-
Notifications
You must be signed in to change notification settings - Fork 39k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DRA: CDI: maximum annotation length #123889
Comments
/triage accepted not sure between important-soon or important-longterm, taking a conservative approach for starters |
@pohly Could Example that will break: We use UUIDs when working with vGPUs and mediated devices. So having atleast 127 chars will help satisfy that. |
Just found that k8s has some limits on the annotation key size: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/#syntax-and-character-set
But in the annotation key ( In our case, we have |
I'm not sure either, but it's probably related to these 2 places: |
/priority important-soon We are finalizing the DRA API and this has implications for it. |
As @bart0sh points out, the 63 character limit is due to the use of the Note that the The original thinking behind allowing a user to specify the plugin name is to allow some human-readability as to the source of the annotations, but maybe this flexibility is not required. We could also replace @varunrsekar when you mention vGPUs and mediated devices, where are the UUIDs used? In the CDI device name, or in the annotation keys that are generated? |
Are we still going to use annotations in the DRA API ? I thought that usage of annotations should be deprecated in favour of using CRI field. |
@pohly which implications does this have? If we remove the logic for cleaning and prepending the driver name, we can construct the We already do this for the device plugins and call:
where |
This may limit the length of strings exchanged between Kubernetes and DRA drivers (device ID) and/or of the driver name. We currently have a limit on the driver name as part of the Kubernetes API (DNS subdomain, max 63 characters), but not for the device ID: kubernetes/staging/src/k8s.io/kubelet/pkg/apis/dra/v1alpha3/api.proto Lines 70 to 74 in 5298964
|
In the context of DRA the claim ID is used at present. My question was how we wish to expose this to driver authors? We could make this an implementation detail on the kubelet side and always generate a uuid. Also to clarify, the
(note that I have used devices from two different vendors here, but in practice these will probably be the same vendor.) My suggesion is that we change this so that we have:
where we would generate As a follow-up question: What are the uniqueness guarantees for the Claim ID? If this is guaranteed to be unique for a given container, then we could use the Claim UID as the unique identifier. Looking at the implementation it seems that this is always set from the |
Indeed: kubernetes/pkg/kubelet/cm/util/cdi/cdi.go Line 51 in ea0ab06
I'm trying to find out how long a UID can be at most. Surprisingly, I found no validation of it. Regardless of that, embedding the driver name is a problem because it may be 63 characters long, which leaves nothing for the "device ID" = "claim ID". @varunrsekar: I suppose the claim UID is what you saw in your failure case, not the UID you use in your driver. Is that correct? |
Passing CDI devices as annotations should be deprecated soon and removed from the Kubelet. To my understanding it should happen after EOL of the Kubernetes 1.28. Kubernetes 1.29 supports passing CDIDevices with CRI field and has Device plugin CDI support enabled by default. |
Do we have a tracking issue for this? If not, can you create one? |
@pohly Sorry for the confusion! What I saw in the CDI annotations was indeed the claim UID. |
Created an issue as requested: #125210 |
What would you like to be added?
This code checks that "plugin name" (= DRA driver name) + "CDI device ID" with "_" as separator is at most
maxNameLen
= 63:kubernetes/pkg/kubelet/cm/util/cdi/cdi.go
Lines 104 to 108 in 3ec6a38
Can that happen for valid driver and CDI device IDs? Do CDI driver authors have to avoid this? If yes, we need to document it.
/cc @klueska @bart0sh
/sig node
Why is this needed?
Avoid surprises...
The text was updated successfully, but these errors were encountered: