Introduction to Admission Control
Get introduced to admission control in Kubernetes.
Authentication and authorization
All the requests that are being sent to the kube-apiserver
need to pass through the authentication, authorization, and admission control stages, and then come to the final resource validation and persistent storage stages.
It’s quite straightforward that all the requests need to get authenticated and authorized, because we need to know exactly who the request senders are and make sure they have the privileges to do these operations.
Why do we need admission control?
The kube-apiserver
serves all the CRUD requests. However, sometimes we need more granularity on the resource operations, not only RBAC rules. For example, creating a resource in a terminating namespace shouldn’t be allowed. Pods running with insecure or malicious Docker images may put the whole cluster in danger. Sometimes, we want to add our own rules and strategies when objects are being created, updated, and deleted.
As a ...