Kubernetes Admission Controller Concepts: Difference between revisions
Jump to navigation
Jump to search
| Line 6: | Line 6: | ||
=Overview= | =Overview= | ||
An admission controller is a piece of code that intercepts requests to the Kubernetes API server prior to persistence of the metadata, but after the request is authenticated and authorized. There is a fixed set of admission controller that include [[#AlwaysPullImages| AlwaysPullImages]], [[#PodSecurityPolicy|PodSecurityPolicy]], etc. The controllers are compiled into the [[Kubernetes_Control_Plane_and_Data_Plane_Concepts#API_Server|kube-apiserver binary]], and may only be configured by the cluster administrator | An admission controller is a piece of code that intercepts requests to the Kubernetes API server prior to persistence of the metadata, but after the request is authenticated and authorized. There is a fixed set of admission controller that include [[#AlwaysPullImages| AlwaysPullImages]], [[#PodSecurityPolicy|PodSecurityPolicy]], etc. The controllers are compiled into the [[Kubernetes_Control_Plane_and_Data_Plane_Concepts#API_Server|kube-apiserver binary]], and may only be configured by the [[Kubernetes_Security_Concepts#Cluster_Administrator|cluster administrator]]. | ||
=Admission Controller Types= | =Admission Controller Types= | ||
Revision as of 01:11, 3 September 2020
External
Internal
Overview
An admission controller is a piece of code that intercepts requests to the Kubernetes API server prior to persistence of the metadata, but after the request is authenticated and authorized. There is a fixed set of admission controller that include AlwaysPullImages, PodSecurityPolicy, etc. The controllers are compiled into the kube-apiserver binary, and may only be configured by the cluster administrator.