The CNCF Technical Oversight Committee (TOC) has voted to accept Kyverno as a CNCF incubating project. Kyverno is a policy engine designed for Kubernetes. Policies provide security and automation and simplify managing Kubernetes configurations across developers, operators, and security teams. Kyverno policies are Kubernetes custom resources that do not require learning a new language and work well with cloud-native tooling and practices.
Kyverno was accepted as a CNCF Sandbox project in November 2020. Since joining CNCF, the project has seen 856% growth in committers and 5X growth in GitHub stars. Kyverno has had more than 100 releases and continues to add new features driven by the community.
Kyverno has a robust community-driven roadmap. The recent 1.7 release delivered the ability to mutate and generate existing resources via policies and enhanced integration with Sigstore and in-toto for software supply chain security. The team uses the Kyverno Design Proposal process to determine the most important features for the project.
Next, it plans to add features like YAML signing and verification, OpenTelemetry support, idempotent auto-generated pod controller policies, enhanced integrations for pod security standards, OCI-based policy bundles, in-cluster API calls, and more.