Writing Policies

Create custom policy rules to validate, mutate, and generate configurations.

Policy Settings

Common configuration for all rules in a policy.

Select Resources

Use match and exclude to filter and select resources.

Mutate Resources

Modify resources during admission control.

Verify Images

Check image signatures and add digests

Validate Resources

Check resource configurations for policy compliance.

Generate Resources

Create additional resources based on resource creation or updates.

Variables

Data-driven policies for reuse and intelligent decision making

External Data Sources

Use data from ConfigMaps, the Kubernetes API server, and image registries in Kyverno policies.

Preconditions

Control policy rule execution based on variables.

Auto-Gen Rules for Pod Controllers

Automatically generate rules for Pod controllers.

Background Scans

Manage applying policies to existing resources in a cluster.

Tips & Tricks

Tips and tricks for writing more effective policy.

JMESPath

The JSON query language behind Kyverno.

Last modified November 07, 2020 at 8:10 PM PST: document ordering and (lack of) override behaviors (8a7fa3c)