Not even a month after the 1.8.0 release, today we are happy to announce Kubewarden 1.9.0! 🎉🥳
This release includes two major features that have been requested by our community.
Making Rego policies context-aware Context-aware policies have been introduced with Kubewarden 1.6.0. These policies can obtain information about other Kubernetes resources at evaluation time. This allows them to make decisions based not only on the information provided by the AdmissionReview object they receive.
Read more...
Kubewarden policies can be written using either a traditional programming language (like Go, Rust, C#, Swift, …) or using a domain-specific language like Rego. It is required that the programming language can generate the necessary WebAssembly module for use by Kubewarden.
When using a traditional programming language, the communication between the host executing the policy and the WebAssembly guest (the actual policy) uses the waPC communication protocol. This protocol provides a bidirectional channel between the host and guest.
Read more...
Today we are happy to announce the release of Kubewarden 1.8.0! 🎉🥳
This is a small release, focused on OpenTelemetry.
The OpenTelemetry Protocol (OTLP) got its first 1.0.0 version in July 2023; several libraries got their first 1.0.0 release, such as the Go metric SDK or the .NET Automatic Instrumentation.
Still, the OpenTelemetry stack is not yet stable, and unannounced backwards-incompatible changes still happen. You can have a look at the status of each of their libraries and protocols here.
Read more...
Fresh in the already released Kubewarden v1.7.0 stack, we welcome a new module: the Audit Scanner!
Audit Scanner? Up until the release of Audit Scanner, Kubewarden was strictly a Dynamic Admission Controller, checking requests made against the Kubernetes API server with the deployed policies.
Yet policies evolve over time; new ones are deployed, and existing ones are updated. This can mean that resources that are inside the cluster are no longer compliant.
Read more...
Recently, we have focused on improving the Kubewarden developer experience. We have been implementing features requested by the community.
Reference policies by their SHA Since kwctl release v1.7.0 we support referencing policies by their SHA.
Container engines such as Docker and Podman allow users to refer to images by their SHA sum.
As Kubewarden policies are distributed as OCI artifacts, we thought it would be a good idea to add the SHA support to kwctl, so that users have a familiar experience.
Read more...
Today we are delighted to announce the release of Kubewarden 1.7.0! 🎊 🥳 Aside from the bug and stability fixes, this release is packed with new features. This post highlights the main changes, detailed blog entries will come in the next weeks covering each feature in depth.
Audit scanner A new component has been added to the Kubewarden stack. Its name is audit-scanner and it allows administrators to assess the compliance level of the clusters secured by Kubewarden.
Read more...
This text was originally written by Khaled Emara on his blog.
Hi, I’m Khaled Emara, a software developer with a background in Go and Rust programming. In this blog post, I’m excited to share my experience in the LFX mentorship program with the Linux Foundation and my work on the Kubewarden project enhancing the Go SDK to bring it parity with the Rust SDK.
The Kubewarden project is a security policy engine for Kubernetes, a popular container orchestration platform.
Read more...
We are excited to announce a variety of updates, fixes, and enhancements for Kubewarden components!
This release primarily focuses on improvements to Kubewarden telemetry and dependency updates.
Telemetry Enhancements and Fixes The Kubewarden controller has received several fixes and improvements in the telemetry department. These include a streamlined process for users to deploy a policy server with telemetry enabled, as well as a bug fix related to the controller’s available metrics.
Read more...
We are pleased to announce the availability of the Kubewarden 1.6.0 stack.
This release brings stability, performance and security improvements. All packed with a new major feature. Let’s dig into the changes!
Security Improvements The Kubewarden controller is ran using a dedicated Service Account. Prior to this release, the Service Account had access to a series of Kubernetes resources across the entire cluster.
Starting from this release, the Kubewarden controller Service Account has a more limited access to the cluster.
Read more...
We are excited to announce that the Kubewarden UI 1.0.0 has been released!
The UI is an Extension for Rancher Manager, now you will be able to enable Kubewarden policies for your Kubernetes clusters with a streamlined user experience. You can find the latests releases of the extension Helm chart here, the release provides a Github Pages deployment which can be used when adding the UI as a Helm repository.
Read more...
