logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Cici Huang
2023-04-20

tldr - powered by Generative AI

The presentation discusses the use of Common Expression Language (CEL) in Kubernetes to simplify validation and policy enforcement for Custom Resource Definitions (CRDs) and other use cases.
  • CRDs and other use cases require validation and policy enforcement that cannot be supported by structural schema and OpenAPI V3 validation
  • Webhooks have been the only solution for these use cases, but they are difficult to configure and can cause controlling outages
  • Common Expression Language (CEL) is a simpler solution that has been successfully integrated with Kubernetes data system for both CRD and native types
  • CEL comes with a standard library and an extended library, and it is easy to extend and embed
  • CEL can be used for validation, policy enforcement, and authorization checks
  • The presentation offers examples of CEL code and use cases, and it mentions future plans for mutating admission policy and client-side validation 2
Authors: Joe Betz
2022-10-27

In Kubernetes 1.23 we integrated the CEL expression language into open source Kubernetes, making it possible to support the vast majority of CRD validation use cases without a webhook. This includes multi-field validation rules, immutability checks and more.  And this is just the beginning, we plan to extend admission control to support CEL expressions as well, which will make it possible to replace far more of those operationally troublesome webhooks with a much simpler alternative. We're convinced this leads to a better development experience for anyone extending Kubernetes. And more importantly, it makes cluster operations simpler and safer.  Learn about this future of Kubernetes extensibility from a contributor who has been involved in Kubernetes extensibility for over 5 years, including the projects to bring CRDs and Webhooks to GA, and who has been involved in improving the stability of Kubnernetes control planes in GKE for years.  In this talk I'll introduce CEL and how we've integrated it into Kuberentes and answer questions including: What can you do with CEL in Kubernetes today? What future features are planned? Can there really a future where webhooks are the exception instead of the norm?
Authors: Flavio Castelli
2022-05-19

tldr - powered by Generative AI

WebAssembly can be used to enhance the Kubernetes control plane by allowing for the creation of custom policies and rules that can be compiled into WebAssembly and distributed using container registries. This can eliminate the need for external web book servers and improve performance.
  • WebAssembly modules are placed inside their own sandbox, preventing interaction with other modules and access to the whole system
  • WebAssembly can be used to run standalone applications and build plugin systems
  • Dynamic admission controllers are a well-established mechanism in Kubernetes that can be used to evaluate incoming requests
  • Keyboard and is an open-source project that uses WebAssembly to compile policies and rules written in regular programming languages or Rego
  • WebAssembly can be used to extend the Kubernetes API server to allow for the creation of custom policies and rules without the need for external web book servers
  • The performance of WebAssembly needs to be investigated further
  • WebAssembly can also be useful in other areas of the Kubernetes ecosystem, such as cube ctl plugins
Authors: Stefan Schimanski, Joe Betz, Federico Bongiovanni, Abu Kashem
2021-10-15

We will have at least 2 deep dive topics in this session. It will be mostly focused around Server Side Apply and the how can client-go and other clients use apply server side. We might cover also several other topics around extensibility using CRDs and Webhooks, touching on the deprecation of v1beta1 and related issues. Additionally, we will remind everybody attenting about the structure of the sig, our areas of coverage, our regular meetings, the places where you can find us to chat, and how to become a contributor.