Admission controllers¶
Admission controllers are plugins that govern and enforce cluster usage. There are two types of admission controllers: default and custom. The tables below list the available admission controllers. For more information, see Kubernetes documentation: Using Admission Controllers.
Note
You cannot enable or disable custom admission controllers.
Name |
Description |
---|---|
|
Adds a default storage class to |
|
Sets the pod default forgiveness toleration to tolerate the
|
|
Ensures that incoming requests do not violate the constraints in a
namespace |
|
Calls any mutating webhooks that match the request. |
|
Ensures that users cannot create new objects in namespaces undergoing
termination and that MKE rejects requests in nonexistent namespaces.
It also prevents users from deleting the reserved |
|
Limits the |
|
Attaches region or zone labels automatically to |
|
Limits which node selectors can be used within a namespace by reading a namespace annotation and a global configuration. |
|
Determines whether a new or modified pod should be admitted based on the requested security context and the available Pod Security Policies. |
|
Observes incoming requests and ensures they do not violate any of the
constraints in a namespace |
|
Implements automation for |
|
Calls any validating webhooks that match the request. |
Name |
Description |
---|---|
|
|
|
Enforces MKE Docker Content Trust policy which, if enabled, requires that all pods use container images that have been digitally signed by trusted and authorized users, which are members of one or more teams in MKE. |
|
Adds a |