Kubernetes admission controllers are the final enforcement point before resources are deployed to the cluster — validating pod security standards, image policies, network policies, and resource limits. Testing evaluates: can admission controllers be bypassed through direct API access? Are policies comprehensive enough to prevent insecure configurations? Do mutation webhooks introduce security issues? And do policies align with the organisation's security requirements without blocking legitimate workloads?
Technical
Kubernetes Admission Controller Security: The Last Gate Before Deployment — 中国企业指南
Admission controllers validate and mutate K8s resources before deployment. Testing whether they actually prevent insecure configurations. Guidance for ZH market.