🗂️ Navigation
📁 GitOps
📋 Argo Rollouts
🔧 Kyverno

Kyverno

Kubernetes Native Policy Management.

Visit Website →

Overview

Kyverno is a policy engine designed specifically for Kubernetes. It allows you to manage and enforce policies for your clusters as Kubernetes resources, without using a new language like Rego. In an Argo CD context, Kyverno acts as a dynamic admission controller to validate, mutate, or generate configurations, ensuring that any resource deployed by Argo CD adheres to defined security and best practice policies.

✨ Key Features

  • Kubernetes-native (policies are Kubernetes resources)
  • No new policy language (uses YAML)
  • Validate, Mutate, Generate, and Verify policies
  • Policy reporting

🎯 Key Differentiators

  • Kubernetes-native design; policies are just CRDs
  • No new language to learn (uses familiar YAML)
  • Easier to get started with for Kubernetes users

Unique Value: Lowers the barrier to entry for policy-as-code on Kubernetes, allowing teams using Argo CD to easily enforce security and best practices without learning a complex new language.

🎯 Use Cases (4)

Enforcing security best practices (e.g., no root containers) Adding required labels or annotations to resources Blocking non-compliant resources from being created Validating resource configurations

✅ Best For

  • Declarative policy enforcement for Kubernetes
  • Simplifying policy management for Kubernetes administrators

💡 Check With Vendor

Verify these considerations match your specific requirements:

  • Policy enforcement outside of Kubernetes
  • Environments that require the logical power of a full programming language for policies

🏆 Alternatives

Open Policy Agent (OPA)/Gatekeeper

Is simpler and more intuitive for Kubernetes-native use cases than OPA, but OPA is a more general-purpose engine that can be used across the entire stack.

💻 Platforms

Self-hosted

✅ Offline Mode Available

🔌 Integrations

Argo CD Kubernetes Flux CD Prometheus

💰 Pricing

Contact for pricing
Free Tier Available

Free tier: Open source, free to use.

Visit Kyverno Website →

🔄 Similar Tools in Argo Rollouts

Codefresh

A continuous delivery platform built on Argo for GitOps and progressive delivery....

Contact

Harness

An end-to-end platform for intelligent software delivery, including CI, CD, and Cloud Costs....

Contact

GitLab

A single application for the entire DevOps lifecycle....

$29.00/mo

Datadog

A monitoring and security platform for cloud applications....

$15.00/mo

Prometheus

An open-source monitoring and alerting toolkit....

Contact

Grafana

An open-source platform for monitoring and observability....

$20.00/mo