DevOps · Flashcard

How does Gatekeeper complement Kubernetes' built-in admission controllers?

  • AIt enforces custom, org-specific policy as code — beyond the fixed behavior compiled into the API server
  • BIt replaces them entirely — once Gatekeeper is installed the built-in controllers are switched off
  • CIt duplicates them — Gatekeeper re-implements each built-in controller with identical behavior
  • DIt configures them — Gatekeeper tunes the parameters of the compiled-in controllers at runtime

Why this is the answer

Built-in controllers ship fixed behavior; Gatekeeper adds arbitrary, versioned custom policy on top via webhooks and CRDs. It does not disable the built-ins, does not merely duplicate them, and does not reconfigure the compiled-in controllers.

Official docs
Study in Gnoseed →