• Kyverno 1.17 is a landmark release that marks the stabilization of our next-generation Common Expression Language (CEL) policy engine. • While 1.16 introduced the “CEL-first” vision in beta, 1.17 promotes these capabilities to v1, offering a high-performance, future-proof path for policy as code. • This release focuses on “completing the circle” for CEL policies by introducing namespaced mutation and generation, expanding the available function libraries for complex logic, and enhancing supply chain security with upcoming Cosign v3 support. • A new look for kyverno.io The first thing you’ll notice with 1.17 is our completely redesigned website. • We’ve moved beyond a simple documentation site to create a modern, high-performance portal for platform engineers.Let’s be honest: the Kyverno website redesign was long overdue. • As the project evolved into the industry standard for unified policy as code, our documentation needs to reflect that maturity.

Article Summaries:

  • Kyverno 1.17 marks the first production‑grade release of its next‑generation Common Expression Language (CEL) policy engine, moving CEL‑based policies from beta to GA. The update introduces namespaced mutating and generating policies, enabling true multi‑tenancy so namespace owners can inject sidecars or create default ConfigMaps without cluster‑wide permissions. The release also expands CEL’s function libraries, adds hash functions, and prepares for Cosign v3 support to strengthen supply‑chain security. Alongside the core changes, Kyverno unveiled a redesigned, Starlight‑based website with a new documentation structure, an enhanced policy catalog, smarter search, and a refreshed blog to support developers and operators.

Sources: