Welcome to the central repository for Kubewarden Policies. This repository contains a collection of curated, ready-to-use policies designed to secure and govern your Kubernetes clusters using WebAssembly (Wasm). This repository acts as a marketplace/monorepo for policies that address common security and compliance needs.
All policies contained within this monorepo are officially maintained by the Kubewarden team. We ensure that these policies are kept up-to-date with the latest Kubernetes API changes and security best practices.
You can browse, search, and view detailed documentation for all these policies on Artifact Hub. This is the easiest way to discover policy capabilities, configuration parameters, and version history.
View the official collection here: 👉 Artifact Hub: Kubewarden Policies
If you want to try the policies from the source code, you can follow these step:
Navigate to the specific policy directory you wish to build and run the make command:
cd policies/<policy-name>
makeThis will compile the source code into a policy.wasm file, located in the
policy directory
You can test a policy against a local Kubernetes resource (in JSON or YAML
format) without a cluster using kwctl:
make annotated-policy.wasm
kwctl run --request-path request.json --settings-json '{}' annotated-policy.wasmAll policies under this repository have tests. Therefore, instead of calling
directly kwctl commands, users can test policies changes with the Makefile
targets available:
make test e2e-testsFor more information about how to develop and change policies, refer to the CONTRIBUTING.md guide