How to obtain the enable admission controller list

2020-08-25 05:46发布


AFAIK, the admission controller is the last pass before the submission to the database.

However I cannot know which one is enabled, Is there a way to know which one is taking effect?



The kube-apiserver is running in your kube-apiserver-< > container. The application does not have a get method at the moment to obtain the enabled admission plugins, but you can get the startup parameters from its command line.

kubectl -n kube-system describe po

Another way, to see what is in the container: unfortunately there is no "ps" command in the container, but you can get the initial process command parameters from /proc , something like that:

kubectl -n kube-system exec -- sed 's/--/\n/g' /proc/1/cmdline

It will be probably like :



You may find the list of default enabled admission controllers in doc:, search for "--enable-admission-plugins"; or equivalently in code:

For customized ones, you may run cmd in any master node: cat /etc/kubernetes/manifests/kube-apiserver.yaml | grep -E "(enable|disable)-admission-plugins".


ImagePolicyWebhook uses a configuration file to set options for the behavior of the backend

Create one of these pods by running kubectl create -f examples/<name>.yaml. In this you can verify the user id under which the pod ran by inspecting the logs, for example:

$ kubectl create -f examples/pod-with-defaults.yaml

$ kubectl logs pod-with-defaults