Marcus is a platform engineer at Giant Swarm, a company dedicated to offering managed Kubernetes solutions, a Civo Ambassador and a CNCF Ambassador. His main area of focus in recent years has been around Go, Kubernetes, containers and DevOps but originally started out as a web developer and JavaScript enthusiast. A self-described “tinkerer”, when not building Kubernetes solutions, Marcus likes to dabble with 3D printing and experimenting with smart home tech.
Dynamic admission controllers have long played a pivotal role in enhancing the robustness and adaptability of clusters. For instance, ValidatingWebhookConfiguration empowers users to implement finely-tuned access controls beyond the capabilities of RBAC and MutatingWebhookConfiguration provides advanced defaulting logic for all resource. However, this often comes at a price – the ease with which they can be misconfigured, potentially leading to cluster disruption and downtime.
Historically, we’ve accepted this fragility as an inevitable trade-off for greater control over our clusters. But that ends now!
Enter CEL-based, in-process Admission Policies!
In this talk we’ll look at what makes ValidatingAdmissionPolicies and MutatingAdmissionPolicies a safer choice, we will dive into the features & limitations and draw comparisons with their webhook-based alternatives, highlighting problems they solve. Finally, we’ll walkthrough how you can leveraging them today and look at the future.
| Pod Deep Dive - The Interesting Bits | KCD Czech & Slovak 2025 | June 2025 |
|---|
