Kyverno is a policy engine designed for Kubernetes that will
be used to make sure Kubernetes resources are compliant to a
defined set of rules. For example, a rule can be implemented in
Kyverno stating that no containers can run as privileged. Kyverno
would then block Kubernetes resources from being created or updated
that violate this rule (if in enforce mode). Kyverno also has auditing
capability that scans existing resources and creates compliance reports
at the namespace level.
Kyverno via its CLI (kyverno apply command), also allows scans of
resource definitions(yaml) to report violations that may exists without
the need of creating or updating a resource. This could be useful down
the line if there is a desire to create a CI gate to test a incoming
change for policy violations - essentially pushing the testing to the
left as opposed to getting policy violation feedback when the Kubernetes
admission controller is invoked.
Change-Id: Ie8537fa625a6508211aa17f929c5803773a8fda5
ed882b533f