❄️ Click here to fill out our survey ❄️
Kubewarden

Kubernetes Dynamic Admission at your fingertips

Flexible, secure and portable thanks to WebAssembly. Get started with the latest version - 1.13

Great For

Familiar policy writing
Easy policy distribution
Build and push once, run everywhere
Community maintained policies

What is Kubewarden?

Kubewarden is a policy engine for Kubernetes. Its mission is to simplify the adoption of policy-as-code.

As a Policy author

Kubewarden doesn't force you to learn a new Domain Specific Language or a query language.

Write policies in your favorite programming language. Reuse your skills and feel instantly productive.

As a Kubernetes Operator

Kubewarden policies can be distributed using container registries. Keep using your existing infrastructure and processes.

It's easy to experiment with policies and to integrate them into CI/CD pipelines.


Why Use Kubewarden

Freedom of choice

Write policies using your favorite programming language, as long as it can be compiled into WebAssembly.

Feel at home

Policies are regular programs. Use the tools you love, reuse your skills, libraries and best practices.

Portable

Policies are portable. Once built, they can run everywhere, regardless of the architecture and Operating System.


How it Works

Kubewarden integrates with Kubernetes by providing a set of Custom Resources. These Custom Resources simplify the process of enforcing policies on your cluster.

Policies are implemented as WebAssembly modules and are distributed using regular container registries. They are evaluated inside of a Kubewarden component called "Policy Server".

Kubewarden Policy Server is a Kubernetes Admission Webhook. Each policy is exposed using a dedicated endpoint. Policies are isolated from the host and from each other. Every single policy is confined inside of a dedicated secure sandbox.


Get Started


$ helm repo add jetstack https://charts.jetstack.io
$ helm install --wait -n cert-manager --create-namespace --set installCRDs=true cert-manager jetstack/cert-manager

$ helm repo add kubewarden https://charts.kubewarden.io
$ helm install --create-namespace -n kubewarden kubewarden-crds kubewarden/kubewarden-crds
$ helm install --wait -n kubewarden kubewarden-controller kubewarden/kubewarden-controller
$ helm install --wait -n kubewarden kubewarden-defaults kubewarden/kubewarden-defaults

$ # ... and continue reading the quick start documentation

      

Get in Touch

We hold monthly community meetings that are open to everybody. Subscribe to this calendar feed to not miss them, or view all of the events here.

You can also reach out to us on our Slack channel. The channel is hosted on the official Kubernetes Slack workspace.

Upcoming events

Originally developed by

Kubewarden is a CNCF Sandbox Project