Posts in 2024
  • Assigning Node Metadata to Pods

    Monday, February 19, 2024 in General

    If you’re running Kubernetes in production, especially in a public cloud, where a single cluster may span multiple availability zones, chances are you’re configuring workloads with some awareness of your topology. Kubernetes has a few …

    Read more

  • Kyverno Chainsaw 0.1.4 - Awesome new features!

    Thursday, February 15, 2024 in General

    The latest release of Kyverno Chainsaw came out yesterday. Let’s look at the new features included in this release. Resource diff in assertion failures Resource templating support Resource diff in assertion failures This is a relatively …

    Read more

  • Securing Services Meshes Easier with Kyverno

    Sunday, February 04, 2024 in General

    Service meshes are all too common these days in Kubernetes with some platforms even building them into clusters by default. Service meshes are no doubt useful in a variety of ways which are well known, but it’s also well known they dramatically …

    Read more

Posts in 2023
  • Kyverno Chainsaw - Exploring the Power of Assertion Trees!

    Wednesday, December 13, 2023 in General

    While the Chainsaw documentation is nice and comprehensive, I feel like the most powerful feature of Chainsaw deserves its own blog post for a couple of reasons: Its hard to make it standout in the documentation You can’t appreciate Chainsaw …

    Read more

  • Kyverno Chainsaw - The ultimate end to end testing tool!

    Tuesday, December 12, 2023 in General

    Creating Kubernetes operators is hard, testing Kubernetes operators is also hard. Of course creating, maintaining and testing a Kubernetes operator is even harder. It often requires writing and maintaining additional code to get proper end to end …

    Read more

  • Kyverno Completes Third-Party Security Audit

    Tuesday, November 28, 2023 in General

    The Kyverno project is pleased to announce the completion of its third-party security audit. The audit was conducted by Ada Logics in collaboration with the Kyverno maintainers, the Open Source Technology Improvement Fund and was funded by the Cloud …

    Read more

  • Kyverno 1.11 Released

    Thursday, November 16, 2023 in Releases

    The Kyverno team is delighted to share a new Kyverno release, v1.11! This release marks a significant milestone for Kyverno, with an extensive development period of around five months, including eight pre-releases and the merging of over 500 pull …

    Read more

  • Using CEL Expressions in Kyverno Policies

    Monday, November 13, 2023 in General

    Kyverno, in simple terms, is a policy engine for Kubernetes that can be used to describe policies and validate resource requests against those policies. It allows us to create policies for our Kubernetes cluster on different levels. It enables us to …

    Read more

  • Applying Validating Admission Policies using Kyverno CLI

    Wednesday, October 04, 2023 in General

    The Kyverno Command Line Interface (CLI) allows applying policies outside of Kubernetes clusters and can validate and test policy behavior prior to adding them to a cluster. The two commands used for testing are apply and test: The apply command is …

    Read more

  • Kyverno Completes Fuzzing Security Audit

    Wednesday, September 06, 2023 in General

    Kyverno, a CNCF policy engine for Kubernetes, is happy to announce the completion of its fuzzing security audit. The audit was carried out by Ada Logics and is part of an initiative by the CNCF to bring fuzzing to the CNCF landscape; Fuzzing is an …

    Read more

  • Verifying images in a private Amazon ECR with Kyverno and IAM Roles for Service Accounts (IRSA)

    Friday, August 18, 2023 in General

    When running workloads in Amazon Elastic Kubernetes Service (EKS), it is essential to ensure supply chain security by verifying container image signatures and other metadata. To achieve this, you can configure Kyverno, a CNCF policy engine designed …

    Read more

  • Simplifying OpenShift MachineSet Management Using Kyverno

    Friday, July 28, 2023 in General

    (Guest post from Red Hat Distinguished Architect, Andrew Block) Managing infrastructure in a declarative fashion is one of the core principles that should be adopted when operating in any environment. In OpenShift, this paradigm for managing the …

    Read more

  • Using Kyverno with Pod Security Admission

    Monday, June 12, 2023 in General

    Pod Security Admission (PSA) is the built-in successor to Kubernetes PodSecurityPolicy (PSP) and is enabled by default starting in v1.23, graduating to stable in v1.25, the same version where PSP was finally removed. PSA is different from PSP in many …

    Read more

  • Let's Play Kyverno

    Sunday, June 04, 2023 in General

    Foreword “Kyverno is a policy engine designed specifically for Kubernetes." While this approach makes it very easy to use Kyverno in its intended environment, it is sometimes difficult to explain and present the capabilities when that …

    Read more

  • Kyverno 1.10 Released

    Tuesday, May 30, 2023 in Releases

    The Kyverno team are proud to announce the release of Kyverno 1.10, a minor release in terms of version number but a major release in every other regard. With around four months in the making and after four pre-releases and nearly 500 pull requests …

    Read more

  • PodSecurityPolicy migration with Kyverno

    Wednesday, May 24, 2023 in General

    As you’ve probably heard, PodSecurityPolicy (PSP) in Kubernetes is no more. After a deprecation beginning in v1.21, they were finally removed in v1.25. Many organizations out there are still relying on PSPs and, if you’re reading this …

    Read more

  • New time related JMESPath filters in Kyverno!

    Sunday, February 19, 2023 in General

    The v1.9 release of Kyverno added several time related JMESPath filters. With this addition, users now can add time based rules in their Kyverno policies. This blog post aims to describe those new additions. What is “JMESPath”? JMESPath …

    Read more

  • Kyverno and SLSA 3

    Wednesday, February 01, 2023 in General

    With the release of Kyverno 1.9, Kyverno has begun generating and attesting to the provenance of its release artifacts in the SLSA standard and provisionally meet Level 3. This blog post attempts to explain a bit about SLSA and Level 3 and how we …

    Read more

  • Kyverno 1.9 Released

    Wednesday, February 01, 2023 in Releases

    With the ringing in of the new year the Kyverno team is proud to announce the release of Kyverno 1.9.0, a release that we’ve been working hard on over the past several months and which is full of massive new features include TWO brand new rule …

    Read more

Posts in 2022
  • Kyverno CVE-2022-47633 affecting image verification

    Thursday, December 29, 2022 in General

    Summary Kyverno versions 1.8.3 and 1.8.4 contained a regression (CVE-2022-47633) which allowed a malicious proxy to facilitate a man-in-the-middle (MiTM) attack allowing an unsigned image to run in a Kubernetes cluster even if there was a Kyverno …

    Read more