The Admission Controller Isn’t Enough. Kyverno Shows You Why. | Full Guide & Observabily

Welcome back to Is it Observable?

In this episode, we’re diving deep into Kyverno, the powerful Kubernetes-native policy engine that’s transforming how platform teams manage security, compliance, and automation—without needing to learn Rego!

🚀 What You’ll Learn:
What Kyverno is :
The architecture behind Kyverno’s four controllers: Admission, Background, Cleanup, and Report
A breakdown of legacy CRDs (Policy, ClusterPolicy) vs. new CRDs (MutatingPolicy, ValidatingPolicy, etc.)
How Kyverno integrates with Kubernetes Admission Controllers and CEL
Predefined security policies via Helm (privileged, baseline, restricted)
How to observe Kyverno policies using metrics, logs, traces, and reports
Setting up OpenTelemetry for full observability
Best practices for monitoring policy violations and performance

📊 Whether you're a platform engineer, SRE, or security-conscious developer, this episode will show you how to observe, enforce, and scale your Kubernetes policies with confidence.

💡 Don’t forget to like, subscribe, and hit the bell to stay updated on Kubernetes security, observability, and more!


▬▬▬▬▬▬ 🔗 Additional Info 🔗 ▬▬▬▬▬▬
🔗Dynatrace Trial: https://bit.ly/3KxWDvY
🔗Github repo for the tutorial: https://github.com/isItObservable/Kyv...
🔗Kyverno : https://kyverno.io/docs/
🔗CEL library: https://kyverno.io/docs/policy-types/...
Kyverno Policies helm chart: https://github.com/kyverno/kyverno/tr...
🔗Blog : https://isitobservable.io

▬▬▬▬▬▬ 👋 Contact me 👋 ▬▬▬▬▬▬
➡ Twitter:   / isitobservable  
➡ LinkedIn:   / isitobservable  

▬▬▬▬▬▬ ⏱ Timecodes ⏱ ▬▬▬▬▬▬

00:00 Intro
00:16 Welcome
01:50 Kyverno
06:25 The legacy CRD
07:55 The new CRD
10:53 Difference with Admission Controller
11:54 Predefined Rules
13:59 Observability
21:24 Conclusion