Question: Admission webhooks require network access to the kube-apiserver. In certain environments, this may not be available by default. How can users implement admission controllers in a Cilium-managed Kubernetes cluster?

• Answer: Use hostNetwork for admission hook pods
• Answer: Use native cloud IPAM (ENI mode for EKS, Azure CNI powered by Cilium in AKS)
• Answer: Create Service or Ingress in front of admission hook pod to provide access