Kyverno

Kushal AgrawalKushal Agrawal
3 min read

Table of contents

What is Kyverno?

  • Kyverno is an open-source policy agent.

  • This allows users to control, implement, and ensure compliance with settings in Kubernetes resources.

  • It was built specifically for Kubernetes.

  • It is an open-source project developed by Nirmata and is part of the CNCF.

  • Kyverno is a policies management tool for the Kubernetes cluster.

  • Kyverno makes it easy to write complex policies as compared to others.

What is Policy?

Let us understand policy by an example imagine you are running a restaurant and you want to serve every meal in your restaurant that meets your standards so, you have some rules for the staff or chef to follow to meet that standard, like wearing gloves before cooking meals, use good quality ingredients, appropriately serve the meal and behave well with the customers, etc...

Now think of the restaurant as a Kubernetes cluster where different terms or nodes, such as a restaurant staff or chef are continuously deploying an application or serving the meal to the users or customer. To ensure that everything was done smoothly and securely we had some rules or policies.

Why do we need policies?

I think you understand what is the policy from the above example so let me explain why we need the policies

In the context of the restaurant example, we have some rules to run the restaurant smoothly and serve safe and high-quality food. In Kubernetes we have a policy in place of the rule to deploy an application to the users are several ways:-

  1. Consistency: I'll explain what consistency means every time you serve your meal in your restaurant so the customers feel the same experience with every order. Same as in Kubernetes every time an application is deployed in your system or environment in the same manner as before or the first time you use it to give you the same experience the policies ensure this.

  2. Safety: Policy ensures the safety of the environment that the Kubernetes deploy the application securely without entering any insecure version of the application, preventing any unsafe action

, etc...

Types of policies in Kyverno

There are three types of policies in Kyverno

  1. Validate: This is the policy in Kyverno it ensures everything is set up as a rule before they are allowed to run in the cluster.

  2. Mutate: This policy, automatically fixes or adds to make sure everything is as per policy or rules.

  3. Generate: This policy, automatically creates new resources whenever you start something new.

Install Kyverno

Now, we know enough to get started with Kyverno. Download Kyverno in your Kubernetes cluster.

helm repo add kyverno https://kyverno.github.io/kyverno/
helm repo update
helm install kyverno kyverno/kyverno --namespace kyverno --create-namespace

The output after these commands is

For policy example you can check out the Kyverno Documentation, Here is the link for the policies

https://kyverno.io/policies/

If you like this, a star be a wonderful way to say thanks! your support means a lot....

0
Subscribe to my newsletter

Read articles from Kushal Agrawal directly inside your inbox. Subscribe to the newsletter, and don't miss out.

kyverno

Written by

Kushal Agrawal
Kushal Agrawal