admissioncontroller

The Kubernetes crew just dropped the latest version, k8s 1.26 a few days ago, and it’s packed with some seriously cool new features. One that’s catching my eye is CEL for admission control - it allows us to create a ValidatingAdmissionPolicy, taking our cluster security to the next level. Validating admission policies offer a declarative, in-process alternative to validating admission webhooks. Validating admission policies use the Common Expression Language (CEL) to declare the validation rules of a policy....

What is an admission controller? In a nutshell, Kubernetes admission controllers are plugins that govern and enforce how the cluster is used. They can be thought of as a gatekeeper that intercept (authenticated) API requests and may change the request object or deny the request altogether. The admission control process has two phases: the mutating phase is executed first, followed by the validating phase. Kubernetes admission Controller Phases: An admission controller is a piece of software that intercepts requests to the Kubernetes API server before the persistence of the object (the k8s resource such as Pod, Deployment, Service, etc…) in the etcd database, but after the request is authenticated and authorized....