Admission controllers could be used in conjunction with kubernetes to validate the requests about access, resources allocated to pods, ...
Kubernetes comes with a set of admission controllers, but we could also add our own.
We could build an admission controller and run it via a WebHook. WebHooksare HTTP callback functions that handle the admission controllers requests.
An application that uses a WebHookswill send a notification message to another application when certain events happen.
For example, a ResourceQuota webHookwill causes Kubernetes to ask the ResourceQuota admission controller when determining the resource limits to be used by a pod.
Below is a Yaml file of a ResourceQuota object:
Because quotas are tied to namespaces, we use the below command to create our ResourceQuota:
For example, during a pod's creation, the WebHookfor the resourceQuota will instruct kubernetes to communicate with the resourceQuota admission controller plugin to decide whether to accept or reject the creation of the pod.
Activating an admission controller:
Admission controllers can be activated when initiating the API server, using the below command: