KKloud TarusKKloud Tarus
  • Blog
  • Series
  • Team
  • About

Blog

Thoughts on engineering, design, and building great products.

SeriesAll postsWebhookAIAPFAPIAPI GatewayARPAWSAdmissionAffinityAggregationAnsibleAppArmorArchitectureAuthenticationAuthorization
Admission Webhook: Wedge Into the Write ...
DevOpsKubernetes

Admission Webhook: Wedge Into the Write Path

Article 54 used a built-in admission controller (Pod Security). This article writes one of your own: an HTTPS service the API server calls before storing each object, returning allow or deny. We build a real validating webhook in Python — self-sign a cert, make the API server trust it via caBundle, and require every pod to have a team label. A pod missing the label is rejected immediately; a pod in a namespace out of scope is untouched.

K
KaiMay 24, 2026· 24 views
KKloud TarusKKloud Tarus

Explore. Build. Share.

  • Blog
  • Team
  • About
© 2026 KKloud Tarus. All rights reserved.