Kubernetes Dynamic Admission at your fingertips
Flexible, secure and portable thanks to WebAssembly
Familiar policy writing
Easy policy distribution
Build and push once, run everywhere
Community maintained policies
What is Kubewarden?
Kubewarden is a policy engine for Kubernetes. Its mission is to simplify the adoption of policy-as-code.
As a Policy author
Kubewarden doesn't force you to learn a new Domain Specific Language or a query language.
Write policies in your favorite programming language. Reuse your skills and feel instantly productive.
As a Kubernetes Operator
Kubewarden policies can be distributed using container registries. Keep using your existing infrastructure and processes.
It's easy to experiment with policies and to integrate them into CI/CD pipelines.
Why Use Kubewarden
Freedom of choice
Write policies using your favorite programming language, as long as it can be compiled into WebAssembly.
Feel at home
Policies are regular programs. Use the tools you love, reuse your skills, libraries and best practices.
Policies are portable. Once built, they can run everywhere, regardless of the architecture and Operating System.
How it Works
Kubewarden integrates with Kubernetes by providing a set of Custom Resources. These Custom Resources simplify the process of enforcing policies on your cluster.
Policies are implemented as WebAssembly modules and are distributed using regular container registries. They are evaluated inside of a Kubewarden component called "Policy Server".
Kubewarden Policy Server is a Kubernetes Admission Webhook. Each policy is exposed using a dedicated endpoint. Policies are isolated from the host and from each other. Every single policy is confined inside of a dedicated secure sandbox.
$ helm repo add kubewarden https://charts.kubewarden.io $ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.5.3/cert-manager.yaml $ kubectl wait --for=condition=Available deployment --timeout=2m -n cert-manager --all $ helm install --create-namespace -n kubewarden kubewarden-crds kubewarden/kubewarden-crds $ helm install --wait -n kubewarden kubewarden-controller kubewarden/kubewarden-controller $ helm install --wait -n kubewarden kubewarden-defaults kubewarden/kubewarden-defaults $ # ... and continue reading the quick start documentation
We are a Cloud Native Computing Foundation Sandbox project.