Kubewarden 1.25 arrives with:
enhanced Kubernetes Priority Class integration across the stack improved CI security through GitHub Actions cleanup usability refinements in the kwctl tool. Priority Class support A key feature of this release is the comprehensive integration of Kubernetes Priority Classes across the entire Kubewarden stack. This allows for fine-grained control over the scheduling and resource allocation of Kubewarden components and other workloads in the cluster. The Kubewarden Helm charts now include a new value, .
Read more...
Kubewarden is an open-source CNCF project actively engaged with the wider Kubernetes ecosystem. This informs the use of valuable projects like Policy Reporter. Using Policy Reporter as a default UI for Kubewarden simplifies the user experience, allowing the use of familiar reporting mechanisms. This strategic choice also lets the team concentrate on the Kubewarden core stack.
So, the Kubewarden team participates in the Kubernetes Policy Working Group. We join community meetings and seek opportunities for collaboration, focusing on the future of policy reporting and related resources.
Read more...
The wait is over, Kubewarden 1.24 has arrived! We have some Easter eggs for you in this one.
Promoting our policies to v1.0.0 In the past, we consciously picked semver 0.X.Y for policy versions as that meant that the policy API for the user (in this case, the policy spec.settings) was not considered stable.
Since the settings of our policies haven’t changed since their initial release, we decided it was time to highlight their stability by promoting them to v1.
Read more...
We are excited to announce the latest additions to our policy library!
Seventy finely crafted Rego policies are now available for you to use in your Kubernetes clusters.
Rego policy library The Kubewarden’s Rego policy library is a collection of policies written in Rego, the policy language used by Open Policy Agent (OPA). These policies are designed to help you enforce security and compliance best practices in your Kubernetes clusters.
Read more...
Last week, a high severity issue CVE-2025-1974 was found affecting ingress-nginx, one of the most used ingress solutions for Kubernetes.
The issue The issue allows an attacker to execute arbitrary code in the Pod running the controller. The attacker can then steal the Kubernetes identity of the nginx-ingress controller which, by design, has access to all the Secrets defined in the cluster.
The issue is exploited by making http requests against the validating webhook server used by the nginx-ingress controller.
Read more...
For those attending KubeCon EU 2025 in London, we’re excited to announce that some of our team will be there!
Here’s where you can catch us:
Tuesday, 9:31 AM: Don’t miss our lightning talk! Learn how to leverage and extend CEL for cluster security. Details here. Tuesday, 2:00 PM - 5:00 PM, Project Pavilion kiosk: Stop by to chat with us and learn more about Kubewarden. We can’t wait to see you there!
Read more...
The wait is over—Kubewarden 1.23 has arrived! Packed with exciting security enhancements, smoother workflows, and important updates, this release is here to make your Kubernetes experience even better. Let’s dive into what’s new!
Hardening of the admission webhooks Kubernetes Dynamic Admission Controllers, like Kubewarden, work by providing a webhook server that implements the validation/mutation API defined by the Kubernetes project. These webhook servers are usually deployed within the same cluster as regular Kubernetes workloads.
Read more...
We are happy to highlight a recent CNCF webinar that does a first-dive into Kubewarden.
In this webinar, CNCF Ambassador Carlos Santana explores Kubewarden’s architecture, use cases, and benefits, with a smile in a relaxed environment. You’ll learn how Kubewarden policies can be applied at admission control or runtime to ensure compliance and security.
You can watch the full webinar here.
Thanks Carlos!
Getting in touch As always, we welcome your feedback and contributions.
Read more...
Today we published the 1.21.1 patch release of kwctl.
This release includes a fix for a bug that, under certain circumstances, could prevent users from pushing policies to a container registry.
The 1.22.0 release introduces the ability to add policy annotations to the manifest of the OCI artifact that is pushed to the container registry. This feature is useful for adding metadata to the OCI artifact that can be utilized by other tools in the CI/CD pipeline.
Read more...
We’re excited to announce the release of Kubewarden v1.22! This release brings some improvements to kwctl and the Rust SDK, together with some internal changes to prepare for future work.
Breaking change: PolicyServer health check endpoint change ⚠️ IMPORTANT⚠️ Breaking change: If you have created a custom instance of PolicyServer with a hard-coded .spec.image, you must update it to consume the v1.22.0 tag.
Starting from 1.22, the Policy Server health check endpoint is exposed on port 80 instead of port 443, and Policy Server Deployment objects created by the kubewarden-controller make this assumption.
Read more...
