Like Kyverno? Star on Github to follow and support

UnifiedPolicy as Code,Simplified!

Secure, automate, and operate all your infrastructure and applications with YAML and CEL based policies.

Easy to Adopt

Use familiar languages and tools. Kubernetes-native types that integrate seamlessly into your existing workflows.

Flexible & Powerful

From basic validation to complex automation, Kyverno has you covered. Initially built for K8s, Kyverno now works everywhere.

Trusted & Proven

Production-ready at scale in enterprises worldwide. Top CNCF project with a vibrant community and ecosystem.

Get Started Explore Policies

Created with ❤️ by Nirmata

KyvernoPolicy Showcase

Explore sample policies showcasing Kyverno's versatility across different use cases and policy types.

apiVersion: policies.kyverno.io/v1beta1
kind: ValidatingPolicy
metadata:
  name: require-labels
spec:
  matchConstraints:
    resourceRules:
      - apiGroups:   [""]
        apiVersions: ["v1"]
        operations:  ["CREATE", "UPDATE"]
        resources:   ["pods"]
  variables:
    - name: "labels"
      expression: "object.metadata.?labels.orValue([])"
  validations:
    -  message: "Pods must have 'app' and 'version' labels"
       expression: |
         has(variables.labels.app) && 
         has(variables.labels.version)

Explore More Policies Learn More

Trusted By Industry Leaders

Powering Policy-Based Security & Operations Worldwide

Adidas

Bloomberg

Razorpay

Robinhood

Spotify

Telecom

US-DOD

Vodafone

Wayfair

Yahoo

Adidas

Bloomberg

Razorpay

Robinhood

Spotify

Telecom

US-DOD

Vodafone

Wayfair

Yahoo

Join 1000+ organizations using Kyverno in production environments

Join the Policy as Code Revolution!

Get started with Kyverno

Deploy Kyverno in your Kubernetes cluster within minutes and start writing policies using simple, familiar YAML.

Get Started Explore Policies

Kyverno vs Other policy engines

As the industry's leading policy engine, here's how Kyverno compares with other policy engines.

Feature	Kyverno	Open Policy AgentOPA	K8s Policy Types
Policy Language	YAML & CEL Rego, Constraint Templates YAML & CEL
Ease of Adoption	Intuitive, extends K8s types Steeper learning curve Built-in types
K8s Resource Validation	Yes Yes limited
K8s Resource Mutation	Yes limited limited
K8s Resource Generation	Yes No No
K8s Resource Cleanup	Yes No No
Image Verification	Sigstore Cosign & Notary via extensions Not supported
Runtime Controls	Yes validation only No
Shift-Left, CI/CD Integration	Yes Yes No
Any Payload	Yes Yes K8s resources only
Reporting	OpenReports No No
Policy Exceptions	Yes No No
Test Tooling	Yes Yes Yes

Kyverno is a CNCF Incubating Project

The Linux Foundation® (TLF) has registered trademarks and uses trademarks. For a list of TLF trademarks, see Trademark Usage.