Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't reuse the device of a restartable init container #120461

Merged
merged 1 commit into from Oct 31, 2023
Merged

Don't reuse the device of a restartable init container #120461

merged 1 commit into from Oct 31, 2023

Conversation

gjkim42
Copy link
Member

@gjkim42 gjkim42 commented Sep 6, 2023
edited

What type of PR is this?

/kind bug

What this PR does / why we need it:

This makes sure that the device resources allocated to a restartable init container are not reused by regular containers.

Which issue(s) this PR fixes:

Fixes #
xref: #119442

Special notes for your reviewer:

Does this PR introduce a user-facing change?

Fixed a bug where the device resources allocated to an init container, with containerRestartPolicy of `Always`, were erroneously reused by a regular container.

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

- [KEP]: https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/753-sidecar-containers

/cc @ffromani

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. kind/bug Categorizes issue or PR as related to a bug. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. area/test sig/node Categorizes an issue or PR as relevant to SIG Node. sig/testing Categorizes an issue or PR as relevant to SIG Testing. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Sep 6, 2023
@ffromani
Copy link
Contributor

ffromani commented Sep 6, 2023

/triage accepted
/priority important-soon

priority subject to review later

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Sep 6, 2023
@gjkim42 gjkim42 force-pushed the do-not-reuse-device-of-restartable-init-container branch from 8375a9c to ce97647 Compare September 6, 2023 15:14
@gjkim42 gjkim42 mentioned this pull request Sep 6, 2023
Closed
4 tasks
@gjkim42 gjkim42 force-pushed the do-not-reuse-device-of-restartable-init-container branch from ce97647 to 74047c0 Compare September 6, 2023 15:17
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Sep 6, 2023
@gjkim42 gjkim42 force-pushed the do-not-reuse-device-of-restartable-init-container branch 2 times, most recently from 1ffa195 to 3f91d87 Compare September 6, 2023 16:00
gjkim42
gjkim42 commented Sep 6, 2023
View reviewed changes
test/e2e_node/device_plugin_test.go Outdated
Comment on lines 627 to 630
// Note that the kubelet does not report resources for init
// containers for now.
// See (*v1PodResourcesServer).List in pkg/kubelet/apis/podresources/server_v1.go
// TBD: Do we have to fix this?
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

kubernetes/pkg/kubelet/apis/podresources/server_v1.go

Lines 51 to 86 in 56cc5e7

// List returns information about the resources assigned to pods on the node
func (p *v1PodResourcesServer) List(ctx context.Context, req *v1.ListPodResourcesRequest) (*v1.ListPodResourcesResponse, error) {
metrics.PodResourcesEndpointRequestsTotalCount.WithLabelValues("v1").Inc()
metrics.PodResourcesEndpointRequestsListCount.WithLabelValues("v1").Inc()
pods := p.podsProvider.GetPods()
podResources := make([]*v1.PodResources, len(pods))
p.devicesProvider.UpdateAllocatedDevices()
for i, pod := range pods {
pRes := v1.PodResources{
Name: pod.Name,
Namespace: pod.Namespace,
Containers: make([]*v1.ContainerResources, len(pod.Spec.Containers)),
}
for j, container := range pod.Spec.Containers {
pRes.Containers[j] = &v1.ContainerResources{
Name: container.Name,
Devices: p.devicesProvider.GetDevices(string(pod.UID), container.Name),
CpuIds: p.cpusProvider.GetCPUs(string(pod.UID), container.Name),
Memory: p.memoryProvider.GetMemory(string(pod.UID), container.Name),
}
if utilfeature.DefaultFeatureGate.Enabled(kubefeatures.KubeletPodResourcesDynamicResources) {
pRes.Containers[j].DynamicResources = p.dynamicResourcesProvider.GetDynamicResources(pod, &container)
}
}
podResources[i] = &pRes
}
response := &v1.ListPodResourcesResponse{
PodResources: podResources,
}
return response, nil
}

Currently, the kubelet does not report the resources for init containers. Do we need to fix it..??
@SergeyKanzhelev

Copy link
Contributor

@ffromani ffromani Sep 6, 2023
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, this is an oversight. The reason why the podresource API doesn't report resources allocated to sidecars is because... the code predates sidecars. The API is meant to report resources allocated to longrunning containers, and at time the initcontainers were all transient.
Feel free to change the test code in a different way which workarounds this bug.

