Kubernetes Admission Controller Concepts: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 6: Line 6:
=Overview=
=Overview=


An admission controller is a piece of code that intercepts requests to the Kubernetes API server prior to persistence of the metadata, but after the request is authenticated and authorized. There is a fixed set of admission controller that include [[#AlwaysPullImages| AlwaysPullImages]], [[#PodSecurityPolicy|PodSecurityPolicy]], etc. The controllers are compiled into the kube-apiserver binary, and may only be configured by the cluster administrator
An admission controller is a piece of code that intercepts requests to the Kubernetes API server prior to persistence of the metadata, but after the request is authenticated and authorized. There is a fixed set of admission controller that include [[#AlwaysPullImages| AlwaysPullImages]], [[#PodSecurityPolicy|PodSecurityPolicy]], etc. The controllers are compiled into the [[Kubernetes_Control_Plane_and_Data_Plane_Concepts#API_Server|kube-apiserver binary]], and may only be configured by the cluster administrator


=Admission Controller Types=
=Admission Controller Types=

Revision as of 01:09, 3 September 2020

External

Internal

Overview

An admission controller is a piece of code that intercepts requests to the Kubernetes API server prior to persistence of the metadata, but after the request is authenticated and authorized. There is a fixed set of admission controller that include AlwaysPullImages, PodSecurityPolicy, etc. The controllers are compiled into the kube-apiserver binary, and may only be configured by the cluster administrator

Admission Controller Types

AlwaysPullImages

https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#alwayspullimages

PodSecurityPolicy

PodSecurityPolicy Admission Controller