Kubernetes Admission Controller Concepts: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 14: Line 14:
==PodSecurityPolicy==
==PodSecurityPolicy==
{{Internal|Kubernetes_Pod_Security_Policy_Concepts#PodSecurityPolicy_Admission_Controller|PodSecurityPolicy Admission Controller}}
{{Internal|Kubernetes_Pod_Security_Policy_Concepts#PodSecurityPolicy_Admission_Controller|PodSecurityPolicy Admission Controller}}
==DefaultStorageClass==
{{External|https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#defaultstorageclass}}
{{Internal|Kubernetes_Storage_Concepts#Persistent_Volume_Claims_and_Storage_Class|Persistent Volume Claims and Storage Class}}


=Admission Controller Operations=
=Admission Controller Operations=
{{Internal|Admission Controller Operations|Admission Controller Operations}}
{{Internal|Admission Controller Operations|Admission Controller Operations}}

Revision as of 01:16, 6 September 2020

External

Internal

Overview

An admission controller is a piece of code that intercepts requests to the Kubernetes API server prior to persistence of the metadata, but after the request is authenticated and authorized. There is a fixed set of admission controller that include AlwaysPullImages, PodSecurityPolicy, etc. The controllers are compiled into the kube-apiserver binary, and may only be configured by the cluster administrator.

Admission Controller Types

AlwaysPullImages

https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#alwayspullimages

PodSecurityPolicy

PodSecurityPolicy Admission Controller

DefaultStorageClass

https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#defaultstorageclass
Persistent Volume Claims and Storage Class

Admission Controller Operations

Admission Controller Operations