Enforce security and best practices on Kubernetes — validate, mutate, and generate resources with policies written in YAML.

Welcome to Kyverno: Policy as Code for Kubernetes.

Kyverno is a Kubernetes-native policy engine: it validates, mutates, and generates resources according to rules you write as Kubernetes YAML — no new language to learn — so you can enforce security and best practices automatically. This free book teaches it from the ground up: Kubernetes admission control (the foundation), Kyverno's architecture, the policy model (ClusterPolicy/Policy and rules), validation policies for enforcing standards, mutation for applying defaults, generation for provisioning companion resources, reporting and testing for safe audit-first adoption, how it compares to OPA/Gatekeeper and connects to image verification and the supply-chain stack, and operating Kyverno in production (including the webhook failure-mode trade-off). Ten focused chapters with real policies and clear diagrams that turn your standards into automatic, enforced guardrails.

This title is part of the ShriIra library and is free to read in full, right here — our small contribution to making world-class knowledge easy to reach.

A note on reading it: open the Contents menu at the top of the reader to jump between chapters, use the Aa menu to set a comfortable text size, theme (light, sepia, or night), and single- or two-page layout. Your place is saved automatically, so you can always pick up where you left off.

We hope it serves you well.

— Shriira Press

Contents

1. Chapter 1 — What Kyverno Is
2. Chapter 2 — Kubernetes Admission Control
3. Chapter 3 — Architecture
4. Chapter 4 — The Policy Model
5. Chapter 5 — Validation Policies
6. Chapter 6 — Mutation Policies
7. Chapter 7 — Generation Policies
8. Chapter 8 — Reporting and Testing
9. Chapter 9 — Ecosystem and Comparison
10. Chapter 10 — Operating Kyverno and Putting It Together