Announcing a New CNCF certification for Kyverno
Kyverno is an open-source policy engine designed for Kubernetes that allows teams to validate, mutate, and generate configurations, enabling the automation of security policies as code, beyond just audit and enforcement.
Kyverno was created by Nirmata and contributed to the CNCF in November 2020, and graduated to the CNCF Incubator in July 2022. Since then, it has experienced nearly 10X growth in downloads and gained over 2,000 GitHub stars, becoming a popular tool for platform engineering teams using Kubernetes.
“Kyverno simplifies Kubernetes policy management and enhances security in cloud-native environments, making it a valuable tool for platform engineering teams,” said Chris Aniszczyk, CTO, CNCF. “Kyverno being Kubernetes native and ease of use on top of integration into CI/CD pipelines have contributed to its widespread adoption in cloud-native projects.”
Kyverno is designed to be used by Kubernetes administrators, operators, and DevOps teams who are responsible for managing and maintaining Kubernetes clusters. It can be especially valuable in situations where policy management, resource validation, and dynamic policy enforcement is required.
Kyverno policies can:
- Enforce best practices: Kyverno can scan workloads for best practices and block, patch, and mutate API requests to enforce them.
- Test, validate, and verify: Kyverno can check if resource specifications match predefined policies, including OCI container images, to help secure the software supply chain.
- Test policies: The Kyverno CLI can be used to test policies and validate resources as part of a CI/CD pipeline.
- Manage policies: Kyverno policies can be managed as Kubernetes resources, and familiar tools like kubectl, git, and kustomize can be used, so users do not need to learn a new programming language.
- Generate: Kyverno can also create additional objects and resources.
- Build rules: Kyverno allows users to build rules for their Kubernetes resources that can allow or deny the resource to be applied to a cluster.
Why Kyverno matters to security
Kyverno secures software supply chains by automating security, compliance, and best practices validation. It can verify container images and metadata, allowing teams to create an allowed list of approved base images for constructing containers. Additionally, Kyverno tailors security configurations with fine-grained pod security controls, offering flexibility to exempt specific controls within a pod security profile.
Kyverno streamlines the DevSecOps workflow and security management in cloud-native environments by validating resources as part of the CI/CD pipeline, producing policy reports that show the results of policy decisions, and enforcing policies as a Kubernetes admission controller, CLI-based scanner, or at runtime.
Value of a Kyverno Certification
Earning a Kyverno certification can enhance your knowledge of Kubernetes policy management and demonstrate your ability to handle security, compliance, and operational aspects of cloud-native projects in your current role or help progress your career. The education required for the certification will help you learn how to create, apply, and manage Kyverno policies, while also building professional credibility and standing out from the competition. Additionally, certification prepares you for roles such as Kubernetes security specialist, DevSecOps engineer, or Kubernetes administrator.
“We are excited to launch the Kyverno Certified Associate (KCA) exam in partnership with the CNCF and Linux Foundation Education. Kubernetes runs mission-critical workloads across all major verticals, and Kyverno has become an indispensable tool with its ability to automate security and operations with policy as code,” says Jim Bugwadia, Nirmata Co-founder and CEO. “ With this certification Kubernetes administrators will be able to assess their expertise in Kyverno and prove their ability to address key use cases for their organizations.
Announcing the Kyverno Certified Associate (KCA) certification
CNCF with Linux Foundation Education currently offers one Kyverno specific course, Mastering Kubernetes Security with Kyverno (LFS255) and we’re excited to announce the launch of the Kyverno Certified Associate (KCA). The KCA is designed to help you establish yourself as an expert in managing and securing Kubernetes environments. Passing the KCA demonstrates your deep understanding of Kyverno and will highlight your proficiency in cloud-native management, policy automation, and security. By gaining Kyverno expertise, you’ll be better positioned to meet the growing demand for cloud security professionals and take your career to the next level.
The primary domains and competencies covered in this certification are:
- Fundamentals of Kyverno
- Installation, Configuration, and Upgrades
- Kyverno CLI
- Applying Policies
- Writing Policies
- Policy Management
The KCA certification was built in collaboration with Nirmata, the creator of Kyverno, with the participation of people from KubeCost, PE Digital GmbH, Ohio Supercomputer Center, Snapp!, Quantela and Vmware.