• Admission controllers checks whether request to apiserver should be allowed or not (after authentication and authorization)

• Dynamic admission controllers

  • can call validating service with webhook

  • this is beneficial for example in managed Kubernetes environments where API server can't be modified

  • configured with ValidatingWebhookConfiguration

• Mutating admission controller can modify workloads, for example inject init containers

• Kubernetes can send out AdmissionReview object to admission controller, which wraps the object which will be validated

• Admission controller need then respond with the validation results to the apiserver

Resources

• TGI Kubernetes 119: Gatekeeper and OPA - https://www.youtube.com/watch?v=ZJgaGJm9NJE&