[vmi-mutator-webhook]: do not inject LimitRange defaults into VMI #9054
Conversation
|
Skipping CI for Draft Pull Request. |
kubevirt-bot
added
release-note
|
/test pull-kubevirt-e2e-k8s-1.25-sig-compute |
enp0s3
force-pushed
the
remove_ns_resreqs_from_vmi
branch
6 times, most recently
from
2b119a7
to
72dc20c
Compare
|
/test pull-kubevirt-e2e-k8s-1.25-sig-compute |
enp0s3
force-pushed
the
remove_ns_resreqs_from_vmi
branch
from
72dc20c
to
800f2c0
Compare
kubevirt-bot
removed
the
do-not-merge/work-in-progress
|
Ah.. code deletion always feels good 😄 Some other stuff that should maybe also be removed:
|
Interesting that this test is passing now... @enp0s3 Is it really the case? |
@vladikr Actually I've already removed these tests in the PR. But the Informers and RBAC still there, so I will remove them, thanks @iholder101 ! |
enp0s3
force-pushed
the
remove_ns_resreqs_from_vmi
branch
from
800f2c0
to
7d92a62
Compare
|
/retest-required |
|
/hold |
kubevirt-bot
added
the
do-not-merge/hold
WDYT about keeping the RBAC rules for a while and removing them in the future? Does that make sense? |
|
@iholder101 Yes as a workaround I can remove them in a subsequent PR. |
|
But, in general I will check the upgrade path, it looks suspicious, what happens when we change RBAC? I saw some logic regarding backup of RBAC rules if they are being modified, but yet it looks it doesn't help much. |
Currently when LimitRange is configured with defaults for compute resources such as CPU or memory, these defaults are being injected to the VMI spec early in the VMI mutating stage. Hence, when looking at the VMI spec we can't really know the source of information for these values, whether they are user-defined or not. This situation causes issues at the stage of launcher-pod rendering. The resource renderer assumes the VMI spec values are user defined and prefers them over caclulated resource requests. If the user defines CPU topology with CPU overcommit, the calculated CPU request is being ignored in favor to the CPU request from the LimitRange. For example: a VMI with configured CPU topology of 4 vCPU in spec.domain.CPU.cores will have a resource request of 400m (num_of_cores * 1000 / AllocationRatio). Lets take LimitRange Default CPU request as 100m. The renderred virt-launcher pod will have 100m CPU request instead of 400m. The proposed solution is to ignore the LimitRange defaults, giving priority to user configuration, and later to calculated configuration. Signed-off-by: enp0s3 <ibezukh@redhat.com>
enp0s3
force-pushed
the
remove_ns_resreqs_from_vmi
branch
from
40177e6
to
994ac49
Compare
|
@iholder101 Actually this may cause an issue with downgrades i.e. for some reason an upgrade fails and user wants to downgrade to previous version |
|
/unhold |
kubevirt-bot
removed
the
do-not-merge/hold
|
/retest-required |
|
/cc @acardace |
|
/approve Nice to see this simplification, thanks @enp0s3 ! |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: acardace The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
kubevirt-bot
added
the
approved
|
/lgtm |
|
/retest-required |
|
@enp0s3: The following test failed, say
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/retest-required |
|
/cherry-pick release-0.58 |
|
@enp0s3: #9054 failed to apply on top of branch "release-0.58": In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
What this PR does / why we need it:
Currently when LimitRange is configured with defaults for compute resources such as CPU or memory,
these defaults are being injected to the VMI spec early in the VMI mutating stage.
Hence, when looking at the VMI spec we can't really know the source of information
for these values, whether they are user-defined or not.
This situation causes issues at the stage of launcher-pod rendering. The resource renderer assumes
the VMI spec values are user defined and prefers them over caclulated resource requests.
If the user defines CPU topology with CPU overcommit, the calculated CPU request is being ignored
in favor to the CPU request from the LimitRange.
For example: a VMI with configured CPU topology of 4 vCPU in spec.domain.CPU.cores
will have a resource request of 400m (num_of_cores * 1000 / AllocationRatio).
Lets take LimitRange Default CPU request as 100m.
The renderred virt-launcher pod will have 100m CPU request instead of 400m.
The proposed solution is to ignore the LimitRange defaults, giving priority
to user configuration, and later to calculated configuration.
Which issue(s) this PR fixes
https://bugzilla.redhat.com/show_bug.cgi?id=2152534
Special notes for the reviewer
If we exceed the resource limits of the LR we will
fail at the pod creation stage rather than on the VMI admission. I think this is the correct
behavior because of
Type: Container. If the LimitRange would be configured on type VMI/VM for examplethen perhaps it would make sense to fail on the VMI admission control.
Release note: