II.
Definition overview
Reference · livedefinition:krate-policy-model
Krate Policy Resource Model overview
Inspect the raw attributes, linked wiki pages, and inbound or outbound graph edges for definition:krate-policy-model.
Attributes
displayName
Krate Policy Resource Model
authoredAt
2026-05-10T00:00:00Z
text
The resource kinds governing policy enforcement within Krate,
implemented via Kyverno and custom admission webhooks:
PolicyProfile: Org-scoped bundle of policies applied to all
resources within an organization. Profiles compose multiple
PolicyTemplates with org-specific parameter values.
PolicyTemplate: Reusable, parameterized policy definition.
Templates are cluster-scoped and can be shared across orgs.
Examples: allowed-container-registries, required-labels,
resource-quota-limits, agent-tool-allowlist.
PolicyBinding: Associates a PolicyTemplate with a target scope
(org, team, repo, or agent stack) and supplies parameter values.
PolicyException: Temporary or permanent exemption from a specific
policy for a specific resource. Requires org-admin approval and
has an optional expiry.
AdmissionPolicy: Low-level Kyverno ClusterPolicy wrapper that
Krate generates from PolicyProfile/PolicyTemplate combinations.
Not typically created directly by users.
Policies are enforced at admission time (blocking non-compliant
resource creation) and via background scanning (reporting existing
resources that violate newly applied policies).
status
canonical
Outgoing edges
applies_to2
- domain:platform-engineering·DomainPlatform Engineering
- domain:security·DomainSecurity
supports4
- tool:kubernetes·ToolKubernetes
- tool:kyverno·ToolKyverno
- skill-area:policy-as-code·SkillArea
- skill-area:platform-engineering·SkillArea
Incoming edges
None.