A decade of governance: Cloud Custodian at 10 and its role in the agentic AI era
… Here is to ten years of governance and the road ahead.
Search
Why Kubernetes policy enforcement happens too late—and what to do about it
… The timing problem in policy-as-code Policy-as-code tooling has matured significantly within the CNCF ecosystem. Tools like Open Policy Agent OPA , Kyverno , and Conftest give platform teams powerful, declarative ways to define and enforce governance rules across Kubernetes environments. …
Why cloud native belongs at the heart of agentic AI: Lessons from building a multi-agent security platform on Kubernetes
… The CNCF Landscape and the maturity signals attached to it Sandbox, Incubating, Graduated, plus adoption and governance data actively shape our technical choices: when we evaluated network policy enforcement, identity issuance, or anomaly tooling, the Landscape gave us a vendor-neutral starting poi… …
The state of AI in CNCF projects: A first look at the data
… The gap between AI use and official policies One of our most striking findings is the disconnect between individual AI usage and formal project governance. …
Announcing Kyverno release 1.18!
… Upgrade Review the release notes Test in staging environments Follow upgrade guidance in the documentation Install Install via the Kyverno website Release Notes GitHub release notes What’s next Looking ahead, the Kyverno roadmap focuses on: Continued investment in CEL-based policy types Improved po… …
From data residency to digital sovereignty: Architectural patterns for cloud native platforms
… Policy enforced by Kyverno or Gatekeeper at the underlying cluster and per-tenant inside each tenant cluster. …
GitOps policy-as-code: Securing Kubernetes with Argo CD and Kyverno
… You can view these with: kubectl get policyreport -A kubectl get clusterpolicyreport To inspect the details of a violation: kubectl describe clusterpolicyreport These reports show: The resource that violated the policy The policy name The rule that failed The severity level The message defined in t…
Three TAG leads walk into the TOC
… The TAG elections are open TAGs are where CNCF governance gets its substance. …
Building a cloud native platform from the ground up with Kairos, k0rdent, and bindy
… When cluster provisioning is a pull request, platform teams need to invest in review processes and template governance up front, or the simplicity of “just a YAML file” becomes its own source of drift. …