Kubewarden

Kubewarden 1.19 release

We’re excited to announce the release of Kubewarden v1.19! This release brings a host of improvements focused on minor bug fixes, adding tests, and developer tech debt improvements. Bug Fixes and Dependency Updates As always, we’ve addressed bugs and updated dependencies to ensure a smooth and reliable experience. Notably, we’ve updated the dependencies for our major components. These updates contribute to the overall stability and security of the Kubewarden stack. Read more...

Kubewarden 1.18 release, SLSA level 3

We are thrilled to announce the release of Kubewarden v1.18.0. For this release we have focused on achieving level 3 of the SLSA standard, in addition to minor bug fixes, adding tests, and developer tech debt improvements. SLSA level 3 Kubewarden has been at the forefront of Sigstore integration (being co-maintainers of the upstream sigstore-rs Rust library), and have signed our artifacts and provided SBOMs for several years. For this cycle, we have made the necessary changes to our build pipelines to achieve level 3 of SLSA. Read more...

Policy Groups deep dive

With v1.17, we introduced a new powerful feature, Policy Groups, enabled by two new Kubernetes Custom Resources: AdmissionPolicyGroups: Namespaced policy comprised of several policies. ClusterAdmissionPolicyGroups: Clusterwide policy comprised of several policies. These new Policy Groups resources define a policy comprised of several policies and their policy settings, and they perform a combined evaluation of those multiple policies using logical operators. Why are these useful? Because they reuse existing policies, reducing the need for custom policy creation. Read more...

Kubewarden 1.17 release

We are thrilled to announce the release of Kubewarden v1.17.0. This release is packed with big features, let’s have a look! Certificate rotation & removal of cert-manager dependency Starting from this release, the Kubewarden stack takes care of creating and rotating all the needed TLS certificates and certificate authorities. Kubewarden, by virtue of connecting to the Kubernetes API server, needs TLS certificates for both the kubewarden-controller (when creating webhooks for its policies) and for the PolicyServers (so they can report their results to the Webhook API server). Read more...

Policy Server and kwctl 1.16.1 patch releases

Policy Server and kwctl 1.16.1 patch releases Today we published the 1.16.1 patch release of Policy Server and kwctl. The release addresses a breaking change inside Sigstore’s TUF repository. The change caused errors while retrieving the contents of the TUF repository, which broke part of Kubewarden’s integration with Sigstore. More specifically, it was no longer possible to verify the signatures of Kubewarden’s policies and to verify the signatures of the container images used inside of a Kubernetes cluster via policies like verify-image-signatures. Read more...

Kubewarden 1.16 release

Kubewarden v1.16.0 release We are thrilled to announce the release of Kubewarden v1.16.0! Following the northern hemisphere summer, this version packs some goodies but is a bit more lightweight than usual. kwctl scaffold for AdmissionRequests The kwctl cli has learned a new command, kwctl scaffold admission-request, which prints a Kubernetes AdmissionRequest object from the provided Kubernetes resource definition. This is useful when developing policies (and not only limited to Kubewarden ones). Read more...

Kubewarden 1.15 release

Kubewarden v1.15.0 release We are thrilled to announce the release of Kubewarden v1.15.0! This version comes packed with CEL policy updates, controller enhancements, and fixes that make Kubewarden even more robust and user-friendly. Enhanced PolicyServer CRD with Tolerations One of the standout features of Kubewarden v1.15 is the extension of the PolicyServer Custom Resource Definition (CRD) to include a list of Toleration objects to be used in the deployment created for the Policy Server. Read more...

Kubewarden 1.14 release

Kubewarden v1.14.0 release We are thrilled to announce the release of Kubewarden v1.14.0! This version comes packed with new capabilities, enhancements, and fixes that make Kubewarden even more robust and user-friendly. New Host Capability for Container Image Configuration One of the significant updates in this release is the introduction of a new host capability that allows policies to fetch the container image configuration. This update stems from a user request to enhance the user-group-psp-policy policy by enabling it to check the user defined to run the container in the image configuration. Read more...

Introducing the CEL policy

We are pleased to announce a new policy by the Kubewarden team: cel-policy. This new policy uses the Common Expression Language (CEL). For those new to CEL, it is a general-purpose expression language designed to be fast, portable, and safe to execute. CEL as a language is memory-safe, side-effect free, terminating (as in “programs cannot loop forever”), and strong & dynamically typed. CEL is a perfect candidate for extending the Kubernetes API, as CEL expressions can be easily inlined into CRD schemas, and compiled and type-checked “ahead-of-time” (when CRDs are created and updated). Read more...

Kubewarden 1.13 release

I’m pleased to announce a new release of Kubewarden, version 1.13. This release features a series of improvements and bug fixes that contribute to better performance and stability. Let’s go through the most significant changes. Policy Server memory usage A community member reported that the Kubewarden Policy Server was using a lot of memory, especially when running context aware policies on big clusters. The number of resources being accessed by the policies was significantly high, in the order of 3200 Namespaces, 10500 Ingresses, 200 ClusterRoleBindings and 11000 RoleBindings. Read more...

More