CEL for Kubernetes Policy Generator

概要

This skill enables developers to create robust Kubernetes policies using native Common Expression Language (CEL). It provides specialized guidance for writing ValidatingAdmissionPolicies and CRD validation rules without the need for external webhooks. Users can generate comprehensive security constraints—such as Pod Security Standards, resource limits, and registry restrictions—while following production best practices like safe field access with the has() function and performance-optimized expressions to minimize API server overhead.

主な機能

• 11 GitHub stars
• Create schema-level CRD validation rules using x-kubernetes-validations
• Implement Pod Security Standards and container image restrictions
• Migrate existing OPA/Gatekeeper or Kyverno policies to native CEL
• Optimize CEL expressions for performance and safe field access
• Generate production-ready ValidatingAdmissionPolicy resources

ユースケース

• Replacing complex admission webhooks with lightweight native Kubernetes CEL policies
• Validating resource configurations for mandatory labels, annotations, and naming conventions
• Enforcing security constraints like disallowing privileged containers or specific registries