Kyverno Policy-as-Code: Enforce Kubernetes Guardrails Without Rego
A hands-on Kyverno policy-as-code guide: install it, write validate/mutate/generate policies, run audit vs enforce, and test policies in CI before they block prod.
Tag archive
A hands-on Kyverno policy-as-code guide: install it, write validate/mutate/generate policies, run audit vs enforce, and test policies in CI before they block prod.

Moving beyond the happy path of Kubernetes policy enforcement. Real-world Kyverno pitfalls, mutation loops, and the gap between docs and production.
How a two-week CI false-green exposed a critical kyverno-cli behavior — and the exact bash fix using $PIPESTATUS[0] that makes policy enforcement actually enforce.
Postmortem: How Not Knowing OPA 0.70 and Kyverno 1.12 Cost Me a DevSecOps Role at...
Kubernetes policy engines process over 2.4 million admission requests per second in large-scale...
Kyverno 1.13 vs OPA 0.70: DevSecOps Pipeline Integration Comparison DevSecOps pipelines...
In 2024, 68% of Kubernetes breaches stemmed from unsecured workloads and misconfigured policies,...
▶️Introduction In Kyverno Policy Conflicts, we saw a pattern of structural...
▶️Introduction Kyverno has become the go-to policy engine for Kubernetes because it feels...
Welcome back to Podo Stack. This week we're looking at how Istio finally killed the sidecar tax, a...

How to introduce guardrails in Kubernetes using native YAML — without slowing teams down. Kyverno...

This post was originally published on Podo Stack Welcome to the first issue of Podo Stack. No...