Kyverno is a powerful policy engine specifically designed for Kubernetes. It enables you to manage your Kubernetes configurations using policies as code. These policies are written in YAML, eliminating the need to learn a new language.
Key Features:
- Declarative YAML Policies: Define policies using familiar YAML syntax.
- Validation, Mutation, Generation, and Cleanup: Kyverno policies can validate, mutate, generate, and cleanup Kubernetes resources.
- Image Verification: Secure your software supply chain by verifying OCI container image signatures and artifacts.
- Policy Reports and Exceptions: Kyverno policy reports and exceptions are Kubernetes API resources.
- Kyverno CLI: Apply and test policies off-cluster as part of IaC and CI/CD pipelines.
- Kyverno Policy Reporter: Provides report management with a graphical web-based user interface.
- Kyverno JSON: Apply Kyverno policies in non-Kubernetes environments and on any JSON payload.
- Kyverno Chainsaw: Provides declarative end-to-end testing for policies.
- JMESPath and CEL Support: Efficiently handle complex logic using JMESPath and the Common Expression Language (CEL).
Use Cases:
- Enforce Security Best Practices: Ensure that all deployments adhere to security guidelines.
- Automate Configuration: Automatically configure resources based on predefined policies.
- Validate Resource Requests: Validate resource requests to prevent misconfigurations.
- Secure Software Supply Chain: Verify image signatures to prevent the deployment of untrusted images.
- Policy-Driven Governance: Implement policy-driven governance across your Kubernetes clusters.