# Admission Controllers

* Admission controllers checks whether request to apiserver should be allowed or not (after authentication and authorization)
* Dynamic admission controllers
  * can call validating service with webhook
  * this is beneficial for example in managed Kubernetes environments where API server can't be modified
  * configured with `ValidatingWebhookConfiguration`
* Mutating admission controller can modify workloads, for example inject init containers
* Kubernetes can send out `AdmissionReview` object to admission controller, which wraps the object which will be validated
* Admission controller need then respond with the validation results to the apiserver

## Resources

* TGI Kubernetes 119: Gatekeeper and OPA - <https://www.youtube.com/watch?v=ZJgaGJm9NJE&>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://notes.tatusl.dev/kubernetes/admission-controller.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.