Kubewarden
compliantkubernetes-apps
Kubewarden | compliantkubernetes-apps | |
---|---|---|
4 | 3 | |
132 | 43 | |
0.8% | - | |
9.5 | 9.5 | |
6 days ago | 3 days ago | |
Rust | Shell | |
Apache-2.0 License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Kubewarden
-
Kubernetes Security tooling -Open Source (Non-SaaS
If you're already playing with webassembly, take a look at kubewarden.io
-
Is OPA Gatekeeper the best solution for writing policies for k8s clusters?
I'm one of the developers of kubewarden, a CNCF sandbox project that operates in the same space as OPA/Gatekeeper and Kyverno.
-
OPA Rego is ridiculously confusing - best way to learn it?
An alternative to OPA (and Rego) is Kubewarden (kubewarden.io), which can actually run Rego policies, but really allows policy writing in any language that compiles to wasm. This opens up your options a lot.
-
Kyverno VS policy-server - a user suggested alternative
2 projects | 14 Mar 2022
Kubewarden is a policy engine for Kubernetes. It helps with keeping your Kubernetes clusters secure and compliant. Kubewarden policies can be written using regular programming languages or Domain Specific Languages (DSL). Policies are compiled into WebAssembly modules that are then distributed using traditional container registries.
compliantkubernetes-apps
-
Kubernetes Security tooling -Open Source (Non-SaaS
In Compliant Kubernetes, which is a Kubernetes distribution for security and regulated industries, there is:
-
Building your own Kubernetes distribution
We build our own distro called Compliant Kubernetes, and we use (a fork of) kubespray to install the base Kubernetes layer. Our distro is entirely open source, so you can use it as a reference, if you want.
- If a deployment uses a PVC with ReadWriteOnce access mode, does it ever make sense to use RollingUpdate deployment strategy vs. Recreate?
What are some alternatives?
Kyverno - Kubernetes Native Policy Management
kubespray - Deploy a Production Ready Kubernetes Cluster
photon - ⚡ Rust/WebAssembly image processing library
artichoke - 💎 Artichoke is a Ruby made with Rust
jspolicy - jsPolicy - Easier & Faster Kubernetes Policies using JavaScript or TypeScript
neuvector-helm - HELM chart to install NeuVector container cluster
lucet - Lucet, the Sandboxing WebAssembly Compiler.
k-rail - Kubernetes security tool for policy enforcement
Seed - A Rust framework for creating web apps
wasmer - 🚀 The leading Wasm Runtime supporting WASIX, WASI and Emscripten
datree - Prevent Kubernetes misconfigurations from reaching production (again 😤 )! From code to cloud, Datree provides an E2E policy enforcement solution to run automatic checks for rule violations. See our docs: https://hub.datree.io
admission-webhook-datree - Datree offers cluster integration that allows you to validate your resources against your configured policy upon pushing them into a cluster, by using an admission webhook.