Skip to main content

Why jsPolicy?

jsPolicy is a policy engine for Kubernetes that allows you to write policies in JavaScript or TypeScript.

jsPolicy Architecture
jsPolicy - Architecture


Lightning Fast & Secure Policy Execution#

jsPolicy runs policies with Google's super-fast V8 JavaScript engine in a pool of pre-heated sandbox environments. Most policies do not even take a single millisecond to execute

Great Language For Policies#

JavaScript is made for handling and manipulating JSON objects (short for "JavaScript Object Notation" (!)) and Kubernetes uses JSON by converting your YAML to JSON during every API request

3 Policy Types#

  • Validating Policies - Request validation that is as easy as calling allow(), deny("This is not allowed"), or warn("We'll let this one slip, but upgrade to the new ingress controller")
  • Mutating Policies - Simple mutations of the kubectl request payload via mutate(modifiedObj)
  • Controller Policies - Run custom JavaScript controllers that react to any changes to the objects in your cluster (controller policies are reactive, so they are not webhooks and part of a Kubernetes API server request but instead react to Events in your cluster after they have happened). With controller policies you can write resource sync mechanisms, enforce objects in namespaces, garbage collectors or fully functional CRD controllers

Simple yet Powerful#

Create a functional webhook with a single line of JavaScript or write your own fully blown custom StatefulSet controller in TypeScript with jsPolicy. There are no limits and the possibilities are endless

Easy Cluster Access#

Control cluster state with built-in functions such as get("Pod", "v1", "my-namespace/my-pod"), list("Namespace", "v1"), create(limitRange), update(mySecret) or remove(configMap)

Focus on Policy Logic#

Jump right in and only focus on writing your own policy logic or simply reuse existing policies. Let jsPolicy do the rest and don't worry about high-availability, performance tuning, auditing, certificate management, webhook registration, Prometheus metrics, shared resource caches, controller boilerplate, dynamic policy management etc. anymore

Turing Complete Policy Language#

Use loops, Promises, generator functions, ? operators, TypeScript Type-Safe practices, hot reloaders, linting, test frameworks and all other modern JS language features and development best practices for writing clean and easy to maintain policy code

Huge Ecosystem of Libraries#

Use any CommonJS JavaScript or TypeScript library from npmjs or from your private registry

Easy Policy Sharing & Reuse#

Share entire policies or reusable functions via npmjs or via your private registry

Efficient Policy Development#

Use any of the dev tools available in JavaScript or TypeScript for a highly efficient workflow