Kyverno
One-liner — A Kubernetes-native, open-source policy engine that enforces policy-as-code as YAML — validating, mutating, and generating cluster resources so non-compliant workloads are blocked at admission.
What it does — Kyverno runs as a Kubernetes admission controller. You write policies as native Kubernetes YAML (no separate language), and it validates incoming resources against them (e.g. “no privileged containers,” “images must come from approved registries,” “every namespace gets these defaults”), mutates resources to enforce defaults, and generates required objects. Extended to image verification, and policies for resources beyond core Kubernetes. It is the “guardrails as software” layer for anything running on Kubernetes — which, for an AI stack, includes most self-hosted model-serving, agent, and RAG infrastructure.
Where it sits in the stack — policy-as-code, governance layer. Its risk role is indirect: it governs the Kubernetes substrate, enforcing the cluster-level controls behind trust-zone-segmentation and promotion-gates. Not in the prompt/data path.
Deployment & architecture — Self-hosted; deployed into your Kubernetes clusters as an admission controller plus policy CRDs. GitOps-friendly (policies live in Git). Pairs with CI/CD promotion gates. Apache-2.0 licensed; commercial support and a management plane available from Nirmata.
Positioning & differentiators — Kubernetes-native and YAML-based, which is its key contrast with open-policy-agent / styra (Rego, general-purpose, works beyond Kubernetes). Kyverno is easier for Kubernetes teams (no new language) but Kubernetes-scoped; OPA is more portable but steeper. Unlike hashicorp-sentinel, it is open and not tied to one vendor’s products. CNCF graduated (2026-03-24), the foundation’s highest maturity tier.
Ownership, funding & M&A — Open-source CNCF graduated project; created by Nirmata, contributed to CNCF in 2020, incubating 2022, graduated 2026-03-24. Independent/community-governed; Nirmata provides commercial backing. No M&A. Confidence: high.
CTO / hedge-fund lens — Day-2. Relevant if you self-host AI workloads on Kubernetes and want admission-time guardrails enforcing your zone and hardening policies. Low cost (OSS), strong governance signal (CNCF graduated). If you are not on Kubernetes it does not apply; for cross-system policy, weigh open-policy-agent.
Competitors / alternatives — open-policy-agent (+ Gatekeeper), styra, hashicorp-sentinel (IaC-side).
Open questions / to verify — Maturity of non-Kubernetes (JSON/any-resource) policy use beyond clusters.
Sources
- CNCF Announces Kyverno’s Graduation — fetched 2026-06-28 — supports: CNCF graduated 2026-03-24, Nirmata origin, what Kyverno is; confidence: high
- Kyverno | CNCF — fetched 2026-06-28 — supports: CNCF timeline (accepted 2020, incubating 2022); confidence: high
History
- [2026-06-28] Stub created from seed registry.
- [2026-06-28] Researched (light); established ownership = independent CNCF graduated project (2026-03-24), created by Nirmata. Contrasted with OPA/Sentinel.