Posts in 2023
Kyverno Completes Fuzzing Security Audit
Wednesday, September 06, 2023 in General
Kyverno, a CNCF policy engine for Kubernetes, is happy to announce the completion of its fuzzing security audit. The audit was carried out by Ada Logics and is part of an initiative by the CNCF to bring fuzzing to the CNCF landscape; Fuzzing is an …
Verifying images in a private Amazon ECR with Kyverno and IAM Roles for Service Accounts (IRSA)
Friday, August 18, 2023 in General
When running workloads in Amazon Elastic Kubernetes Service (EKS), it is essential to ensure supply chain security by verifying container image signatures and other metadata. To achieve this, you can configure Kyverno, a CNCF policy engine designed …
Simplifying OpenShift MachineSet Management Using Kyverno
Friday, July 28, 2023 in General
(Guest post from Red Hat Distinguished Architect, Andrew Block) Managing infrastructure in a declarative fashion is one of the core principles that should be adopted when operating in any environment. In OpenShift, this paradigm for managing the …
Using Kyverno with Pod Security Admission
Monday, June 12, 2023 in General
Pod Security Admission (PSA) is the built-in successor to Kubernetes PodSecurityPolicy (PSP) and is enabled by default starting in v1.23, graduating to stable in v1.25, the same version where PSP was finally removed. PSA is different from PSP in many …
Let's Play Kyverno
Sunday, June 04, 2023 in General
Foreword “Kyverno is a policy engine designed specifically for Kubernetes." While this approach makes it very easy to use Kyverno in its intended environment, it is sometimes difficult to explain and present the capabilities when that …
Kyverno 1.10 Released
Tuesday, May 30, 2023 in Releases
The Kyverno team are proud to announce the release of Kyverno 1.10, a minor release in terms of version number but a major release in every other regard. With around four months in the making and after four pre-releases and nearly 500 pull requests …
PodSecurityPolicy migration with Kyverno
Wednesday, May 24, 2023 in General
As you’ve probably heard, PodSecurityPolicy (PSP) in Kubernetes is no more. After a deprecation beginning in v1.21, they were finally removed in v1.25. Many organizations out there are still relying on PSPs and, if you’re reading this …
New time related JMESPath filters in Kyverno!
Sunday, February 19, 2023 in General
The v1.9 release of Kyverno added several time related JMESPath filters. With this addition, users now can add time based rules in their Kyverno policies. This blog post aims to describe those new additions. What is “JMESPath”? JMESPath …
Kyverno and SLSA 3
Wednesday, February 01, 2023 in General
With the release of Kyverno 1.9, Kyverno has begun generating and attesting to the provenance of its release artifacts in the SLSA standard and provisionally meet Level 3. This blog post attempts to explain a bit about SLSA and Level 3 and how we …
Kyverno 1.9 Released
Wednesday, February 01, 2023 in Releases
With the ringing in of the new year the Kyverno team is proud to announce the release of Kyverno 1.9.0, a release that we’ve been working hard on over the past several months and which is full of massive new features include TWO brand new rule …
Posts in 2022
Kyverno CVE-2022-47633 affecting image verification
Thursday, December 29, 2022 in General
Summary Kyverno versions 1.8.3 and 1.8.4 contained a regression (CVE-2022-47633) which allowed a malicious proxy to facilitate a man-in-the-middle (MiTM) attack allowing an unsigned image to run in a Kubernetes cluster even if there was a Kyverno …
Kyverno 1.8 Released
Monday, October 24, 2022 in Releases
Following on the heels of the 1.7 release of Kyverno, the Kyverno team is proud to present version 1.8 which is another huge leap forward not just in terms of features and functionality but of optimizations, performance, and other improvements …
New Kyverno Blog
Friday, July 08, 2022 in General
Welcome to the new Kyverno blog! As you can see, we now have a brand new and shiny blog page thanks to the folks behind the Docsy theme which the Kyverno website uses (in addition to others in the cloud native ecosystem). Subscribe to the handy RSS …