Safeguarding Clusters: Exploring the Benefits and Navigating the Dangers of Admission Controllers - Amine Hilaly & Igor Velichkovich, AWS
Abstract
Admission controllers are critical components in Kubernetes clusters, responsible for enforcing policies, performing security checks, and even mutating resources during resource admission. However, these controllers can introduce potential risks and vulnerabilities that may compromise cluster stability. In this session, we will dive into the concept of admission controllers, exploring their inner workings, imeplementation, and how they can inadvertently disrupt cluster functionality. Additionally, we will explore the use of new features levering Common Expression Language (CEL) in the Dynamic Admission Controllers. Join our live demo to witness the thrilling chaos of admission controllers! We’ll showcase practical techniques to fix, break, and effectively mitigate risks. Discover their hidden dangers and unlock the secrets to (un)secure your clusters!