The CNCF Technical Oversight Committee (TOC) has voted to accept Kyverno as a CNCF incubating project. 

Kyverno is a policy engine designed for Kubernetes. Policies provide security and automation and simplify managing Kubernetes configurations across developers, operators, and security teams. Kyverno policies are Kubernetes custom resources that do not require learning a new language and work well with cloud native tooling and practices.

Kyverno was accepted as a CNCF Sandbox project in November 2020. Since joining CNCF, the project has seen 856% growth in committers and 5X growth in GitHub stars. Kyverno has had more than 100 releases and continues to add new features driven by the community.

“As Kubernetes adoption grows, policies have become critical to ensure security, governance, and compliance,” said Jim Bugwadia, co-creator of Kyverno. “Organizations across financial services, healthcare, utilities, and telecommunications providers are using Kyverno to leverage Kubernetes native policies that enforce security, provide guardrails, and help secure the Kubernetes supply chain.”

“Kyverno was designed to work with tools you already use like kubectl, kustomize, and Git, meaning it integrates seamlessly with Kubernetes and the broader community,” said Davanum Srinivas, project TOC sponsor. “I am looking forward to seeing exciting new features and even more collaboration with the cloud native ecosystem.”

Main Components:

Notable Statistics:

“Kubernetes policy management is important for the security of Kubernetes clusters and workloads,” said Chris Aniszczyk, CTO of CNCF. “In cloud native environments, enforcing policies in continuous delivery pipelines helps improve the security of the software supply chain. We’re excited to see the Kyverno project take this next step in maturity and make an impact on improving the security of the Kubernetes ecosystem.” 

Kyverno has a robust community-driven roadmap. The recent 1.7 release delivered the ability to mutate and generate existing resources via policies and enhanced integration with Sigstore and in-toto for software supply chain security. The team uses the Kyverno Design Proposal process to determine the most important features for the project. Next, it plans to add features like YAML signing and verification, OpenTelemetry support, idempotent auto-generated pod controller policies, enhanced integrations for pod security standards, OCI-based policy bundles, in-cluster API calls, and more. To learn more about Kyverno, join the next community meeting (https://kyverno.io/community/)  or say hello on the Slack channel at https://slack.k8s.io/#kyverno

As a CNCF-hosted project, Kyverno joins 36 other incubating technologies as part of a neutral foundation aligned with its technical interests and the Linux Foundation, which provides governance, marketing support, and community outreach. For more information on maturity requirements for each level, please visit the CNCF Graduation Criteria.