-
Right now, `v1alpha1` of `ClusterAdmissionPolicy` allows to set only one matching rule per policy. This is a limitation compared to what a regular Webhook admission controller offers.
# Admission c…
-
**Is your feature request related to a problem? Please describe.**
Having a RabbitMQ cluster defined in one namespace and resources like Users defined in another namespace is not possible.
This is a…
-
`ClusterAdmissionPolicy` v1alpha2 has a `Rules` attribute, which contains [RuleWithOperations](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#rulewithoperations-v1-admissionregis…
-
The policy format already changed once (when we from WASI to waPC). There are chances this will happen again in the future (see the #28 ).
When the policy format changes, we have to find a way to n…
-
Cluster awareness needs to be fixed, so that:
- When a policy that is not cluster aware is executed, `kwctl` does not try to initialize a Kubernetes client.
- When a policy that is cluster context…
-
---
name: Kubernetes Admission Controller Threat Model
about: A document which would look at the likely threats which apply to Kubernetes admission controllers
title: "[Proposal] Kubernetes Admissi…
-
Right now `kwctl` attempts to connect to the kubernetes cluster every time a sub-command is executed. This is not needed by some commands (eg: `annotate`), and can lead to confusing output.
For exa…
-
Create the `kwctl` tool. This CLI tool is the go-to tool for Kubewarden users. It wil allow to perform:
- Policy image handling
- Pull (from OCI registry, HTTP server...) -- akin to `docker pull…
-
> > helm repo add kubewarden https://charts.kubewarden.io
> "kubewarden" has been added to your repositories
> > helm install --namespace kubewarden --create-namespace kubewarden-controller ku…
-
This command adds custom section to the final `.wasm` policy. The data is read from a `yml` file and is written into the WASM file as a custom section.
The custom header will have key `kubewarden`,…