kyverno/README.md

Kyverno - Kubernetes Native Policy Management

Kyverno is a policy engine built for Kubernetes.

Kyverno policies are custom resources that are written in YAML or JSON. Kyverno policies can validate, mutate, and generate any Kubernetes resources.

Kyverno runs as a dynamic admission controller in a Kubernetes cluster. Kyverno receives validating and mutating admission webhook HTTP callbacks from the kube-apiserver, applies matching polcies, and returns results that enforce admission policies or reject requests.

Policies match resources using the resource kind, name, and label selectors. Wildcards are supported in names.

Mutating policies can be written as overlays (similar to Kustomize) or as a JSON Patch. Validating policies also use an overlay style syntax, with support for pattern matching and conditional (if-then-else) processing.

Policy enforcement is captured using Kubernetes events. Kyverno also reports policy violations for existing resources.

Examples

1. Validating resources

2. Mutating resources

2. Generating resources

Documentation

• Getting Started
• Writing Policies
  • Validate Rules
  • Mutate Rules
  • Generate Rules
• Testing Policies

Roadmap

Getting help

• For feature requests and bugs, file an [issue][https://github.com/nirmata/kyverno/issues].
• For general discussion about both using and developing dex, join the [dex-dev][dex-dev] mailing list.