Skip to content

OCPBUGS-62270: UPSTREAM: <carry>: Skip CPU resource status for workload-pinned pods #2490

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

OCPBUGS-62270: UPSTREAM: <carry>: Skip CPU resource status for workload-pinned pods #2490

wants to merge 1 commit into from
+214 −0

Conversation

harche
Copy link

@harche harche commented Oct 16, 2025
edited
Loading

What type of PR is this?

/kind bug

What this PR does / why we need it:

This PR fixes CPU double-counting for workload-partitioned (managed) pods when
InPlacePodVerticalScaling is enabled (default in Kubernetes 1.33+).

When workload partitioning is enabled, pods have CPU resources specified as
management.workload.openshift.io/cores in spec.requests. However, the kubelet also populates cpu
in status.containerStatuses[].resources.requests by reading from cgroups. This causes the scheduler
to count CPU twice:

  1. From management.workload.openshift.io/cores in pod spec
  2. From cpu in pod status

This leads to scheduler seeing artificially inflated CPU usage, resulting in false "Insufficient
cpu" errors when scheduling new pods.

Which issue(s) this PR fixes:

Fixes # https://issues.redhat.com/browse/OCPBUGS-62270

Special notes for your reviewer:

Does this PR introduce a user-facing change?

Fixed CPU double-counting issue for workload-partitioned pods that caused false "Insufficient cpu"
  scheduling errors when InPlacePodVerticalScaling is enabled.

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

@openshift-ci-robot openshift-ci-robot added the backports/unvalidated-commits Indicates that not all commits come to merged upstream PRs. label Oct 16, 2025
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 16, 2025
@openshift-ci-robot
Copy link

@harche: the contents of this pull request could not be automatically validated.

The following commits could not be validated and must be approved by a top-level approver:

Comment /validate-backports to re-evaluate validity of the upstream PRs, for example when they are merged upstream.

@openshift-ci openshift-ci bot requested review from mrunalp and rphillips October 16, 2025 16:57
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Oct 16, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: harche
Once this PR has been reviewed and has the lgtm label, please assign mrunalp for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

haircommander
haircommander reviewed Oct 16, 2025
View reviewed changes
pkg/kubelet/kuberuntime/kuberuntime_container.go Outdated
return nil, nil, err
}

isManagedPod := utilfeature.DefaultFeatureGate.Enabled(features.InPlacePodVerticalScaling) && managed.IsManagedPodFromRuntimeService(ctx, m.runtimeService, activePodSandboxID)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we need to check for feature gate here. cStatus.Resources != nil will only be true if the feature is enabled

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed, thanks.

haircommander
haircommander reviewed Oct 16, 2025
View reviewed changes
pkg/kubelet/managed/managed.go

// IsPodSandboxManagedPod checks if a pod sandbox belongs to a managed pod
// by looking for workload pinning annotations.
func IsPodSandboxManagedPod(sandboxAnnotations map[string]string) bool {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: can this be defined below where it's called in IsManagedPodFromRuntimeService

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed, thanks.

@openshift-ci-robot
Copy link

@harche: the contents of this pull request could not be automatically validated.

The following commits could not be validated and must be approved by a top-level approver:

Comment /validate-backports to re-evaluate validity of the upstream PRs, for example when they are merged upstream.

@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Oct 19, 2025
@openshift-merge-robot openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Oct 20, 2025
@openshift-ci-robot
Copy link

@harche: the contents of this pull request could not be automatically validated.

The following commits could not be validated and must be approved by a top-level approver:

Comment /validate-backports to re-evaluate validity of the upstream PRs, for example when they are merged upstream.

@harche harche changed the title [WIP] Skip CPU resource status for workload-pinned pods OCPBUGS-62270: Skip CPU resource status for workload-pinned pods Oct 20, 2025
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 20, 2025
@openshift-ci-robot openshift-ci-robot added jira/severity-critical Referenced Jira bug's severity is critical for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. labels Oct 20, 2025
@openshift-ci-robot
Copy link

@harche: This pull request references Jira Issue OCPBUGS-62270, which is invalid:

  • expected the bug to target the "4.21.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

What type of PR is this?

