CNCF Accepts Kyverno as the Latest Sandbox Project


Nirmata, a Kubernetes operation and management platform, has announced that CNCF has accepted Kyverno, its Kubernetes-based policy engine, at the sandbox level. Kyverno is described on its official website as a policy engine designed for Kubernetes. With Kyverno, policies are managed as Kubernetes resources, and no new language is required to write policies.

Policy engines are crucial for enterprise Kubernetes management
Policy engines are crucial for enterprise Kubernetes management
Key Facts
  1. 1

    Kyverno is a Greek word meaning “Governance.” The Kubernetes-native policy engine allows cluster administrators to manage policies using familiar tools like Git, Kubectl, and Kustomize.

  2. 2

    Kyverno helps create policies and runs as a validating and mutating webhook aligned with the Kubernetes API server to provide configuration security.

  3. 3

    It can mutate as well as generate resources, which allows users to do fine-grained configuration management, not possible manually.

  4. 4

    Nirmata hopes that Kyverno can significantly increase the worldwide use of Kubernetes policy. Many people hesitate to implement Kubernetes policies due to their complexity.

  5. 5

    In the future, Kyverno hopes to collaborate with other CNCF sandbox projects like cert-manager.


Nirmata announced the news of the acceptance of Kyverno by CNCF in its official blog post. The post said that the decision to donate Kyverno was taken to promote the adoption of Kubernetes policies. Policy engines are crucial for enterprise Kubernetes management, but their complexity and learning curve hinder many from adopting it.

Kyverno comes with a host of features, including:

  • Admission controls: To provide configuration security and block invalid and non-compliant configurations.
  • Background scanning: Regularly scans all resources and creates a policy report for each namespace and cluster-wide resources.
  • Automated rules for pod controllers: Uses pod policies to automatically generate rules for pod controllers, making Kubernetes policy management easier.
  • Dynamic generation of new configurations: It helps enable several use cases by supporting flexible triggers for automatic dynamic regeneration of new configuration resources.
  • Synchronize configuration across namespaces: Kyverno allows automatic propagation of changes from a common source by automatically synchronizing configuration changes across namespaces.

Security seems one of the main concerns of enterprises that have already adopted this Kubernetes. Several companies are building tools to resolve critical security issues in Kubernetes. Just like Kyverno helps in securing Kubernetes, there are several other tools like Kube-bench, Kube-hunter, and Project Calico that help in securing networking issues in Kubernetes.

To ensure compliance and apply best practices, policy engines are critical for enterprise Kubernetes management. The complexity and learning-curve of solutions that require a new language and foreign tools have hindered adoption. Kyverno simplifies Kubernetes policy management and allows admins to manage policies and reports as native resources.
Jim Bugwadia
Co-founder and CEO, Nirmata

Get similar stories in your inbox weekly, for free

Is this news interesting? Share it with your followers

Latest stories

What You Should Know About Serverless Databases

Serverless databases are used by organizations that are either fully transitioned or are still transitioning …

200 Million Certificates in 24 Hours

Let's Encrypt has been providing free Certificate Authority (CA) for websites in need of them …

Gatling VS K6

Gatling and K6 are performance load testing tools, and they are both open source, easy …

Red Hat Ansible Platform 1 vs 2; What’s the Difference?

Red Hat Ansible is a platform used by enterprises to manage, unify and execute infrastructure …

Domino Data Labs Raised $100 Million in the Latest Funding Round

Culled from the news released by Domino Data labs on funding and the company's progress …

New Release: The Microsoft Azure Purview Is Now Available on General Availability

News report detailing the announcement of the release of Azure purview on GA