Kyverno policies are Kubernetes resources and there is no new language to learn. Kyverno can block insecure and non-compliant configurations during admission controls, report violations, and automate resource generation using dynamic triggers.
In complex systems, policies drive autonomy and alignment across roles. Kubernetes policies establish a digital contract across developers and operations teams.
The Nirmata platform provides a unified Kubernetes management plane, and Kyverno started life as a module in the platform. Kyverno was moved into the Kubernetes control plane once custom resource definitions and admission control webhooks were supported by Kubernetes.
To make it easy to secure and manage any Kubernetes cluster, Nirmata open sourced Kyverno under an Apache v2 license, and donated Kyverno to the CNCF in November of 2020. Nirmata continues to build the community and grow Kyverno by developing new features and capabilities.
3 million plus downloads
Benefits of Kyverno
Kyverno, a Kubernetes-native policy engine, solves several common problems with managing Kubernetes clusters at scale and enables clear separation of concerns across developers and operators.
Kyverno policies are easy to write and manage, and learning a complex new language is not required. Like native resources, Kyverno policies are declarative and since Kyverno is focused on Kubernetes it leverages Kubernetes patterns and best practices and hence is intuitive to use.
Kyverno makes Kubernetes secure by default and provides a more flexible alternative for pod security. When applied with other Policy-as-Code best practices, Kyverno helps enable secure self-service for developers to drive agility and increase productivity.
Check resource configurations for security and compliance. For example, enforce pod security or ensure cloud-native best practices.