Kubewarden

All

96 repositories

cel-policy
Public
A policy that can run CEL expressions
kubernetes webassembly policy-as-code kubernetes-security kubewarden-policy common-expression-language
Go
•
Apache License 2.0
•5•5•6•0•Updated Jan 27, 2025Jan 27, 2025
allowed-fsgroups-psp-policy
Public
Replacement for the Kubernetes Pod Security Policy that controls the usage of fsGroup in the pod security context
kubernetes webassembly hacktoberfest policy-as-code pod-security-policy kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•5•4•3•0•Updated Jan 27, 2025Jan 27, 2025
allowed-proc-mount-types-psp-policy
Public
Replacement for the Kubernetes Pod Security Policy that controls the usage of /proc mount types
webassembly hacktoberfest policy-as-code pod-security-policy kubernetes-security kubewarden-policy kubernetes
Rust
•
Apache License 2.0
•5•7•3•0•Updated Jan 27, 2025Jan 27, 2025
verify-image-signatures
Public
A Kubewarden Policy that verifies all the signatures of the container images referenced by a Pod
kubernetes webassembly hacktoberfest policy-as-code pod-security-policy kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•9•13•2•0•Updated Jan 27, 2025Jan 27, 2025
pod-ndots-policy
Public
Policy that enforces the usage of ndots in the pod's DNS configuration
kubernetes webassembly hacktoberfest policy-as-code kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•0•0•1•0•Updated Jan 27, 2025Jan 27, 2025
user-group-psp-policy
Public
This Kubewarden Policy is a replacement for the Kubernetes Pod Security Policy that controls containers user and groups
webassembly hacktoberfest policy-as-code pod-security-policy kubernetes-security kubewarden-policy kubernetes
Rust
•
Apache License 2.0
•4•7•2•0•Updated Jan 27, 2025Jan 27, 2025
echo
Public
A Kubewarden Policy that echoes Kubernetes' AdmissionReview objects
kubernetes webassembly hacktoberfest policy-as-code kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•3•1•1•0•Updated Jan 27, 2025Jan 27, 2025
rancher-project-propagate-labels
Public
Propagate Rancher Project labels to the Namespaces it owns
Rust
•
Apache License 2.0
•3•3•1•0•Updated Jan 27, 2025Jan 27, 2025
apparmor-psp-policy
Public
A Kubewarden Pod Security Policy that controls usage of AppArmor profiles
webassembly hacktoberfest policy-as-code pod-security-policy kubernetes-security kubewarden-policy kubernetes
Rust
•
Apache License 2.0
•4•6•3•0•Updated Jan 27, 2025Jan 27, 2025
raw-validation-policy
Public
Demo policy showing how to write a raw validating policy
kubernetes webassembly hacktoberfest policy-as-code kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•1•0•1•0•Updated Jan 27, 2025Jan 27, 2025
deprecated-api-versions-policy
Public
A Kubewarden Policy that detects usage of deprecated and dropped Kubernetes resources
kubernetes webassembly hacktoberfest policy-as-code kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•4•15•1•0•Updated Jan 27, 2025Jan 27, 2025
pod-runtime-class-policy
Public
A Kubewarden Policy that controls the usage of Pod runtimeClass
webassembly hacktoberfest policy-as-code kubernetes-security kubewarden-policy kubernetes
Rust
•
Apache License 2.0
•4•3•1•0•Updated Jan 27, 2025Jan 27, 2025
image-cve-policy
Public
Policy that validates workloads based on the vulnerability of the images they make use of
kubernetes webassembly cve hacktoberfest vulnerability-scanner sbom policy-as-code kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•1•0•1•0•Updated Jan 27, 2025Jan 27, 2025
context-aware-demo
Public
A demo policy showing how to access Kubernetes resources at policy evaluation time
webassembly hacktoberfest policy-as-code kubernetes-security kubewarden-policy kubernetes
Rust
•
Apache License 2.0
•2•1•1•0•Updated Jan 27, 2025Jan 27, 2025
capabilities-psp-policy
Public
A Pod Security Policy that controls Container Capabilities
webassembly hacktoberfest policy-as-code pod-security-policy kubernetes-security kubewarden-policy kubernetes
Rust
•
Apache License 2.0
