In a nutshell, Kubernetes admission controllers are plugins that govern and enforce how the cluster is used. They can be thought of as a gatekeeper that intercept (authenticated) API requests and may change the request object or deny the request altogether. The admission control process has two phases: the mutating phase is executed first, followed by the validating phase. Consequently, admission controllers can act as mutating or validating controllers or as a combination of both.
kubectlto use this namespace:
opensslto create a certificate authority (CA) and certificate/key pair for PDP:
Note: the Common Name value and Subject Alternative Name you give to openssl MUST match the name of the PDP service created below.
buildsecuritynamespace so that PDP does not control the resources in those namespaces.