Preparing Kubernetes for Dynamic Admission Controllers

15 minutes
  • 4 Learning Objectives

About this Hands-on Lab

Admission controllers vet Kubernetes objects before running and can be a powerful part of a Kubernetes cluster. However, not all Kubernetes installs are set up to use admission controllers out of the box. In this lab, we’ll check to see if the provided Kubernetes setup can use the provided admission controller and then set up our Kubernetes server to use the desired controller.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Attempt to Run Fail State

Run the provided bad-pod.yml file to see if the admission controller stops its creation.

Remove the Pod if it fails.

Check Setup

Check to see if the admission registration’s API is enabled. Also, check for enabled admission controllers.

Enable Controller

Enable the ImagePolicyWebhook controller on the kube-apiserver.

Test Setup

Check that the admission controller runs as intended.

NOTE: kube-apiserver may take several moments to restart.

Additional Resources

You are a DevOps engineer, and you wish to implement a custom image vulnerability scanner in your Kubernetes setup using the ImagePolicyWebhook admission controller. Unfortunately, when you attempt to test your controller, it fails to be used. Check to see if the Kubernetes cluster can use the admission registration API. Then check to see the enabled admission controllers. Enable the desired controller, if needed.

Two test configurations are provided in the cloud_user's home directory.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?