-
The goal is to have each PolicyServer instance expose metrics about the policies currently loaded.
The metrics should be exported as a prometheus endpoint.
TODO:
* Define the metrics to be ex…
-
Explain the workflow needed to run a vanilla OPA policy on top of Kubewarden.
This should cover topics such as:
* Clarification between vanilla Opa and Gatekeeper
* How to build a `rego` file t…
-
Depends on: https://github.com/kubewarden/policy-evaluator/issues/21
In `kwctl`, an optional `--runtime-mode` flag has to be exposed with options: `autodetect` (default), `kubewarden-wapc`, `opa` a…
-
It's possible for the user to create a `ClusterAdmissionPolicy` object that refers a non-existing PolicyServer.
When that happens, the status of the `ClusterAdmissionPolicy` resource should report …
-
This card is part of https://github.com/kubewarden/policy-evaluator/issues/14.
Policy server should be able to load and evaluate Wasm modules that have been originated by `opa build` and have been …
-
Depends on: https://github.com/kubewarden/policy-evaluator/issues/21
Allow to annotate policies with a specific execution model, of the three:
- Kubewarden + waPC
- OPA
- OPA Gatekeeper
Thi…
-
Release a new helm chart with the new policy-server and kuberwarden-controller:
- Policy server: 0.1.10
- kubewarden-controller: 0.3.2
**Acceptance criteria**
- Smoke testing that consists i…
-
Allow kwctl to interact with Rego policies that have been compiled to WebAssembly
Both [OPA](https://github.com/open-policy-agent/opa) and [Gatekeeper](https://github.com/open-policy-agent/gatekeep…
-
There are several known vulnerabilities we can get rid of as of today.
## Binary
```
~/projects/kubewarden/policy-server(a0fb44c) » cargo audit
Fetching advisory database from `https://git…
-
Policies can have three execution modes at the current time:
- Kubewarden + waPC: this is the default behavior if you use one of our SDK languages and build your policy as a WASI target.
- OPA: ru…