Open Container Initiative Hooks For Admission Control In Podman
Red Hat News, Friday, January 19th, 2024
An admission controller is a key component in Red Hat OpenShift and Kubernetes. Admission controllers are used to enforce policies and rules that control the admission of pods (containers) and other resources into a Kubernetes cluster.
They allow administrators to define and implement custom checks and validations that determine whether a new resource is allowed to be created or modified within the cluster. But what about podman?
Let's imagine a scenario where developers are given a Red Hat Enterprise Linux (RHEL) system and are allowed to run containerized workloads directly via podman. Let's also imagine users have sudo privileges on the podman command. Without extensive investigation, how could a sysadmin see at a glance which user started one of the many containers currently running on the host as root?