DevOps Glossary

Kubernetes ValidatingAdmissionPolicy is a built-in Kubernetes admission control resource that validates API requests with Common Expression Language, or CEL, before the object is stored. You can use it to enforce cluster rules such as required labels, allowed container image registries, replica limits, namespace restrictions, or security settings without maintaining a separate validating webhook server. A policy defines the validation logic, and a ValidatingAdmissionPolicyBinding applies that logic to matching resources, namespaces, or users. It is useful for platform and security teams that want consistent guardrails across clusters, though it works best for rule-based checks that can be expressed in CEL rather than complex external lookups or custom service logic.