It was an exciting year for Kubewarden policy management. We had new features, performance improvements, and have been working towards a regular release schedule.

The year has seen work in these areas:

• performance and reliability
• scalability improvements to reduce complexity and improve security
• adding CEL policies and policy grouping using logical operators
• improving community outreach

Kubewarden 1.10 had optimizations for policy server performance. Memory usage was improved, enabling constant consumption even in large deployments. Policy evaluation now operates on-demand, consuming resources only as needed.

Policy authors can now create context-aware WASI policies with Kubernetes resource insights. This expands Kubewarden’s flexibility policies to use Kubernetes capabilities.

Kubewarden 1.11 brought audit scanner improvements. These included parallelized operations, reduced resource consumption, and improved efficiency. Furthermore, new host capabilities allowed policies to retrieve OCI image manifests, helping developers enforce security standards by inspecting container configurations in detail.

Releases 1.12 and 1.13 were about high availability and resource management. Policy Server deployments now have support for PodDisruptionBudgets, affinity rules, and resource limits. This improves stability in production environments. Gatekeeper policies saw a 55% performance boost. Memory usage was reduced for clusters managing thousands of resources.

The introduction of CEL policies in release 1.14, enabled the use of the Common Expression Language for policies. This is a drop-in replacement with Kubernetes' ValidatingAdmissionPolicies.

The Policy Groups feature in release 1.17, allows users to combine multiple policies using logical expressions. This reduces complexity while enabling advanced validations, like ensuring unique Kubernetes service selectors or enforcing organizational rules. This lets users create powerful, maintainable, and reusable policies more easily.

Release 1.17 also brought automated certificate generation and rotation, removing the dependency on cert-manager. This more self-sufficient approach improved the management of TLS certificates, simplifying operations and enhancing security. The 1.18 release contains SLSA Level 3 compliance, an important milestone in our improved supply chain security.

By the end of the year, we released 1.20, which brought new OpenTelemetry scenarios. This release expands on how Kubewarden can be integrated with OpenTelemetry collectors, allowing users to configure the whole stack to send telemetry data to their own collectors, managed by their organization.

As well as the technical achievements, we tried to strengthen the Kubewarden community. A new community repository consolidates documentation, guidelines, and contributor resources. This eases engagement for new or experienced contributors.

Kubewarden also grew its policy library, also refining existing policies like verify-image-signatures and trusted-repos to support all Kubernetes workloads. Beyond that, We also had a presence at KubeCon and KCD Italy.

Kubewarden is ready for 2025. We plan to extend the capabilities of Policy Groups, refine certificate management, and introduce developer tools for automation and testing.

Thank you to our community for making 2024 a productive year. Let’s continue improving admission policy management. Join us on Slack or in our community meetings.

Happy policy writing!