Zalando runs Skipper as a Kubernetes ingress controller across 250+ clusters handling up to 2M RPS. Because Kubernetes cannot validate Skipper-specific filters and predicates, invalid route configurations were silently accepted and only discovered at runtime. The solution was to run Skipper itself as a Kubernetes validating admission webhook, so that on every kubectl apply, the webhook uses Skipper's own filter registry and predicate specs to answer 'would Skipper accept this route?' rather than just checking syntax. Invalid routes are now rejected immediately with actionable error messages. The rollout was treated as a control-plane change: metrics were added first, the feature was gated behind a flag, and it was deployed tier by tier across clusters. The implementation is open-source in Skipper v0.24.18.
Table of contents
How Skipper sees a routeLetting Skipper validate SkipperWhat happens during kubectl apply nowUseful errors at applied timeRollout strategyOperational outcomeSort: