Loading…
In-person
1-4 April 2025
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in British Summer Time (BST) (UTC +1). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
← Back to schedule
EVAPorating Kubernetes Security Risk: Adopting Validating Admission Policy at Scale - Kaitlyn Lee & Jordan Conard, Datadog
Friday April 4, 2025 15:15 - 15:45 BST
Level 1 | Hall Entrance S10 | Room D
Is the cost and operational toil of security policy enforcement raining on your parade? Learn how Datadog is simplifying its internal security policies across its dozens of clusters using Validating Admission Policy. We’ll cover our motivations for adopting VAP, detailing its features and contrasts with webhook-based admission controllers, like OPA Gatekeeper.

We will dive into the design of our policy that restricts the use of additional capabilities on containers, sharing tips on Common Expression Language, the use of multiple types of VAP parameters, and how we provide helpful validation error messages to our engineers. Lastly, we will outline our migration from OPA and how we ensure the health and reliability of our API servers by monitoring metrics and validation cost budgets.

Discover VAP’s features, scalable policy design, and our migration insights to help enhance your security posture, streamline policy enforcement, and safeguard your environments against abuse and bypass.
Speakers
avatar for Kaitlyn Lee

Kaitlyn Lee

Software Engineer, Datadog
Kaitlyn Lee is a software engineer at Datadog. She works in the Compute team which is responsible for running the company’s Kubernetes platform. She focuses on workload autoscaling and node lifecycle automation.
avatar for Jordan Conard

Jordan Conard

Security Engineer, Datadog
Jordan joined DataDog in 2022 as a Security Engineer and is currently focused on securing its Kubernetes infrastructure through admission policies and secure-by-default initiatives. Jordan’s decade of industry experience runs the gamut from managing hybrid cloud environments to... Read More →
Friday April 4, 2025 15:15 - 15:45 BST
Level 1 | Hall Entrance S10 | Room D
  Security

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Share Modal

Share this link via

Or copy link