Hello Everyone! I am trying to understand the admission controllers and was hoping I can get some help from you all.
When we use Istio, it also uses a mutating web hook to inject a side car into a pod being created. So, when we create our own validation web hook, will the pod request being reviewed contain the Istio init containers too? In short, what is the sequence of validation if we have more than 1 webhook? Does the pod creation request go to the Istio mutatingWebHook and then once the init containers are added, it comes to the validationWebHook?
Can you help me understand this @Mumshad Mannambeth @Vijin Palazhi @Fernando Jordan Silva
Fernando Jordan Silva:
Those are 2 different kinds of admission controllers and are executed in different phases of thepod’s creation:
• Istio uses a mutation admission controller to modify the spec and add an additional container (sidecar) that is used as a proxy in the service mesh network.
• Then, your custom webhook, is working as a validation admission controller, so at this step you will have the modified spec including the istio config
Thanks for the explanation @Fernando Jordan Silva
Spot on! Thanks for chipping in @Fernando Jordan Silva!