Skip to content

Commit d427551

Browse files
committed
DRA: review feedback
1 parent 75e16b2 commit d427551

File tree

1 file changed

+24
-11
lines changed
  • keps/sig-node/4381-dra-structured-parameters

1 file changed

+24
-11
lines changed

keps/sig-node/4381-dra-structured-parameters/README.md

Lines changed: 24 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -538,7 +538,24 @@ connection to the apiserver. Access control through a validating admission
538538
policy can ensure that the drivers running on one node are not allowed to
539539
create or modify `ResourceSlices` belonging to another node. The `nodeName`
540540
and `driverName` fields in each `ResourceSlice` object are used to determine which objects are
541-
managed by which driver instance.
541+
managed by which driver instance. The owner reference ensures that objects
542+
beloging to a node get cleaned up when the node gets removed.
543+
544+
In addition, whenever kubelet starts, it first deletes all `ResourceSlices`
545+
belonging to the node with a `DeleteCollection` call that uses the node name in
546+
a field filter. This ensures that no pods depending in DRA get scheduled to the
547+
node until the required DRA drivers have started up again (node reboot) and
548+
reconnected to kubelet (kubelet restart). It also ensures that drivers which
549+
don't get started up again at all don't leave stale `ResourceSlices`
550+
behind. Garbage collection does not help in this case because the node object
551+
still exists. For the same reasons, the ResourceSlices belonging to a driver
552+
get removed when the driver unregisters, this time with a field filter for node
553+
name and driver name.
554+
555+
Deleting `ResourceSlices` is possible because all information in them can be
556+
reconstructed by the driver. This has no effect on already allocated claims
557+
because the allocation result is tracked in those claims, not the
558+
`ResourceSlice` objects (see [below](#state-and-communication)).
542559

543560
Embedded inside each `ResourceSlice` is the representation of the resources
544561
managed by a driver according to a specific "structured model". In the example
@@ -2068,16 +2085,12 @@ kubelet wouldn't know about a new version anyway.
20682085

20692086
Keeping kubelet at some old release while upgrading the control and DRA drivers
20702087
is desirable and officially supported by Kubernetes. To support the same when
2071-
using DRA, the kubelet now leaves ResourceSlice handling (almost) entirely to
2072-
the plugins. The one exception is that it deletes all ResourceSlices on
2073-
startup. This ensures that no pods depending in DRA get scheduled to the node
2074-
until the required DRA drivers have started up again. It also ensures that
2075-
drivers which don't get started up again at all don't leave stale
2076-
ResourceSlices behind. For the same reasons, the ResourceSlices belonging to a
2077-
driver get removed when the driver unregisters. This access is done with
2078-
whatever resource.k8s.io API version is the latest known to the kubelet. To
2079-
support version skew, support for older API versions must be preserved as far
2080-
back as support for older kubelet releases is desired.
2088+
using DRA, the kubelet now leaves [ResourceSlice
2089+
handling](#publishing-node-resources) almost entirely to the plugins. The
2090+
remaining calls are done with whatever resource.k8s.io API version is the
2091+
latest known to the kubelet. To support version skew, support for older API
2092+
versions must be preserved as far back as support for older kubelet releases is
2093+
desired.
20812094

20822095
#### Security
20832096

0 commit comments

Comments
 (0)