This is the list of organizations and users that have publicly shared how they are using Kyverno.
💡 Add your organization by creating a PR or submitting this form
Note: There are several other organizations and users that are unable to publicly share their stories but are active in the Kyverno community. We appreciate all our users and their contributions to making Kyverno a successful CNCF project.
The list of organizations that have publicly shared the usage of Kyverno:
| Organization | Success Story |
|---|---|
| Amazon EKS Best Practice Guides | Policies for security and best practices |
| Arrikto Inc. | Kubeflow policies |
| Flux2 | Manage multi-tenancy and tenant isolation with GitOps |
| Nirmata | Kubernetes Policy and Governance |
| Ohio Supercomputer Center | Support Kubernetes multi-user workflows through Open OnDemand |
| Coinbase | Use Kyverno for mutation, to replace hand-written Webhooks, and generation to project common Kubernetes objects into many similar namespaces. |
| Mandiant | Use Kyverno for policy enforcement in all clusters, as well as part of our onboarding systems, populating new namespaces with requisite resources and secrets. |
| Giant Swarm | Use Kyverno extensively to handle defaulting logic on resources (primarily cluster-api resources) and some scenarios to replace PSPs to enforce certain restrictions. |
| Vodafone Group Plc | Policy enforcement and automation on an internal k8s service offering. |
| Deutsche Telekom | Use Kyverno to enforce Policies on managed clusters to prevent right escalation of internal customers and to enforce security rules. |
| VSHN AG - APPUiO Cloud | OpenShift Multi-Tenancy Self-Service for APPUiO Cloud, managed with Project Syn. Kyverno policies are available on GitHub. |
| Bloomberg | Use Kyverno for replacing custom validation and mutation webhooks in their internal Kubernetes based platforms |
| Techcombank | Use Kyverno to enforce security policies rules, Kubernetes best practices for their internal container based workload on Kubernetes |
| Trendyol | In adoption planning to roll out to hundreds of production clusters using GitOps |
| Rafay Systems | Platform supports centralized deployment of Kyverno across clusters |
| Wayfair | Policy enforcement on managed clusters. Replacement of some in-house mutating webhooks. |
| Yahoo | Use Kyverno for mutation, to replace image tags to digest and also for validation for checking freshness of images. |
| T-Systems | |
| Red Hat | Learn more about Red Hat Advanced Cluster Management for Kubernetes for Generating Governance Policies Using Kustomize and GitOps. |
| DE-CIX | Kyvernos policy enforcement is used to enforce the company's security guidelines. This is done using validation, mutation and generation techniques. |
| Saxo Bank | We use Kyverno to enforce security and best practises. |
| Velux | We successfully use Kyverno in our clusters for security, best practice enforcement, resource mutation, secret copying and more! |
| HCS Company | Policy enforcement and enabling selfservice for DevOps teams. |
| Hexagon | We leverage Kyverno to robustly enforce security policies. Additionally, as a Kubernetes swiss-knife, Kyverno fills our gap in our GitOps workflow by allowing us to apply complex configurations and customizations which are beyond the native capabilities of Kubernetes operators. |
| Grover Group GmbH | We have been using Kyverno to streamline our K8s security standards and also follow industry best practices for running workloads in K8s using policy enforcements. |
| IITS Consulting | Security is a piece of cake with Kyverno. Kyverno helped us to implement proper security for different kind of clients (medical/telecommunication/trading...). It solves problems like security enforcement, container image verification, distribution of imagePullSecrets and many more. |
| Policy enforcement on our on-prem Kubernetes clusters. | |
| Groww | We have implemented Kyverno as a part of Auto compliance. We put policies to satisfy CIS Compliance for GKE as well as block anomalies detected by the Red Team. |
| Spotify | Spotify uses Kyverno extensively for its admission controller capabilities, including best practices and environment-specific data. |
| US DoD Platform One | The US Department of Defense (DoD) Platform One uses Kyverno as its default policy engine for Kubernetes. |
| Censhare | We use Kyverno in almost all possible areas of security and automation, we call Kyverno as a "Multi-tenancy engine" since we host a multi-tenancy environment for our partners and customers. We have deprecated our own tooling that was complicated and hard to maintain, Thanks to Kyverno. |
| Coinone | Use Kyverno to enforce security hardening and best practices, and mutate pod specs related to graceful shutdown handling, such as tGPSterminationGracePeriodSeconds and custom preStop script. |
| Davidson consulting | We are using Kyverno mutation policies in our pre-production environment to add default NetworkPolicy and to add labels to OKD resources. |