kubeadm with admission webhooks
I assume that MutatingAdmissionWebhook
and ValidatingAdmissionWebhook
have not being properly propagated through api-server as per your provided outputs.
I suggest to proceed with the following steps to achieve your goal:
- Check and edit
/etc/kubernetes/manifests/kube-apiserver.yaml
manifest file by adding required admission control plugins toenable-admission-plugins
Kubernetes API server flag:
--enable-admission-plugins=NodeRestriction,DefaultStorageClass,MutatingAdmissionWebhook,ValidatingAdmissionWebhook
- Delete current
kube-apiserver
Pod and wait until Kubernetes will respawn the new one with reflected changes:
kubectl delete pod <kube-apiserver-Pod> -n kube-system
Hope it will help you, I've successfully checked these steps on my environment.
More information about Kubernetes Admission Controllers you can find in the official documentation.
Thanks for the reply, even that works, posting the kubeadm answer just in case anyone needs it, following is the right kubeadm config:
apiVersion: kubeadm.k8s.io/v1beta1kind: ClusterConfigurationnetworking: podSubnet: 192.168.0.0/16apiServer: extraArgs: enable-admission-plugins: "NodeRestriction,MutatingAdmissionWebhook,ValidatingAdmissionWebhook"