kyverno is a Commodore component to manage kyverno.
Kyverno already brings
ClusterRole objects to aggregate read-write permissions for its CRDs to the
admin cluster role.
However, upstream doesn’t provide
ClusterRole objects to aggregate read-only permissions for the Kyverno CRDs to the
cluster-reader cluster roles.
To address this shortcoming, the component creates two
syn-kyverno:aggregate-to-cluster-reader which aggregate read-only permissions to the
cluster-reader cluster roles for namespaced and cluster-scoped Kyverno CRDs respectively.
See the parameters reference for further details.