The Kubewarden blog

Is the title of this post a pun inspired by Christmas or by the Games of Thrones? I can’t decide… Are my dad jokes as bad as my daughters claim? Probably… Is WebAssembly spreading inside of the Cloud Native ecosystem? 💯 I have no doubts about that! First of all, why am I so excited about seeing WebAssembly flourish inside of the Cloud Native ecosystem? Well, it’s no secret that I’m a huge fan of it. Read more...

In case you missed, CNCF Ambassador Saiyam Pathak recently hosted a live streaming event on his YouTube channel about Kubewarden. Flavio had the pleasure to join Saiyam and give an overview of the project. We spoke about Kubernetes Admission Controllers, why we started the Kubewarden project and how it differentiates from other existing open source projects such as Open Policy Agent and Kyverno. The talk features also a brief overview of WebAssembly, what it is and what are the benefits it provides to Kubewarden. Read more...

As you probably know, Kubernetes Pod Security Policies (PSPs) are being deprecated in Kubernetes 1.21 – although these APIs will be served until Kubernetes 1.25 it’s a good time to start thinking about what you will use to replace them. At Kubewarden we have an ongoing effort to replace the Pod Security Policies with small, targeted Kubewarden policies. Up until now, we have implemented some policies that replace some Pod Security Policies: Read more...

We are pleased to announce the availability of a new tool within the Kubewarden project: kwctl. kwctl is a command line utility designed to help both policy authors and Kubernetes administrators. This blog post focuses on the user experience of Kubernetes administrators. Future ones will cover the policy developer side of the story. A Real-World Example: Controlling Container Capabilities The main character of today’s story is Alice. Alice is a Kubernetes administrator who wants to keep her Kubernetes cluster secure. Read more...

Kubewarden is a project focused on security and compliance. Its main goal is to allow you to write, test, distribute and run policies using the tooling that you already know and master, with a focus on controlling Kubernetes inner behaviors. Policies are written in one of the supported languages, and the target object is a WebAssembly binary artifact. This is how Kubewarden can ensure that no matter where you built the policy, it can run on all platforms without any kind of adaptation. Read more...