We are happy to highlight a recent CNCF webinar that does a first-dive into Kubewarden.
In this webinar, CNCF Ambassador Carlos Santana explores Kubewarden’s architecture, use cases, and benefits, with a smile in a relaxed enviroment. You’ll learn how Kubewarden policies can be applied at admission control or runtime to ensure compliance and security.
You can watch the full webinar here.
Thanks Carlos!
Getting in touch As always, we welcome your feedback and contributions.
Read more...
Today we published the 1.21.1 patch release of kwctl.
This release includes a fix for a bug that, under certain circumstances, could prevent users from pushing policies to a container registry.
The 1.22.0 release introduces the ability to add policy annotations to the manifest of the OCI artifact that is pushed to the container registry. This feature is useful for adding metadata to the OCI artifact that can be utilized by other tools in the CI/CD pipeline.
Read more...
We’re excited to announce the release of Kubewarden v1.22! This release brings some improvements to kwctl and the Rust SDK, together with some internal changes to prepare for future work.
Breaking change: PolicyServer health check endpoint change ⚠️ IMPORTANT⚠️ Breaking change: If you have created a custom instance of PolicyServer with a hard-coded .spec.image, you must update it to consume the v1.22.0 tag.
Starting from 1.22, the Policy Server health check endpoint is exposed on port 80 instead of port 443, and Policy Server Deployment objects created by the kubewarden-controller make this assumption.
Read more...
A recent Aqua Security blog post highlighted the risks of misconfigured Kubernetes policy engines, particularly when dealing with OPA Gatekeeper. The post correctly points out the challenges of managing complex policies and the potential for bypasses due to misconfigurations. However, it also underscores a critical limitation of many policy engines: their reliance on string manipulation, especially when dealing with OCI image references. This is where Kubewarden takes a different, and significantly more robust, approach.
Read more...
Today we published the 1.21.1 patch releases of the kwctl and Policy Server components of the Kubewarden stack.
The release ensures all Sigstore verification capabilities work.
What happened On Monday, February 3rd, the contents of Sigstore’s TUF repository were updated. During this process, part of the repository metadata wasn’t properly handled. Specifically, one of the KEYIDs of the repository wasn’t updated when the key contents were modified.
The breaking change wasn’t noticed by upstream maintainers as the TUF Go implementation is not performing strict verification of the KEYID.
Read more...
We’re excited to announce the release of Kubewarden v1.21, our first release of 2025!
The release addresses two security issues that the Kubewarden team has discovered. Detailed information about them is included below. While these issues do not have a critical impact, we recommend our users upgrade their Kubewarden deployments.
Alongside these security fixes, the 1.21 release includes the usual stream of dependency updates and features some improvements to our documentation.
Read more...
It was an exciting year for Kubewarden policy management. We had new features, performance improvements, and have been working towards a regular release schedule.
The year has seen work in these areas:
performance and reliability scalability improvements to reduce complexity and improve security adding CEL policies and policy grouping using logical operators improving community outreach Kubewarden 1.10 had optimizations for policy server performance. Memory usage was improved, enabling constant consumption even in large deployments.
Read more...
We’re excited to announce the release of Kubewarden v1.20! This release brings a nice improvement for deploying with OpenTelemetry and some bug fixes.
Supporting more OpenTelemetry scenarios ⚠️ IMPORTANT⚠️ The kubewarden-controller Helm chart has changed the values.yml schema for the OpenTelemetry keys, hence this update is not backwards-compatible if you have configured OpenTelemetry. Please adapt your values to the new values.yml format.
This is of course reflected with a major version bump of the chart version.
Read more...
We’re excited to announce the release of Kubewarden v1.19! This release brings a host of improvements focused on minor bug fixes, adding tests, and developer tech debt improvements.
Bug Fixes and Dependency Updates As always, we’ve addressed bugs and updated dependencies to ensure a smooth and reliable experience. Notably, we’ve updated the dependencies for our major components. These updates contribute to the overall stability and security of the Kubewarden stack.
Read more...
We are thrilled to announce the release of Kubewarden v1.18.0. For this release we have focused on achieving level 3 of the SLSA standard, in addition to minor bug fixes, adding tests, and developer tech debt improvements.
SLSA level 3 Kubewarden has been at the forefront of Sigstore integration (being co-maintainers of the upstream sigstore-rs Rust library), and have signed our artifacts and provided SBOMs for several years.
For this cycle, we have made the necessary changes to our build pipelines to achieve level 3 of SLSA.
Read more...
