Kyverno & Admission Policies

PolicyReports, validate/mutate/generate rules, and blocked pods — find the policy layer before changing workloads.

Try before you buy

One warm-up card and one scenario from Kyverno & Admission Policies — full sessions unlock after purchase.

FoundationWarm-up

Warm-up: audit vs Enforce policy mode?

AnswerFoundation

Audit logs violations; Enforce blocks admission — test in Audit first.

ScenarioLevel 2

Generate rule not creating Resource

Expected NetworkPolicy missing in new namespace.

Terminal

$ kubectl get netpol -n new-ns
No resources found

Kyverno denied the Pod — where is the policy decision recorded?

Press 1–4 to choose