•7•5•2•0•Updated Jan 27, 2025Jan 27, 2025
host-namespaces-psp-policy
Public
Replacement for the Kubernetes Pod Security Policy that controls the usage of host namespaces
kubernetes webassembly hacktoberfest policy-as-code pod-security-policy kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•4•1•3•0•Updated Jan 27, 2025Jan 27, 2025
readonly-root-filesystem-psp-policy
Public
A Kubewarden policy that enforces root filesystem to be readonly
kubernetes webassembly hacktoberfest policy-as-code pod-security-policy kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•3•2•3•0•Updated Jan 27, 2025Jan 27, 2025
unique-service-selector-policy
Public
Policy validates that there are no services with the same set of selectors
kubernetes webassembly hacktoberfest policy-as-code kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•1•0•1•0•Updated Jan 27, 2025Jan 27, 2025
persistentvolumeclaim-storageclass-policy
Public
Policy that validates and adjusts the usage of StorageClasses in PersistentVolumeClaims
kubernetes webassembly hacktoberfest policy-as-code kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•2•1•3•0•Updated Jan 27, 2025Jan 27, 2025
trusted-repos-policy
Public
A Kubewarden policy that restricts what registries, tags and images can pods on your cluster refer to
webassembly hacktoberfest policy-as-code kubernetes-security kubernetes-compliance kubewarden-policy kubernetes
Rust
•
Apache License 2.0
•3•7•2•0•Updated Jan 27, 2025Jan 27, 2025
flexvolume-drivers-psp-policy
Public
Replacement for the Kubernetes Pod Security Policy that controls the allowed `flexVolume` drivers
kubernetes webassembly hacktoberfest policy-as-code pod-security-policy kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•3•1•3•0•Updated Jan 27, 2025Jan 27, 2025
seccomp-psp-policy
Public
A Kubewarden Pod Security Policy that controls usage of Seccomp profiles
kubernetes webassembly hacktoberfest policy-as-code pod-security-policy kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•4•4•3•0•Updated Jan 27, 2025Jan 27, 2025
volumeMounts-policy
Public
A Kubewarden Policy that controls the usage of `volumeMounts`
kubernetes webassembly hacktoberfest policy-as-code kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•4•2•1•0•Updated Jan 27, 2025Jan 27, 2025
sleeping-policy
Public
A test policy that simulates long running policy evaluations
kubernetes webassembly hacktoberfest policy-as-code kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•2•0•1•0•Updated Jan 27, 2025Jan 27, 2025
selinux-psp-policy
Public
Replacement for the Kubernetes Pod Security Policy that controls the usage of SELinux
kubernetes webassembly hacktoberfest policy-as-code pod-security-policy kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•3•1•3•0•Updated Jan 27, 2025Jan 27, 2025
context-aware-test-policy
Public
A test context-aware policy
Rust
•
Apache License 2.0
•1•0•1•0•Updated Jan 27, 2025Jan 27, 2025
env-variable-secrets-scanner-policy
Public
A Kubewarden Policy that detects secrets (ssh private keys, API tokens, etc) leaked via environment variables
kubernetes webassembly hacktoberfest policy-as-code kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•3•5•1•0•Updated Jan 27, 2025Jan 27, 2025
share-pid-namespace-policy
Public
Policy validates pods sharing processes PID namespace
kubernetes webassembly hacktoberfest policy-as-code kubernetes-security kubewarden-policy
Rust
•
Apache License 2.0
•1•0•1•0•Updated Jan 27, 2025Jan 27, 2025
allow-privilege-escalation-psp-policy
Public
A Kubewarden Pod Security Policy that controls usage of allowPrivilegeEscalation
webassembly hacktoberfest policy-as-code pod-security-policy kubernetes-security kubewarden-policy kubernetes
Rust
•
Apache License 2.0
•7•6•2•0•Updated Jan 27, 2025Jan 27, 2025
policy-evaluator
Public
Crate used by Kubewarden that is able to evaluate policies with a given input, request to evaluate and settings.
hacktoberfest
Rust
•
Apache License 2.0
•8•15•23•0•Updated Jan 27, 2025Jan 27, 2025