Validating edit control
In the following, we describe how to quickly experiment with admission webhooks. See the webhook request section for details on the data sent to webhooks.
See the webhook response section for the data expected from webhooks. This means that the webhook server does not authenticate the identity of the clients, supposedly apiservers.
Please read the user guides for instructions if you intend to write/deploy production-grade admission webhooks.
See API documentation for details about the status type.
Example of a response to forbid a request, customizing the HTTP status code and message presented to the user: API objects.
If the object is a cluster scoped resource other than a Namespace, See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.
API servers can make objects available via multiple API groups or versions. Here is an example of a mutating webhook configured to call a service on port “1234” at the subpath “/my-path”, and to verify the TLS connection against the Server Name sent to them.