kyverno

kyverno

Kubernetes-native policy management

Policies are managed as Kubernetes resources

Cluster-wide or namespaced policies


Policies

Kyverno manages community policies

These policies are searchable

Examples

Check for deprecated APIs

Require specific labels on resources

Allowlist for image registries

Require attestations of security scans

Keyless image signatures using sigstore


Demo

kyverno for the Pod Security Standards

kyverno for testing keyless image signatures

See here for demos