I think fixing podresources API can be a beta item, meaning we should fix this, but is not very urgent. If we want to fix it early to use the API for tests, even better

EDIT: a possible (and possibly the only one?) complication is if we need to distinguish sidecars and app containers in the podresources output.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll separate it from this PR and create an issue.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

perfect. Happy to help here.

Copy link
Member Author

@gjkim42 gjkim42 Sep 7, 2023
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

one more question.
Who are the primary consumers of this kubelet podResource API?
(I want to know the impact and urgency of the issue.)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The consumers I'm aware of are the SRIOV stack, GPU Monitoring agents and consumers of topology-aware-scheduling. While sidecar feature is alpha and disabled by default I don't think is very urgent. OTOH it should be fixed before move to beta (enabled by default).

@gjkim42 gjkim42 mentioned this pull request Sep 27, 2023
Merged
@gjkim42
Copy link
Member Author

gjkim42 commented Oct 6, 2023

/test pull-kubernetes-node-e2e-containerd-sidecar-containers
/test pull-kubernetes-node-kubelet-serial-containerd-sidecar-containers

@swatisehgal
Copy link
Contributor

Now that #120911 has merged, can you please rebase this PR.

@swatisehgal swatisehgal moved this from Needs Reviewer to Waiting on Author in SIG Node PR Triage Oct 16, 2023
@gjkim42 gjkim42 force-pushed the do-not-reuse-device-of-restartable-init-container branch from cbc9f91 to d2b8032 Compare October 17, 2023 09:28
@gjkim42
Copy link
Member Author

gjkim42 commented Oct 17, 2023

/test pull-kubernetes-node-e2e-containerd-sidecar-containers
/test pull-kubernetes-node-kubelet-serial-containerd-sidecar-containers

swatisehgal
swatisehgal approved these changes Oct 17, 2023
View reviewed changes
Copy link
Contributor

@swatisehgal swatisehgal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 17, 2023
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: 8702c585583d858bee94d574c2dae3212823e21e

@swatisehgal
Copy link
Contributor

/assign @derekwaynecarr @klueska
for container manager approval

/assign @SergeyKanzhelev
for approval on e2e_node

@swatisehgal swatisehgal moved this from Waiting on Author to Needs Approver in SIG Node PR Triage Oct 17, 2023
SergeyKanzhelev
SergeyKanzhelev approved these changes Oct 17, 2023
View reviewed changes
Copy link
Member

@SergeyKanzhelev SergeyKanzhelev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

for tests. Logic looks OK too, but I don't know if there are any implications.

@gjkim42
Copy link
Member Author

gjkim42 commented Oct 30, 2023

/assign @mrunalp

Could you take a look at this? This fixes a bug that regular containers reuse the sidecar container's devices.

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: gjkim42, mrunalp, SergeyKanzhelev, swatisehgal

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 31, 2023
@k8s-ci-robot k8s-ci-robot merged commit a5ff032 into kubernetes:master Oct 31, 2023
17 checks passed
SIG Node PR Triage automation moved this from Needs Approver to Done Oct 31, 2023
@k8s-ci-robot k8s-ci-robot added this to the v1.29 milestone Oct 31, 2023
@gjkim42 gjkim42 deleted the do-not-reuse-device-of-restartable-init-container branch October 31, 2023 22:45
@gjkim42 gjkim42 mentioned this pull request Feb 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mrunalp mrunalp mrunalp approved these changes

@SergeyKanzhelev SergeyKanzhelev SergeyKanzhelev approved these changes

@swatisehgal swatisehgal swatisehgal approved these changes

@ffromani ffromani Awaiting requested review from ffromani

Assignees

@mrunalp mrunalp

@klueska klueska

@derekwaynecarr derekwaynecarr

@SergeyKanzhelev SergeyKanzhelev

@swatisehgal swatisehgal

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/kubelet area/test cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/node Categorizes an issue or PR as relevant to SIG Node. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
SIG Node CI/Test Board
Archive-it
SIG Node PR Triage
Done
Milestone
v1.29
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@gjkim42 @ffromani @swatisehgal @k8s-ci-robot @mrunalp @SergeyKanzhelev @klueska @derekwaynecarr