#kyverno talk at #kubecon hall 5 is packed. To bad the speaker did not show up 😬🤷‍♂️🤦‍♂️

But each MCP implements its own logic, leading to duplication of authz logic.
Interestingly, that's an issue we've been discussing at @payfiteng.bsky.social over the past couple weeks, so I'm super happy to be at this talk!

This is where #Kyverno and the #AgentGateway come in.

Kyverno Achieves Graduation from Cloud Native Computing Foundation, Signifying Growth and Adoption Kyverno has graduated from the Cloud Native Computing Foundation, marking a significant milestone in enterprise adoption and governance for Kubernetes environments.

Kyverno Achieves Graduation from Cloud Native Computing Foundation, Signifying Growth and Adoption #None #Kubernetes #CNCF #Kyverno

KubeCon + CloudNativeCon Europe 2026 Co-located Event: KyvernoCon Europe. Policy as code hexagon illustration at the top of a road with "code" and "check" labeled going down it.

Scaling Kubernetes with automated guardrails?

KyvernoCon at KubeCon + CloudNativeCon EU covers policy as code, security, and governance for platform engineering in the AI era.

Read the deep dive from co-chairs Cortney Nickerson & Shuting Zhao:
https://bit.ly/4rDeDsM

#KubeCon #CloudNative #Kyverno

Vetting Kubernetes configuration with Kyverno prior to deployment Kyverno is a policy-as-code tool for Kubernetes that enforces state-based policy constraints, which can be used with ConfigHub.

Congrats to the Kyverno project for achieving graduated status in the CNCF.

I wrote a post about Kyverno and how to use it to vet Kubernetes configuration prior to deployment, and how to use Kyverno with ConfigHub.

medium.com/@bgrant0607/...

#Kubernetes #Kyverno #PolicyAsCode

Fairwinds Insights Release Notes: Kyverno Integration & GPU Metrics We’ve expanded Fairwinds Insights to give platform and operations teams deeper visibility into both policy posture and infrastructure metrics and costs.

Fairwinds Insights integrations with Kyverno keep getting better. Recent releases add richer policy type support, unmanaged policy visibility, better admissions data, and clearer labels.
Read our rollup of the latest updates:
www.fairwinds.com/blog/fairwin...
#Kubernetes #Kyverno

Kyverno a tué mon API Server. Encore. Le retour de la vengeance Vous avez peut-être lu mon article précédent sur etcd il y a 3 ans. Si vous vous en souvenez bien, le crash, c’était etcd, mais le vrai coupable, c’était Kyverno. J’adore Kyv...

#Kyverno a tué mon API Server #Kubernetes. Encore.

blog.zwindler.fr/2026/02/26/k...

Безопасность Kubernetes: полный гайд для начинающих или как не повторить ошибку Tesla Kubernetes взламывают не «эксплой...

#kubernetes #безопасность #devsecops #rbac #секреты #pod #security #checkov #kyverno

Origin | Interest | Match

Introduction to Kyverno Watch on the Rawkode Academy

🎬 Check out this insightful video from Rawkode Live! David Flanagan (@rawkode.dev) dives into Kyverno, a powerful Kubernetes policy engine. Learn about installation, policies, audits, and more! 🚀 #Kubernetes #Kyverno

KubeCon + CloudNativeCon North America 2025 Co-Located Event Deep Dive: KyvernoCon This is the very first KyvernoCon! While Kyverno has been part of the CNCF since November 2020, and has had a strong presence at past KubeCon events through policy as code focused talks…

KyvernoCon is here! 🎉
An inaugural event for the #policyascode community, co-located with #KubeCon + #CloudNativeCon NA 2025.

Connect with contributors, hear real-world stories, and see how Kyverno is scaling beyond Kubernetes.

🛠️ Join us → www.cncf.io/blog/2025/09...

#Kyverno #CNCF #CloudNative

Introduction to Kyverno Watch on the Rawkode Academy

🎬 Dive into Kyverno with Rawkode Live! Learn how this Kubernetes policy engine simplifies resource validation, mutation, and generation. Join Jim Bugwadia & Shuting Zhao for a hands-on deep dive! 🚀 #Kyverno #Kubernetes @rawkode.dev

Our latest #Kubernative digest with Cloud Native software updates covers #Freelens v1.5.0; #k8gb v0.15.0 with multi-zone DNS support; mariadb-operator 25.08.1 with physical-level backups; #Kyverno 1.15 with new policy types; kube-vip v1.0;
#Cilium 1.18; #Sveltos v1.0.0. t.me/kubernative/...

