❄️ Click here to fill out our survey ❄️
Kubewarden

Kubewarden

A universal policy engine for Kubernetes

Kubernetes Dynamic Admission at your fingertips

Flexible, secure, and portable, thanks to WebAssembly. Get started with the latest version - 1.20

Great for

Familiar policy development
Easy policy distribution
Build & push once, run everywhere
Community maintained policies

What is Kubewarden?

Kubewarden is a universal policy engine for Kubernetes. Its mission is simplifying the adoption of policy-as-code.

As a Policy author

Kubewarden doesn't require you to learn a new Domain Specific Language or a query language.

Write policies in your favorite programming language. Reuse skills and be quickly productive.

Develop policies in Rust, Go, CEL, and Rego, and others.

As a Kubernetes Operator

Kubewarden policies can be distributed using container registries. Keep using your existing infrastructure and processes.

It's easy to experiment with policies and to integrate them into CI/CD pipelines.


Why Use Kubewarden

Freedom of choice

Write policies using your favorite programming language, as long as it can be compiled into WebAssembly.

Feel at home

Policies are regular programs. Use the tools you love, reuse your skills, libraries and best practices.

Portable

Policies are portable. Once built, they can run everywhere, regardless of the architecture and Operating System.

Adaptable

Kubewarden can also be used to validate non-Kubernetes admission requests. Its "raw" policies can be used to validate any kind of JSON document.


How it Works

Kubewarden integrates with Kubernetes by providing a set of Custom Resources. These Custom Resources simplify the process of enforcing policies on your cluster.

Policies are implemented as WebAssembly modules and are distributed using regular container registries. They are evaluated in a Kubewarden component called "Policy Server".

Kubewarden Policy Server is a Kubernetes Admission Webhook. Each policy is exposed using a dedicated endpoint. Policies are isolated from the host and from each other. Policies are confined inside a dedicated, secure sandbox.


Get Started


helm repo add kubewarden https://charts.kubewarden.io

helm install --create-namespace -n kubewarden kubewarden-crds kubewarden/kubewarden-crds
helm install --wait -n kubewarden kubewarden-controller kubewarden/kubewarden-controller
helm install --wait -n kubewarden kubewarden-defaults kubewarden/kubewarden-defaults

# ... and continue reading the quick start documentation

      

Get in Touch

We hold monthly community meetings that are open to everybody. Subscribe to this calendar feed to not miss them, or view all of the events here.

You can also reach out to us on our Slack channel in the Kubernetes Slack workspace, or start a conversation on our GitHub Discussions page.

Upcoming events

Originally developed by

Kubewarden is a CNCF Sandbox Project