Skip to content

kubewarden/community

CLOMonitor CNCF Landscape

This repository aims to document the evolution process of The Kubewarden Project.

It provides a space for the community to work together, discuss ideas, and document processes. It is also a place to make decisions that regard the whole Kubewarden organization and define rules and structures that span beyond the extent of a single repository.

Table of Contents

Code Of Conduct

We follow the CNCF Code of Conduct.

To report an issue, please contact cncf-kubewarden-maintainers@lists.cncf.io or any of the individual members of the CNCF Code of Conduct Committee to submit your report. For more detailed instructions on how to submit a report, including how to submit a report anonymously, please see our Incident Resolution Procedures. You can expect a response within three business days.

Maintainers

You can find the list of current maintainers in the MAINTAINERS.md file.

Roadmap

We track our roadmap in GitHub. You can see the milestone roadmap here.

Community

Get in contact with us:

  • Slack: #kubewarden and #kubewarden-dev.
  • GitHub discussions in this repository.
  • Maintainers mailing list: cncf-kubewarden-maintainers, followed by @, followed by lists.cncf.io

Community meeting

We host regular online meetings for contributors, adopters, maintainers, and anyone else interested. These meetings usually take place on the second Thursday of the month at 4 PM UTC.

We're a friendly group, so please feel free to join us!

Contributing

See the contributing guide and the code of conduct.

Security policy

See the security policy for more information about how to report any security issues.

Repositories

The Kubewarden Project applies a straightforward adoption model for its repositories. Each repository is given a scope, which outlines its purpose, and a status that indicates its maturity level.

For more detailed information, please refer to the REPOSITORIES.md file.

In the sections that follow, we present the repositories, grouped by their scope.

Furthermore, some of the roles of the components listed below are described in the components.md file.

Core

Kubewarden Core Repository

Core repositories, are critically important as they are essential for building, installing, running and using Kubewarden.

NAME STATUS DESCRIPTION
kubewarden/kubewarden-controller Stable Manage admission policies in your Kubernetes cluster with ease
kubewarden/policy-server Stable Webhook server that evaluates WebAssembly policies to validate Kubernetes requests
kubewarden/audit-scanner Stable Reports evaluation of existing Kubernetes resources with your already deployed Kubewarden policies
kubewarden/kwctl Stable Go-to CLI tool for Kubewarden users
kubewarden/helm-charts Stable Helm charts for the Kubewarden project
kubewarden/policy-evaluator Stable Rust library used by Kubewarden to evaluate policies with a given input, request to evaluate and settings.
kubewarden/policy-fetcher Stable Rust library used by Kubewarden to pull policies from OCI registries and HTTP servers.

Infra

Kubewarden Infra Repository

NAME STATUS DESCRIPTION
kubewarden/automation Stable Automation scripts for the management of the Kubewarden organization on GitHub
kubewarden/load-testing Stable HTTP load to stress policy-server
kubewarden/rancher-kubectl-builder Stable Workflow to rebuild and sign rancher/kubectl image
kubewarden/github-actions Stable GitHub actions used by the Kubewarden project
kubewarden/kubewarden-end-to-end-tests Stable Files used to run Kubewarden end-to-end tests