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci-robot openshift-ci-robot added the jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. label Oct 20, 2025
@harche harche changed the title OCPBUGS-62270: Skip CPU resource status for workload-pinned pods OCPBUGS-62270: UPSTREAM: <carry>: Skip CPU resource status for workload-pinned pods Oct 20, 2025
@openshift-ci-robot
Copy link

@harche: the contents of this pull request could not be automatically validated.

The following commits could not be validated and must be approved by a top-level approver:

Comment /validate-backports to re-evaluate validity of the upstream PRs, for example when they are merged upstream.

@openshift-ci-robot
Copy link

@harche: This pull request references Jira Issue OCPBUGS-62270, which is invalid:

  • expected the bug to target the "4.21.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

What type of PR is this?

/kind bug

What this PR does / why we need it:

This PR fixes CPU double-counting for workload-partitioned (managed) pods when
InPlacePodVerticalScaling is enabled (default in Kubernetes 1.33+).

When workload partitioning is enabled, pods have CPU resources specified as
management.workload.openshift.io/cores in spec.requests. However, the kubelet also populates cpu
in status.containerStatuses[].resources.requests by reading from cgroups. This causes the scheduler
to count CPU twice:

  1. From management.workload.openshift.io/cores in pod spec
  2. From cpu in pod status

This leads to scheduler seeing artificially inflated CPU usage, resulting in false "Insufficient
cpu" errors when scheduling new pods.

Which issue(s) this PR fixes:

Fixes # https://issues.redhat.com/browse/OCPBUGS-62270

Special notes for your reviewer:

Does this PR introduce a user-facing change?

Fixed CPU double-counting issue for workload-partitioned pods that caused false "Insufficient cpu"
 scheduling errors when InPlacePodVerticalScaling is enabled.

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@harche
Copy link
Author

harche commented Oct 20, 2025

/jira refresh

@openshift-ci-robot openshift-ci-robot added jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. and removed jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Oct 20, 2025
@openshift-ci-robot
Copy link

@harche: This pull request references Jira Issue OCPBUGS-62270, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.21.0) matches configured target version for branch (4.21.0)
  • bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@harche
Copy link
Author

harche commented Oct 20, 2025

/hold for another round of testing with real cluster after resolving merge conflicts during rebasing.

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Oct 20, 2025
@harche
Copy link
Author

harche commented Oct 20, 2025

/retest-required

1 similar comment
@harche
Copy link
Author

harche commented Oct 21, 2025

/retest-required

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Oct 21, 2025

@harche: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/unit 9382bbe link true /test unit
ci/prow/okd-scos-images 9382bbe link true /test okd-scos-images
ci/prow/e2e-aws-ovn-fips 9382bbe link true /test e2e-aws-ovn-fips
ci/prow/okd-scos-e2e-aws-ovn 9382bbe link false /test okd-scos-e2e-aws-ovn
ci/prow/e2e-aws-crun-wasm 9382bbe link true /test e2e-aws-crun-wasm
ci/prow/verify-commits 9382bbe link true /test verify-commits
ci/prow/k8s-e2e-conformance-aws 9382bbe link true /test k8s-e2e-conformance-aws
ci/prow/e2e-aws-ovn-crun 9382bbe link true /test e2e-aws-ovn-crun
ci/prow/verify 9382bbe link true /test verify
ci/prow/e2e-aws-ovn-hypershift 9382bbe link true /test e2e-aws-ovn-hypershift
ci/prow/e2e-aws-ovn-cgroupsv2 9382bbe link true /test e2e-aws-ovn-cgroupsv2
ci/prow/images 9382bbe link true /test images
ci/prow/e2e-aws-ovn-serial 9382bbe link true /test e2e-aws-ovn-serial
ci/prow/integration 9382bbe link true /test integration
ci/prow/e2e-aws-ovn-runc 9382bbe link true /test e2e-aws-ovn-runc

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrunalp mrunalp Awaiting requested review from mrunalp

@rphillips rphillips Awaiting requested review from rphillips

1 more reviewer

@haircommander haircommander haircommander left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backports/unvalidated-commits Indicates that not all commits come to merged upstream PRs. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. jira/severity-critical Referenced Jira bug's severity is critical for the branch this PR is targeting. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@harche @openshift-ci-robot @haircommander @openshift-merge-robot