Prioritized Alternatives in Device Requests

[mortent]

What type of PR is this?

/kind feature
/kind api-change
/kind deprecation

What this PR does / why we need it:

This implements https://github.com/kubernetes/enhancements/tree/master/keps/sig-scheduling/4816-dra-prioritized-list

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?

DRA support for a "one-of" prioritized list of selection criteria to satisfy a device request in a resource claim.

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

• [KEP] https://github.com/kubernetes/enhancements/tree/master/keps/sig-scheduling/4816-dra-prioritized-list

[johnbelamaric]

super cursory quick look...

[johnbelamaric]

/assign

[dims]

also hold for enough folks to chime in.

/hold

[dom4ha]

/lgtm from the scheduler perspective

[dom4ha]

Have you considered creating features structure similar to the resourceclaim.Features?

[mortent]

Yeah, I am actually making this change in the PR for Partitionable Devices. I suggest we address this in that PR so we can get this one merged.

[dom4ha]

/cc @sanposhiho @alculquicondor

[dom4ha]

/cc @macsko @sanposhiho for sig-scheduling approval

[k8s-ci-robot]

@dom4ha: GitHub didn't allow me to request PR reviews from the following users: for, approval.

Note that only kubernetes members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

/cc @macsko @sanposhiho for sig-scheduling approval

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[sanposhiho]

Where's the integration test for this feature? This file got the change to enable it, but don't we need any new test case specifically?

[pohly]

I'm not sure how useful such a test would be. As agreed upon in kubernetes/enhancements#5077, not everything needs all kinds of tests.

There is an E2E test, which covers the full flow (API, scheduler, etc.).

[sanposhiho]

Might be Yes for some features, but this feature could be achieved with different components. Why don't we need an integration test for it?

[pohly]

Which additional code paths or scenarios would an integration test cover that isn't already covered?

[sanposhiho]

How do we make sure the full scenario works from one component to others (or even more specifically, from one struct to others within the same component)? How do we make sure one component's behavior/output matches the expectations from others?
The integration test is not for the test coverage. It's not that once unit tests cover all code path, you can skip the integration tests.

[pohly]

The firstAvailable is mostly internal to the plugin. It doesn't change how the plugin interacts with the scheduler (but see below). We still need to test with an apiserver to ensure that the fields flow properly from user to apiserver to scheduler to plugin, which is covered by the E2E test.

The only reason that I can think of for an integration test is the "feature disabled, field is set, PreFilter returns error". That is better tested through an integration test. But IMHO it's not important.

That shouldn't be in scheduler_perf. We can probably add it to test/integration/scheduler/plugins/plugins_test.go.

The happy path could be in scheduler_perf.

Morten is taking some time off right now. To unblock this PR, let me see whether I can do something and address #128586 (comment).

[pohly]

The only reason that I can think of for an integration test is the "feature disabled, field is set, PreFilter returns error". That is better tested through an integration test. But IMHO it's not important.

Unfortunately that is exactly the scenario that currently cannot be handled in an integration test: apiserver and scheduler have to be brought up in the same process and share the global default feature gate. Without modifying both components it's impossible to bring up the apiserver with the feature enabled and the scheduler without it. It's not supported to change the feature gate during a test run (explicitly prevented by featuregatetesting.SetFeatureGateDuringTest). Perhaps some custom code could do it.

I think this falls under "version skew testing" which is not required for alpha. @sanposhiho: okay to do it later?

Instead, I added some test cases to scheduler_perf and to test/integration/dra, see #130622.

[sanposhiho]

okay to do it later?

🙆‍♂️

Instead, I added some test cases to scheduler_perf and to test/integration/dra, see #130622.

Thanks.

[sanposhiho]

do we need to feature-gate this path?

[pohly]

Yes. As in the allocator it should refuse to schedule pods which depend on firstAvailable.

This then raises the question: does the allocator then still need that feature gate check? It should never get called for claims involving firstAvailable when the feature is off.

In other words, move the check up one level?

[pohly]

Perhaps it's better to do it in both places. The allocator might also be used outside of the scheduler.

