Skip to content

Releases: loft-sh/jspolicy

v0.2.0-beta.4

20 Dec 15:00
@FabianKramm FabianKramm
v0.2.0-beta.4
d221d24
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.2.0-beta.4 Pre-release
Pre-release

!!! Breaking !!!

Make sure you reapply the jspolicy crds via the following command before upgrading:

kubectl apply -f https://raw.githubusercontent.com/loft-sh/jspolicy/5211a03e9258d2f9917da3f4511af3af77fe441a/chart/crds/crds.yaml

Changes

  • Decreased jsPolicy image size
  • jsPolicy is now running as non root
  • jsPolicy can now bundle multiple policies in parallel
  • jsPolicy now applies changes to webhook configurations rather than overwriting them
  • jsPolicy now supports PolicyReport and ClusterPolicyReport. PolicyReport and ClusterPolicyReport are CRDs created by the Kubernetes Policy WG (https://github.com/kubernetes-sigs/wg-policy-prototypes). These CRDs will be created besides the existing JsPolicyViolations CRD. jsPolicy can now creates one PolicyReport per Namespace for all JsPolices and one ClusterPolicyReport for all Cluster scoped violations. (thanks @fjogeleit) This makes it possible to use JsPolicy together with Policy Reporter and creates observability capabilities like integrations in Prometheus, Grafana Loki or the standalone Policy Reporter UI.
  • New imagePullSecrets in the jsPolicy chart to define custom image pull secrets (thanks @infa-ddeore)
  • Refactored jsPolicy controller to use conditions
  • Fixed an issue where jsPolicy would end up in a retry loop on AKS clusters
  • Changed health probe port from 80 to 9080
  • Updated k8s dependencies to v1.23.0
  • Updated v8 engine to 9.6.180.12

Contributors

fjogeleit and infa-ddeore
Assets 2
Loading

v0.2.0-beta.3

20 Dec 12:19
@FabianKramm FabianKramm
v0.2.0-beta.3
0487c12
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.2.0-beta.3 Pre-release
Pre-release

!!! Breaking !!!

Make sure you reapply the jspolicy crds via the following command before upgrading:

kubectl apply -f https://raw.githubusercontent.com/loft-sh/jspolicy/5211a03e9258d2f9917da3f4511af3af77fe441a/chart/crds/crds.yaml

Changes

  • Decreased jsPolicy image size
  • jsPolicy is now running as non root
  • jsPolicy can now bundle multiple policies in parallel
  • jsPolicy now applies changes to webhook configurations rather than overwriting them
  • jsPolicy now supports PolicyReport and ClusterPolicyReport. PolicyReport and ClusterPolicyReport are CRDs created by the Kubernetes Policy WG (https://github.com/kubernetes-sigs/wg-policy-prototypes). These CRDs will be created besides the existing JsPolicyViolations CRD. jsPolicy can now creates one PolicyReport per Namespace for all JsPolices and one ClusterPolicyReport for all Cluster scoped violations. (thanks @fjogeleit) This makes it possible to use JsPolicy together with Policy Reporter and creates observability capabilities like integrations in Prometheus, Grafana Loki or the standalone Policy Reporter UI.
  • New imagePullSecrets in the jsPolicy chart to define custom image pull secrets (thanks @infa-ddeore)
  • Refactored jsPolicy controller to use conditions
  • Fixed an issue where jsPolicy would end up in a retry loop on AKS clusters
  • Updated k8s dependencies to v1.23.0
  • Updated v8 engine to 9.6.180.12

Contributors

fjogeleit and infa-ddeore
Assets 2
Loading

v0.2.0-beta.1

16 Dec 12:49
@FabianKramm FabianKramm
v0.2.0-beta.1
f17fcec
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.2.0-beta.1 Pre-release
Pre-release

!!! Breaking !!!

