Among the 4C (Cloud, Cluster, Container, Code) security in Kubernetes, there are various techniques to enhance the security of the cluster surface. In particular, Admission Control (webhook) is one of the most flexible and powerful methods. As this trend, there is movement to apply it to various forms of Kubernetes(e.g. GKE, Openshift and so on).

In my opinion, one of the easiest and most efficient ways to apply it is to improve security through CEL (Common Expression Language).
I believe that the Validating Admission Policy becoming `stable` in v1.30 is part of this proof.

So I will show you the CEL DEMO provided by Google Cloud to get a quick and easy understanding of how to improve the security of GKE.

Through this exercise, you will learn the basic structure of CEL and the freedom of scope that can be applied, and you will be able to apply it to any other platform with minimal effort.