Admission Webhooks

Admission Webhooks

Admission webhooks are HTTP callbacks that receive admission requests, processthem and return admission responses.

Kubernetes provides the following types of admission webhooks:

Mutating Admission Webhook:These can mutate the object while it’s being created or updated, before it getsstored. It can be used to default fields in a resource requests, e.g. fields inDeployment that are not specified by the user. It can be used to inject sidecarcontainers.
Validating Admission Webhook:These can validate the object while it’s being created or updated, before it getsstored. It allows more complex validation than pure schema-based validation.e.g. cross-field validation and pod image whitelisting.

The apiserver by default doesn’t authenticate itself to the webhooks. However,if you want to authenticate the clients, you can configure the apiserver to usebasic auth, bearer token, or a cert to authenticate itself to the webhooks.You can find detailed stepshere.

3.4.1. Admission webhook

Admission Webhooks