mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-13 19:28:55 +00:00
Code Activity
Cloud Native Policy Management
190 commits 14 branches 550 tags 299 MiB
Go 98.6%
Makefile 0.7%
Shell 0.4%
Smarty 0.3%
Find a file
Jim Bugwadia ab69b38a77 start docs
2019-05-20 20:43:38 -07:00
definitions - Correct crd yaml, since we only allow 1 generation per rule. - update example for generator 2019-05-16 17:19:38 -07:00
documentation start docs 2019-05-20 20:43:38 -07:00
examples - Correct crd yaml, since we only allow 1 generation per rule. - update example for generator 2019-05-16 17:19:38 -07:00
kubeclient move config to pkg/config 2019-05-17 11:15:30 -07:00
pkg Fixed string and float type mismatches 2019-05-20 18:28:54 +03:00
scripts Added version arg for compile-image.sh 2019-05-14 14:18:16 +03:00
.gitignore NK-10: Controller renamed to PolicyController. Created MutationWebhook class in new webhook package. Implemented filtering of incoming objects by Kind. Implemented simple usage of PolicyController in MutationWebhook. 2019-02-21 20:31:18 +02:00
Gopkg.toml Updated all the kubernetes dependencies to the latest 1.14 version 2019-05-13 16:11:16 +03:00
init.go move config to pkg/config 2019-05-17 11:15:30 -07:00
main.go Finished Generate() logic to actual generating the resource 2019-05-16 14:09:02 -07:00
README.md start docs 2019-05-20 20:43:38 -07:00

README.md

Kyverno - Kubernetes Native Policy Management

logo

Kyverno is a policy engine built for Kubernetes.

Kyverno policies are custom resources that are written in YAML or JSON. Kyverno policies can validate, mutate, and generate any Kubernetes resources.

Kyverno runs as a dynamic admission controller in a Kubernetes cluster. Kyverno receives validating and mutating admission webhook HTTP callbacks from the kube-apiserver, applies matching polcies, and returns results that enforce admission policies or reject requests.

Policies match resources using the resource kind, name, and label selectors. Wildcards are supported in names.

Mutating policies can be written as overlays (similar to Kustomize) or as a JSON Patch. Validating policies also use an overlay style syntax, with support for pattern matching and conditional (if-then-else) processing.

Policy enforcement is captured using Kubernetes events. Kyverno also reports policy violations for existing resources.

Examples

1. Validating resources

2. Mutating resources

2. Generating resources

Documentation

Roadmap

Getting help