Container Days Conference
Dynamic admission controllers have long played a pivotal role in enhancing the robustness and adaptability of clusters. For instance, ValidatingWebhookConfiguration empowers users to implement intricate and finely-tuned access controls beyond the capabilities of RBAC and MutatingWebhookConfiguration provides advanced defaulting logic for all resource types. However, this capability often comes at a price – the ease with which they can be misconfigured, potentially leading to cluster disruption and downtime.
Historically, we’ve accepted this fragility as an inevitable trade-off for greater control over our clusters. But that stops now!
Enter CEL-based, in-process Admission Policies!
In this talk we’ll take a look at what makes ValidatingAdmissionPolicies and MutatingAdmissionPolicies a safer choice for your admission logic, we will dive into the features and limitations and will also draw comparisons with their webhook-based alternatives, highlighting the problems they solve. Finally, we’ll walkthrough how you can begin leveraging them today and take a look at what might be coming in the future.
11 September 2025