Kyverno

Policy Management. Simplified.


About Kyverno



Policy Management for Kubernetes and cloud native environments.


Kyverno policies are declarative YAML resources and no new language is required to write policies. This allows using familiar tools such as kubectl, git, and kustomize to manage policies. For efficient handling of complex logic, Kyverno supports both JMESPath and the Common Expressions Language (CEL) languages.

In Kubernetes environments, Kyverno policies can validate, mutate, generate, and cleanup any Kubernetes resource, including custom resources. To help secure the software supply chain Kyverno policies can verify OCI container image signatures and artifacts. Kyverno policy reports and policy exceptions are also Kubernetes API resources.

The Kyverno CLI can be used to apply and test policies off-cluster e.g., as part of a CI/CD pipeline.

Kyverno Policy Reporter provides in-cluster report management with a graphical web-based user interface.

Kyverno JSON allows applying Kyverno policies in non-Kubernetes environments and on any JSON payload.

Kyverno Chainsaw provides declarative end-to-end testing for policies.


Join our community


Interested in learning and contributing?

Sign up on our mailing list or the Kyverno channel on Kubernetes Slack for discussions, and join our next community meeting. Check out the community page for more details.

Go Report Card License: Apache-2.0 GitHub Repo stars CII Best Practices

Kyverno is a CNCF Incubating Project





The Linux Foundation® (TLF) has registered trademarks and uses trademarks. For a list of TLF trademarks, see Trademark Usage.