Kubernetes introduced external admission control in v1.7 to allow administrators to define policies for what objects can be admitted into a cluster.
One way to enforce these policies is through validating admission policies, which use the Common Expression Language (CEL) to declare validation rules.
Kubescape, a CNCF project for Kubernetes cluster security, has converted many of its controls to CEL and built a library of validating admission policies, which can be installed in a Kubernetes cluster using a selector and applied to objects using a ValidatingAdmissionPolicyBinding resource.
This feature is currently in alpha and not yet production-ready, but it is a promising native solution for enforcing policies in a Kubernetes cluster.
Give a Pawfive to this post!
Share with your friends and followers
Start writing about what excites you in tech — connect with developers, grow your voice, and get rewarded.
Join other developers and claim your FAUN.dev() account now!
