Admission

Table of Contents

• Admission

  • Table of Contents

  • Overview

  • Design

    • Sequence Diagram

Overview

The Kubernetes documentation defines admission controllers as:

a piece of code that intercepts requests to the Kubernetes API server prior to persistence of the resource, but after the request is authenticated and authorized.

It also states that:

Admission control mechanisms may be validating, mutating, or both. Mutating controllers may modify the data for the resource being modified; validating controllers may not.

The slurm-bridge admission controller is a mutating controller. It modifies any pods within namespaces specified in helm/slurm-bridge/values.yaml to use the slurm-bridge scheduler instead of the default Kubernetes scheduler.

Design

Any pods created in the specified namespaces will have their .spec. schedulerName changed to the slurm-bridge scheduler.

Managed namespaces are defined as a list of namespace as configured in the admission controller’s values.yaml for managedNamespaces[]. Alternatively, a managedNamespaceSelector can be used to select namespaces based on labels. If managedNamespaceSelector is set, managedNamespaces will be ignored.

Sequence Diagram

sequenceDiagram autonumber participant KAPI as Kubernetes API participant SBA as Slurm-Bridge Admission KAPI-->>SBA: Watch Pod Create/Update opt Pod in managed Namespaces SBA->>KAPI: Update `.spec.schedulerName` and Tolerations KAPI-->>SBA: Update Response end %% opt Pod in managed Namespaces