Develop an AdmissionCheck Controller

Develop an AdmissionCheck Controller (ACC).

An Admission Check Controller, referred to as ACC in the rest of the doc, is a component that manages the AdmissionChecks associated with it (given by the corresponding value of spec.controllerName) and the workloads queued against ClusterQueues configured to use those AdmissionChecks.

Read Admission Check to learn more about the mechanism from a user perspective.

Subcomponents

The ACC can be built-in into Kueue or run in a different kubernetes controller manager and should implement reconcilers for AdmissionChecks and Workloads.

AdmissionCheck Reconciler

Monitors the AdmissionChecks in the cluster and maintains the Active condition of those that are associated with it (by spec.controllerName).

Optionally, it can watch custom parameters objects.

The Provisioning Admission Check Controller implements this in pkg/controller/admissionchecks/provisioning/admissioncheck_reconciler.go

Workload Reconciler

It is in charge of maintaining the AdmissionCheckStates of individual workloads based on the ACC’s custom logic. It can either allow the admission, requeue or fail the workload.

The Provisioning Admission Check Controller implements this in pkg/controller/admissionchecks/provisioning/controller.go

Parameters Object Type

Optionally, you can define a cluster level object type to hold the Admission Check parameters specific to your implementation. Users can reference instances of this object type in the AdmissionCheck definition in spec.parameters.

For example, the Provisioning Admission Check Controller uses ProvisioningRequestConfig for this purpose.

Utility Code

pkg/util/admissioncheck provides helper code that can be used to interact with AdmissionCheck’s parameters and more.

Examples

Currently there are two ACCs implemented into kueue:


Last modified September 13, 2024: [website] [doc] Develop ACC task. (#3045) (43146db2)