About Kyverno
Kyverno is a policy engine built for Kubernetes and cloud native environments.
Kyverno policies are declarative Kubernetes resources and no new language is required to write policies. This allows using familiar tools such as kubectl
, git
, and kustomize
to manage policies. Kyverno policies can validate, mutate, generate, and cleanup any Kubernetes resource, including custom resrources. To help secure the software supply chain Kyverno policies can verify OCI container image signatures and artifacts.
The Kyverno CLI can be used to test policies and validate resources off-cluster e.g. as part of a CI/CD pipeline. Kyverno policy reports and policy exceptions are also Kubernetes resources. The Policy Reporter provides in-cluster report management with a graphical web-based user interface. Kyverno JSON allows applying Kyverno policies in non-Kubernetes environments and on any JSON payload. Kyverno Chainsaw provides declarative end-to-end testing for policies and controllers.
Join our community
Interested in learning and contributing?
Sign up on our mailing list or the Kyverno channel on Kubernetes Slack for discussions, and join our next community meeting. Check out the community page for more details.
Kyverno is a CNCF Incubating Project
![Cloud Native Computing Foundation logo](/images/logo_cloudnative.png)