Chapter 17. Admission Control and Authorization
Controlling access to the Kubernetes API is key to ensuring that your cluster is not only secured but also can be used as a means to impart policy and governance for all users, workloads, and components of your Kubernetes cluster. In this chapter, we share how you can use admission controllers and authorization modules to enable specific features and how you can customize them to suit your specific needs.
Before we jump into admission control and authorization let’s review the API request flow through the API server. Figure 17-1 provides insight on how and where admission control and authorization take place in that flow. It depicts the end-to-end request flow through the Kubernetes API server until the object, if accepted, is saved to storage. Follow the API request from left to right through the API server, paying specific attention to the ordering of admission control and authorization. We will be covering best practices for those in this chapter.
Figure 17-1. Kubernetes API request flow
Admission Control
Have you ever wondered how namespaces are automatically created when you define a resource in a namespace that doesn’t already exist? Maybe you’ve wondered how a default storage class is selected? These changes are powered by a feature called admission controllers. In this section, we look at how you can use admission controllers ...
Get Kubernetes Best Practices, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
