Source: dzone.com
Kubernetes Admission ControllersCategory: Data, Kubernetes
by Subsequent to Authorization and Authentication, Admission Controllers are the final step in a 3-step process before Kubernetes persists the resource in etcd (a consistent and highly-available key value store used as Kubernetes’ backing store for all cluster data). Some relevant Admission Controllers to secure running containers are: This admission controller limits the Node and Pod objects a kubelet can modify.
NodeRestriction admission plugin prevents kubelet from deleting its Node API object, and enforces kubelet modification of labels under the kubernetes.io/ or k8s.io/ prefixes as follows: Use of any other labels under the kubernetes.io or k8s.io prefixes by kubelet is reserved, and may be disallowed or allowed by the NodeRestriction admission plugin in the future.
For Kubernetes 1.9 and earlier, it is recommended running the set of Admission Controllers using the --admission-control flag.
NodeRestriction admission plugin prevents kubelet from deleting its Node API object, and enforces kubelet modification of labels under the kubernetes.io/ or k8s.io/ prefixes as follows: Use of any other labels under the kubernetes.io or k8s.io prefixes by kubelet is reserved, and may be disallowed or allowed by the NodeRestriction admission plugin in the future.
For Kubernetes 1.9 and earlier, it is recommended running the set of Admission Controllers using the --admission-control flag.
Related Articles
Community Partners
DevOps Careers