Policies

Kubewarden Policy Repository

NAME STATUS DESCRIPTION
kubewarden/allow-privilege-escalation-psp-policy Stable A Kubewarden Pod Security Policy that controls usage of allowPrivilegeEscalation
kubewarden/allowed-fsgroups-psp-policy Stable Replacement for the Kubernetes Pod Security Policy that controls the usage of fsGroup in the pod security context
kubewarden/allowed-proc-mount-types-psp-policy Stable Replacement for the Kubernetes Pod Security Policy that controls the usage of /proc mount types
kubewarden/apparmor-psp-policy Stable A Kubewarden Pod Security Policy that controls usage of AppArmor profiles
kubewarden/capabilities-psp-policy Stable A Pod Security Policy that controls Container Capabilities
kubewarden/cel-policy Incubating A policy that can run CEL expressions
kubewarden/container-resources-policy Stable Policy is designed to enforce constraints on the resource requirements of Kubernetes containers
kubewarden/context-aware-demo Stable A demo policy showing how to access Kubernetes resources at policy evaluation time
kubewarden/deprecated-api-versions-policy Stable A Kubewarden Policy that detects usage of deprecated and dropped Kubernetes resources
kubewarden/disallow-service-loadbalancer-policy Stable A policy that prevents the creation of Service resources with type LoadBalancer
kubewarden/disallow-service-nodeport-policy Stable A policy that prevents the creation of Service resources with type NodePort
kubewarden/echo Stable A Kubewarden Policy that echoes Kubernetes' AdmissionReview objects
kubewarden/env-variable-secrets-scanner-policy Stable A Kubewarden Policy that detects secrets (ssh private keys, API tokens, etc) leaked via environment variables
kubewarden/environment-variable-policy Stable A Kubewarden Policy that controls the usage of environment variables
kubewarden/flexvolume-drivers-psp-policy Stable Replacement for the Kubernetes Pod Security Policy that controls the allowed `flexVolume` drivers
kubewarden/go-wasi-context-aware-test-policy Stable A test context-aware policy written using Go Wasi
kubewarden/host-namespaces-psp-policy Stable Replacement for the Kubernetes Pod Security Policy that controls the usage of host namespaces
kubewarden/hostpaths-psp-policy Stable Replacement for the Kubernetes Pod Security Policy that controls the usage of hostpaths
kubewarden/ingress-policy Stable Policy to enforce requirements on Kubernetes Ingress resources.
kubewarden/namespace-label-propagator-policy Stable Kubewarden policy designed to automatically propagate labels defined in a Kubernetes namespace to the associated resources within that namespace
kubewarden/persistentvolumeclaim-storageclass-policy Stable Policy that validates and adjusts the usage of StorageClasses in PersistentVolumeClaims
kubewarden/pod-privileged-policy Stable A Kubewarden Policy that limits the ability to create privileged containers
kubewarden/pod-runtime-class-policy Stable A Kubewarden Policy that controls the usage of Pod runtimeClass
kubewarden/psa-label-enforcer-policy Stable Kubewarden policy that ensures that namespaces have the required PSA labels
kubewarden/rancher-project-quotas-namespace-validator Stable Prevent the creation of Namespace under a Rancher Project that doesn't have any resource quota left
kubewarden/raw-mutation-policy Stable Demo policy showing how to write a raw mutating policy
kubewarden/raw-mutation-wasi-policy Stable Demo policy showing how to write a raw WASI mutation policy
kubewarden/raw-validation-opa-policy Stable Demo policy showing how to write a raw OPA validating policy
kubewarden/raw-validation-policy Stable Demo policy showing how to write a raw validating policy
kubewarden/raw-validation-wasi-policy Stable Demo policy showing how to write a raw WASI validating policy
kubewarden/readonly-root-filesystem-psp-policy Stable A Kubewarden policy that enforces root filesystem to be readonly
kubewarden/safe-annotations-policy Stable Kubewarden policy that validates Kubernetes' resource annotations
kubewarden/safe-labels-policy Stable Kubewarden policy that validates Kubernetes' resource labels
kubewarden/seccomp-psp-policy Stable A Kubewarden Pod Security Policy that controls usage of Seccomp profiles
kubewarden/selinux-psp-policy Stable Replacement for the Kubernetes Pod Security Policy that controls the usage of SELinux
kubewarden/share-pid-namespace-policy Stable Policy validates pods sharing processes PID namespace
kubewarden/sleeping-policy Stable A test policy that simulates long running policy evaluations
kubewarden/sysctl-psp-policy Stable A Kubewarden policy that controls usage of sysctls
kubewarden/trusted-repos-policy Stable A Kubewarden policy that restricts what registries, tags and images can pods on your cluster refer to
kubewarden/unique-ingress-policy Stable Prevent the creation of Ingress resources with duplicated hosts
kubewarden/unique-service-selector-policy Stable Policy validates that there are no services with the same set of selectors
kubewarden/user-group-psp-policy Stable This Kubewarden Policy is a replacement for the Kubernetes Pod Security Policy that controls containers user and groups
kubewarden/verify-image-signatures Stable A Kubewarden Policy that verifies all the signatures of the container images referenced by a Pod
kubewarden/volumeMounts-policy Stable A Kubewarden Policy that controls the usage of `volumeMounts`
kubewarden/volumes-psp-policy Stable Replacement for the Kubernetes Pod Security Policy that controls the usage of volumes

Policies templates

The following repositories are the template the policy authors can use to write their own policies. Checkout the Kubewarden documentation for more information about how to write policies.

NAME STATUS DESCRIPTION
kubewarden/dotnet-policy-template Incubating A template repository to quickly scaffold a Kubewarden policy written with C#
kubewarden/gatekeeper-policy-template
kubewarden/go-policy-template Stable A template repository to quickly scaffold a Kubewarden policy written with Go language
kubewarden/go-wasi-policy-template Stable Template of a plain WASI policy written using Go
kubewarden/opa-policy-template Stable A template repository to quickly port a Open Policy Agent policy to Kubewarden
kubewarden/rust-policy-template Stable A Kubewarden rust policy template to be used with cargo-generate
kubewarden/swift-policy-template Sandbox A template repository to quickly scaffold a Kubewarden policy written with Swift language

Policies SDKs

The following repositories are the SDKs the policy authors can use to write their own policies. Checkout the Kubewarden documentation

NAME STATUS DESCRIPTION
kubewarden/policy-sdk-dotnet Incubating Kubewarden Policy SDK for the .NET platform
kubewarden/policy-sdk-go Stable Kubewarden Policy SDK for the Go programming language
kubewarden/policy-sdk-rust Stable Kubewarden Policy SDK for the Rust programming language
kubewarden/policy-sdk-swift Sandbox Kubewarden Policy SDK for the Swift programming language

Special

Finally, some repositories have a special meaning and do not fit the above scopes. They serve a particular purpose or function in the Kubewarden organization and are curated by maintainers.

See REPOSITORIES.md for more information.

NAME STATUS DESCRIPTION
kubewarden/fleet-example Stable Example of Rancher Fleet bundle for Kubewarden
kubewarden/docs Stable Kubewarden's documentation
kubewarden/rfc Stable Kubewarden's RFCs
kubewarden/.github Stable Special GitHub repository
kubewarden/kubewarden.io Stable Kubewarden website
kubewarden/gostubpkg Stable gostubpkg is a tool for generating stubs of Go packages
kubewarden/k8s-objects-generator Stable CLI tool that generates Kubernetes Go types that can be used with TinyGo starting from the official OpenAPI spec
kubewarden/strfmt Stable A stripped down version of go-openapi/strfrm that works with TinyGo
kubewarden/k8s-objects Stable Experimental: Kubernetes Go types that can be used with TinyGo
kubewarden/utils Stable Utils scripts used by the Kubewarden team and users.
kubewarden/gtmpl-rust Stable golang text/template for rust

Archived

In general, a repository can be archived at the discretion of Kubewarden community. Usually, maintainers can decide to archive a project that has not been maintained for a long time or does not fit the guidelines for the projects under the Kubewarden GitHub's organization anymore. In other cases, a repository is archived to reserve its name for future use.

The list of archived repositories can be found here.