Validating edit control
Note: Admission webhooks that need to guarantee they see the final state of the object in order to enforce policy should use a validating admission webhook, since objects can be modified after being seen by mutating webhooks.Admission webhooks are essentially part of the cluster control-plane.You can dynamically configure what resources are subject to what admission webhooks via Validating Webhook Configuration or Mutating Webhook Configuration.
The webhook server in the e2e test is deployed in the Kubernetes cluster, via the deployment API.
Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels.
This example shows a mutating webhook that would match a See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.
In the following, we describe how to quickly experiment with admission webhooks. See the webhook request section for details on the data sent to webhooks.
See the webhook response section for the data expected from webhooks. This means that the webhook server does not authenticate the identity of the clients, supposedly apiservers.