Kubernetes Dynamic Admission at your fingertips

Flexible, secure and portable thanks to WebAssembly

Great For

Familiar policy writing
Easy policy distribution
Build and push once, run everywhere
Community maintained policies

What is Kubewarden?

Kubewarden is a policy engine for Kubernetes. Its mission is to simplify the adoption of policy-as-code.

As a Policy author

Kubewarden doesn't force you to learn a new Domain Specific Language or a query language.

Write policies in your favorite programming language. Reuse your skills and feel instantly productive.

As a Kubernetes Operator

Kubewarden policies can be distributed using container registries. Keep using your existing infrastructure and processes.

It's easy to experiment with policies and to integrate them into CI/CD pipelines.

Why Use Kubewarden

Freedom of choice

Write policies using your favorite programming language, as long as it can be compiled into WebAssembly.

Feel at home

Policies are regular programs. Use the tools you love, reuse your skills, libraries and best practices.


Policies are portable. Once built, they can run everywhere, regardless of the architecture and Operating System.

How it Works

{{ .Site.Title }}

Kubewarden integrates with Kubernetes by providing a set of Custom Resources. These Custom Resources simplify the process of enforcing policies on your cluster.

Policies are implemented as WebAssembly modules and are distributed using regular container registries. They are evaluated inside of a Kubewarden component called "Policy Server".

Kubewarden Policy Server is a Kubernetes Admission Webhook. Each policy is exposed using a dedicated endpoint. Policies are isolated from the host and from each other. Every single policy is confined inside of a dedicated secure sandbox.

Get Started

$ helm repo add kubewarden https://charts.kubewarden.io
$ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.5.3/cert-manager.yaml
$ kubectl wait --for=condition=Available deployment --timeout=2m -n cert-manager --all
$ helm install --create-namespace -n kubewarden kubewarden-crds kubewarden/kubewarden-crds
$ helm install --wait -n kubewarden kubewarden-controller kubewarden/kubewarden-controller
$ helm install --wait -n kubewarden kubewarden-defaults kubewarden/kubewarden-defaults

$ # ... and continue reading the quick start documentation


We are a Cloud Native Computing Foundation Sandbox project.