Custom Resource Definitions

Custom Resource Definitions (CRDs) for Kyverno policies and other types.

Kyverno uses Kubernetes Custom Resource Definitions (CRDs) for policy definitions, policy reports, and other internal types. When operating in a Kubernetes cluster with Kyverno installed, you can always inspect Kyverno types natively using kubectl explain.

For example, here is the definition of a Kyverno policy.spec:

λ kubectl explain policy.spec
KIND:     Policy

RESOURCE: spec <Object>

     Spec defines policy behaviors and contains one or rules.

   background   <boolean>
     Background controls if rules are applied to existing resources during a
     background scan. Optional. Default value is "true". The value must be set
     to "false" if the policy rule uses variables that are only available in the
     admission review request (e.g. user name).

   rules        <[]Object>
     Rules is a list of Rule instances. A Policy contains multiple rules and
     each rule can validate, mutate, or generate resources.

   validationFailureAction      <string>
     ValidationFailureAction controls if a validation policy rule failure should
     disallow the admission review request (enforce), or allow (audit) the
     admission review request and report an error in a policy report. Optional.
     The default value is "audit".

Kyverno’s support for structural schemas also enables integrated help in Kubernetes enabled Integrated Development Environments like VS Code with the Kubernetes Extension installed.

The complete Kyverno CRD reference can be viewed using this link:

The HTML source is available in the Kyverno GitHub repository and generated from type definitions stored at kyverno/kyverno/pkg/api.

Last modified January 8, 2021: fixes (d4ce091)