Kubewarden
Kubewarden is a policy engine for Kubernetes. It helps with keeping your Kubernetes clusters secure and compliant.
Kubewarden policies can be written using regular programming languages or Domain Specific Languages (DSL) sugh as Rego.
Policies are compiled into WebAssembly modules that are then distributed using traditional container registries. (by kubewarden)
lucet
Lucet, the Sandboxing WebAssembly Compiler. (by bytecodealliance)
Our great sponsors
Kubewarden | lucet | |
---|---|---|
4 | 5 | |
132 | 4,061 | |
0.8% | - | |
9.5 | 6.6 | |
1 day ago | about 2 years ago | |
Rust | Rust | |
Apache-2.0 License | Apache License 2.0 |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Kubewarden
Posts with mentions or reviews of Kubewarden.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-03-26.
-
Kubernetes Security tooling -Open Source (Non-SaaS
If you're already playing with webassembly, take a look at kubewarden.io
-
Is OPA Gatekeeper the best solution for writing policies for k8s clusters?
I'm one of the developers of kubewarden, a CNCF sandbox project that operates in the same space as OPA/Gatekeeper and Kyverno.
-
OPA Rego is ridiculously confusing - best way to learn it?
An alternative to OPA (and Rego) is Kubewarden (kubewarden.io), which can actually run Rego policies, but really allows policy writing in any language that compiles to wasm. This opens up your options a lot.
-
Kyverno VS policy-server - a user suggested alternative
2 projects | 14 Mar 2022
Kubewarden is a policy engine for Kubernetes. It helps with keeping your Kubernetes clusters secure and compliant. Kubewarden policies can be written using regular programming languages or Domain Specific Languages (DSL). Policies are compiled into WebAssembly modules that are then distributed using traditional container registries.
lucet
Posts with mentions or reviews of lucet.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2024-03-10.
-
Unlocking the Power of WebAssembly
WebAssembly is extremely portable. WebAssembly runs on: all major web browsers, V8 runtimes like Node.js, and independent Wasm runtimes like Wasmtime, Lucet, and Wasmer.
-
A Look at Performance in Wasmtime and Cranelift
The bytecode alliance had the lucet project which would be an OS executing WASM application, enabling very strict sandboxing.
-
Your python 4 dream list.
References for anyone following: wasmtime Lucet
-
There are a *lot* of actor framework projects on Cargo.
I guess lucet could be an under-layer for this but it's not really the same, different levels of the stack. Fascinating.
-
Writing Rust the Elixir way
I also want to use this opportunity to say a big thank you to the teams working on Rust, Wasmer, Wasmtime, Lucet and waSCC. It would be impossible to build Lunatic without all the hard work put into this projects.
What are some alternatives?
When comparing Kubewarden and lucet you can also consider the following projects:
Kyverno - Kubernetes Native Policy Management
lunatic - The Lunatic VM [Moved to: https://github.com/lunatic-solutions/lunatic]
photon - ⚡ Rust/WebAssembly image processing library
genact - 🌀 A nonsense activity generator
artichoke - 💎 Artichoke is a Ruby made with Rust
async-std - Async version of the Rust standard library
jspolicy - jsPolicy - Easier & Faster Kubernetes Policies using JavaScript or TypeScript
Celluloid - Actor-based concurrent object framework for Ruby
neuvector-helm - HELM chart to install NeuVector container cluster
specs - Specs - Parallel ECS
k-rail - Kubernetes security tool for policy enforcement
component - Managed lifecycle of stateful objects in Clojure