Applying Policies
Tip
The Kyverno Policies repository contains several policies you can immediately apply to your clusters.In Clusters
On installation, Kyverno runs as a dynamic admission controller in a Kubernetes cluster. Kyverno receives validating and mutating admission webhook HTTP callbacks from the Kubernetes API server and applies matching policies to return results that enforce admission policies or reject requests.
Exceptions to policies may be defined in the rules themselves or with a separate PolicyException resource.
Cleanup policies, another separate resource type, can be used to remove existing resources based upon a definition and schedule.
In Pipelines
You can use the Kyverno CLI to apply policies to YAML resource manifest files as part of a software delivery pipeline. This command line tool allows integrating Kyverno into GitOps style workflows and checks for policy compliance of resource manifests before they are committed to version control and applied to clusters.
Refer to the Kyverno apply command section for details on the CLI. And refer to the Continuous Integration section for an example of how to incorporate the CLI to apply and test policies in your pipeline.
Via APIs
Kyverno JSON policies and the new ValidatingPolicy and ImageValidatingPolicy types can be applied to any JSON payload. These policies can be applied via a Golang SDK or web service.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.