Policies and Rules
Learn how Kyverno policies and rules work.
A Kyverno policy is a collection of rules. Each rule consists of a match declaration, an optional exclude declaration, and one of a validate, mutate, generate, or verifyImages declaration. Each rule can contain only a single validate, mutate, generate, or verifyImages child declaration.
Policies can be defined as cluster-wide resources (using the kind ClusterPolicy) or namespaced resources (using the kind Policy.) As expected, namespaced policies will only apply to resources within the namespace in which they are defined while cluster-wide policies are applied to matching resources across all namespaces. Otherwise, there is no difference between the two types.
Learn more about Applying Policies and Writing Policies in the upcoming chapters.
Last modified February 06, 2022 at 6:32 PM PST: updates for 1.6.0 (3279396)