Cloud Native Policy Management

About Kyverno

Kyverno is a policy engine built for Kubernetes and cloud native environments.

Kyverno policies are declarative Kubernetes resources and no new language is required to write policies. This allows using familiar tools such as kubectl, git, and kustomize to manage policies. Kyverno policies can validate, mutate, generate, and cleanup any Kubernetes resource, including custom resrources. To help secure the software supply chain Kyverno policies can verify OCI container image signatures and artifacts.

The Kyverno CLI can be used to test policies and validate resources off-cluster e.g. as part of a CI/CD pipeline. Kyverno policy reports and policy exceptions are also Kubernetes resources. The Policy Reporter provides in-cluster report management with a graphical web-based user interface. Kyverno JSON allows applying Kyverno policies in non-Kubernetes environments and on any JSON payload. Kyverno Chainsaw provides declarative end-to-end testing for policies and controllers.

Join our community

Interested in learning and contributing?

Sign up on our mailing list or the Kyverno channel on Kubernetes Slack for discussions, and join our next community meeting. Check out the community page for more details.

Go Report Card License: Apache-2.0 GitHub Repo stars CII Best Practices

Kyverno is a CNCF Incubating Project

The Linux Foundation® (TLF) has registered trademarks and uses trademarks. For a list of TLF trademarks, see Trademark Usage.