Kyverno

“Kyverno allows platform engineers to automate security, compliance, and best practices validation and deliver secure self-service to application teams.” (kyverno.io)

In Kubernetes environments, Kyverno policies can validate, mutate, generate, and clean up any resource (even custom resources). However, it’s essential that each policy is structurally valid before being applied, which is where CUE and the Central Registry come in. The curated cue.dev/x/kyverno module helps validate that your policies conform to Kyverno’s expected structure – before you deploy them.

The module contains multiple packages, each dedicated to a single type of Kyverno policy – such as:

import (
	policy "cue.dev/x/kyverno/policy/v1"
	clusterpolicy "cue.dev/x/kyverno/clusterpolicy/v1"
)

The Central Registry’s documentation lists the full set of packages and policy types that can be validated.

Learn more with:

• Checking existing Kyverno policy files using CUE
• Validating several Kyverno policy files
• Getting started with Kyverno + CUE
• The Central Registry’s module documentation