Skip to main content
Version: Next 🚧

Host capabilities specification

During evaluation, Kubewarden policies can access extra capabilities offered by the host environment. This mechanism uses an approach similar to a traditional remote procedure call (RPC).

When a Kubewarden policy issues a request, this happens:

  • Kubewarden policy:
    • Invokes the capability offered by the host environment.
    • The invocation is a blocking operation, hence the policy code waits until the host provides an answer.
  • Host environment:
    • The host receives a capability invocation.
    • The host performs the operation.
    • The host provides an answer to the policy, which could be either success or failure.
  • Kubewarden policy:
    • The code receives the answer from the host and resumes execution.
    • The policy handles the host response accordingly.

Kubewarden implements the host capabilities feature using waPC. Each capability uses these details:

  • waPC function name: The name of the capability exposed by the host.
  • Input payload: The body of the request made by the policy. This is always encoded in JSON format.
  • Output payload: The body of the response coming from the host. This is always encoded in JSON format.

When something goes wrong, the host replies with an error. This is done using the error type of the programming language used by the policy. The error is a UTF-8 string that holds an explanation message.