Make sure you reapply the jspolicy crds via the following command before upgrading:

kubectly apply -f https://raw.githubusercontent.com/loft-sh/jspolicy/5211a03e9258d2f9917da3f4511af3af77fe441a/chart/crds/crds.yaml

Changes

  • jsPolicy now supports PolicyReport and ClusterPolicyReport. PolicyReport and ClusterPolicyReport are CRDs created by the Kubernetes Policy WG (https://github.com/kubernetes-sigs/wg-policy-prototypes). These CRDs will be created besides the existing JsPolicyViolations CRD. jsPolicy can now creates one PolicyReport per Namespace for all JsPolices and one ClusterPolicyReport for all Cluster scoped violations. (thanks @fjogeleit) This makes it possible to use JsPolicy together with Policy Reporter and creates observability capabilities like integrations in Prometheus, Grafana Loki or the standalone Policy Reporter UI.
  • New imagePullSecrets in the jsPolicy chart to define custom image pull secrets (thanks @infa-ddeore)
  • Refactored jsPolicy controller to use conditions
  • Fixed an issue where jsPolicy would end up in a retry loop on AKS clusters
  • Updated k8s dependencies to v1.23.0

Contributors

fjogeleit and infa-ddeore
Assets 2
Loading

v0.2.0-beta.0

16 Dec 12:44
@FabianKramm FabianKramm
v0.2.0-beta.0
1c1536a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.2.0-beta.0 Pre-release
Pre-release

!!! Breaking !!!

Make sure you reapply the jspolicy crds via the following command before upgrading:

kubectly apply -f https://raw.githubusercontent.com/loft-sh/jspolicy/5211a03e9258d2f9917da3f4511af3af77fe441a/chart/crds/crds.yaml

Changes

  • jsPolicy now supports PolicyReport and ClusterPolicyReport. PolicyReport and ClusterPolicyReport are CRDs created by the Kubernetes Policy WG (https://github.com/kubernetes-sigs/wg-policy-prototypes). These CRDs will be created besides the existing JsPolicyViolations CRD. jsPolicy can now creates one PolicyReport per Namespace for all JsPolices and one ClusterPolicyReport for all Cluster scoped violations. (thanks @fjogeleit) This makes it possible to use JsPolicy together with Policy Reporter and creates observability capabilities like integrations in Prometheus, Grafana Loki or the standalone Policy Reporter UI.
  • New imagePullSecrets in the jsPolicy chart to define custom image pull secrets (thanks @infa-ddeore)
  • Refactored jsPolicy controller to use conditions
  • Fixed an issue where jsPolicy would end up in a retry loop on AKS clusters
  • Updated k8s dependencies to v1.23.0

Contributors

fjogeleit and infa-ddeore
Assets 2
Loading

v0.1.1

14 May 08:24
@FabianKramm FabianKramm
v0.1.1
d98643f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.1.1

jsPolicy - Easier & Faster Kubernetes Policies using JavaScript or TypeScript

  • Lightning Fast & Secure Policy Execution - jsPolicy runs policies with Google's super fast V8 JavaScript engine in a pool of pre-heated sandbox environments. Most policies do not even take a single millisecond to execute
  • Great Language For Policies - JavaScript is made for handling and manipulating JSON objects (short for: JavaScript Object Notation!) and Kubernetes uses JSON by converting your YAML to JSON during every API request
  • 3 Policy Types for anything you need:
    • Validating Policies - Request validation that is as easy as calling allow(), deny("This is not allowed"), or warn("We'll let this one slip, but upgrade to the new ingress controller")
    • Mutating Policies - Simple mutations of the kubectl request payload via mutate(modifiedObj)
    • Controller Policies - Run custom JavaScript controllers that react to any changes to the objects in your cluster (controller policies are reactive, so they are not webhooks and part of a Kubernetes API server request but instead react to Events in your cluster after they have happened). With controller policies you can write resource sync mechanisms, enforce objects in namespaces, garbage collectors or fully functional CRD controllers
  • Simple yet Powerful - Create a functional webhook with a single line of JavaScript or write your own fully blown custom StatefulSet controller in TypeScript with jsPolicy. There are no limits and the possibilities are endless
  • Easy Cluster Access - Control cluster state with built-in functions such as get("Pod", "v1", "my-namespace/my-pod"), list("Namespace", "v1"), create(limitRange), update(mySecret) or remove(configMap)
  • Focus on Policy Logic - Jump right in and only focus on writing your own policy logic or simply reuse existing policies. Let jsPolicy do the rest and don't worry about high-availability, performance tuning, auditing, certificate management, webhook registration, prometheus metrics, shared resource caches, controller boilerplate, dynamic policy management etc. anymore
  • Turing Complete Policy Language - Use loops, Promises, generator functions, ? operators, TypeScript Type-Safe practices, hot reloaders, linting, test frameworks and all other modern JS language features and development best practices for writing clean and easy to maintain policy code
  • Huge Ecosystem of Libraries - Use any CommonJS JavaScript or TypeScript library from npmjs or from your private registry
  • Easy Policy Sharing & Reuse - Share entire policies or reusable functions via npmjs or via your private registry
  • Efficient Policy Development - Use any of the dev tools available in JavaScript or TypeScript for a highly efficient workflow
Assets 2
Loading

