From Fragile to Resilient: ValidatingAdmissionPolicies Strengthen Kubernetes

A presentation at Cloud Native Rejekts EU 2024 in in Paris, France by Marcus Noble

In the world of Kubernetes, dynamic admission controllers have long played a pivotal role in enhancing the robustness and adaptability of clusters. For instance, the ValidatingWebhookConfiguration, which empowers users to implement intricate and finely-tuned access controls beyond the capabilities of RBAC. However, this newfound agility often comes at a price – the ease with which they can be misconfigured, potentially leading to cluster disruption and downtime.

Historically, we’ve accepted this fragility as an inevitable trade-off for greater control over our clusters. But what if we could change that narrative?

Enter ValidatingAdmissionPolicies!

In this talk we’ll take a look at what makes ValidatingAdmissionPolicies a safer choice for your validation logic and what problems they aim to solve.

We will delve into the world of ValidatingAdmissionPolicies, exploring their features and limitations. We will also draw comparisons with ValidatingWebhookConfigurations, shedding light on the problems they solve. Furthermore, I’ll provide a comprehensive walkthrough on how you can begin leveraging ValidatingAdmissionPolicies today.



The following resources were mentioned during the presentation or are useful additional information.

Buzz and feedback

Here’s what was said about this presentation on social media.