Admission Controller supports dynamic configuration via Web API.
An admission controller can be set on each service to control client access.
services: - name: service-0 addr: ":8080" admission: admission-0 handler: type: http listener: type: tcp admissions: - name: admission-0 matchers: - 127.0.0.1 - 192.168.0.0/16
admission property in the service to use the specified admission controller by referencing the admission controller name.
Blacklist And Whitelist¶
Similar to the bypass, the admission controller can also set the blacklist or whitelist mode, the default is the blacklist mode.
Set the admission controller to whitelist mode by adding the
~ prefix to the
Admission Control Group¶
Multiple controllers can be used by specifying a list of admission controllers using the
admissions option. When any one of the controllers rejects, it means the rejection.
The admission controller can configure multiple data sources, currently supported data sources are: inline, file, redis.
An inline data source means setting the data directly in the configuration file via the
Specify an external file as the data source. Specify the file path via the
The file format is a list of addresses separated by lines, and the part starting with
# is the comment information.
Specify the redis service as the data source, and the redis data type must be Set.
admissions: - name: admission-0 redis: addr: 127.0.0.1:6379 db: 1 password: 123456 key: gost:admissions:admission-0
- redis server address.
- database name.
- redis key
File and redis data sources support hot reloading. Enable hot loading by setting the
reload property, which specifies the period for synchronizing the data source data.