Kyverno Completes Third-Party Security Audit
Tuesday, November 28, 2023 in General
The Kyverno project is pleased to announce the completion of its third-party security audit. The audit was conducted by Ada Logics in collaboration with the Kyverno maintainers, the Open Source Technology Improvement Fund and was funded by the Cloud …
Kyverno 1.11 Released
Thursday, November 16, 2023 in Releases
The Kyverno team is delighted to share a new Kyverno release, v1.11! This release marks a significant milestone for Kyverno, with an extensive development period of around five months, including eight pre-releases and the merging of over 500 pull …
Using CEL Expressions in Kyverno Policies
Monday, November 13, 2023 in General
Kyverno, in simple terms, is a policy engine for Kubernetes that can be used to describe policies and validate resource requests against those policies. It allows us to create policies for our Kubernetes cluster on different levels. It enables us to …
Applying Validating Admission Policies using Kyverno CLI
Wednesday, October 04, 2023 in General
The Kyverno Command Line Interface (CLI) allows applying policies outside of Kubernetes clusters and can validate and test policy behavior prior to adding them to a cluster. The two commands used for testing are apply and test: The apply command is …
Kyverno Completes Fuzzing Security Audit
Wednesday, September 06, 2023 in General
Kyverno, a CNCF policy engine for Kubernetes, is happy to announce the completion of its fuzzing security audit. The audit was carried out by Ada Logics and is part of an initiative by the CNCF to bring fuzzing to the CNCF landscape; Fuzzing is an …
Verifying images in a private Amazon ECR with Kyverno and IAM Roles for Service Accounts (IRSA)
Friday, August 18, 2023 in General
When running workloads in Amazon Elastic Kubernetes Service (EKS), it is essential to ensure supply chain security by verifying container image signatures and other metadata. To achieve this, you can configure Kyverno, a CNCF policy engine designed …
Simplifying OpenShift MachineSet Management Using Kyverno
Friday, July 28, 2023 in General
(Guest post from Red Hat Distinguished Architect, Andrew Block) Managing infrastructure in a declarative fashion is one of the core principles that should be adopted when operating in any environment. In OpenShift, this paradigm for managing the …
Using Kyverno with Pod Security Admission
Monday, June 12, 2023 in General
Pod Security Admission (PSA) is the built-in successor to Kubernetes PodSecurityPolicy (PSP) and is enabled by default starting in v1.23, graduating to stable in v1.25, the same version where PSP was finally removed. PSA is different from PSP in many …
Let's Play Kyverno
Sunday, June 04, 2023 in General
Foreword “Kyverno is a policy engine designed specifically for Kubernetes." While this approach makes it very easy to use Kyverno in its intended environment, it is sometimes difficult to explain and present the capabilities when that …
Kyverno 1.10 Released
Tuesday, May 30, 2023 in Releases
The Kyverno team are proud to announce the release of Kyverno 1.10, a minor release in terms of version number but a major release in every other regard. With around four months in the making and after four pre-releases and nearly 500 pull requests …