Policy Types

Kyverno Policy Types

Kyverno offers multiple policy types decribed below. Kyverno’s mission is to be the best policy engine for Kubernetes, and allow applying Kubernetes style policies everywhere. As Kubernetes has evolved, Kyverno is also evolving its APIs. The Kyverno ValidatingPolicy and ImageValidatingPolicy types were introduced in v1.15 (July 2025), and MutatingPolicy, GeneratingPolicy, and DeletingPolicy were added in v1.15 (July 2025).

ClusterPolicy

Validate, mutate, generate resources; verify image signatures and attestations.

Cleanup Policy

Delete matching resources based on a schedule

ValidatingPolicy

Validate Kubernetes resources or JSON payloads

ImageValidatingPolicy

Verify container image signatures and attestations

MutatingPolicy

Mutate new or existing resources

GeneratingPolicy

Create or clone resources based on flexible triggers

DeletingPolicy

Deletes matching resources based on a schedule

CEL Libraries

Extended CEL functions for complex policy logic and advanced features

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

Last modified July 31, 2025 at 6:36 PM PST: Add version v1.15.0 (#1622) (451a52f)