Solutions
Audit & Optimization Platform Design Automation Team Structure
Documentation Blog
Get Started
Security 2024

Kubewarden 1.7: WASM Policy Engine Enhancements

K8s Guru
2 min read
#kubewarden #wasm #policy #webassembly #kubernetes
Kubewarden 1.7: WASM Policy Engine Enhancements

Table of Contents

Introduction

Kubewarden 1.7, released on August 5, 2024, advances WebAssembly-based policy enforcement with enhanced WASM support, improved performance, better policy management, and expanded policy capabilities. This release makes WASM-based policies more powerful and efficient.

WebAssembly Enhancements

  • WASM runtime improvements provide better performance for WebAssembly policies.
  • Policy development enhancements enable easier development of WASM policies.
  • Sandboxing improvements provide better isolation for WASM policies.
  • API expansion enables more powerful WASM policy capabilities.

Performance Improvements

  1. Policy evaluation optimizations reduce latency for admission control decisions.
  2. WASM execution improvements reduce overhead for WebAssembly policy execution.
  3. Resource usage optimizations reduce memory and CPU consumption.
  4. Caching enhancements improve response times for frequently evaluated policies.

Policy Management

  • Policy registry improvements enable better management of WASM policies.
  • Policy versioning enables management of policy versions and rollback.
  • Policy testing improvements enable better validation of policies before deployment.
  • Policy distribution enhancements enable easier sharing of policies.

Policy Capabilities

  • Resource validation enables validation of Kubernetes resources.
  • Custom validation enables validation using custom WASM logic.
  • Mutation support enables modification of resources during admission.
  • Audit capabilities enable detection of policy violations in existing resources.

Getting Started

# Install Kubewarden
helm repo add kubewarden https://charts.kubewarden.io
helm install kubewarden-crds kubewarden/kubewarden-crds
helm install kubewarden-controller kubewarden/kubewarden-controller

Create a ClusterAdmissionPolicy:

apiVersion: policies.kubewarden.io/v1
kind: ClusterAdmissionPolicy
metadata:
  name: psp-capabilities
spec:
  policyServer: default
  module: registry://ghcr.io/kubewarden/policies/psp-capabilities:v0.1.9
  rules:
  - apiGroups: [""]
    apiVersions: ["v1"]
    resources: ["pods"]
    operations:
    - CREATE
    - UPDATE
  mutating: false

Summary

AspectDetails
Release DateAugust 5, 2024
Headline FeaturesWebAssembly enhancements, performance improvements, policy management, policy capabilities
Why it MattersDelivers powerful WASM-based policy enforcement with enhanced performance and policy capabilities

Kubewarden 1.7 continues to advance WebAssembly-based policy enforcement, providing teams with powerful and flexible policy capabilities.