Controlling access to the Kubernetes API is key to ensuring that your cluster
is not only secured but also can be used as a means to impart policy
and governance for all users, workloads, and components of your
Kubernetes cluster. In this chapter, we share how you can use
admission controllers and authorization modules to enable specific
features and how you can customize them to suit your specific needs.
Figure 17-1 provides insight on how and where admission
control and authorization take place. It depicts the end-to-end request
flow through the Kubernetes API server until the object, if accepted, is
saved to storage.
Have you ever wondered how namespaces are automatically created when you
define a resource in a namespace that doesn’t already exist? Maybe
you’ve wondered how a default storage class is selected? These changes
are powered by a little-known feature called admission controllers. In
this section, we take a look at how you can use admission controllers to implement Kubernetes best practices on the server side on behalf of the
user and how we can utilize admission control to govern how a
Kubernetes cluster is used.
What Are They?
Admission controllers sit in the path of the Kubernetes API server request flow and receive requests following the authentication and authorization ...
Get Kubernetes Best Practices now with O’Reilly online learning.
O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.