Conference:  KubeCon + CloudNativeCon Europe 2023

Authors: Cici Huang

2023-04-20

The presentation discusses the use of Common Expression Language (CEL) in Kubernetes to simplify validation and policy enforcement for Custom Resource Definitions (CRDs) and other use cases.

• CRDs and other use cases require validation and policy enforcement that cannot be supported by structural schema and OpenAPI V3 validation
• Webhooks have been the only solution for these use cases, but they are difficult to configure and can cause controlling outages
• Common Expression Language (CEL) is a simpler solution that has been successfully integrated with Kubernetes data system for both CRD and native types
• CEL comes with a standard library and an extended library, and it is easy to extend and embed
• CEL can be used for validation, policy enforcement, and authorization checks
• The presentation offers examples of CEL code and use cases, and it mentions future plans for mutating admission policy and client-side validation 2

Conference:  KubeCon + CloudNativeCon North America 2022

Authors: Joe Betz

2022-10-27

In Kubernetes 1.23 we integrated the CEL expression language into open source Kubernetes, making it possible to support the vast majority of CRD validation use cases without a webhook. This includes multi-field validation rules, immutability checks and more.  And this is just the beginning, we plan to extend admission control to support CEL expressions as well, which will make it possible to replace far more of those operationally troublesome webhooks with a much simpler alternative. We're convinced this leads to a better development experience for anyone extending Kubernetes. And more importantly, it makes cluster operations simpler and safer.  Learn about this future of Kubernetes extensibility from a contributor who has been involved in Kubernetes extensibility for over 5 years, including the projects to bring CRDs and Webhooks to GA, and who has been involved in improving the stability of Kubnernetes control planes in GKE for years.  In this talk I'll introduce CEL and how we've integrated it into Kuberentes and answer questions including: What can you do with CEL in Kubernetes today? What future features are planned? Can there really a future where webhooks are the exception instead of the norm?