Admission Controller Functions Test
Admission controllers in Kubernetes validate, mutate, and enforce policies on API server requests before they’re persisted in etcd. They ensure compliance with security, resource quotas, and defaults. For example, they inject default values, enforce pod security, and restrict resource usage. Mutating controllers modify requests, while validating controllers check compliance and reject non-conforming requests.
Monitoring admission controllers ensures cluster security, compliance, and stability by verifying policy enforcement, identifying issues with request processing, and maintaining control over resource mutations and validations.
The Admission Controller Functions Test continuously monitors the Admission Controller Functions, and reports the metrics like number of update operations, time taken by update operations etc. These metrics allow the administrator to take informed decision on performance of admission controller and take preventive actions if required.
Target of the test : A Kubernetes Master Node
Agent deploying the test : An internal agent
Outputs of the test : One set of results for each admission controller function in target Kubernetes Master node being monitored.
|
Parameter |
Description |
|---|---|
|
Test Period |
How often should the test be executed. |
|
Host |
The IP address of the host for which this test is to be configured. |
|
Port |
Specify the port at which the specified Host listens. By default, this is 6443. |
|
Timeout |
Specify the duration (in seconds) beyond which the test will timeout in the Timeout text box. The default value is 10 seconds. |
|
Metric URL |
Each of the Kubernetes system components expose monitoring metrics through /metrics endpoint of the HTTP server. For components that don't expose endpoint by default, refer official Kubernetes distribution documentation site. Specify the metric URL textbox. |
|
Measurement |
Description |
Measurement Unit |
Interpretation |
|---|---|---|---|
|
Update operations |
Indicates the number of update operations to modifying existing resources, such as pods, deployments, or services. |
Number |
These operations ensure that the resource configuration reflects desired changes while maintaining the system's consistency. |
|
Total update operation duration |
Indicates the total time taken by update operations across all operations. |
Milliseconds |
|
|
Average update operation duration |
Indicates the average time taken by update operations across all operations. |
Milliseconds |
|
