admission-controller

command
v0.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 21, 2022 License: Apache-2.0 Imports: 28 Imported by: 0

README

MPA Admission Controller

Intro

This is a binary that registers itself as a Mutating Admission Webhook and because of that is on the path of creating all pods. For each pod creation, it will get a request from the apiserver and it will either decide there's no matching MPA configuration or find the corresponding one and use current recommendation to set resource requests in the pod.

Running

  1. You should make sure your API server supports Mutating Webhooks. Its --admission-control flag should have MutatingAdmissionWebhook as one of the values on the list and its --runtime-config flag should include admissionregistration.k8s.io/v1beta1=true. To change those flags, ssh to your API Server instance, edit /etc/kubernetes/manifests/kube-apiserver.manifest and restart kubelet to pick up the changes: sudo systemctl restart kubelet.service
  2. Generate certs by running bash gencerts.sh. This will use kubectl to create a secret in your cluster with the certs.
  3. Create RBAC configuration for the admission controller pod by running kubectl create -f ../../deploy/mpa-rbac.yaml
  4. Create the pod: kubectl create -f ../../deploy/admission-controller-deployment.yaml. The first thing this will do is it will register itself with the apiserver as Webhook Admission Controller and start changing resource requirements for pods on their creation & updates.
  5. You can specify a path for it to register as a part of the installation process by setting --register-by-url=true and passing --webhook-address and --webhook-port.

Implementation

All MPA configurations in the cluster are watched with a lister. In the context of pod creation, there is an incoming https request from apiserver. The logic to serve that request involves finding the appropriate MPA, retrieving current recommendation from it and encodes the recommendation as a json patch to the Pod resource.

Building the Docker Image

make build-binary-with-vendor-amd64
make docker-build-amd64

Documentation

The Go Gopher

There is no documentation for this package.

Directories

Path Synopsis
resource
mpa
pod

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL