ClusterPolicy

A ClusterPolicy defines rules to validate, mutate, generate resources and verify images. A ClusterPolicy is a cluster-wider resource. The namespaced Policy type provides the same functions for a single Namespace.

Policies and Rules

Get an overview of how Kyverno policies and rules work.

Policy Settings

Common configuration for all rules in a policy.

Selecting Resources

Identifying and filtering resources for rule evaluation.

Validate Rules

Check resources configurations for policy compliance.

Mutate Rules

Modify resource configurations during admission or retroactively against existing resources.

Generate Rules

Create new Kubernetes resources based on a policy and optionally keep them in sync.

Verify Images Rules

Check container image signatures and attestations for software supply chain security.

Variables

Defining and using variables in policies from multiple sources.

External Data Sources

Fetch data from ConfigMaps, the Kubernetes API server, other cluster services, and image registries for use in Kyverno policies.

Auto-Gen Rules

Automatically generate rules for Pod controllers.

Preconditions

Fine-grained control of policy rule execution based on variables and expressions.

JMESPath

The JSON query language behind Kyverno.

Tips & Tricks

Tips and tricks for writing more effective policy.

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

Last modified March 23, 2025 at 6:26 PM PST: rename dir (#1493) (010ba3f)