The 2023 Devoteam Tech Radar report identifies Kyverno as a distributed cloud technology that businesses should assess. So, what is Kyverno, and why should organisations consider using this innovative tool?
What is Kyverno?
Kyverno serves as a policy engine for Kubernetes, allowing users to create rules that enable or deny resources from being applied to a cluster.
With this tool, policies can validate, mutate, generate, and clean up Kubernetes resources. Additionally, it verifies image signatures and artefacts, enhancing the security of the software supply chain. Developers also utilise the Kyverno CLI tool to test policies and validate resources as part of a CI/CD pipeline.
Who is Kyverno for?
Kyverno is designed for businesses seeking to enhance security and compliance across their Kubernetes environments. This tool particularly benefits enterprise-grade customers who manage thousands of containers at scale.
Thanks to its easy-to-understand policies and no-code approach, it enables developers to focus on development rather than deployment.
What are the top benefits ?
Kyverno offers powerful, flexible solutions for managing large Kubernetes environments. Here are some key benefits:
No new language requirements
Allows developers to work without learning new languages. Since policies are treated as regular Kubernetes resources, users can employ familiar tools like kubectl, git, and kustomize. This familiarity reduces the learning curve, enabling developers to start using the product quickly.
Library of policy templates
Provides a library of over 280 policy templates. These templates allow developers to import and use them at no cost. Consequently, these templates facilitate quick and efficient actions. For example, best practice policies automatically improve Kubernetes security and performance.
Extensive training resources
Supports users with comprehensive documentation and various training videos. Additionally, the platform hosts monthly community meetings that invite users to contribute to product improvements.
Playground simulator
The Kyverno Playground simulator enables developers to test product capabilities without needing a Kubernetes cluster. Users can simulate policy execution by entering YAML content in an online console. This feature helps developers learn how to use the tool while allowing them to write and test their own policies.
Commercial add-ons available
As the Kyverno community expands, several commercial add-ons enhance product capabilities. For instance, these include an ISV add-on for Amazon Web Services (AWS) and a plugin for the Rafay Kubernetes Operations Platform. Additionally, policy set support is available for Red Hat Advanced Cluster Management and Red Hat OpenShift Platform Plus.
Who uses Kyverno?
Nirmata, the company behind Kyverno, claims the tool has been downloaded over 300 million times. This statistic makes it the most preferred Kubernetes policy engine on GitHub. Moreover, high-profile users include Vonage, Jetstack, CloudBees, and Williams Sonoma.
Is Kyverno free?
Kyverno is available for free download from GitHub and is licensed under the Apache License 2.0. The platform also provides free support via a developer Slack channel, and it accepts bug reports and feature requests on the GitHub project page.
For Amazon EKS users, Nirmata offers an Enterprise Support subscription through the AWS Marketplace. This subscription grants users 24/7 emergency support, training, upgrade assistance, and best practice assessments. Additionally, Nirmata provides an enterprise-grade distribution of Kyverno as a paid option.
What else do I need to know ?
Kyverno gained acceptance as an incubating project by the Cloud Native Computing Foundation (CNCF) in 2022. This recognition acknowledges the tool as stable and ready for use in production environments.
Enhance Kubernetes Security and Compliance
Explore Enhance Kubernetes Security and Compliance in Devoteam TechRadar