Understanding the Role of Kubernetes Admission Controller

By Tyler Damon

Updated on:

Many software developers use Kubernetes to develop, scale, deploy, and manage containerized applications because of its many valuable features and components. One of these components is the Kubernetes admission controller , which this article will discuss. 

Admission controllers enforce predefined policies and decide whether or not to admit requests made to a Kubernetes cluster. Once the cluster receives a request, an admission controller intercepts and processes it. This request can be to create, delete, or update a Kubernetes resource. When the admission controller intercepts the request, it will evaluate it, modify it if necessary, and decide whether it should be admitted.

Uses of Kubernetes Admission Controllers

This section will discuss the primary uses of admission controllers, their benefits, and specific examples.

  • Enhancing security

They prevent unauthorized access to clusters and block the deployment of malicious resources. For example, the PodSecurityPolicy admission controller stops users from activating potentially unsafe settings or using privileged containers. The NamespaceLifecycle admission controller also allows only authorized users to create isolated namespaces in a cluster.

  • Dictating cluster behavior 

Kubernetes has a default set of admission controllers. However, users can create controllers and integrate them with the platform to suit their needs. This customizability allows companies to tailor Kubernetes clusters to their internal compliance standards. Companies can also integrate them with third-party services to gain greater admission controls.

  • Enforcing policies

Organizations can use the admission controllers in a Kubernetes cluster to uphold their policies and regulations. This proves beneficial for companies that have developers collaborating on different projects within the cluster.

How Kubernetes Admission Controllers Work

The admission controllers work through the following steps: 

Submission request

Firstly, a user or software program will submit a request to create, delete, or modify a Kubernetes resource. This admission request will be directed to the Kubernetes API server.

Admission control flow

Once the API server receives the request, it will forward it to the appropriate admission controllers for them to handle it. The admission controllers already have predefined rules they will use for this process.


The admission controller will evaluate the admission requests according to predefined rules. The evaluating controllers can either be the default or custom ones created by an organization.

Decision making

The admission controller will either admit or reject the request, depending on the result of their evaluation.

Modifying request

Sometimes, a mutating admission controller will modify a request based on predetermined criteria.

Generation of response

Following the decision, the admission controller will generate a response explaining the decision to the user.

Response aggregation

This occurs whenever multiple admission controllers evaluate a request. All the responses will be aggregated, and if one controller rejects a request, the system will outright deny it.

Response to client

The admission controllers will send the aggregate response to the API server, which will forward it to the user or software program that initiated the request. If the request is rejected, the client will get an error message.

Persisting to etcd

If all the admission controllers approve the request, the API server will persist the resource configuration to the etcd database.


Admission controllers are essential to the management and control of Kubernetes clusters. This is because they allow companies to host their containerized applications in a secure and compliant environment.

Hi, my name is Tyler Damon. i am blogger who expresses ideas and thoughts through writings. He loves to get engaged with the readers who are seeking for informative content on Apk App Email Game Hosting how trick Mobil Movies Music News Photography Seo Sport Tech Windows