What is the difference between the below two config as per kubernetes document below command shows the list of admission plugins which are enabled by default
If i have a specific plugin enabled like NodeRestriction how this command shows the plugins which are enabled apart from default options ? I am bit confused basis below output as the apiserver yaml file doesnt by default shows this enabled plugins ?
and when i enable a specific plugin by using --enable-admission plugins will the default plugin stands null and void ?
1> in kubeapi server only Noderestriction admission plugin is shown
–enable-admission-plugins=NodeRestriction
2> Whereas in the kube-apiserver when below command is used it shows many admission-controls enabled enabled what does it indicates
controlplane:~$ k -n kube-system exec kube-apiserver-controlplane – kube-apiserver -h | grep enable-admission-plugins
–admission-control strings Admission is divided into two phases. In the first phase, only mutating admission plugins run. In the second phase, only validating admission plugins run. The names in the below list may represent a validating plugin, a mutating plugin, or both. The order of plugins in which they are passed to this flag does not matter. Comma-delimited list of: AlwaysAdmit, AlwaysDeny, AlwaysPullImages, CertificateApproval, CertificateSigning, CertificateSubjectRestriction, ClusterTrustBundleAttest, DefaultIngressClass, DefaultStorageClass, DefaultTolerationSeconds, DenyServiceExternalIPs, EventRateLimit, ExtendedResourceToleration, ImagePolicyWebhook, LimitPodHardAntiAffinityTopology, LimitRanger, MutatingAdmissionPolicy, MutatingAdmissionWebhook, NamespaceAutoProvision, NamespaceExists, NamespaceLifecycle, NodeRestriction, OwnerReferencesPermissionEnforcement, PersistentVolumeClaimResize, PodNodeSelector, PodSecurity, PodTolerationRestriction, Priority, ResourceQuota, RuntimeClass, ServiceAccount, StorageObjectInUseProtection, TaintNodesByCondition, ValidatingAdmissionPo