An admission controller is a Kubernetes-native plugin that intercepts authenticated API requests to the API server and can mutate or validate objects before they are persisted to etcd. It acts as a final gatekeeper in the API request lifecycle, operating after authentication and authorization but before the object is stored. This mechanism enforces custom security policies, defaulting logic, and resource governance rules that go beyond standard RBAC permissions.
Glossary
Admission Controller

What is an Admission Controller?
An admission controller is a piece of code that intercepts authenticated requests to the Kubernetes API server after authentication and authorization but before the object is persisted to etcd, allowing it to mutate or validate the resource.
There are two types: mutating admission controllers, which can modify incoming objects to inject defaults like sidecar proxies or resource limits, and validating admission controllers, which accept or reject requests based on policy compliance. Common implementations include the PodSecurity admission controller and dynamic webhooks like OPA Gatekeeper. In sovereign AI infrastructure, admission controllers are critical for enforcing image signature verification and ensuring only trusted, scanned images from a private registry are deployed.
Core Characteristics of Admission Controllers
Admission controllers are the gatekeepers of the Kubernetes API server, enforcing custom policies and security defaults before objects are persisted to etcd. They intercept authenticated requests and can mutate or validate resources in real-time.
Mutating Admission Webhooks
These controllers intercept requests before validation and can modify the object. They are called first in the admission chain.
- Defaulting: Automatically inject sidecar containers, volume mounts, or environment variables.
- Image Tag Resolution: Convert mutable tags like
latestto immutable digests. - Pod Identity: Attach service mesh proxies or workload identity labels without developer intervention.
A mutating webhook receives an AdmissionReview request, applies patches via JSON Patch, and returns the modified object. If any mutating webhook rejects the request, the entire API call fails immediately.
Validating Admission Webhooks
These controllers execute after all mutating webhooks complete. They inspect the final object state and either allow or deny the request based on custom policies.
- Image Provenance: Verify that all container images are signed by trusted authorities using Cosign or Notary signatures.
- Resource Constraints: Reject pods that lack defined CPU and memory limits.
- Ingress Rules: Ensure hostnames comply with organizational naming conventions.
Validating webhooks cannot modify objects. They return a simple allowed: true/false response with a human-readable message explaining the denial reason.
Dynamic Admission Control
Unlike built-in admission plugins compiled into the API server binary, dynamic admission controllers run as external HTTPS services registered via ValidatingWebhookConfiguration or MutatingWebhookConfiguration resources.
- Extensibility: Deploy custom logic in any language without rebuilding Kubernetes.
- TLS Required: All webhook communication must occur over HTTPS with valid certificates.
- Failure Policy: Configure
failurePolicy: IgnoreorFailto control behavior when the webhook service is unreachable.
This architecture enables organizations to enforce bespoke security policies, such as validating image signatures against a private container registry before deployment.
Image Policy Webhook
A specialized validating admission controller that enforces binary authorization by verifying container image signatures and attestations at deploy time.
- Signature Verification: Checks that images are signed by trusted authorities using Cosign or the Sigstore public good instance.
- Attestation Inspection: Validates SBOMs, vulnerability scan results, and SLSA provenance stored as OCI artifacts.
- Break-Glass Override: Allows authorized users to bypass policy in emergency scenarios with full audit logging.
This webhook integrates directly with private container registries to ensure only approved, tamper-proof images enter production clusters.
Admission Review Lifecycle
Every API request flows through a deterministic admission pipeline before persistence:
- Authentication: Verify the identity of the caller.
- Authorization: Check RBAC permissions for the requested verb and resource.
- Mutating Admission: Apply defaulting and injection logic.
- Object Schema Validation: Validate the object against the OpenAPI schema.
- Validating Admission: Enforce custom policies and deny non-compliant requests.
- Persistence: Write the final object to etcd.
This ordered chain ensures that security policies are applied consistently and transparently to every resource in the cluster.
Common Admission Controllers
Kubernetes ships with several built-in admission plugins that are compiled directly into the API server:
- AlwaysPullImages: Mutates every pod to set the image pull policy to
Always, ensuring fresh image pulls. - LimitRanger: Enforces default resource requests and limits on pods and containers.
- PodSecurity: Replaces the deprecated PodSecurityPolicy with a built-in standards-based admission controller.
- ResourceQuota: Ensures that namespaces do not exceed their allocated compute and storage quotas.
- NodeRestriction: Limits the objects a kubelet can modify to its own node.
These built-in controllers execute before any dynamic webhooks and provide foundational cluster security.
Frequently Asked Questions
Essential questions about Kubernetes admission controllers, their role in enforcing security policies, and how they validate container images in sovereign AI infrastructure deployments.
A Kubernetes admission controller is a plugin that intercepts authenticated API requests to the API server after authentication and authorization but before the object is persisted to etcd. It operates in two phases: mutating admission and validating admission. During the mutating phase, controllers can modify the request object—for example, injecting a sidecar container or adding default labels. During the validating phase, controllers inspect the final object and either allow or deny the request based on policy rules. Admission controllers are compiled into the kube-apiserver binary or deployed as external webhooks via the ValidatingWebhookConfiguration and MutatingWebhookConfiguration resources. This architecture enables organizations to enforce image signature verification, SBOM attestation checks, and registry allowlist policies before any pod is scheduled onto a node, making admission controllers the critical gatekeeper for sovereign AI infrastructure security.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Admission controllers are the gatekeepers of a Kubernetes cluster. They form a critical security boundary that intercepts API requests to enforce custom policies, mutate resources, and validate configurations before objects are persisted to etcd. Understanding the following related concepts is essential for building a robust, policy-driven platform.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us