Kubernetes Dynamic Admission at your fingertips
Flexible, secure and portable thanks to WebAssembly. Get started with the latest version - 1.17
Great For
Familiar policy writing
Easy policy distribution
Build and push once, run everywhere
Community maintained policies
What is Kubewarden?
Kubewarden is a policy engine for Kubernetes. Its mission is to simplify the adoption of policy-as-code.
As a Policy author
Kubewarden doesn't force you to learn a new Domain Specific Language or a query language.
Write policies in your favorite programming language. Reuse your skills and feel instantly productive.
As a Kubernetes Operator
Kubewarden policies can be distributed using container registries. Keep using your existing infrastructure and processes.
It's easy to experiment with policies and to integrate them into CI/CD pipelines.
Why Use Kubewarden
Freedom of choice
Write policies using your favorite programming language, as long as it can be compiled into WebAssembly.
Feel at home
Policies are regular programs. Use the tools you love, reuse your skills, libraries and best practices.
Portable
Policies are portable. Once built, they can run everywhere, regardless of the architecture and Operating System.
How it Works
Kubewarden integrates with Kubernetes by providing a set of Custom Resources. These Custom Resources simplify the process of enforcing policies on your cluster.
Policies are implemented as WebAssembly modules and are distributed using regular container registries. They are evaluated inside of a Kubewarden component called "Policy Server".
Kubewarden Policy Server is a Kubernetes Admission Webhook. Each policy is exposed using a dedicated endpoint. Policies are isolated from the host and from each other. Every single policy is confined inside of a dedicated secure sandbox.
Get Started
$ helm repo add jetstack https://charts.jetstack.io
$ helm install --wait -n cert-manager --create-namespace --set crds.enabled=true cert-manager jetstack/cert-manager
$ helm repo add kubewarden https://charts.kubewarden.io
$ helm install --create-namespace -n kubewarden kubewarden-crds kubewarden/kubewarden-crds
$ helm install --wait -n kubewarden kubewarden-controller kubewarden/kubewarden-controller
$ helm install --wait -n kubewarden kubewarden-defaults kubewarden/kubewarden-defaults
$ # ... and continue reading the quick start documentation
Get in Touch
We hold monthly community meetings that are open to everybody. Subscribe to this calendar feed to not miss them, or view all of the events here.
You can also reach out to us on our Slack channel in the Kubernetes Slack workspace, or start a conversation on our GitHub Discussions page.