Policy enforcement for Kubernetes

Define security, compliance, and operational policies as code. Automated enforcement across all your clusters.

Read documentation Install kspec

Security by default

Enforce pod security standards, image policies, network segmentation, and RBAC rules automatically across your fleet.

Compliance guardrails

Meet regulatory requirements with declarative policies. Track compliance status in real-time with automated reports.

Multi-cluster

Manage policies across development, staging, and production. Single source of truth for your entire fleet.

How it works

Three simple steps to secure your clusters

STEP 1

Define policies

Create ClusterSpecification resources with your security, compliance, and operational requirements.

apiVersion: kspec.io/v1alpha1
kind: ClusterSpecification
metadata:
  name: production-spec
spec:
  enforcementMode: enforce
  policies:
    - id: pod-security
      severity: high

STEP 2

Controller enforces

kspec controller translates your specs into Kyverno policies and admission webhooks.

Policies created

Webhooks configured

Real-time enforcement

STEP 3

Monitor compliance

View compliance reports, drift detection, and audit logs in real-time.

Compliance Score

98.5%

3 clusters monitored

Ready to secure your clusters?

Get started with kspec in minutes. Free and open source.

View documentation See what's new