The Kubewarden blog

Fresh in the already released Kubewarden v1.7.0 stack, we welcome a new module: the Audit Scanner! Audit Scanner? Up until the release of Audit Scanner, Kubewarden was strictly a Dynamic Admission Controller, checking requests made against the Kubernetes API server with the deployed policies. Yet policies evolve over time; new ones are deployed, and existing ones are updated. This can mean that resources that are inside the cluster are no longer compliant. Read more...

Recently, we have focused on improving the Kubewarden developer experience. We have been implementing features requested by the community. Reference policies by their SHA Since kwctl release v1.7.0 we support referencing policies by their SHA. Container engines such as Docker and Podman allow users to refer to images by their SHA sum. As Kubewarden policies are distributed as OCI artifacts, we thought it would be a good idea to add the SHA support to kwctl, so that users have a familiar experience. Read more...

Today we are delighted to announce the release of Kubewarden 1.7.0! 🎊 🥳 Aside from the bug and stability fixes, this release is packed with new features. This post highlights the main changes, detailed blog entries will come in the next weeks covering each feature in depth. Audit scanner A new component has been added to the Kubewarden stack. Its name is audit-scanner and it allows administrators to assess the compliance level of the clusters secured by Kubewarden. Read more...

This text was originally written by Khaled Emara on his blog. Hi, I’m Khaled Emara, a software developer with a background in Go and Rust programming. In this blog post, I’m excited to share my experience in the LFX mentorship program with the Linux Foundation and my work on the Kubewarden project enhancing the Go SDK to bring it parity with the Rust SDK. The Kubewarden project is a security policy engine for Kubernetes, a popular container orchestration platform. Read more...

We are excited to announce a variety of updates, fixes, and enhancements for Kubewarden components! This release primarily focuses on improvements to Kubewarden telemetry and dependency updates. Telemetry Enhancements and Fixes The Kubewarden controller has received several fixes and improvements in the telemetry department. These include a streamlined process for users to deploy a policy server with telemetry enabled, as well as a bug fix related to the controller’s available metrics. Read more...

We are pleased to announce the availability of the Kubewarden 1.6.0 stack. This release brings stability, performance and security improvements. All packed with a new major feature. Let’s dig into the changes! Security Improvements The Kubewarden controller is ran using a dedicated Service Account. Prior to this release, the Service Account had access to a series of Kubernetes resources across the entire cluster. Starting from this release, the Kubewarden controller Service Account has a more limited access to the cluster. Read more...

We are excited to announce that the Kubewarden UI 1.0.0 has been released! The UI is an Extension for Rancher Manager, now you will be able to enable Kubewarden policies for your Kubernetes clusters with a streamlined user experience. You can find the latests releases of the extension Helm chart here, the release provides a Github Pages deployment which can be used when adding the UI as a Helm repository. Read more...

Today we’re pleased to announce the availability of Kubewarden 1.5.0! This release brings the usual amount of small bug fixes, dependency updates, and a major security enhancement. Let’s take a closer look! Policy evaluation timeout The Kubewarden team is constantly working to improve the security posture of the project. As part of these efforts, we’re excited to introduce the new “policy evaluation timeout” feature. Starting from this release, Policy Server will interrupt the evaluation of admission requests after a certain amount of time has elapsed. Read more...

With 2022 almost over, it’s time to look back at what happened within the Kubewarden project during the last year. The 1.0 release A significant milestone for the project in 2022 was the release of Kubewarden v1.0.0 during the month of June. With this release, the Kubewarden team committed to the stability of all the public interfaces of the project and all its Kubernetes Custom Resource Definitions. Moreover, the project was considered ready to be used in production environments. Read more...

Community meetings have been a recurring demand from different sides and with the new year approaching, it’s time to make our first good resolution. To improve community feedback, the Kubewarden project has decided to organize a monthly community meeting. The first community meeting to be held is scheduled for January 12th, 2023 at 4 PM UTC. In addition to GitHub Discussions, GitHub issues, and the #kubewarden channel on the Kubernetes Slack, the community meeting is an additional avenue for the community to discuss Kubewarden and shape its future together. Read more...