K
Q

How to view all AdmissionReview sent by the API server to admission controllers in Kubernetes?

6/25/2021

How can I view all AdmissionReview requests sent by the API server to admission controllers?

Since evaluation stops after the first admission controller (webhook) return "invalid" - and mutating admission controllers may mutate the object - I would like to view only the initial AdmissionReview request sent to the first admission controller.

I could create an admission controller that simply logs the AdmissionReview request and returns "valid", but I'd like to use Kubernetes' built-in logging capabilities, if possible.

AdmissionReview request example:

{
  "kind": "AdmissionReview",
  "parameters": {
    "repos": [      
      "quay.io/calico",      
      "k8s.gcr.io",
      "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni"
    ]
  },
  "review": {
    "kind": {
      "kind": "Pod",
      "version": "v1"
    },
    "object": {
      "spec": {
        "containers": [
          {
            "image": "amazon-k8s-cni",
            "name": "mysql-backend"
          },
          {
            "image": "nginx",
            "name": "nginx-frontend"
          }          
        ]
      }
    }
  }
}
-- Shuzheng
cloud
docker
google-kubernetes-engine
kubernetes

Similar Questions

Not able to update the pod images of a ReplicationController in K8S
Resource not found while reading logs for kubernetes pod in client go
Azure infrastructure for a Python script triggered by a http request
How can I add metadata to all instances in a GKE node-pool?
kubernetes how to get cluster domain (such as svc.cluster.local) inside pod?

0 Answers