<h1 id="admission-controllers">Admission controllers<a aria-hidden="true" class="anchor-heading icon-link" href="#admission-controllers"></a></h1>
<p>Admission controllers intercept requests to the <a href="/notes/484f85d3-918f-4ca3-adfa-0c1820fc949d">API Server</a> after authentication and authorisation but before persistence to <a href="/notes/30613d6d-b841-4b2b-9435-3d975f72b86d">Configuration</a>.</p>
<h1 id="execution">Execution<a aria-hidden="true" class="anchor-heading icon-link" href="#execution"></a></h1>
<p>They're executed in two phases:</p>
<ol>
<li>Mutating.</li>
<li>Validating.</li>
</ol>
<h1 id="types">Types<a aria-hidden="true" class="anchor-heading icon-link" href="#types"></a></h1>
<p>They may be either:</p>
<ul>
<li><a href="/notes/zphcq3kch5extd5a0sdbpva">MutatingAdmissionConfigurations</a>, which may modify or reject the request;</li>
<li><a href="/notes/xhtiofzp52rqvz3lxzn8hz0">ValidatingAdmissionConfigurations</a>, which may only reject the request; or</li>
<li>both <a href="/notes/zphcq3kch5extd5a0sdbpva">MutatingAdmissionConfigurations</a> and <a href="/notes/xhtiofzp52rqvz3lxzn8hz0">ValidatingAdmissionConfigurations</a>, meaning that they run twice.</li>
</ul>
<h1 id="built-in">Built-in<a aria-hidden="true" class="anchor-heading icon-link" href="#built-in"></a></h1>
<p>The list of built-in admission plugins can be found with <code>kube-apiserver --help | grep enable-admission-plugins</code>.</p>
<p>The <code>--enable-admission-plugins</code> <a href="/notes/484f85d3-918f-4ca3-adfa-0c1820fc949d">API Server</a> switch may be used to enable built-in admission control plugins, and <code>--disable-admission-plugins</code> disabled the specified plugins even if they'd be enabled by default.</p>
<h1 id="dynamic">Dynamic<a aria-hidden="true" class="anchor-heading icon-link" href="#dynamic"></a></h1>
<p>Dynamic admission controllers are implemented using <a href="/notes/0679b21d-842b-4310-b791-da4ebc1c9574">HTTP</a> webhooks. They receive Kubernetes <a href="/notes/ffimgeaevsvhfi6axrx5k4u">AdmissionReviews</a></p>
<hr>
<strong>Children</strong>
<ol>
<li><a href="/notes/ffimgeaevsvhfi6axrx5k4u">AdmissionReviews</a></li>
<li><a href="/notes/zphcq3kch5extd5a0sdbpva">MutatingAdmissionConfigurations</a></li>
<li><a href="/notes/xhtiofzp52rqvz3lxzn8hz0">ValidatingAdmissionConfigurations</a></li>
</ol>
<hr>
<strong>Backlinks</strong>
<ul>
<li><a href="/notes/c95c700f-5229-4961-b941-893cdb44a342">Control plane (public)</a></li>
</ul>

Admission controllers


![Digital brain](assets/images/logo.svg){display: block, margin: 0 auto, max-height: 50vh}

Hi, I'm Luke 👋

I'm a software engineer turned site reliability engineer. I'm currently big on knowledge management and learning.

# Find me elsewhere

- [👨‍💻 DEV](https://dev.to/lukecarrier)
- [🚢 GitHub](https://github.com/LukeCarrier)
- [👔 LinkedIn](https://www.linkedin.com/in/lukecarrier/)
- [📄 Résumé](https://github.com/LukeCarrier/resume)
