From UX to API: Mastering Platform Validations with Kubernetes Validating Admission Policies

In this video, we dive deep into the importance of validations in Internal Developer Platforms and how they enhance user experience. We explore different examples, including Web UI, custom CLI scripts, and Kubernetes-based tools like Argo CD and kubectl, to distinguish between UX validations and real policies. Learn how to implement reliable validations using Kubernetes Admission Controller Webhooks and ensure only valid requests are processed by your API. We also discuss the role of tools like Crossplane for creating custom abstractions and enforcing policies.

InternalDeveloperPlatform #Kubernetes #AdmissionControllers

Consider joining the channel: https://www.youtube.com/c/devopstoolkit/join

▬▬▬▬▬▬ 🔗 Additional Info 🔗 ▬▬▬▬▬▬ ➡ Transcript and commands: https://devopstoolkit.live/internal-developer-platforms/from-ux-to-api-mastering-platform-validations-with-kubernetes-validating-admission-policies 🔗 Kyverno: https://kyverno.io 🎬 Kubernetes Validating Admission Policy Changes The Game: https://youtu.be/EsZcDUaSUss

▬▬▬▬▬▬ 💰 Sponsorships 💰 ▬▬▬▬▬▬ If you are interested in sponsoring this channel, please visit https://devopstoolkit.live/sponsor for more information. Alternatively, feel free to contact me over Twitter or LinkedIn (see below).

▬▬▬▬▬▬ 👋 Contact me 👋 ▬▬▬▬▬▬ ➡ BlueSky: https://vfarcic.bsky.social ➡ LinkedIn: https://www.linkedin.com/in/viktorfarcic/

▬▬▬▬▬▬ 🚀 Other Channels 🚀 ▬▬▬▬▬▬ 🎤 Podcast: https://www.devopsparadox.com/ 💬 Live streams: https://www.youtube.com/c/DevOpsParadox

▬▬▬▬▬▬ ⏱ Timecodes ⏱ ▬▬▬▬▬▬ 00:00 Introduction to Validations and Policies 08:25 The Problem with Admission Controllers 12:37 Kubernetes Validating Admission Policy

via YouTube https://www.youtube.com/watch?v=8jtYN-qvSqA

Social Media Muted Words

https://chrisshort.net/micro/social-media-muted-words/

A tech professional and disabled veteran's curated list of muted words for social media, including permanent blocks for annoying apps, political figures, and sportsbooks with situational mutes for trending topics

via Chris Short https://chrisshort.net/

January 27, 2025

API & State Management - Feat. Crossplane, KubeVela, & Kratix (You Choose!, Ch. 05, Ep. 01)

API and State Management - Choose Your Own Adventure: The Dignified Pursuit of a Developer Platform

In this episode, we'll go through the tools in the API (CRDs) & State Management (Controllers) space. The contestants are Crossplane, KubeVela, and Kratix.

Vote for your choice of a tool for signing artifacts at https://cloud-native.slack.com/archives/C05M2NFNVRN. If you have not already joined CNCF Slack, you can do so from https://slack.cncf.io.

This and all other episodes are available at https://www.youtube.com/playlist?list=PLyicRj904Z9-FzCPvGpVHgRQVYJpVmx3Z.

More information about the "Choose Your Own Adventure" project including the source code and links to all the videos can be found at https://github.com/vfarcic/cncf-demo.

٩( ᐛ )و Whitney's YouTube Channel → https://www.youtube.com/@wiggitywhitney

idp #crossplane #kubevela #kratix

▬▬▬▬▬▬ 🔗 Additional Info 🔗 ▬▬▬▬▬▬ 🔗 API (CRDs) & State Management (Controllers): https://github.com/vfarcic/cncf-demo/tree/main/manuscript/api/README.md

via YouTube https://www.youtube.com/watch?v=_4Zd8yTSfOw

Week Ending January 19, 2025

https://lwkd.info/2025/20250123

Developer News

CVE-2024-9042 is a security vulnerability on Windows nodes that could let some users issue arbitrary commands via the /logs endpoint. Patched in the latest update; all Windows users should update immediately.

Reminder to SIG and WG Chairs: Annual Reports are due soon. This year’s AR is really short, so don’t procrastinate on it, just do it.

Start using Feature, not NodeFeature for SIG-Node test labels.

Release Schedule

Next Deadline: Production Readiness Freeze, February 6

We’re still in Enhancements development, and Nina has shared the first release newsletter with final dates for all release milestones. This includes:

Enhancements Freeze: Friday, February 14th at 02:00 UTC

Code and Test Freeze: Friday, March 20th at 02:00 UTC

Release Day: Wednesday 23rd April 2025

On the 15th the project released patch updates 1.29.13, 1.30.9, 1.31.5. This update mainly patches the Windows security hole (above).

Featured PRs

129661: DRA CEL: Add Missing Size Estimator

This PR addresses a bug in the cost estimation of CEL expressions used in Device Resource Allocation (DRA). Previously, attribute strings were treated as “unknown size”, leading to overly high cost estimates and validation errors for even basic expressions. The PR implements a proper size estimator, ensuring accurate cost calculations by accounting for string lengths, map element limits, and avoiding misdefined pre-defined types like apiservercel.StringType. This fix improves validation consistency and aligns with stored expression assumptions, ensuring compatibility across version upgrades.

Other Merges

Credential provider config to validate duplicate names early and preserve provider order

kubeadm improved the kubeadm reset message for manual cleanups

Portworx plugin’s CSI translation fixed to copy secret name & namespace

e2e test added for HonorPVReclaimPolicy

Documentation added for EvictionPressureTransitionPeriod silently defaulting 0s to 5m

JSONPatch unit tests added to the admission CEL type resolver for mutation

Unit test helpers added to validate CEL and patterns in CustomResourceDefinitions

util.NewIOHandler() replaced with fakeIOHandler to make unit tests pass on different host envs

e2e tests added for SElinuxChangePolicy

Documentation updated for EnvFromSource.Prefix to mention that it works for both ConfigMap and Secret

Dependency on k8s.io/util/nsenter removed since kubelet –containerized flag is deprecated

Promotions

CSIMigrationPortworx to GA

Deprecated

KubeProxyDrainingTerminatingNodes feature gate removed after GA graduation

via Last Week in Kubernetes Development https://lwkd.info/

January 23, 2025 at 04:00PM