11-10, 16:00–16:30 (MST), Theater
In the world of Kubernetes, dynamic admission controllers have long played a pivotal role in enhancing clusters. For instance, ValidatingWebhookConfiguration empowers users to implement finely-tuned access controls beyond the capabilities of RBAC and MutatingWebhookConfiguration provides advanced defaulting logic. However, this capability often comes at a price – the ease with which they can be misconfigured, potentially leading to cluster disruption and downtime.
Historically, we’ve accepted this fragility as an inevitable trade-off for greater control over our clusters. But what if we could change that narrative?
Enter CEL-based Admission Policies!
In this talk we’ll take a look at what makes admission policies a safer choice for your admission logic and what problems they aim to solve. We will dive into the features and limitations and will also draw comparisons with alternatives, highlighting the problems they solve.
Marcus is a platform engineer at Giant Swarm, a company dedicated to offering managed Kubernetes solutions, a Civo Ambassador and a CNCF Ambassador. His main area of focus in recent years has been around Go, Kubernetes, containers and DevOps but originally started out as a web developer and JavaScript enthusiast. A self-described “tinkerer”, when not building Kubernetes solutions, Marcus likes to dabble with 3D printing and experimenting with smart home tech.