In the API can be enabled with the flag "--admission-control=...".
By default (1.18) the following plugins are enabled:
NamespaceLifecycle, LimitRanger, ServiceAccount, TaintNodesByCondition, Priority, DefaultTolerationSeconds, DefaultStorageClass, StorageObjectInUseProtection, PersistentVolumeClaimResize, RuntimeClass, CertificateApproval, CertificateSigning, CertificateSubjectRestriction, DefaultIngressClass, MutatingAdmissionWebhook, ValidatingAdmissionWebhook, ResourceQuota.
It is recommended to use the following plugins at least:
- PodSecurityPolicy
- NameSpaceExists
- AlwaysPullImages
- ResourceQuota
Not possible at all in Azure!