Writing Policies

Create policies which can validate, mutate, generate, and clean up resources as well as perform verification of container images.

Policy Settings

Common configuration for all rules in a policy.

Selecting Resources

Identifying and filtering resources for policy evaluation.

Validate Rules

Check resources configurations for policy compliance.

Mutate Rules

Modify resource configurations during admission or retroactively against existing resources.

Generate Rules

Create new Kubernetes resources based on a policy and optionally keep them in sync.

Verify Images Rules

Check container image signatures and attestations for software supply chain security.

Cleanup Rules

Remove Kubernetes resources.

Policy Exceptions

Create an exception to an existing policy using a PolicyException.


Defining and using variables in policies from multiple sources.

External Data Sources

Fetch data from ConfigMaps, the Kubernetes API server, other cluster services, and image registries for use in Kyverno policies.

Auto-Gen Rules

Automatically generate rules for Pod controllers.


Fine-grained control of policy rule execution based on variables and expressions.


The JSON query language behind Kyverno.

Tips & Tricks

Tips and tricks for writing more effective policy.

Last modified May 24, 2023 at 9:17 AM PST: More 1.10 docs (#852) (5cb02c4)