Which “kind” of Kubernetes object is configured to ensure that Defender is acting as the admission controller?

Which “kind” of Kubernetes object is configured to ensure that Defender is acting as the admission controller?
A . MutatingWebhookConfiguration
B . DestinationRules
C . ValidatingWebhookConfiguration
D . PodSecurityPolicies

View Answer

Answer: C

Explanation:

In the context of Kubernetes, an admission controller is a piece of code that intercepts requests to the Kubernetes API server before the persistence of the object, but after the request is authenticated and authorized. The admission controller lets you apply complex validation and policy controls to objects before they are created or updated.

The ValidatingWebhookConfiguration is a Kubernetes object that tells the API server to send an admission validation request to a service (the admission webhook) when a request to create, update, or delete a Kubernetes object matches the rules defined in the configuration. The webhook can then approve or deny the request based on custom logic.

The MutatingWebhookConfiguration is similar but is used to modify objects before they are created or updated, which is not the primary function of an admission controller acting in a protective or validating capacity.

DestinationRules are related to Istio service mesh and are not relevant to Kubernetes admission control.

PodSecurityPolicies (PSPs) are a type of admission controller in Kubernetes but they are predefined by Kubernetes and do not require a specific configuration object like ValidatingWebhookConfiguration. PSPs are also deprecated in recent versions of Kubernetes.

Therefore, the correct answer is

C. ValidatingWebhookConfiguration, as it is the Kubernetes object used to configure admission webhooks for validating requests, which aligns with the role of Defender acting as an admission controller in Prisma Cloud.

Reference from the provided documents:

The documents uploaded do not contain specific details about Kubernetes objects or Prisma Cloud’s integration with Kubernetes. However, this explanation aligns with general Kubernetes practices and Prisma Cloud’s capabilities in securing Kubernetes environments.

Reference: https://docs.paloaltonetworks.com/prisma/prisma-cloud/21-04/prisma-cloud-compute-edition-admin/access_control/open_policy_agent.html