CNCF Accepts Kyverno as the Latest Sandbox Project


Nirmata, a Kubernetes operation and management platform, has announced that CNCF has accepted Kyverno, its Kubernetes-based policy engine, at the sandbox level. Kyverno is described on its official website as a policy engine designed for Kubernetes. With Kyverno, policies are managed as Kubernetes resources, and no new language is required to write policies.

Policy engines are crucial for enterprise Kubernetes management
Policy engines are crucial for enterprise Kubernetes management
Key Facts
  1. 1

    Kyverno is a Greek word meaning “Governance.” The Kubernetes-native policy engine allows cluster administrators to manage policies using familiar tools like Git, Kubectl, and Kustomize.

  2. 2

    Kyverno helps create policies and runs as a validating and mutating webhook aligned with the Kubernetes API server to provide configuration security.

  3. 3

    It can mutate as well as generate resources, which allows users to do fine-grained configuration management, not possible manually.

  4. 4

    Nirmata hopes that Kyverno can significantly increase the worldwide use of Kubernetes policy. Many people hesitate to implement Kubernetes policies due to their complexity.

  5. 5

    In the future, Kyverno hopes to collaborate with other CNCF sandbox projects like cert-manager.


Nirmata announced the news of the acceptance of Kyverno by CNCF in its official blog post. The post said that the decision to donate Kyverno was taken to promote the adoption of Kubernetes policies. Policy engines are crucial for enterprise Kubernetes management, but their complexity and learning curve hinder many from adopting it.

Kyverno comes with a host of features, including:

  • Admission controls: To provide configuration security and block invalid and non-compliant configurations.
  • Background scanning: Regularly scans all resources and creates a policy report for each namespace and cluster-wide resources.
  • Automated rules for pod controllers: Uses pod policies to automatically generate rules for pod controllers, making Kubernetes policy management easier.
  • Dynamic generation of new configurations: It helps enable several use cases by supporting flexible triggers for automatic dynamic regeneration of new configuration resources.
  • Synchronize configuration across namespaces: Kyverno allows automatic propagation of changes from a common source by automatically synchronizing configuration changes across namespaces.

Security seems one of the main concerns of enterprises that have already adopted this Kubernetes. Several companies are building tools to resolve critical security issues in Kubernetes. Just like Kyverno helps in securing Kubernetes, there are several other tools like Kube-bench, Kube-hunter, and Project Calico that help in securing networking issues in Kubernetes.

To ensure compliance and apply best practices, policy engines are critical for enterprise Kubernetes management. The complexity and learning-curve of solutions that require a new language and foreign tools have hindered adoption. Kyverno simplifies Kubernetes policy management and allows admins to manage policies and reports as native resources.
Jim Bugwadia
Co-founder and CEO, Nirmata

Get similar news in your inbox weekly, for free

Share this news:

Latest stories

How ManageEngine Applications Manager Can Help Overcome Challenges In Kubernetes Monitoring

We tested ManageEngine Applications Manager to monitor different Kubernetes clusters. This post shares our review …

AIOps with Site24x7: Maximizing Efficiency at an Affordable Cost

In this post we'll dive deep into integrating AIOps in your business suing Site24x7 to …

A Review of Zoho ManageEngine

Zoho Corp., formerly known as AdventNet Inc., has established itself as a major player in …

Should I learn Java in 2023? A Practical Guide

Java is one of the most widely used programming languages in the world. It has …

The fastest way to ramp up on DevOps

You probably have been thinking of moving to DevOps or learning DevOps as a beginner. …

Why You Need a Blockchain Node Provider

In this article, we briefly cover the concept of blockchain nodes provider and explain why …

Top 5 Virtual desktop Provides in 2022

Here are the top 5 virtual desktop providers who offer a range of benefits such …

Why Your Business Should Connect Directly To Your Cloud

Today, companies make the most use of cloud technology regardless of their size and sector. …

7 Must-Watch DevSecOps Videos

Security is a crucial part of application development and DevSecOps makes it easy and continuous.The …