Vetting Kubernetes configuration with Kyverno prior to deployment In honor of Kyverno’s graduation in CNCF, I thought I’d write a post about using Kyverno to vet changes to Kubernetes …

ITNEXT is a platform for IT professionals, developers, and technology enthusiasts, offering articles, tutorials, and insights on a wide range of topics, including software development, cloud computing, and machine learning. With a focus on practical solutions and real-world applications, ITNEXT provides actionable advice and best practices for navigating the complexities of modern technology landscapes. Developers can learn about  technologies, explore hands-on tutorials, and stay up-to-date on the latest industry trends through ITNEXT's engaging and informative content.

ITNEXT

Kyverno is a Kubernetes policy-as-code tool that enforces constraints on Kubernetes resources via admission control. Rather than discovering policy violations only at deployment time, configurations can be validated earlier using the Kyverno CLI in CI pipelines. The post also demonstrates integrating Kyverno with ConfigHub, a configuration management tool that stores fully-rendered Kubernetes configs and uses triggers and worker functions to automatically invoke Kyverno policy checks on every configuration change. This shifts admission control left, blocking misconfigured resources before they ever reach the cluster. Additional integrations with kube-score, kubeconform, OPA, and CEL-based checks are also mentioned.