Kubernetes Kyverno
The original author of this page is Guillaume
Definition
Kyverno is an open-source, policy management framework for Kubernetes that enables organizations to define, enforce, and audit policies across their entire Kubernetes infrastructure. It provides a scalable, extensible, and highly customizable solution for managing the security, compliance, and governance of Kubernetes clusters.
Use cases
Kyverno can be used in a variety of use cases, including:
Network Policy Enforcement: Kyverno can be used to enforce network policies, such as allowing or blocking traffic between pods or services.
Secret Management: Kyverno can be used to enforce secret management policies, such as requiring secrets to be stored in a specific format or location.
Access Control: Kyverno can be used to enforce access control policies, such as requiring users to have specific roles or permissions to access certain resources.
Example: ClusterPolicy and Policy
Let's say we have a Kubernetes cluster with multiple namespaces, and we want to enforce a policy that requires all pods in the default
namespace to have a specific label.
ClusterPolicy
A ClusterPolicy is a high-level policy that defines the overall policy intent. In this case, our ClusterPolicy might look like this:
When a pod is created in the default
namespace without the label app: myapp
, Kyverno will block the request and return an error message indicating that the pod does not meet the policy requirements.
References
Last updated