How Kyverno Works
An overview of how Kyverno works
Introduction
Learn about Kyverno and its powerful capabilities
About Kyverno
Kyverno (Greek for “govern”) is a cloud native policy engine. It was originally built for Kubernetes and now can also be used outside of Kubernetes clusters as a unified policy language.
Kyverno allows platform engineers to automate security, complianace, and best practices validation and deliver secure self-service to application teams.
Some of its many features include:
- policies as YAML-based declarative Kubernetes resources with no new language to learn!
- enforce policies as a Kubernetes admission controller, CLI-based scanner, and at runtime
- validate, mutate, generate, or cleanup (remove) any Kubernetes resource
- verify container images and metadata for software supply chain security
- policies for any JSON payload including Terraform resources, cloud resources, and service authoriation
- policy reporting using the open reporting format from the CNCF Policy WG
- flexible policy exception management
- tooling for comprehensive unit and e2e testing of policies
- management of policies as code resources using familiar tools like
gitandkustomize
Quick Start Guides
An introduction to Kyverno policy and rule types
Admission Controllers 101
An introduction to admission controllers in Kubernetes.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.