Kubernetes admission controller for network policy

9/18/2018

I was working on back-fitting some security policies on name spaces in our cluster but after a while I realized that this will be all lost time and effort if I'm not able to enforce all new name spaces to have some network policies configured upon creation.

I looked into admission controllers but seems like there is nothing ready, out of the box to accomplish this task (enforce network policies when creating a new name space). The only feasible way seems to be using Admission Webhooks that would delegate the decision to service I'd have to write.

Is my understanding correct or is there other way, perhaps simpler/smarter to accomplish this?

Thanks!

-- mironq
controller
kubernetes
networking
policy

0 Answers