kyverno

Set of tools to manage the complete Policy-as-Code (PaC) lifecycle for Kubernetes and other cloud native environments

Kyverno policies are declarative YAML resources and no new language is required. Kyverno enables use of familiar tools such as kubectl, git, and kustomize to manage policies. Kyverno supports JMESPath and the Common Expressions Language (CEL) for efficient handling of complex logic.

In Kubernetes environments, Kyverno policies can validate, mutate, generate, and cleanup any Kubernetes resource, including custom resources. To help secure the software supply chain Kyverno policies can verify OCI container image signatures and artifacts. Kyverno policy reports and policy exceptions are also Kubernetes API resources.

The Kyverno CLI can be used to apply and test policies off-cluster e.g., as part of an IaC and CI/CD pipelines.

secops

https://kyverno.io

arm64 amd64

Installation

1. Add WakeMeOps repository

curl -sSL https://raw.githubusercontent.com/upciti/wakemeops/main/assets/install_repository | sudo bash

2. Install kyverno

sudo apt install kyverno

Snippets

DockerfileGithub Action

FROM wakemeops/minideb:bullseye

RUN install_packages \
    kyverno=1.13.4*

USER 1001

- name: Install dependencies
  uses: upciti/wakemeops-action@v1
  with:
    packages: |
      kyverno=1.13.4*

Download URLs

amd64arm64

Version	SHA256	Size (KB)
1.13.4	`a6d0db834acfbe27b8ad23595d513e2e4d24e66dc1851ed291820108d35b932b`	22752
1.13.3	`245a4eb3ea088d8ece215733d7366a6dcd0cbd97de50d2a6d2dcff334f155840`	22739
1.13.2	`7f257f0a9d985fb9dfe45f86f0443dd65761d53ccb00e0b650f2e986d9718276`	22723
1.13.1	`5c2507a59b98d485a2644901c0352d2e90fa715c5eba3aef16c138e5c2bf0356`	22723
1.13.0	`808747d1926a83962d222152f8182cdf3121fd6849d50e2e7794675b8ce961df`	22710
1.12.7	`d3544ad24ed5c619d59fcba6ed3a751697ee29f9046264133cefed4f0086b109`	21442
1.12.6	`70788b505d34ea166e0d8f4b09ba0ac314337b899136f187225a83e9b87bb02a`	21420

Version	SHA256	Size (KB)
1.13.4	`a851bc595cfcb940bbbff6840b474f6653fe20bf2e635d374399e6e54126d6e9`	19693
1.13.3	`8a454fb3ce7f280ea69e151879ed50fece948b1948262c6f79cd59f4c1ba045d`	19675
1.13.2	`28396f4d6ee8747f3efe3f55037274758a2d215ef8e7439853a405717e14c3a1`	19667
1.13.1	`33cc0f02ebbd0da044822a2c9ef6e3710c3efbd2775216b7ade1256ebda470f1`	19666
1.13.0	`badd8d8a2bdb7797cda63d3cd3d912bade5e80c3d3e4be25f91e283ddf1e752b`	19662
1.12.7	`1a33a130cb54c7b08d962c193f66fa062e423a3d30483d73c8762a1f735a457f`	18452
1.12.6	`90afe1adc6f133db87a6792a92d110dc31ab17c6c63e5e4fa7c18eeb9402dd91`	18438

Blueprints

Debian packages listed on this page are generated from op2deb YAML blueprints. Blueprints for kyverno are versioned here.

Click here to see kyverno ops2deb blueprints

https://github.com/upciti/wakemeops/blob/main/blueprints/secops/kyverno/ops2deb.yml

name: kyverno
matrix:
  architectures:
    - amd64
    - arm64
  versions:
    - 1.12.6
    - 1.12.7
    - 1.13.0
    - 1.13.1
    - 1.13.2
    - 1.13.3
    - 1.13.4
homepage: https://kyverno.io
summary: set of tools to manage the complete Policy-as-Code (PaC) lifecycle for Kubernetes
  and other cloud native environments
description: |-
  Kyverno policies are declarative YAML resources and no new language is
  required. Kyverno enables use of familiar tools such as kubectl, git, and
  kustomize to manage policies. Kyverno supports JMESPath and the Common
  Expressions Language (CEL) for efficient handling of complex logic.

  In Kubernetes environments, Kyverno policies can validate, mutate, generate,
  and cleanup any Kubernetes resource, including custom resources. To help secure
  the software supply chain Kyverno policies can verify OCI container image
  signatures and artifacts. Kyverno policy reports and policy exceptions are also
  Kubernetes API resources.

  The Kyverno CLI can be used to apply and test policies off-cluster e.g., as
  part of an IaC and CI/CD pipelines.
fetch:
  url: https://github.com/kyverno/kyverno/releases/download/v{{version}}/kyverno-cli_v{{version}}_linux_{{target}}.tar.gz
  targets:
    amd64: x86_64
install:
  - kyverno:/usr/bin/kyverno

The blueprint fetch keyword contains a URL template pointing to kyverno releases. Downloaded files are locked in a lockfile versioned here.

