A Go language template repository to quickly scaffold and develop Kubewarden policies for Kubernetes security enforcement.
A template repository to quickly scaffold a Kubewarden policy written with Go language
This tool is used by Kubernetes security engineers and developers to create custom admission control policies that enforce security rules on Kubernetes resources. It provides a ready-to-use scaffold for writing policies in Go, enabling automated validation and rejection of Kubernetes objects based on configurable criteria.
Due to current limitations in the Go compiler for WebAssembly outside browsers, TinyGo must be used to compile policies. TinyGo has limited support for Go reflection and the standard library, so official Kubernetes Go libraries cannot be imported directly; instead, TinyGo-compatible alternatives must be used. Using outdated versions of TinyGo may cause runtime errors. Testing should include both unit tests (with Go) and end-to-end tests (with kwctl and bats).
Clone the repository to your local machine
Install TinyGo compiler from https://tinygo.org/
Use the official Go compiler to run unit tests
Use TinyGo to compile the policy to WebAssembly
Install kwctl CLI tool from Kubewarden for policy testingmake test
Runs unit tests implemented using the Go testing framework
make e2e-tests
Runs end-to-end tests using the kwctl CLI and bats framework to validate the compiled WebAssembly policy