Kyverno (κυβερνώ, Greek for "govern") is a policy management solution for Kubernetes and other cloud native environments. Kyverno policies can validate, mutate, generate, and clean-up resources. Kyverno can also verify OCI container images for software supply chain security. Kyverno policies are delarative and do not require learning a new programming language.
GitHub is Kyverno's home and here you can find all the interesting things the Kyverno community are working on.
-
Kyverno (web, repo): a Kubernetes admission controller, scanner, and command-line for policy lifecycle management.
-
Policy Reporter (web, repo): in-cluster management of policy violations and reports with a graphical web-based front end.
-
Kyverno JSON (web, repo): Kyverno policies for non-Kubernetes workloads and any JSON payload.
-
Chainsaw (web, repo): A declarative end-to-end testing tool for Kubernetes operators.
-
Kyverno Envoy Plugin (web, repo): Authorization policies for Envoy based service meshes.
- website: The source for the Kyverno website at https://kyverno.io.
- policies: The Kyverno policy library and test cases (with web frontend at https://kyverno.io/policies).
- KDP: The Kyverno Design Proposal (KDP) repository, where new features are proposed and reviwed.
- demos: Sample policies and resources for demos.
- community: project governance, code of conduct, and other common information.
We thrive on our community and would love for you to engage with us. Please join us in the #kyverno channel on the Kubernetes workspace or the CNCF workspace.