KyvernoCon Virtual Event 2025 | CNCF Virtual Event - KyvernoCon Virtual 2025 is a globally accessible, fully virtual event designed to bring the policy-as-code community together. Featuring thought leadership, hands-on sessions, and real...

MY CFP submission is on its way #Kyverno VirtualCon!

Got a story on how policy as code powers your AI-enabled infrastructure? 🤖

Reminder 🚨 CFP closes August 6

Share how @kyverno fits into your stack, what you're using it for, and why it matters
community.cncf.io/events/detai...

Kyverno policy : Mutate pods to redirect bitnami to bitnamilegacy image repository Kyverno policy : Mutate pods to redirect bitnami to bitnamilegacy image repository - replace-bitnami-image-repository-with-bitnamilegacy.yaml

Following Broadcom changes about #Bitnami containers repository (github.com/bitnami/cont...), I just created a #Kyverno policy to mutate repository from bitnami to bitnamilegacy : gist.github.com/Nathanael-Mt...

It only apply on Pod CREATE/UPDATE, not on existing pods.

#devops #kubernetes

#Kyverno also has this super awesome feature to generate new objects (like NetworkPolicy) during admission review which is definitely not a thing in Gatekeeper from what I can tell.

Namespace Protection Cases where RBAC may be applied at a higher level and where Namespace-level protections may be necessary can be accomplished with a separate policy. For example, one may want to protect creates, updat...

the policy I was trying to write already comes ready made in #Kyverno policy library and it's less than 20 lines of YAML!!
kyverno.io/policies/oth...
As much as I love #OPA the developer experience around using it with gatekeeper is a bit rough (IMO).

After struggling with embedding Rego inside YAML on top of having to write constraint template, then a constraint file just to create 1 basic admission policy, I am switching teams from #Gatekeeper to #Kyverno and as it turns out ..

KyvernoCon Virtual Event 2025 | CNCF Virtual Event - KyvernoCon Virtual 2025 is a globally accessible, fully virtual event designed to bring the policy-as-code community together. Featuring thought leadership, hands-on sessions, and real...

My weekend is for @kyverno CFP submission

🚨 CFP closes August 6 for #Kyverno VirtualCon!

Got a story on how policy as code powers your AI-enabled infrastructure? 🤖⚙️

Share how Kyverno fits into your stack—what you're using it for, and why it matters
community.cncf.io/events/detai...

Kubernetes namespace exclusion options for Kyverno policies – Daniel's Tech Blog

Kubernetes namespace exclusion options for Kyverno policies www.danielstechblog.io/kubernetes-n... #Kubernetes #Kyverno

Our latest #Kubernative digest with Cloud Native software updates mentions #etcd v3.6.0 with a new storage engine; #Kyverno 1.14 with two new policy types; #Helmfile v1.0.0; #Calico v3.30.0 with Calico Whisker; #ArgoCD v3.0.0; #Istio 1.26.0; #containerd 2.1.0; #Freelens v1.3.0. t.me/kubernative/...

Bootstrapping Kubernetes namespaces with Kyverno | Jorijn Schrijvershof Use Kyverno to automate default resource setup in Kubernetes namespaces with policies for networking, secrets, quotas, and more.

New blog article: Bootstrapping Kubernetes namespaces with Kyverno

jorijn.com/en/blog/boot...

