Kubernetes 101 : An overview of Admission Controllers

Admission controllers could be used in conjunction with kubernetes to validate the requests about access, resources allocated to pods, ... 

Kubernetes comes with a set of admission controllers, but we could also add our own.
We could build an admission controller and run it via a WebHook.
WebHooks are HTTP callback functions that handle the admission controllers requests.

An application that uses a WebHooks will send a notification  message to another application when certain events happen.

For example, a ResourceQuota webHook will causes Kubernetes to ask the ResourceQuota admission controller when determining the resource limits to be used by a pod.

Below is a Yaml file of a ResourceQuota object:

Because quotas are tied to namespaces, we use the below command to create our ResourceQuota:

For example, during a pod's creation, the WebHook for the resourceQuota will instruct kubernetes to communicate with  the resourceQuota admission controller plugin to decide whether to accept or reject the creation of the pod.

Activating an admission controller:

Admission controllers can be activated when initiating the API server, using the below command:

Example of admission controller plugins are :
  •  ServiceAccount.
  •  LimitRanger.
  •  ResourceQuota.


Leave as a comment: