From Fragile to Resilient: ValidatingAdmissionPolicies Strengthen Kubernetes
03-17, 16:35–17:05 (Europe/Paris), Arena

In the world of Kubernetes, dynamic admission controllers have long played a pivotal role in enhancing the robustness and adaptability of clusters. For instance, the ValidatingWebhookConfiguration, which empowers users to implement intricate and finely-tuned access controls beyond the capabilities of RBAC. However, this newfound agility often comes at a price – the ease with which they can be misconfigured, potentially leading to cluster disruption and downtime.

Historically, we’ve accepted this fragility as an inevitable trade-off for greater control over our clusters. But what if we could change that narrative?

Enter ValidatingAdmissionPolicies!

In this talk we’ll take a look at what makes ValidatingAdmissionPolicies a safer choice for your validation logic and what problems they aim to solve.

We will delve into the world of ValidatingAdmissionPolicies, exploring their features and limitations. We will also draw comparisons with ValidatingWebhookConfigurations, shedding light on the problems they solve. Furthermore, I’ll provide a comprehensive walkthrough on how you can begin leveraging ValidatingAdmissionPolicies today.

Marcus is a platform engineer at Giant Swarm, a company dedicated to offering managed Kubernetes solutions. His main area of focus in recent years has been around Go, Kubernetes, containers and DevOps but originally started out as a web developer and JavaScript enthusiast. A self-described “tinkerer”, when not building Kubernetes solutions, Marcus likes to dabble with 3D printing and experimenting with smart home tech.