#Kubernetes #DevOps #Kyverno

Cluster Security Standards Enforcement Via Kyverno (Policy as Code) **Kyverno, an open-source Kubernetes policy engine that lets you write policies as simple YAML manifests.** Kyverno has become increasingly important in today’s cloud-native world due to the growing adoption of Kubernetes and the increasing demand for security, compliance, and automation in cluster management. **Why Kyverno:** * **Security & Policy Enforcement** Today more and more organizations adopt Kubernetes, and managing multi-tenant clusters securely becomes critical. Kyverno helps you * **Enforcing Pod Security Standards** -- Ensuring network policies are always defined -- Preventing usage of deprecated APIs * **Automated Governance & Compliance** Regulatory requirements such as GDPR and HIPAA need consistent policy enforcement. Kyverno helps you; -- Automate auditing of non-compliant resources -- Ensure labels, annotations, or resource limits are always set -- Implement multi-cluster governance -- Policy as Code, Kubernetes-Native * **Unlike OPA/Gatekeeper, which uses a separate language—Rego, Kyverno Uses Kubernetes-native YAML for policies.** -- Easier for K8s users to adopt -- Policies look like other Kubernetes resources -- Great fit for GitOps workflows such as ArgoCD and Flux * **Mutation & Generation Capabilities** Kyverno can mutate and generate resources dynamically -- Auto-inject sidecars/configurations -- Generate default network policies/configmaps -- Patch fields in newly created resources. * **Validation at Admission Time** Kyverno policies work with the Kubernetes Admission Controller to prevent invalid/non-compliant configurations before they go live. -- Helps shift security and compliance left -- Reduces production incidents due to misconfigurations * **Multi-cloud, Multi-cluster Support** With teams running hybrid environments across AWS, Azure, GCP, and on-prem, Kyverno ensures policy consistency across clusters. **Some of the cases we can use keyverno includes** * Block the creation of privileged pods (a common security best practice) * Enforce resource requests/limits * Label enforcement for workloads **Time for some hands-on!** Lets see it in action with a simple demo to grasp the power of kyverno **Install Kyverno:** run the below command in your terminal to install Kyverno `kubectl create -f https://raw.githubusercontent.com/kyverno/kyverno/main/config/release/install.yaml` 1. Follow the below instructions to enforce resource requests and limits—this ensures that every container in a pod has CPU and memory requests and limits set. require-resources.yaml apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: require-resources spec: validationFailureAction: Enforce rules: - name: check-resources match: resources: kinds: - Pod validate: message: "CPU and memory requests/limits must be set for all containers." foreach: - list: "spec.containers[]" pattern: resources: requests: memory: "?*" cpu: "?*" limits: memory: "?*" cpu: "?*" Run the below command, which will apply the “require-resources” policy to your Kubernetes cluster. kubectl apply -f require-resources.yaml Okay, now run the below code block in your terminal to create a resource and test the policy enforcement in action. cat <<EOF | kubectl apply -f - apiVersion: v1 kind: Pod metadata: name: no-resources spec: containers: - name: nginx image: nginx EOF You should see an error message as shown in the above screen capture, which details the reason for the error. **Okay, now let's do this.** Now, let's add the resource limits and try the resource creation. For that, run the below code in your terminal. You can see the resource created message, as now the resource you have created complies with the policy requirements. **Important — validationFailureAction** The `**validationFailureAction**` field in Kyverno policies determines how the policy behaves when a validation rule fails: **enforce** : The policy will block the resource from being created or updated if it does not comply with the policy. **audit** : The policy will allow the resource to be created or updated but will log a warning or violation in the policy report. This is just one of the many possibilities of Kyverno policy enforcement, and you can explore those also in a similar fashion. _Hope the information is useful. Thank you for your time_

I'm excited to share a significant achievement in my career: obtaining the #Kyverno Certified Associate credential. This certification boosts my skills in handling Kubernetes policies and underscores my dedication to evolving cloud-native environments. #CloudNative #Kubernetes

CRDs in Kubernetes — Teach Your Cluster New Words Ever wish Kubernetes could just understand your app’s needs out of the box? Well… it actually can — with **CRDs** (Custom Resource Definitions). ## 🤔 What Are CRDs? CRDs are a way to teach Kubernetes **new words** — letting you define **custom objects** beyond what’s built-in (`Pod`, `Service`, `Deployment`, etc.). They’re the magic sauce behind tools like ArgoCD and Kyverno. ## ✨ Why Use CRDs? Imagine wanting Kubernetes to manage something like: * `DatabaseCluster` * `BackupSchedule` * `TaskRunner` With CRDs, you can define these as **native-looking resources** , so you can: bash kubectl get backupSchedules kubectl apply -f my-database-cluster.yaml

We / @koksay.bsky.social are ready to talk about #Kyverno #AWSSigner and #Notary to make software supply chain even more secure by providing integrity! #AWSTurkiye25 #awssigner #aws #awscommunityday #awscommunityday25 #awscommunitydayturkiye25 #awscommunitydayturkey25

Krishna Khandavilli, Sagar Kundral, Dolis Sharma at KCD Texas 2025

In this beginner-friendly workshop, learn how to secure your Kubernetes environments and workloads using #Kyverno, a #Kubernetes-native Policy-as-Code solution.

📅 May 15, 2025

📍 Green Room 2

Register here kcdtexas.org

Did you know #KubeCon London attracted over 13K attendees worldwide, 10% of the crowd signed up for #kyverno talk. Policy engines have evolved from a formality to a mission-critical priority.

#CloudNativeFM Shorts: youtube.com/shorts/1YG5Q...