Kyverno vs Kubernetes Policies: How Kyverno Complements and Completes Kubernetes Policy Types

Kyverno vs Kubernetes Policies: How Kyverno Complements and Completes Kubernetes Policy Types Do You Still Need Kyverno with the new Kubernetes Policy Types? Introduction 1. Applying Policies On Existing Resources 2. Reapplying Policies On Changes 3. Applying Policies Off Cluster (Shift-Left) 4. Testing Policy as Code 5. Reporting Policy Results 6. Managing Fine-Grained Policy Exceptions 7. Complex Policy Logic 8. Image Verification 9. Policy-Based Automation 10. Kyverno Everywhere Conclusion FAQ: Kyverno vs Kubernetes Policies What is the difference between Kyverno and Kubernetes policies? Can Kyverno replace Kubernetes ValidatingAdmissionPolicy? Why do I need Kyverno if Kubernetes already has policies? With the addition of ValidatingAdmissionPolicy and MutatingAdmissionPolicy in Kubernetes, do you still need Kyverno? TL;DR: Yes, you still need Kyverno for applying policies on existing resources, complex logic, reporting, testing, and off-cluster / shift-left use cases! Read on for details: Prior to Kyverno, policy management in Kubernetes was complex and cumbersome. While the need for Policy as Code was clear, initial implementations required learning complex languages and did not implement the full policy as code lifecycle.