Pod security admission controller in Kubernetes - Time & Space Complexity

We want to understand how the Pod Security Admission Controller's processing time changes as more pods are created or updated in a Kubernetes cluster.

Specifically, how does the controller's work grow when handling many pod requests?

Analyze the time complexity of the following admission controller snippet.

apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingAdmissionWebhook
metadata:
  name: pod-security-webhook
webhooks:
- name: pod-security.kubernetes.io
  rules:
  - operations: ["CREATE", "UPDATE"]
    apiGroups: [""]
    apiVersions: ["v1"]
    resources: ["pods"]
  admissionReviewVersions: ["v1"]
  sideEffects: None

This webhook intercepts pod creation and update requests to check if they meet security standards before allowing them.

• Primary operation: The admission controller inspects each pod's security settings one by one as requests come in.
• How many times: Once per pod creation or update request.

Each pod request is checked individually, so the total work grows directly with the number of pod requests.

Input Size (n)	Approx. Operations
10	10 checks
100	100 checks
1000	1000 checks

Pattern observation: The work grows in a straight line as more pods are processed.

Time Complexity: O(n)

This means the time to check pods grows directly in proportion to how many pods are created or updated.

[X] Wrong: "The admission controller checks all pods in the cluster every time a new pod is created."

[OK] Correct: The controller only checks the pod in the current request, not all existing pods, so it does not do extra work for past pods.

Understanding how admission controllers scale helps you design systems that stay fast as clusters grow. This skill shows you can think about real-world system behavior clearly.

What if the admission controller also checked all existing pods in the cluster on each new pod request? How would the time complexity change?