This presentation explores securing Kubernetes clusters using Kyverno, an open- source policy engine designed to enforce best practices and automate governance. The session introduces Kyverno’s architecture, comprising four controllers—Admission, Background, Cleanup, and Report—and explains its integration with Kubernetes admission workflows and CI/CD pipelines. A key highlight is the introduction of five new policy types in Kyverno v1.14, unified under CEL (Common Expression Language) for validation, mutation, generation, cleanup, and image verification. These policies enhance flexibility and align with CNCF trends, ensuring backward compatibility while supporting migration from YAML-based patterns.