This year’s KubeCon + CloudNativeCon North America 2022 (KCNA) brought a lot of firsts and advancements in knowledge and awareness of the importance of policies for security, governance and automation in Kubernetes clusters.

Heading into KCNA, we were riding the wave of great Kyverno progress. Mid-year, Kyverno moved to CNCF incubation, reached over 3k stars, and over 500 million downloads. Kyverno 1.8 was released with new features and functionality, optimizations, performance, and other improvements for strict or high-scale environments.

Ecosystem partnerships with organizations such as Linkerd (Buoyant), Crossplane (Upbound), ArgoCD (Akuity), Sigstore (Chainguard) are enabling a broader enterprise solution for organizations. Further, Kyverno is being used in production environments at organizations such as Sony, Williams Sonoma, and Deutsche Telecom. Understanding the need for Kubernetes policies and governance while taking the next steps to add this important functionality into an organization’s Kubernetes environments has shown that K8s policy and governance has truly crossed the Chasm!

 

The Kyverno and Nirmata team was in full-force at KCNA delivering presentations, holding Kyverno workshops, and having conversations on the current state of Kubernetes automation, policies, and governance.

 

This KubeCon was one of the largest ever with multiple co-located events that supported the main conference. Security was a top topic with 22 sessions + 1 keynote during the main KubeCon event, 15 presentations at SigStoreCon, 26 presentations at GitOpsCon, and 35 presentations at CloudNativeSecurityCon. Other Day-0 events had a security focus: Application Networking Day, EnvoyCon, Policy Day with OPA, ServiceMeshCon, and more, reflecting the wide interest in cloud-native security topics. And this KubeCon brought the first SigStoreCon aimed to help organizations accelerate a secure software supply chain.

As this dashboard from EMA research shows, security is top of mind for KubeCon attendees. And, from our vantage point Kyverno policies are becoming recognized as the right way to secure and automate Kubernetes configurations!

Presentations on Kyverno and Kubernetes Policy and Governance

To kickoff KubeCon, Shuting Zhao, a Staff Engineer at Nirmata who is also a co-creator and maintainer of Kyverno, made a keynote appearance where she introduced Kyverno and provided key project updates to the over 7000 live attendees!

 

Chip Zoller, a Technical Product Manager at Nirmata, who is also a Kyverno maintainer, ran a packed workshop on Kyverno!

 

 

Jim Bugwadia, CEO of Nirmata and a Kyverno maintainer, participated in a panel discussion available on YouTube – Securing the Golden Path: Adding Guardrails For Developers Without Getting in Their Way! In this discussion, the topic of supporting developers who need to quickly respond to changing market needs was the focus. As Jim said in the talk, “It’s interesting seeing the evolution where you would wait for your build overnight to now getting results in a matter of minutes. To deliver faster you need to create the right developer experience with the right security guardrails in place such as policies and governance and which is transparent to developers.” 

The “Golden Path,” according to Jim, is getting from zero to production in a secure compliant manner with recipes which can be followed that have the proper guardrails in place, along with the flexibility needed by developers.

GitOpsCon covered a variety of topics. Jim Bugwadia with Anvi Sharma from Intuit presented on Policy-Based GitOps: How Policies Can Help Secure and Automate GitOps Workflows. In this presentation, Anvi shared what is not working well in cloud native environments: Security is complex, developers need self-service with guardrails to prevent misconfigurations and to standardize workflows, and automation across multiple projects and workflows is tricky. 

Jim shared how policies can help, as they are the contract for DevSecOps to prevent misconfigurations and to automate security concerns. 

The goals we set out to solve in our DevSecOps environment (and with Kyverno) is to secure and have self-service clusters, use standard tools, and automate end-to-end.

The panel discussion – Say Hi to the New Couple in the Town – DockerSlim and Kyverno – Making Your Kubernetes Workloads More Secure! started with a detailed description on the need for policies in current Kubernetes environments and followed with how Kyverno simplifies Kubernetes environments by making policies easy to write and manage, easy to process, by providing validation and image verification, and by supporting all Kubernetes types.

The presentation by Jim at SigStoreCon on Securing Kubernetes Manifests with Sigstore and Kyverno demonstrated the use cases and implementation for securing Kubernetes resource manifests (YAMLs) by signing with Cosign and verifying with Kyverno policies.

KCNA produced much more great content on Kubernetes security, governance, and policy. As these videos are published on YouTube, we’ll update this blog and share the links on social media.

We also had a blast at the Nirmata and Kyverno booths meeting with our community and customers!

Kyverno and Nirmata team in the booth with Kyverno users

So what’s next for you?

Get involved! There are many options depending on where you or your organization is in their Kubernetes policy and governance journey.

• Take the Cloud native policy and governance usage 2022 survey. Nirmata launched this at KCNA and will leave the survey open through November. In January, we’ll share the data and results with you highlighting the trends in awareness and adoption of Kubernetes policy and governance.
• Download the ebook Guide to Kubernetes Policy Management. If policy management is something you or your organization is looking at, read the white paper which offers actionable advice to automate and embed security into the core of your Kubernetes build and deployment processes to secure your Kubernetes-based workloads.
• Join the conversation on Kyverno Slack. Over 1,400 Kyverno community members join to ask questions and share best practices with over 75% of the channel members participating in the conversation!
• Reach out to us. Any one of the team members are delighted to get on the phone with you to discuss where you are in your Kubernetes policy and governance journey and how Kyverno or Nirmata Policy Manager for Kubernetes (built on Kyverno) can help you meet your security goals.

And, next for us…

We will be at CloudNativeSecurityCon in February. Details to be announced soon. 

We will then go to Amsterdam in April to support the Kyverno community and project.

Then onto KubeCon North America in Chicago in November 2023.

In between, expect DevOpsDays, Kubernetes Community Days, and webinars. Information will be published on our website.

Meanwhile, if you want to learn more on streamlining your operations for Kubernetes clusters, why not request a complimentary demo? Do that here with Nirmata!

#PolicyMatters