v0.1.0

06 May 13:49
@FabianKramm FabianKramm
v0.1.0
69fa784
Compare
Choose a tag to compare
v0.1.0

jsPolicy - Easier & Faster Kubernetes Policies using JavaScript or TypeScript

  • Lightning Fast & Secure Policy Execution - jsPolicy runs policies with Google's super fast V8 JavaScript engine in a pool of pre-heated sandbox environments. Most policies do not even take a single millisecond to execute
  • Great Language For Policies - JavaScript is made for handling and manipulating JSON objects (short for: JavaScript Object Notation!) and Kubernetes uses JSON by converting your YAML to JSON during every API request
  • 3 Policy Types for anything you need:
    • Validating Policies - Request validation that is as easy as calling allow(), deny("This is not allowed"), or warn("We'll let this one slip, but upgrade to the new ingress controller")
    • Mutating Policies - Simple mutations of the kubectl request payload via mutate(modifiedObj)
    • Controller Policies - Run custom JavaScript controllers that react to any changes to the objects in your cluster (controller policies are reactive, so they are not webhooks and part of a Kubernetes API server request but instead react to Events in your cluster after they have happened). With controller policies you can write resource sync mechanisms, enforce objects in namespaces, garbage collectors or fully functional CRD controllers
  • Simple yet Powerful - Create a functional webhook with a single line of JavaScript or write your own fully blown custom StatefulSet controller in TypeScript with jsPolicy. There are no limits and the possibilities are endless
  • Easy Cluster Access - Control cluster state with built-in functions such as get("Pod", "v1", "my-namespace/my-pod"), list("Namespace", "v1"), create(limitRange), update(mySecret) or remove(configMap)
  • Focus on Policy Logic - Jump right in and only focus on writing your own policy logic or simply reuse existing policies. Let jsPolicy do the rest and don't worry about high-availability, performance tuning, auditing, certificate management, webhook registration, prometheus metrics, shared resource caches, controller boilerplate, dynamic policy management etc. anymore
  • Turing Complete Policy Language - Use loops, Promises, generator functions, ? operators, TypeScript Type-Safe practices, hot reloaders, linting, test frameworks and all other modern JS language features and development best practices for writing clean and easy to maintain policy code
  • Huge Ecosystem of Libraries - Use any CommonJS JavaScript or TypeScript library from npmjs or from your private registry
  • Easy Policy Sharing & Reuse - Share entire policies or reusable functions via npmjs or via your private registry
  • Efficient Policy Development - Use any of the dev tools available in JavaScript or TypeScript for a highly efficient workflow
Assets 2
Loading

v0.1.0-beta.0

06 May 12:38
@FabianKramm FabianKramm
v0.1.0-beta.0
69fa784
Compare
Choose a tag to compare
v0.1.0-beta.0 Pre-release
Pre-release 
initial commit
Assets 2
Loading