Admission Control

Get introduced to admission control in Kubernetes.

We'll cover the following

Types of admission control

Admission control runs immediately after successful authentication and authorization and is all about policies.

Types of admission control

Kubernetes supports two types of admission controllers:

Mutating
Validating

The names tell us a lot. Mutating controllers check for compliance and can modify requests, whereas validating controllers check for compliance but cannot modify requests.

Mutating controllers always run first, and both types only apply to requests attempting to modify the state of the cluster. Read requests are not subjected to admission control.

As a quick example, we might have a production cluster with a policy that all new and updated objects must have the env=prod label. A mutating controller can check new and updated objects for the presence of the label and add it if it doesn’t exist. However, a validating controller can only reject the request if the label doesn’t exist.

Use the following terminal to execute all the commands for this lesson:

Get hands-on with 1400+ tech skills courses.

Kubernetes Primer

Kubernetes Principles of Operation

Getting Kubernetes

Working With Pods: Theory

Working with Pods: Hands-On

Virtual Clusters with Namespaces

Kubernetes Deployments

Kubernetes Services: Theory

Kubernetes Services: Hands-On

Ingress

WebAssembly on Kubernetes

Service Discovery Deep Dive

Kubernetes Storage

ConfigMaps

StatefulSets

API Security and RBAC

Kubernetes API

Threat Modeling Kubernetes

Real-World Kubernetes Security

Conclusion

Admission Control

Types of admission control