DevOps Glossary

Kubernetes MutatingAdmissionWebhook is a Kubernetes admission control mechanism that can change API requests before the API server stores the object. Platform teams use it to set defaults, inject sidecars, add labels or annotations, rewrite allowed fields, or apply internal conventions when users create or update resources such as Pods, Deployments, or custom resources. It works by matching an admission request against configured rules, sending the request to an external webhook service, then applying any returned JSON patches if the request is allowed. Common uses include adding security labels, enforcing naming standards, injecting service mesh sidecars, and standardizing workloads in managed clusters such as Azure Kubernetes Service. It is powerful, but it can also add latency or block deployments if the webhook service is slow, unavailable, or configured too broadly, so teams usually set clear match rules, timeouts, failure policies, and tests before using it in production.