EVAPorating Kubernetes Security Risk: Adopting Validating Admission P... Kaitlyn Lee & Jordan Conard
Kaitlyn Lee, Jordan Conard
KubeCon + CloudNativeCon Europe 2025 · Session
In this insightful KubeCon EU talk, Kaitlyn Lee and Jordan Conard from DataDog shared their extensive experience in migrating Kubernetes admission control from **OPA Gatekeeper** to the native **Validating Admission Policy (VAP)**. The presentation, titled "EVAPorating Kubernetes Security Risk," delves into DataDog's journey of transforming basic tutorial policies into robust, production-grade VAP implementations capable of operating at their immense scale. With over 100 Kubernetes clusters, 10,000 nodes, and 100,000 pods across a multi-cloud environment, DataDog's approach to securing their entirely Kubernetes-dependent infrastructure offers invaluable lessons for any organization seeking to enhance their cloud-native security posture.
AI review
This KubeCon talk by DataDog's Kaitlyn Lee and Jordan Conard is a masterclass in operationalizing Kubernetes Validating Admission Policy (VAP) at an immense scale. It meticulously details their migration from OPA Gatekeeper, showcasing how they leveraged VAP's advanced features like parameter resources, CEL optional field selection, and message expressions to build flexible, production-grade policies. The speakers' candid sharing of their robust migration strategy, comprehensive testing, and critical monitoring considerations for API server health provides invaluable, actionable insights for…