GitHub - kubewarden/rego-policies-library: A collection of Rego policies that can be used to enforce best practices in Kubernetes clusters

kubewarden / rego-policies-library Public

Notifications You must be signed in to change notification settings
Fork 2
Star 0

A collection of Rego policies that can be used to enforce best practices in Kubernetes clusters

kubewarden.io

Apache-2.0 license

0 stars 2 forks Branches Tags Activity

Star

Notifications

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 16 Commits
.github/workflows		.github/workflows
policies		policies
staging		staging
.gitignore		.gitignore
LICENSE		LICENSE
README		README
renovate.json		renovate.json

Repository files navigation

# Rego policies library

This repository contains a collection of Rego policies that can be used with
Kubewarden to enforce security and compliance best practices.

These policies have been adapted from https://github.com/weaveworks/policy-library.

Weaveworks has been a pioneer in the field of Kubernetes security and
compliance. They transitioned to a community-driven project with the closure of
their start-up company at the beginning of 2024, which was a sad moment in the
cloud native sphere. We thank Weaveworks and their contributors for their work
on these policies, and we believe they are a good asset for Kubernetes users.

The policies are organized as:
- `policies/`: Production ready, tested policies, released via tags to
  `ghcr.io/kubewarden/policies` and artifacthub.io.
- `staging/`: Policies under evaluation, not yet released.

## Releasing a policy

Push a new tag with the pattern `PolicyName/vX.Y.Z`, with the policy in the
folder `policies/PolicyName`. The release job will test, build and push the
policy to `ghcr.io/kubewarden/policies`, create the corresponding GH release,
as well as updating the `artifacthub` branch in this repository.