Admission Controllers

  • Admission controllers checks whether request to apiserver should be allowed or not (after authentication and authorization)

  • Dynamic admission controllers

    • can call validating service with webhook

    • this is beneficial for example in managed Kubernetes environments where API server can't be modified

    • configured with ValidatingWebhookConfiguration

  • Mutating admission controller can modify workloads, for example inject init containers

  • Kubernetes can send out AdmissionReview object to admission controller, which wraps the object which will be validated

  • Admission controller need then respond with the validation results to the apiserver


Last updated