KubewardenPolicySDK 0.1.2
dotnet add package KubewardenPolicySDK --version 0.1.2
NuGet\Install-Package KubewardenPolicySDK -Version 0.1.2
<PackageReference Include="KubewardenPolicySDK" Version="0.1.2" />
paket add KubewardenPolicySDK --version 0.1.2
#r "nuget: KubewardenPolicySDK, 0.1.2"
// Install KubewardenPolicySDK as a Cake Addin
#addin nuget:?package=KubewardenPolicySDK&version=0.1.2
// Install KubewardenPolicySDK as a Cake Tool
#tool nuget:?package=KubewardenPolicySDK&version=0.1.2
Kubewarden .NET Policy SDK
⚠️ Warning: experimental ⚠️
This code leverages
dot-net-wasi-sdk, which is currently marked as experimental.It also requires usage of .NET 7, which is currently in preview.
This library provides a SDK that can be used to write Kubewarden Policies using the C# programming language.
This is a first iteration of the SDK, it can be used to create both validating and mutating policies.
Limitations
However, the following host capabilities are not exposed yet:
Currently the size of the final WebAssembly modules is pretty big (~26 Mb). The startup time is however reasonable.
Trying to enable the experimental property <WasiTrim>true</WasiTrim> causes
the compilation to fail. The issue has been reported to the author of
dot-net-wasi-sdk.
Requirements
The code requires .NET 7, which is currently (as of July 2022) in preview mode.
Executing dotnet --version should return 7.0.100-preview.4 or later.
Policy quickstart
Start by creating a Console application:
dotnet new console -o MyFirstKubewardenPolicy
cd MyFirstKubewardenPolicy
dotnet add package Wasi.Sdk --prerelease
dotnet add package WapcGuest
dotnet add package KubewardenPolicySDK
Edit the Program.cs file and replace its contents to match the following ones:
using WapcGuest;
using KubewardenPolicySDK;
namespace Policy;
public class IngressPolicy
{
public static void Main()
{
var wapc = new Wapc();
wapc.RegisterFunction("protocol_version", Kubewarden.ProtocolVersionGuest);
wapc.RegisterFunction("validate", Validate);
wapc.RegisterFunction("validate_settings", SettingsValidate);
}
static byte[] Validate(byte[] payload)
{
return Kubewarden.AcceptRequest();
}
static byte[] SettingsValidate(byte[] payload)
{
return Kubewarden.AcceptSettings();
}
}
Finally, build the policy in this way:
dotnet build
This will produce a .wasm file under the bin/Debug directory.
The policy can now be run using kwctl.
For a more complex example, checkout the examples directory.
Contribute
The author of this code is not a .NET expert, patches are welcome to improve the code quality and to make it more idiomatic.
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net7.0 is compatible. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
-
net7.0
- No dependencies.
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.