Puja Abbassi

Puja Abbassi is a Developer Advocate and Product Owner at Giant Swarm. As a CNCF ambassador, he's passionate about bringing cloud native technologies to more developers and their companies around the globe. In Kubernetes, he focuses on security and authentication as well as extending Kubernetes with custom resources and controllers (aka operators). With a few years of Kubernetes experience and having been in the beta batch of CKAs, he enjoys solving problems and helping people in Kubernetes Office Hours, Slack, and Discuss. He is also a contributor to the CIS Kubernetes Benchmarks.

The speaker's profile picture


Making our APIs more user friendly - Using OPA as a general webhook for CRDs

Custom Resource Definitions (CRDs) are the future of the Kubernetes API. Not only external so-called “operators” are using CRDs, but going forward more and more “native” functionality is being built with CRDs and custom controllers, making Kubernetes more modular.

As the CRD concept is maturing SIG API machinery is adding useful features like validation, defaulting, structural schemas, etc. However, in more complex extensions with multiple CRDs and multiple controllers like for example the Cluster API, we run into validation and defaulting use cases that currently can only be modeled with validation and mutation webhooks.

This talk will discuss advanced use cases for CRD validation and defaulting. The speaker will make a point for why to use Open Policy Agent for these use cases and show the application of this reasoning in a demo.