Introduction

Learn about Kyverno and its powerful capabilities

About Kyverno

Kyverno (Greek for “govern”) is a cloud native policy engine. It was originally built for Kubernetes and now can also be used outside of Kubernetes clusters as a unified policy language.

Kyverno allows platform engineers to automate security, complianace, and best practices validation and deliver secure self-service to application teams.

Some of its many features include:

  • policies as YAML-based declarative Kubernetes resources with no new language to learn!
  • enforce policies as a Kubernetes admission controller, CLI-based scanner, and at runtime
  • validate, mutate, generate, or cleanup (remove) any Kubernetes resource
  • verify container images and metadata for software supply chain security
  • policies for any JSON payload including Terraform resources, cloud resources, and service authoriation
  • policy reporting using the open reporting format from the CNCF Policy WG
  • flexible policy exception management
  • tooling for comprehensive unit and e2e testing of policies
  • management of policies as code resources using familiar tools like git and kustomize

How Kyverno Works

An overview of how Kyverno works

Quick Start Guides

An introduction to Kyverno policy and rule types

Admission Controllers 101

An introduction to admission controllers in Kubernetes.


Last modified August 26, 2024 at 4:02 AM PST: update RBAC customizations and sub-project info (#1320) (2ee7df0)