troubleshooting and recovery of Kyverno. Although Kyverno’s goal is to make policy simple, sometimes trouble still strikes. The following sections can be used to help troubleshoot and recover when things go wrong.

API Server Blocked

Learn how to resolve API server blockages due to Kyverno webhook timeouts and misconfigurations

Policies Not Applied

Troubleshoot and fix issues where Kyverno policies are not applied.

Kyverno OOMKills

Troubleshoot high resource usage or OOMKills caused by Kyverno policies.

Kyverno Slow Response

Resolve slow Kyverno operations caused by API throttling.

Partial Policy Application

Resolve issues where only some Kyverno policies are applied.

Kyverno Crashes

Resolve Kyverno crashes caused by insufficient memory in large clusters.

Kyverno Issues on GKE

Troubleshoot Kyverno webhook failures on GKE private clusters with firewall rule adjustments

Kyverno Issues on EKS

Troubleshoot Kyverno webhook failures and resource validation issues on EKS clusters

Client-Side Throttling

Resolve delays in resource creation caused by Kyverno’s client-side throttling.

Policy Definition Fails

Diagnose and fix issues with non-functional Kyverno policies.

Admission Reports Overloaded

Resolve accumulating admission reports affecting etcd and cluster performance.

Kyverno Lacks Permissions

Troubleshoot and fix Kyverno’s permission issues during policy creation

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

Last modified April 09, 2025 at 3:30 PM PST: fix: section weights (c2e9ec2)