Kubewarden 1.4.0 Release
Today we’re pleased to announce the availability of Kubewarden 1.4.0. Kubewarden is an open source security policy engine. This 1.4.0 version brings some minor fixes to our controller and helm charts and two new interesting features.
Sigstore certificate verification
Kubewarden integration with Sigstore keeps growing. Starting from this release, verifying signatures that have been produced with certificates is possible.
This can be useful to organizations that are using hardware tokens and KMS solutions to sign their container images via Sigstore.
Take a look at this dedicated blog post to learn more about this feature.
Starting with this release, kwctl gains a new command called
By using this command, policy authors can better understand how their code behaves once compiled into WebAssembly.
bench command takes the same set of parameters as the
run one and provides a quick overview of the execution times of these two core functions:
kwctl bench -r verify-image-signatures/test_data/pod_creation_signed_with_certificate.json \ -s verify-image-signatures/test_data/settings-pod_signed_with_cert_and_rekor.yaml \ verify-image-signatures/policy.wasm validate_settings warming up for 3.00s validate_settings mean warm up execution time 615.52µs running 10.1 thousand iterations validate_settings [10.1 thousand iterations in 6.13s with 100.0 samples]: elapsed [min mean max]: [603.17µs 607.30µs 628.31µs] (sample data: med = 606.19µs, var = 12.73ms², stddev = 3.57µs) validate warming up for 3.00s validate mean warm up execution time 3.51s running 5.0 thousand iterations validate [5.0 thousand iterations in 2.06s with 100.0 samples]: elapsed [min mean max]: [375.99µs 412.94µs 534.05µs] (sample data: med = 415.81µs, var = 623.37ms², stddev = 24.97µs)
Stay tuned for a dedicated blog post about this specific command of
Go grab it!
We are eager to know what you think about Kubewarden and this release.
As usual, you can reach out to us over our slack channel.