Admission Controllers in Kubernetes
When a Kubernetes manifest is applied, the request goes through has various stops along the way. Part of the requests life cycle is the admission controllers. The purpose of the admission controller is to intercept the requests and process them. The admission controllers occur after the request has been authorization and authenticated, but before the request object has been persisted.
There are two types of admission controllers:
- Mutating will allow you to mutate the request based on certain criteria you set
- Validating will either allow or deny a request based on your criteria. The controller will not mutate the request as it was done prior to the validating controller.
By default, Kubernetes comes with a range of admission controllers that each have a unique purpose. You can read about these controllers here.
You also have the option to enable, or disable, certain admission controllers. This can be done by adjusting either the enable-admission-plugins or disabled-admission-plugins flag on the api server. Both of these flags take a comma separated list of admission controllers.
