Cloud native policy engine for Kubernetes
Admitik is a cloud native policy engine for Kubernetes that lets you define policies to validate, mutate, generate, clone, or clean resources.
It uses template engines (like CEL or Starlark) to apply logic, patch resources, or generate new ones — all directly inside your cluster.
No new languages to learn. No sidecars. Just Kubernetes-native power. 💪
Enforce admission rules to keep your cluster secure, compliant, and predictable.
- Block configurations that violate security or runtime policies
- Enforce consistent naming, labeling, or structural patterns
- Reject resources that miss required platform standards (e.g. limits, roles, labels)
Modify resources before they’re stored to ensure they meet platform expectations.
- Auto-inject metadata for cost tracking, ownership, or auditing
- Add observability settings (e.g. monitoring annotations) automatically
- Apply missing defaults for scheduling, networking, or access behavior
Create complementary resources in response to cluster activity.
- Deploy baseline policies or controls when new environments appear
- Automatically provision RBAC or access scopes based on context
- Generate environment-specific configs to simplify onboarding
Important
We are working on this feature! 🛠️
Important
We are working on this feature! 🛠️
Admitik uses templating to evaluate conditions, build messages, craft patches, or define generated objects.
Supported engines:
- Go Templates (with Sprig functions)
- CEL (Common Expression Language)
- Starlark (a Python-like scripting language)
- Plain (you write it, your rules)
- Plain+CEL (light templating with inline CEL expressions)
Choose the one that fits your needs — or combine them in the same policy!
Inside any template, you can access these powerful variables:
| Key | Description |
|---|---|
object |
The resource being created, updated, or deleted |
oldObject |
The previous version (on UPDATE operations) |
operation |
The current action: CREATE, UPDATE, or DELETE |
sources |
Lists of extra Kubernetes resources you request for evaluation (like ConfigMaps or Deployments) |
vars |
A shared dictionary to store and reuse values across conditions and templates |
These variables let you write dynamic, context-aware policies using real cluster data. 🔍
Tip
Remember that each engine has its own capabilities, so all the variables are available everywhere,
but not all engines can do everything. For example, CEL is for simple expressions, so it can read vars but can not modify them
| Kind | What it does |
|---|---|
ClusterValidationPolicy |
Validates intercepted resources |
ClusterMutationPolicy |
Modifies intercepted resources |
ClusterGenerationPolicy |
Generates new resources (or clone existing) on events |
We’ve prepared real-world examples so you can get started quickly:
We will cover all the installation methods in documentation soon, in the meanwhile, instructions here!
All contributions are welcome! Whether you're reporting bugs, suggesting features, or submitting code — thank you! Here’s how to get involved:
▸ Open an issue to report bugs or request features
▸ Submit a pull request to contribute improvements
▸ Check open milestones to see what’s coming
▸ Read the contributing guide to get started smoothly
Admitik is licensed under the Apache 2.0 License.