Policies in jsPolicy can be written either in JavaScript or in any language that can be compiled to JavaScript such as TypeScript.
OPA policies need to be written in Rego which is not turing complete.
Kyverno uses YAML to express policies rather than a real programming language.
jsPolicy supports validating admission control policies.
OPA supports validating admission control policies.
Kyverno supports validating admission control policies.
jsPolicy supports mutating admission control policies and makes them incredibly easy to write.
Mutating policies are an alpha feature in OPA and have many limitations.
Kyverno's YAML policies only allow mutating policies to apply patches. More complex operations are impossible or really complicated.
Controller policies are executed after Events in your cluster and jsPolicy is the first policy engine to introduce this feature.
Controller policies only exist in jsPolicy.
Controller policies only exist in jsPolicy.
Since jsPolicy lets you work with regular JavaScript, the entire JS ecosystem with great dev tools and testing frameworks can be used to write, test and maintain policies.
Due to OPA's popularity and maturity, several dev and test tools are available but this very limited compared to the JS ecosystem.
Kvverno provides a CLI tool for running very basic end-to-end tests. 3rd party tooling is not available.
Publish and share your policies via npmjs.com or pull policy functions from a private npm registry. jsPolicy introduces a new level of policy package management via npm.
Due to OPA's popularity and maturity, several dev and test tools are available but this very limited compared to the JS ecosystem.
There is no widely adopted package manager for publishing and sharing Kyverno policy logic.
Getting started with jsPolicy is as easy as installing the Helm chart and applying some policies to your cluster. Check out the demo video for a preview of how to get started with jsPolicy in a few minutes.
# Install via Helm v3
helm install jspolicy jspolicy -n jspolicy --create-namespace --repo https://charts.loft.sh
# Create JsPolicies
kubectl apply -f https://raw.githubusercontent.com/loft-sh/jspolicy/main/examples/by-use-case/deny-default-namespace.yaml
At Loft Labs, we are committed to building open-source tools such as DevSpace, vcluster and kiosk alongside our commercial offering Loft. We want to give back to the community and we believe open-source projects are the best way to accelerate the speed of innovation in the cloud-native space.
Star the project on GitHub, open issues and pull requests. Any contribution is welcome.
Join the conversation about jsPolicy on Slack and get help from the project maintainers.
At Loft Labs, we are committed to building cloud-native open-source tools such as DevSpace, vcluster, kiosk, and of course jsPolicy. We do this alongside our commercial offering Loft because we want to give back to the community and we believe open-source projects are the best way to accelerate the speed of innovation in the cloud-native space.
Policies in jsPolicy can be written either in JavaScript or in any language that can be compiled to JavaScript such as TypeScript.
jsPolicy supports validating admission control policies.
jsPolicy supports mutating admission control policies and makes them incredibly easy to write.
Controller policies are executed after Events in your cluster and jsPolicy is the first policy engine to introduce this feature.
Since jsPolicy lets you work with regular JavaScript, the entire JS ecosystem with great dev tools and testing frameworks can be used to write, test and maintain policies.
OPA policies need to be written in Rego which is not turing complete.
OPA supports validating admission control policies.
Mutating policies are an alpha feature in OPA and have many limitations.
Controller policies only exist in jsPolicy.
Due to OPA's popularity and maturity, several dev and test tools are available but this very limited compared to the JS ecosystem.
Kyverno uses YAML to express policies rather than a real programming language.
Kyverno supports validating admission control policies.
Kyverno's YAML policies only allow mutating policies to apply patches. More complex operations are impossible or really complicated.
Controller policies only exist in jsPolicy.
Kvverno provides a CLI tool for running very basic end-to-end tests. 3rd party tooling is not available.
Publish and share your policies via npmjs.com or pull policy functions from a private npm registry. jsPolicy introduces a new level of policy package management via npm.
Due to OPA's popularity and maturity, several dev and test tools are available but this very limited compared to the JS ecosystem.
There is no widely adopted package manager for publishing and sharing Kyverno policy logic.