k-rail
Kubewarden
k-rail | Kubewarden | |
---|---|---|
3 | 4 | |
448 | 132 | |
- | 0.8% | |
0.0 | 9.5 | |
over 1 year ago | 6 days ago | |
Go | Rust | |
Apache License 2.0 | Apache-2.0 License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
k-rail
- Is OPA Gatekeeper the best solution for writing policies for k8s clusters?
-
Writing a Kubernetes Admission Controller
k-rail
-
Checking Your --privileged Container
k-rail: https://github.com/cruise-automation/k-rail
Kubewarden
-
Kubernetes Security tooling -Open Source (Non-SaaS
If you're already playing with webassembly, take a look at kubewarden.io
-
Is OPA Gatekeeper the best solution for writing policies for k8s clusters?
I'm one of the developers of kubewarden, a CNCF sandbox project that operates in the same space as OPA/Gatekeeper and Kyverno.
-
OPA Rego is ridiculously confusing - best way to learn it?
An alternative to OPA (and Rego) is Kubewarden (kubewarden.io), which can actually run Rego policies, but really allows policy writing in any language that compiles to wasm. This opens up your options a lot.
-
Kyverno VS policy-server - a user suggested alternative
2 projects | 14 Mar 2022
Kubewarden is a policy engine for Kubernetes. It helps with keeping your Kubernetes clusters secure and compliant. Kubewarden policies can be written using regular programming languages or Domain Specific Languages (DSL). Policies are compiled into WebAssembly modules that are then distributed using traditional container registries.
What are some alternatives?
gatekeeper - 🐊 Gatekeeper - Policy Controller for Kubernetes
Kyverno - Kubernetes Native Policy Management
photon - ⚡ Rust/WebAssembly image processing library
datree - Prevent Kubernetes misconfigurations from reaching production (again 😤 )! From code to cloud, Datree provides an E2E policy enforcement solution to run automatic checks for rule violations. See our docs: https://hub.datree.io
artichoke - 💎 Artichoke is a Ruby made with Rust
kubeclarity - KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems
jspolicy - jsPolicy - Easier & Faster Kubernetes Policies using JavaScript or TypeScript
sysbox - An open-source, next-generation "runc" that empowers rootless containers to run workloads such as Systemd, Docker, Kubernetes, just like VMs.
neuvector-helm - HELM chart to install NeuVector container cluster
kubernetes - Production-Grade Container Scheduling and Management
lucet - Lucet, the Sandboxing WebAssembly Compiler.