Kyverno Issues on GKE

Troubleshoot Kyverno webhook failures on GKE private clusters with firewall rule adjustments

Symptom: I’m using GKE and after installing Kyverno, my cluster is either broken or I’m seeing timeouts and other issues.

Solution: Private GKE clusters do not allow certain communications from the control planes to the workers, which Kyverno requires to receive webhooks from the API server. In order to resolve this issue, create a firewall rule which allows the control plane to speak to workers on the Kyverno TCP port which, by default at this time, is 9443. For more details, see the GKE documentation.

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

Last modified December 27, 2024 at 10:57 PM PST: adding a table of content to the troubleshooting section and some adaptation to each sub page. (09bed88)