When the api-server is started with the --authorization-mode=Webhook option, it will make calls to external HTTP server to authorize the user. This gives you the capability to create your own authorization servers. In other words, a WebHook is an HTTP callback mode that allows you to manage authorization using a remote REST server, either developed on your own, or a third-party authorization server.
When doing the authorization check, the api-server will execute a HTTP POST request, with a JSON payload containing a serialized api.authorization.v1beta1.SubjectAccessReview object. This object describes the user making request to the api-server, the action which this user would like to execute, and the details about the resource being ...