Policy Settings
Common configuration for all rules in a policy.
Writing Policies
Create policies which can validate, mutate, generate, and clean up resources as well as perform verification of container images.
Selecting Resources
Identifying and filtering resources for rule evaluation.
Validate Rules
Check resources configurations for policy compliance.
Mutate Rules
Modify resource configurations during admission or retroactively against existing resources.
Generate Rules
Create new Kubernetes resources based on a policy and optionally keep them in sync.
Verify Images Rules
Check container image signatures and attestations for software supply chain security.
Cleanup Rules
Remove Kubernetes resources.
Policy Exceptions
Create an exception to an existing policy using a PolicyException.
Variables
Defining and using variables in policies from multiple sources.
External Data Sources
Fetch data from ConfigMaps, the Kubernetes API server, other cluster services, and image registries for use in Kyverno policies.
Auto-Gen Rules
Automatically generate rules for Pod controllers.
Preconditions
Fine-grained control of policy rule execution based on variables and expressions.
JMESPath
The JSON query language behind Kyverno.
Tips & Tricks
Tips and tricks for writing more effective policy.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.