II.
Tool overview
Reference · livetool:kyverno
Kyverno overview
Kubernetes-native policy engine that uses admission webhooks to validate, mutate, and generate resources based on declarative policies written as Kubernetes CRDs. Unlike OPA/Gatekeeper which requires learning Rego, Kyverno policies are expressed as familiar YAML with pattern matching and overlay semantics. In Krate, Kyverno enforces org-level PolicyProfiles — controlling which container images agents can use, what RBAC bindings are permitted, resource quota enforcement, and security baseline compliance. Supports policy reports, background scanning, and exception management.
Attributes
displayName
Kyverno
homepageUrl
kind
policy-engine
description
Kubernetes-native policy engine that uses admission webhooks to
validate, mutate, and generate resources based on declarative
policies written as Kubernetes CRDs. Unlike OPA/Gatekeeper which
requires learning Rego, Kyverno policies are expressed as familiar
YAML with pattern matching and overlay semantics. In Krate,
Kyverno enforces org-level PolicyProfiles — controlling which
container images agents can use, what RBAC bindings are permitted,
resource quota enforcement, and security baseline compliance.
Supports policy reports, background scanning, and exception
management.
Outgoing edges
alternative_to1
- tool:grafana·ToolGrafana
belongs_to_language1
- language:go·LanguageGo
tool_used_by3
- skill-area:policy-as-code·SkillArea
- skill-area:platform-engineering·SkillArea
- skill-area:container-security·SkillArea
Incoming edges
composed_of1
- stack-profile:krate-platform·StackProfileKrate Platform Stack (K8s, Go, TypeScript, Postgres, Helm, ArgoCD)
integrates_with2
- platform:krate·Platform
- platform-service:krate-policy·PlatformServiceKrate Policy Engine
supports1
- definition:krate-policy-model·DefinitionKrate Policy Resource Model