Nirmata’s Kubernetes-native Policy Engine, Kyverno joins the CNCF as a sandbox project

Share Article

Donation demonstrates Nirmata’s continued commitment to accelerating the enterprise adoption of cloud-native technologies.

News Image
Kyverno simplifies Kubernetes policy management and allows admins to manage policies and reports as native resources.

Nirmata, a leading provider of Kubernetes management platform has announced today that the Cloud Native Computing Foundation (CNCF) has accepted the company’s innovative and increasingly popular Kubernetes-native policy engine – Kyverno, as a latest Sandbox project.

Kyverno (which means “governance” in Greek) is a policy engine designed for Kubernetes. With Kyverno, policies are managed as Kubernetes resources and no new language is required to write policies. This allows cluster administrators to use familiar tools such as kubectl, Git, and kustomize to manage policies. Kyverno policies can validate, mutate, and generate Kubernetes resources. Using Kyverno, admins can define policies to ensure that applications deployed in the cluster are compliant and follow security and configuration best practices.

Key features include:

Admission Controls: Kyverno runs as a validating and mutating webhook that works with the Kubernetes API server to provide configuration security and block invalid and non-compliant configurations.

Background scanning: Kyverno periodically scans all resources and generates a policy report for each namespace and for cluster-wide resources.

Declarative management: Like Kubernetes, Kyverno policies are stored as YAML or JSON manifests. This enables a “policy-as-code” approach, allowing platform teams to manage Kubernetes policies in the same manner as other Kubernetes resources.

Automated rules for pod controllers: Kyvermo automatically generates rules for pod controllers from pod policies, making it easier to manage Kubernetes policies at scale.

Validation using overlays: To validate configurations, Kyverno allows writing a YAML fragment that is used to match specification of incoming resources. This familiar syntax is similar to Kustomize overlays and easy to learn for any Kubernetes resource.

Flexible patch strategies: To modify resources Kyverno supports RFC 6902 JSON patch, as well as a Strategic Merge Patch used by kubectl and Kustomize.

Dynamic config generation: Kyverno supports flexible triggers to automate dynamic generation of new configuration resources, enabling a number of use cases that previously required manual intervention from operations teams.

Synchronization across namespaces: Kyverno can automatically synchronize configuration changes across namespaces, allowing automated propagation of changes from a common source.

“To ensure compliance and apply best practices, policy engines are critical for enterprise Kubernetes management", says Jim Bugwadia, co-founder and CEO, Nirmata. “The complexity and learning-curve of solutions which require a new language and foriegn tools has hindered adoption. Kyverno simplifies Kubernetes policy management and allows admins to manage policies and reports as native resources.”

The Nirmata platform greatly accelerates the adoption of Kubernetes by enterprise DevOps teams. With Kyverno, Nirmata has applied that same design principles of simplicity to allow cluster administrators to manage complex configurations across their fleet of clusters.

Popular resources

About Nirmata, Inc.

Nirmata is a unified management plane for Kubernetes clusters and workloads built for enterprise DevOps teams. Nirmata enables self-service cluster provisioning, provides visibility, health, metrics, and alerts, ensures compliance via workload policies, and streamlines application deployments across clusters.

For more information, visit us at You can also follow Nirmata on GitHub, Twitter, Facebook, and LinkedIn.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Ritesh Patel
+1 (408) 394-4391
Email >

Jim Bugwadia
(408) 410-3701
Email >
Follow >
Like >
Visit website