Managing Kubernetes Admission Controllers

30 minutes
  • 1 Learning Objectives

About this Hands-on Lab

Kubernetes admission controllers act on request by validating their parameters or modifying (i.e., mutating) them to meet certain requirements or criteria. In this hands-on lab, you will be tasked with enabling and disabling specific admission controllers in order to take advantage of the functionality they provide.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Enable and Disable Admission Controllers
  • Modify the kube-apiserver.yaml file with the following updates:
    • Ensure that the following admission controllers are enabled: NodeRestriction, NamespaceAutoProvision, AlwaysPullImages, and PodSecurity.
    • Ensure that the following admission controllers are disabled: MutatingAdmissionWebhook, ValidatingAdmissionWebhook, and DenyServiceExternalIPs.
    • Save and quit the kube-apiserver.yaml file.
  • Validate that the kube-apiserver pod redeploys successfully by issuing a simple kubectl command (the pod can take several seconds to redeploy).

Additional Resources


You work on a team of DevOps engineers and have been tasked with modifying a Kubernetes cluster you administer by enabling and disabling some admission controllers that will be used to add and remove some functionality.

The admission controllers that need to be enabled include the following:

  • NodeRestriction
  • NamespaceAutoProvision
  • AlwaysPullImages
  • PodSecurity

Then, you will need to ensure that the following admission controllers are disabled:

  • MutatingAdmissionWebhook
  • ValidatingAdmissionWebhook
  • DenyServiceExternalIPs

Once the kube-apiserver.yaml file has been updated, the kube-apiserver pod will redeploy. Ensure that the redeploy does not fail and you are able to communicate with the kube-apiserver.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?