Click here to see kyverno release hashes

https://github.com/upciti/wakemeops/blob/main/blueprints/secops/kyverno/ops2deb.lock.yml

- url: https://github.com/kyverno/kyverno/releases/download/v1.12.6/kyverno-cli_v1.12.6_linux_arm64.tar.gz
  sha256: e48786d59b92f49007563c02c372e3f0204f79502e7e5b853e4ede37f483b27c
  timestamp: 2025-01-18 14:08:18+00:00
- url: https://github.com/kyverno/kyverno/releases/download/v1.12.6/kyverno-cli_v1.12.6_linux_x86_64.tar.gz
  sha256: 2586150b543b1418d85064872f73c81d82a94311bd51c5c2d9d7a26567aabef5
  timestamp: 2025-01-18 14:08:18+00:00
- url: https://github.com/kyverno/kyverno/releases/download/v1.12.7/kyverno-cli_v1.12.7_linux_arm64.tar.gz
  sha256: 4d707a321c8c981ab604767227c825b2cb3d5222e3eb7b003e111fa2c434972e
  timestamp: 2025-01-18 14:08:18+00:00
- url: https://github.com/kyverno/kyverno/releases/download/v1.12.7/kyverno-cli_v1.12.7_linux_x86_64.tar.gz
  sha256: 64c9c4f11c4ff4b5852fc9be4fbea7341937a3226d695798c1664f432893afab
  timestamp: 2025-01-18 14:08:18+00:00
- url: https://github.com/kyverno/kyverno/releases/download/v1.13.0/kyverno-cli_v1.13.0_linux_arm64.tar.gz
  sha256: 5b2a4d6746d19d1d14054ab018bdd84da90f10f789d354001d7ee306ec1ea254
  timestamp: 2025-01-18 14:08:18+00:00
- url: https://github.com/kyverno/kyverno/releases/download/v1.13.0/kyverno-cli_v1.13.0_linux_x86_64.tar.gz
  sha256: 3af2ae03f446299d000941f5c95e1821e548dad87917673a4321a2cb59411ba5
  timestamp: 2025-01-18 14:08:18+00:00
- url: https://github.com/kyverno/kyverno/releases/download/v1.13.1/kyverno-cli_v1.13.1_linux_arm64.tar.gz
  sha256: 029c47c644e12639dbd37a634e39ecc5ad754e8219d590fceb6d79ebbaac91ad
  timestamp: 2025-01-18 14:08:18+00:00
- url: https://github.com/kyverno/kyverno/releases/download/v1.13.1/kyverno-cli_v1.13.1_linux_x86_64.tar.gz
  sha256: d411a5f20c39b2b98a61cbb35743bf7bd0b4cacb569a0fd56a08a499b704f6e1
  timestamp: 2025-01-18 14:08:18+00:00
- url: https://github.com/kyverno/kyverno/releases/download/v1.13.2/kyverno-cli_v1.13.2_linux_arm64.tar.gz
  sha256: fc0e15f74c29d821f1b8e31147873f7fe77d759d0f6b82f27ecf48c52c27840f
  timestamp: 2025-01-18 14:08:18+00:00
- url: https://github.com/kyverno/kyverno/releases/download/v1.13.2/kyverno-cli_v1.13.2_linux_x86_64.tar.gz
  sha256: c0a85e8d8e855a879ddabbf19568fd80c3095a46f3f686cd4d2653cf0ab6601f
  timestamp: 2025-01-18 14:08:18+00:00
- url: https://github.com/kyverno/kyverno/releases/download/v1.13.3/kyverno-cli_v1.13.3_linux_arm64.tar.gz
  sha256: 1c9f5ba56720142a9b6a195b7e7254bf480ac9fc175cc7d44dffc84c338d46ed
  timestamp: 2025-02-06 12:10:31+00:00
- url: https://github.com/kyverno/kyverno/releases/download/v1.13.3/kyverno-cli_v1.13.3_linux_x86_64.tar.gz
  sha256: 30fbe8f6e5c11dca5d5512692822fa1e2fb6a0e1db07f763009d201977e3900c
  timestamp: 2025-02-06 12:10:31+00:00
- url: https://github.com/kyverno/kyverno/releases/download/v1.13.4/kyverno-cli_v1.13.4_linux_arm64.tar.gz
  sha256: 33ccb628b939f075bb8b7f35f5c6ce672cb6733d5748f4df196fa0ce1c67b4d2
  timestamp: 2025-02-08 09:06:07+00:00
- url: https://github.com/kyverno/kyverno/releases/download/v1.13.4/kyverno-cli_v1.13.4_linux_x86_64.tar.gz
  sha256: abd318dbb971ab6de2bbe3b7226f4a03230d5c9c651df8a29b6b5e085a55aeeb
  timestamp: 2025-02-08 09:06:07+00:00

Badge

MarkdownHTMLRST

[![WakeMeOps](https://docs.wakemeops.com/badges/kyverno.svg)](https://docs.wakemeops.com/packages/kyverno)

<a href="https://docs.wakemeops.com/packages/kyverno">
  <img src="https://docs.wakemeops.com/badges/kyverno.svg"/>
</a>

.. image:: https://docs.wakemeops.com/badges/kyverno.svg
:target: https://docs.wakemeops.com/packages/kyverno