New Open-Source Project Makes Kubernetes Policies Simple, Maintainable and Understandable

Joseph Eckert
Minute Read

San Francisco - Loft Labs, which makes Kubernetes easily accessible to developers, today announced the availability of its latest open source project, jsPolicy. As a first-of-its-kind policy engine based on JavaScript, jsPolicy makes policies in Kubernetes clusters easier to manage and maintain, while also making them understandable and transparent.

“Policies are key to securing Kubernetes operations, especially in multi-tenant clusters,” said Fabian Kramm, CTO of Loft Labs. “Until now, policy engines have used lesser known languages such as Rego, making it hard to use for writing policies at first and even harder to understand and maintain these policies a few months later. jsPolicy allows organizations to express their policies in JavaScript, one of the most popular programming languages with over 12 million developers using it worldwide.”

Today, if someone runs a request and a policy written in Rego (the language commonly used for Kubernetes policies using Open Policy Agent) denies this operation, it is almost impossible for the user to look at the policy and understand why the request was denied. However, with policies written in JavaScript, there are almost no limitations of what engineers can do because JavaScript is easy to understand and almost every engineer can at least read it and make sense of it.

Not only does this make it easier to write policies but also improves the maintainability of policies long-term. Additionally, the JavaScript execution in jsPolicy is based on Google’s high-performance V8 engine which is used in almost every modern browser and optimized for low memory use and fast execution. This makes jsPolicy not just easier to understand but also much faster than any other policy framework.

Also, using JavaScript as a policy language has the huge advantage of the vibrant JavaScript ecosystem, which allows engineers to make use of thousands of popular libraries and frameworks allowing engineers to establish a very efficient development and testing workflow for their Kubernetes policies.

Loft Labs also recently released vcluster, a first-of-its-kind virtual cluster technology for Kubernetes. jsPolicy now available at and on Github.

Loft is used by platform teams in enterprises to create internal Kubernetes platforms for developing cloud-native software, executing continuous integration/continuous delivery (CI/CD) pipelines, or running artificial intelligence (AI) and machine learning (ML) experiments. It is also valuable in production use cases, where IT teams use Loft’s virtual clusters to surpass the scalability limits of regular Kubernetes clusters and where companies need to provision full-blown demo environments or securely-isolated instances of their managed software products.

Sign up for our newsletter

Be the first to know about new features, announcements and industry insights.