What does it actually mean when your open source project becomes one of the few to graduate from the Cloud Native Computing Foundation (CNCF)?
As Kyverno crossed the metaphorical stage to receive its diploma at KubeCon + CloudNativeCon in Amsterdam this March, The New Stack Makers sat down with Jim Bugwadia, CEO and co-founder of both the Kyverno project and of Nirmata, its main maintainer.
While Kyverno is the most popular open source policy engine for Kubernetes, Nirmata Enterprise for Kyverno offers commercial support, centralized fleet management, observability, and advanced governance features for enterprises running large-scale Kubernetes environments.
It took the Kyverno project five years to reach the highest level of production-ready maturity, stability, and widespread adoption within the CNCF ecosystem. That’s not a particularly long time either. While the CNCF landscape occupies more screens than the average sysadmin is looking at right now, Kyverno is only the 35th open-source project to grow from sandbox to incubation to graduation.
“Incubation is really a good sign of the maturity of a project. It means it’s production-ready. It has a lot of adopters,” Bugwadia explains in our interview from the floor of the big show. “Then graduation is more about project governance, other security reviews, and things to get through. It took us about four years to go from incubation to graduation.”
In that time, Kyverno — named after the Greek word for “to govern” — has evolved and grown, including a recent move of the entire project from custom YAML to the Common Expression Language (CEL), which is native to the Kubernetes API server.
Recently, in light of AI adoption, the Kyverno user base has grown beyond mainly regulated industries to include all kinds of enterprises, in the face of more AI workloads and agents, which demand more policy enforcement and automation than ever
“Kubernetes is designed for multiple roles. You have developers, security teams, and operators, all using the same configurations. So if you have a deployment or a pod, there are bits and pieces in there for everybody.
“So how do you manage this at scale? How do you tell developers: You must configure a security context, or your images must come from this specific registry. Policies are really good at declaratively instructing,” Bugwadia explains.
“If you have a social club with people and you want to write down a set of rules in Kubernetes, these are digital policies which are running in the cluster, and they are making sure that these rules are enforced, or auditing and reporting and letting you know that, ‘Hey, something’s off, it needs to be looked at,’ or ‘This would be good to fix and optimize’.”
This increase in demand for simpler cloud-native governance has led to more than 3 billion downloads of Kyverno.
Many open-source-backed companies fail by giving away too much value for free, yet open sourcing remains the fastest path to adoption. Nirmata manages this tension by maintaining a strict “church-and-state” separation between its community project and commercial offerings.
Bugwadia explains the logic: “Kyverno is really good at detecting and finding problems, but businesses don’t want to just find things. They want to fix things, and Nirmata is very good at fixing things.” It’s a strategy that now includes remediation agents.
To be part of the open-source ecosystem, your project also has to be truly open, he continues. That means for open source, they can’t pick favorites, like a preferred GitOps integration, but they can be more than welcome to in Nirmata Enterprise for Kyverno.
That balance sees between 2% and 5% of open source users converting to the premium Nirmata enterprise offering. That might not sound like a lot, until you reach that billion-image download scale.
Listen or watch our whole conversation now to learn more about this careful balance.
YOUTUBE.COM/THENEWSTACK
Tech moves fast, don’t miss an episode. Subscribe to our YouTube
channel to stream all our podcasts, interviews, demos, and more.
SUBSCRIBE
Group
Created with Sketch.
Jennifer Riggins is a tech storyteller and journalist, event and panel host. She bridges the gap between business, culture and technology, with her work grounded in the developer experience. She has been a working writer since 2003, and is based…
Read more from Jennifer Riggins
