Technology · Ebook
Kyverno: Policy as Code for Kubernetes
by Shriira Press
Kyverno is a Kubernetes-native policy engine: it validates, mutates, and generates resources according to rules you write as Kubernetes YAML — no new language to learn — so you can enforce security and best practices automatically. This free book teaches it from the ground up: Kubernetes admission control (the foundation), Kyverno's architecture, the policy model (ClusterPolicy/Policy and rules), validation policies for enforcing standards, mutation for applying defaults, generation for provisioning companion resources, reporting and testing for safe audit-first adoption, how it compares to OPA/Gatekeeper and connects to image verification and the supply-chain stack, and operating Kyverno in production (including the webhook failure-mode trade-off). Ten focused chapters with real policies and clear diagrams that turn your standards into automatic, enforced guardrails.
Contents
- 1Preface
- 2Chapter 1 — What Kyverno Is
- 3Chapter 2 — Kubernetes Admission Control
- 4Chapter 3 — Architecture
- 5Chapter 4 — The Policy Model
- 6Chapter 5 — Validation Policies
- 7Chapter 6 — Mutation Policies
- 8Chapter 7 — Generation Policies
- 9Chapter 8 — Reporting and Testing
- 10Chapter 9 — Ecosystem and Comparison
- 11Chapter 10 — Operating Kyverno and Putting It Together