In this blog we are going to talk about admission controllers, how they interact with Kubernetes and what they can do for us. Well, I want to start by just sort of diagramming out what a request looks like when it comes into Kubernetes.
First obviously the person or potential automation that is making the API call that goes to the API server and eventually to the database. That’s the basic flow of all API requests.
Now inside the API server itself, there is code that does RBAC for authorization and also does authentication. So, that allows you to say, hey, this user can or can’t do certain things within the cluster. But there’s a lot of stuff that you might want to do that involves either modifying or validating an API object that looks within the API object itself in order to make decisions or even make modifications.
And that’s where admission controllers come in.
An admission controller is a very powerful feature that intercepts the requests to API server after it has be authenticated and authorized. It then validates and modifies the request before persisting it to etcd.
There are two basic classes of admission controllers.