Kyverno

Policy as Code, Simplified!


About Kyverno



The Kyverno project provides a comprehensive set of tools to manage the complete Policy-as-Code (PaC) lifecycle for Kubernetes and other cloud native environments


Kyverno policies are declarative YAML resources and no new language is required. Kyverno enables use of familiar tools such as kubectl, git, and kustomize to manage policies. Kyverno supports JMESPath and the Common Expressions Language (CEL) for efficient handling of complex logic.

In Kubernetes environments, Kyverno policies can validate, mutate, generate, and cleanup any Kubernetes resource, including custom resources. To help secure the software supply chain Kyverno policies can verify OCI container image signatures and artifacts. Kyverno policy reports and policy exceptions are also Kubernetes API resources.

The Kyverno CLI can be used to apply and test policies off-cluster e.g., as part of an IaC and CI/CD pipelines.

Kyverno Policy Reporter provides report management with a graphical web-based user interface.

Kyverno JSON allows applying Kyverno policies in non-Kubernetes environments and on any JSON payload.

Kyverno Chainsaw provides declarative end-to-end testing for policies.


Join our community


Interested in learning and contributing?

Sign up on our mailing list or the Kyverno channel on Kubernetes Slack for discussions, and join our next community meeting. Check out the community page for more details.

Go Report Card License: Apache-2.0 GitHub Repo stars CII Best Practices

Kyverno is a CNCF Incubating Project





The Linux Foundation® (TLF) has registered trademarks and uses trademarks. For a list of TLF trademarks, see Trademark Usage.