File tree Expand file tree Collapse file tree
docs/kubecon-2026/thursday Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ # Advanced Kyverno Patterns
2+
3+ [ Kyverno] ( https://kyverno.github.io/kyverno-json/latest/ ) used declarative YAML with CEL expressions
4+ to validate reousrces. It offers integration with [ OpenReports] ( https://openreports.io/ ) and runs
5+ natively on Kubernetes, but can be used for more resource types outside of a cluster.
6+
7+ ## RBAC
8+
9+ When a team at T Mobile wants to develop a new feature, they spin up a new ephemeral environment.
10+ They have a bunch of shared infra, so how do you onboard ephemeral namespaces? Based on labels on a Namespace,
11+ teams can decide who can access the namespace.
12+
13+ Kyverno will check the labels on the Namespace and create the relevant RoleBindings. Teams can decide ** which**
14+ roles are assigned to ** who** and GitOps handles the compliance. As an administrator, you have control over the
15+ ClusterRoles that exist in the cluster.
16+
17+ ## Closing Infrastructure Gaps
18+
19+ Crossplane offers most of the automation, but not all resources play nicely together. Kyverno can leverage
20+ MutationPolicy resources to mutate Crossplane resources.
21+
22+ ## Guardrails and Compliance
23+
24+ Kyverno has the ability to do extensive cloud native reporting. It creates PolicyReports for all resources.
25+ PolicyReporter can expose these metrics to your observabliity stack.
26+
27+ ## Links
28+
29+ - < https://kyverno.github.io/policy-reporter/ >
30+ - < https://kyverno.io/docs/subprojects/authz/ >
31+ - < https://kyverno.github.io/kyverno-json/latest/quick-start/#scan-the-payload >
32+ - < https://www.pulumi.com/docs/iac/guides/continuous-delivery/pulumi-kubernetes-operator/ >
You can’t perform that action at this time.
0 commit comments