ValidatingAdmissionConfigurations

ValidatingAdmissionConfiguration resources configure dynamic (not built-in) validating admission webhooks. The bulk of their configuration is in the webhooks property:

  • name defines an identity for the admission controller.
  • rules is a list of rules identifying objects the webhook should admit, each an object containing:
    • apiGroups, a list of strings.
    • apiVersions, a list of strings.
    • operations , a list of strings.
    • resources, a list of strings.
    • scope, either "Cluster" or "Namespaced".
  • objectSelector can further filter the objects matching rules by applying:
    • matchLabels, a map of labels.
  • namespaceSelector can further filter the objects matching rules by applying:
    • matchLabels, a map of labels.
  • matchPolicy of either "Exact" or "Equivalent determines whether equivalent objects of a different apiVersion should be considered matches.
  • clientConfig indicates the address of the hook. It can contain one of:
    • service, an object containing:
      • Parent namespace.
      • Service name
      • port on which to query the service.
      • path within the service.
    • Or url if using an external service.

Backlinks