Nirmata donates Kyverno, the Native Kubernetes Policy Engine, to the CNCF

Nirmata donates Kyverno, the Native Kubernetes Policy Engine, to the CNCF

Nirmata, a leading provider of the popular Kubernetes management platform, has announced today that the Cloud Native Computing Foundation (CNCF) has accepted the company’s innovative and increasingly popular native Kubernetes policy engine — Kyverno, as a latest Sandbox project.

Kyverno (which means “governance” in Greek) is designed as a Kubernetes policy engine. With Kyverno, policies are managed as Kubernetes resources and no new language is required to write policies. This allows cluster administrators to use familiar tools such as kubectl, Git, and kustomize to manage policies. Kyverno policies can validate, mutate, and generate Kubernetes resources. Using Kyverno, admins can define policies to ensure that applications deployed in the cluster are compliant and follow security and configuration best practices.

Key features include:

Admission Controls

Kyverno runs as a validating and mutating webhook that works with the Kubernetes API server to provide configuration security and block invalid and non-compliant configurations.

Background scanning

Kyverno periodically scans all resources and generates a policy report for each namespace and for cluster-wide resources.

Declarative management

Like Kubernetes, Kyverno policies are stored as YAML or JSON manifests. This enables a “policy-as-code” approach, allowing platform teams to manage Kubernetes policies in the same manner as other Kubernetes resources.

Automated rules for pod controllers

As a Kubernetes policy engine, Kyverno automatically generates rules for pod controllers from pod policies, making it easier to manage Kubernetes policies at scale.

Validation using overlays

To validate configurations, Kyverno allows writing a YAML fragment that is used to match specification of incoming resources. This familiar syntax is similar to Kustomize overlays and easy to learn for any Kubernetes resource.

Flexible patch strategies

To modify resources Kyverno supports RFC 6902 JSON patch, as well as a Strategic Merge Patch used by kubectl and Kustomize.

Dynamic config generation

Kyverno supports flexible triggers to automate dynamic generation of new configuration resources, enabling a number of use cases that previously required manual intervention from operations teams.

Synchronization across namespaces

Kyverno can automatically synchronize configuration changes across namespaces, allowing automated propagation of changes from a common source.

Why are we donating Kyverno to the CNCF?

In order to ensure compliance and apply best practices, Kubernetes policy engines are critical for enterprise Kubernetes management. The complexity and learning-curve of solutions which require a new language and foreign tools has hindered adoption. Kyverno simplifies Kubernetes policy management and allows admins to manage policies and reports as native resources. As part of CNCF, we expect broader adoption of Kyverno and we also believe that it will lead to broader participation from the community.

Will Nirmata continue to support Kyverno?

Yes. Our goal at Nirmata is to accelerate the adoption of Kubernetes by enterprise DevOps teams. With Kyverno, Nirmata has applied that same design principles of simplicity to allow cluster administrators to manage complex configurations across their fleet of clusters. Nirmata will continue to support Kyverno by addressing challenges involved in managing policies and reporting and visualizing violations across clusters.

In addition, Nirmata will also provide enterprise grade support for companies interested in adopting Kyverno and looking for commercial support.

Where can I learn more about Kyverno as a Kubernetes policy engine?

Below are some popular resources to learn more about Kyverno:

How can I contribute to Kyverno?

What features are planned for Kyverno?

Some major planned major features are:

  • Lookup API resources (#1105)
  • Javascript for complex validation (#1189)
  • High availability deployments (#1214)
  • Reorganize samples
  • Kyverno playground

You can view roadmap details at:

Nirmata delivers consistent hybrid cloud Kubernetes with Amazon EKS Distro
Nutanix Karbon and Nirmata bring flexible developer experience to the Enterprise
No Comments

Sorry, the comment form is closed at this time.