Kubernetes CRD: kyverno.io

"Kyverno allows platform engineers to automate security, compliance, and best practices validation and deliver secure self-service to application teams." (kyverno.io)

In Kubernetes environments, Kyverno policies can validate, mutate, generate, and clean up any resource (even custom resources). However, it’s essential that each policy is structurally valid before being applied, which is where CUE and the Central Registry come in. This module helps validate that your policies conform to Kyverno’s expected structure before you deploy them.

This module contains multiple packages, each dedicated to a single type of Kyverno policy. To use them, add import statements for the appropriate policy types to your CUE:

import (
    policy "cue.dev/x/kyverno/policy/v1"
    clusterpolicy "cue.dev/x/kyverno/clusterpolicy/v1"
)

The Central Registry's documentation lists the full set of packages and policy types that can be validated.

Learn more with:

• Checking existing Kyverno policy files using CUE
• Validating several Kyverno policy files
• Getting started with Kyverno + CUE
• The Central Registry's module documentation