DEVHIDE
Login Or Sign up

How to skip Kubernetes Controller requests from ValidatingWebhook

634 Views Asked by At

When using Kubernetes Admission Controllers ValidatingWebhookConfiguration, I'd like to skip the interception of internal requests such as Kubernetes Controllers.

More specifically, the only requests that I want the validation webhook to match are users' requests via the Kubctl/API, etc.

Is it possible?

kubernetes kube-controller-manager
Original Q&A
1

There are 1 best solutions below

4
On

According to Webhook request and response your webhook will receive an AdmissionRequest object which contains UserInfo field. In it, there are fields like Username, Groups and others that might be useful for solving your problem.

...
    "userInfo": {
      # Username of the authenticated user making the request to the API server
      "username": "admin",
      # UID of the authenticated user making the request to the API server
      "uid": "014fbff9a07c",
      # Group memberships of the authenticated user making the request to the API server
      "groups": ["system:authenticated","my-admin-group"],
      # Arbitrary extra info associated with the user making the request to the API server.
      # This is populated by the API server authentication layer and should be included
      # if any SubjectAccessReview checks are performed by the webhook.
      "extra": {
        "some-key":["some-value1", "some-value2"]
      }
    },
...

Related Questions in KUBERNETES

Related Questions in KUBE-CONTROLLER-MANAGER

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.