|
| 1 | +// Module included in the following assemblies: |
| 2 | +// |
| 3 | +// * virt/virtual_machines/advanced_vm_management/virt-understanding-aaq-operator.adoc |
| 4 | + |
| 5 | +:_mod-docs-content-type: CONCEPT |
| 6 | +[id="virt-about-aaq-operator_{context}"] |
| 7 | += About the AAQ Operator |
| 8 | + |
| 9 | +The Application-Aware Quota (AAQ) Operator provides more flexible and extensible quota management compared to the native `ResourceQuota` object in the {product-title} platform. |
| 10 | + |
| 11 | +In a multi-tenant cluster environment, where multiple workloads operate on shared infrastructure and resources, using the Kubernetes native `ResourceQuota` object to limit aggregate CPU and memory consumption presents infrastructure overhead and live migration challenges for {VirtProductName} workloads. |
| 12 | + |
| 13 | +{VirtProductName} requires significant compute resource allocation to handle virtual machine (VM) live migrations and manage VM infrastructure overhead. When upgrading {VirtProductName}, you must migrate VMs to upgrade the `virt-launcher` pod. However, migrating a VM in the presence of a resource quota can cause the migration, and subsequently the upgrade, to fail. |
| 14 | + |
| 15 | +With AAQ, you can allocate resources for VMs without interfering with cluster-level activities such as upgrades and node maintenance. The AAQ Operator also supports non-compute resources which eliminates the need to manage both the native resource quota and AAQ API objects separately. |
| 16 | + |
| 17 | + |
| 18 | +[id="aaq-controller-and-crds_{context}"] |
| 19 | +== AAQ Operator controller and custom resources |
| 20 | +The AAQ Operator introduces two new API objects defined as custom resource definitions (CRDs) for managing alternative quota implementations across multiple namespaces: |
| 21 | + |
| 22 | +* `ApplicationAwareResourceQuota`: Sets aggregate quota restrictions enforced per namespace. The `ApplicationAwareResourceQuota` API is compatible with the native `ResourceQuota` object and shares the same specification and status definitions. |
| 23 | ++ |
| 24 | +.Example manifest |
| 25 | +[source,yaml] |
| 26 | +---- |
| 27 | +apiVersion: aaq.kubevirt.io/v1alpha1 |
| 28 | +kind: ApplicationAwareResourceQuota |
| 29 | +metadata: |
| 30 | + name: example-resource-quota |
| 31 | +spec: |
| 32 | + hard: |
| 33 | + requests.memory: 1Gi |
| 34 | + limits.memory: 1Gi |
| 35 | + requests.cpu/vmi: "1" # <1> |
| 36 | + requests.memory/vmi: 1Gi # <2> |
| 37 | +# ... |
| 38 | +---- |
| 39 | +<1> The maximum amount of CPU that is allowed for VM workloads in the default namespace. |
| 40 | +<2> The maximum amount of RAM that is allowed for VM workloads in the default namespace. |
| 41 | + |
| 42 | +* `ApplicationAwareClusterResourceQuota`: Mirrors the `ApplicationAwareResourceQuota` object at a cluster scope. It is compatible with the native `ClusterResourceQuota` API object and shares the same specification and status definitions. When creating an AAQ cluster quota, you can select multiple namespaces based on annotation selection, label selection, or both by editing the `spec.selector.labels` or `spec.selector.annotations` fields. |
| 43 | ++ |
| 44 | +.Example manifest |
| 45 | +[source,yaml] |
| 46 | +---- |
| 47 | +apiVersion: aaq.kubevirt.io/v1alpha1 |
| 48 | +kind: ApplicationAwareClusterResourceQuota # <1> |
| 49 | +metadata: |
| 50 | + name: example-resource-quota |
| 51 | +spec: |
| 52 | + quota: |
| 53 | + hard: |
| 54 | + requests.memory: 1Gi |
| 55 | + limits.memory: 1Gi |
| 56 | + requests.cpu/vmi: "1" |
| 57 | + requests.memory/vmi: 1Gi |
| 58 | + selector: |
| 59 | + annotations: null |
| 60 | + labels: |
| 61 | + matchLabels: |
| 62 | + kubernetes.io/metadata.name: default |
| 63 | +# ... |
| 64 | +---- |
| 65 | +<1> You can only create an `ApplicationAwareClusterResourceQuota` object if the `spec.allowApplicationAwareClusterResourceQuota` field in the `HyperConverged` custom resource (CR) is set to `true`. |
| 66 | ++ |
| 67 | +[NOTE] |
| 68 | +==== |
| 69 | +If both `spec.selector.labels` and `spec.selector.annotations` fields are set, only namespaces that match both are selected. |
| 70 | +==== |
| 71 | + |
| 72 | +The AAQ controller uses a scheduling gate mechanism to evaluate whether there is enough of a resource available to run a workload. If so, the scheduling gate is removed from the pod and it is considered ready for scheduling. The quota usage status is updated to indicate how much of the quota is used. |
| 73 | + |
| 74 | +If the CPU and memory requests and limits for the workload exceed the enforced quota usage limit, the pod remains in `SchedulingGated` status until there is enough quota available. The AAQ controller creates an event of type `Warning` with details on why the quota was exceeded. You can view the event details by using the `oc get events` command. |
| 75 | + |
| 76 | +[IMPORTANT] |
| 77 | +==== |
| 78 | +Pods that have the `spec.nodeName` field set to a specific node cannot use namespaces that match the `spec.namespaceSelector` labels defined in the `HyperConverged` CR. |
| 79 | +==== |
0 commit comments