Policy Types

Kyverno Policy Types

Kyverno offers multiple policy types decribed below.

Kyverno’s mission is to be the best policy engine for Kubernetes, and allow aplying Kubernetes style policies everywhere. As Kubernetes has evolved, Kyverno is also evolving its APIs. The Kyverno ValidatingPolicy and ImageValidatingPolicy types were introduced in Release 1.14 (April 2025). Additional policy types will be introduced in subsequent releases.

ClusterPolicy

Validate, Mutate, Generate Resources; Verify Image Signatures and Attestations.

Cleanup Policy

Delete Resources Based on Policy Conditions

ValidatingPolicy

Validate Kubernetes Resources or JSON payloads

ImageValidatingPolicy

Validate container images and their metadata

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

Last modified April 14, 2025 at 3:52 AM PST: early draft for vpol (#1495) (5c65f89)