Pushing Authorization Further: CEL, Selectors and RBAC in Kubernetes

Explore recent advancements in Kubernetes authorization mechanisms through this 31-minute conference talk delivered by Microsoft's Mo Khan and Rita Zhang, alongside Google's Jordan Liggitt. Dive into significant authorization changes in recent Kubernetes versions, including the integration of Common Expression Language (CEL) in Validating Admission Policy (VAP) for runtime checks during admission. Learn how authorization now incorporates label and field selectors as additional information for webhooks and CEL expressions in VAP. Discover the potential future of Kubernetes RBAC through RBAC++, a proof-of-concept design that combines CEL with RBAC to enable conditional bindings at runtime. Examine experimental possibilities where authorization and RBAC++ could directly assert conditions during admission time, pushing the boundaries of Kubernetes security and access control.