[dom4ha]

This is the validation path only, so the only consequence of not having the feature-gate here is that PreFilter won't fail with the complain that request.DeviceClassName is missing (when firstAvailable was present) in PreFilter. The further attempt to use firstAvailable should still fail in allocator with a different error (most likely in Filter).

[pohly]

True. But it's still better to fail earlier. I've implemented that, just need to finish the integration test updates.

[pohly]

Done in #130622.

[sanposhiho]

What if users followed enable -> disable path? i.e., a user created it with FirstAvailable with the feature gate enabled, and then disable the feature gate for some reason. It looks like they must update all claims not to have FirstAvailable when they need to disable the gate.
Is there any existing behavior that FirstAvailable requests can fall back to?

[pohly]

Is there any existing behavior that FirstAvailable requests can fall back to?

No. All that Kubernetes can do is to not behave badly. Ignoring the sub-request and scheduling the pod without the devices that it needs is worse than refusing to schedule with an explanation why.

As you said, the user then needs to take action and either define their workload differently or accept that the cluster cannot run it.

[sanposhiho]

Then, is there any way to make it visible to users? (instead of logs)

[pohly]

Refusal to deal with the request would cause PreFilter to fail and thus would get reported to the user as a scheduling failure.

[dom4ha]

But only assuming the comment #128586 (comment) is addressed. Without it the validation will pass in PreFilter and a pod will most likely remain unschedulable (fail in Filter), which might be acceptable as well.

[pohly]

#130622 adds that, so with that PR it'll fail already in PreFilter.

[pohly]

I don't know whether @mortent is available to take my commits from #130622 into his branch for this PR. I therefore prefer merging that as a follow-up.

@sanposhiho: are you okay with that? I think you can do the formal LGTM.

I believe everything else has been reviewed (@dom4ha in #128586 (review) for scheduler, Tim in #128586 (review) for the API). It also looks good to me.

[pohly]

Done in #130622.

[pohly]

#130622 adds that, so with that PR it'll fail already in PreFilter.

[pohly]

The only reason that I can think of for an integration test is the "feature disabled, field is set, PreFilter returns error". That is better tested through an integration test. But IMHO it's not important.

Unfortunately that is exactly the scenario that currently cannot be handled in an integration test: apiserver and scheduler have to be brought up in the same process and share the global default feature gate. Without modifying both components it's impossible to bring up the apiserver with the feature enabled and the scheduler without it. It's not supported to change the feature gate during a test run (explicitly prevented by featuregatetesting.SetFeatureGateDuringTest). Perhaps some custom code could do it.

I think this falls under "version skew testing" which is not required for alpha. @sanposhiho: okay to do it later?

Instead, I added some test cases to scheduler_perf and to test/integration/dra, see #130622.

[thockin]

/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dims, johnbelamaric, mortent, thockin

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• api/OWNERS [thockin]
• cmd/kube-controller-manager/OWNERS [dims,thockin]
• pkg/apis/OWNERS [thockin]
• pkg/controller/resourceclaim/OWNERS [dims,thockin]
• pkg/features/OWNERS [dims,thockin]
• pkg/generated/openapi/OWNERS [dims,thockin]
• pkg/quota/v1/OWNERS [dims,thockin]
• pkg/registry/OWNERS [dims,thockin]
• pkg/scheduler/OWNERS [dims,thockin]
• staging/src/k8s.io/api/OWNERS [thockin]
• staging/src/k8s.io/client-go/applyconfigurations/OWNERS [dims,thockin]
• staging/src/k8s.io/dynamic-resource-allocation/OWNERS [dims,thockin]
• test/OWNERS [dims,thockin]
• test/featuregates_linter/test_data/OWNERS [dims,thockin]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[sanposhiho]

/lgtm
/approve

sig-scheduling.

note: Some of my comments aren't addressed within this PR, but #130622 will address those. Also, those points are, either way, not super critical ones that we must include in the same PR.

[k8s-ci-robot]

LGTM label has been added.

Git tree hash: 8942038fe5779e85d2db34003055e21edc7d9c1e

[johnbelamaric]

/hold cancel

[pohly]

Some of my comments aren't addressed within this PR, but #130622 will address those. Also, those points are, either way, not super critical ones that we must include in the same PR.

Thanks @sanposhiho for your review! I've rebased #130622, let's continue there.