Webhook Topology and Admission Latency: Lessons from Migration - Tanat Lokejaroenlarb, Adevinta
Kubernetes Admission webhooks Kyverno Gatekeeper Opa Webhook latency Kubernetes security Cncf Sre Platform engineering Kubecon Cloud native Policy engine Kubernetes admission controller
Staff SRE Tanat Lokejaroenlarb shares Adevinta's experience migrating from Gatekeeper to Kyverno and the unexpected admission webhook latency spike that followed. The talk covers how mixing ValidatingPolicy and ClusterPolicy caused p99 latency to jump from sub-second to several seconds despite the policy logic itself executing in under 1ms. This session is valuable for SREs and platform engineers managing Kubernetes admission control at scale who want to understand webhook topology implications and avoid similar pitfalls.
Related videos
From YAML to CEL: Understanding Kyverno’s New Policy Model - Kirti Goyal, DevRel @Keploy
Welcome & Opening Remarks - Cortney Nickerson, CNCF Ambassador
Opening Remarks - Erica Hughberg & Rohit Agrawal
From Policy to Production: Implementing ISO27001/BSI IT-Gr... Marcus Ross, Hamburg Port Authority
Best of KubeCon + CloudNativeCon Amsterdam 2026
Cloud Native Live: Falco's Nest & the Evolution of Runtime Security
Unconference Session: The Happy Circle: Maintainers and End Users
Keynote: The Future of Cloud Native Is… Agentic - Lin Sun, Head of Open Source, Solo.io (ASL)
Sponsored Keynote: Scaling Platform Ops with AI Agents: Troubleshootin... J. Palma & N. Yellin (ASL)
Keynote: From Inference to Agents: Where Open Source AI Is Headed - Panel (ASL)
MCP support in Envoy - Boteng Yao, Google, Software Engineer
