Move KEP-4540 to Beta.

Signed-off-by: Jing Zhang <[email protected]>

Author: jingczhang

keps/sig-node/4540-strict-cpu-reservation/README.md

@@ -12,8 +12,6 @@
     - [Story 2](#story-2)
 - [Design Details](#design-details)
   - [Risks and Mitigations](#risks-and-mitigations)
-    - [Archived Risk Mitigation (Option 1)](#archived-risk-mitigation-option-1)
-    - [Archived Risk Mitigation (Option 2)](#archived-risk-mitigation-option-2)
   - [Test Plan](#test-plan)
       - [Prerequisite testing updates](#prerequisite-testing-updates)
       - [Unit tests](#unit-tests)
@@ -42,20 +40,20 @@
 
 Items marked with (R) are required *prior to targeting to a milestone / release*.
 
-- [ ] (R) Enhancement issue in release milestone, which links to KEP dir in [kubernetes/enhancements] (not the initial KEP PR)
+- [x] (R) Enhancement issue in release milestone, which links to KEP dir in [kubernetes/enhancements] (not the initial KEP PR)
 - [x] (R) KEP approvers have approved the KEP status as `implementable`
 - [x] (R) Design details are appropriately documented
 - [ ] (R) Test plan is in place, giving consideration to SIG Architecture and SIG Testing input (including test refactors)
-  - [ ] e2e Tests for all Beta API Operations (endpoints)
+  - [x] e2e Tests for all Beta API Operations (endpoints)
   - [ ] (R) Ensure GA e2e tests meet requirements for [Conformance Tests](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/conformance-tests.md) 
   - [ ] (R) Minimum Two Week Window for GA e2e tests to prove flake free
 - [ ] (R) Graduation criteria is in place
   - [ ] (R) [all GA Endpoints](https://github.com/kubernetes/community/pull/1806) must be hit by [Conformance Tests](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/conformance-tests.md) 
 - [ ] (R) Production readiness review completed
 - [ ] (R) Production readiness review approved
 - [x] "Implementation History" section is up-to-date for milestone
-- [ ] User-facing documentation has been created in [kubernetes/website], for publication to [kubernetes.io]
-- [ ] Supporting documentation—e.g., additional design documents, links to mailing list discussions/SIG meetings, relevant PRs/issues, release notes
+- [x] User-facing documentation has been created in [kubernetes/website], for publication to [kubernetes.io]
+- [x] Supporting documentation—e.g., additional design documents, links to mailing list discussions/SIG meetings, relevant PRs/issues, release notes
 
 [kubernetes.io]: https://kubernetes.io/
 [kubernetes/enhancements]: https://git.k8s.io/enhancements
@@ -73,15 +71,14 @@ With this KEP, a new `CPUManager` policy option `strict-cpu-reservation` is intr
 
 The static policy is used to reduce latency or improve performance. If you want to move system daemons or interrupt processing to dedicated cores, the obvious way is use the `reservedSystemCPUs` option. But in current implementation this isolation is implemented only for guaranteed pods with integer CPU requests not for burstable and best-effort pods (and guaranteed pods with fractional CPU requests).
 Admission is only comparing the cpu requests against the allocatable cpus. Since the cpu limit are higher than the request, it allows burstable and best-effort pods to use up the capacity of `reservedSystemCPUs` and cause host OS services to starve in real life deployments.
-Custom CPU allocation policies deployed as NRI plugins (e.g. Balloons) can separate infrastructure and workload into different CPU pools but they require extra software, additional tuning and reduced CPU pool size could affect performance of multi-threaded processes.
 
 ### Goals
  * Align scheduler and node view for Node Allocatable (total - reserved).
  * Ensure `reservedSystemCPUs` is only used by system daemons or interrupt processing not by workloads.
  * Ensure no breaking changes for the `static` policy of `CPUManager`.
 
 ### Non-Goals
- * Change scheduler interface to sub-partition `cpu` resource (as described in the archived Risk Mitigation Option 1).
+ * Change interface between node and scheduler.
 
 ## Proposal
 
@@ -112,7 +109,7 @@ apiVersion: kubelet.config.k8s.io/v1beta1
 featureGates:
   ...
   CPUManagerPolicyOptions: true
-  CPUManagerPolicyAlphaOptions: true
+  CPUManagerPolicyBetaOptions: true
 cpuManagerPolicy: static
 cpuManagerPolicyOptions:
   strict-cpu-reservation: "true"
@@ -123,7 +120,7 @@ reservedSystemCPUs: "0,32,1,33,16,48"
 When `strict-cpu-reservation` is disabled:
 ```console
 # cat /var/lib/kubelet/cpu_manager_state
-{"policyName":"static","defaultCpuSet":"0-79","checksum":1241370203}
+{"policyName":"static","defaultCpuSet":"0-64","checksum":1241370203}
 ```
 
 When `strict-cpu-reservation` is enabled:
@@ -144,131 +141,11 @@ The concern is, when the feature graduates to `Stable`, it will be enabled by de
 
 However, this is exactly the feature intent, best-effort workloads have no KPI requirement, they are meant to consume whatever CPU resources left on the node including starving from time to time. Best-effort workloads are not scheduled to run on the `reservedSystemCPUs` so they shall not be run on the `reservedSystemCPUs` to destablize the whole node.
 
-Nevertheless, risk mitigation has been discussed in details (see archived options below) and we agree to start with the following node metrics of cpu pool sizes in Alpha stage to assess the actual impact in real deployment before revisiting if we need risk mitigation.
+We agree to start with the following node metrics of cpu pool sizes in Alpha and Beta stage to assess the actual impact in real deployment before revisiting if we need risk mitigation.
 
 https://github.com/kubernetes/kubernetes/pull/127506
-- `cpu\_manager\_shared\_pool\_size\_millicores`: report shared pool size, in millicores (e.g. 13500m), expected to be non-zone otherwise best-effort pods will starve
-- `cpu\_manager\_exclusive\_cpu\_allocation\_count`: report exclusively allocated cores, counting full cores (e.g. 16)
-
-
-#### Archived Risk Mitigation (Option 1)
-
-This option is to add `numMinSharedCPUs` in `strict-cpu-reservation` option as the minimum number of CPU cores not available for exclusive allocation and expose it to Kube-scheduler for enforcement.
-
-In Kubelet, when `strict-cpu-reservation` is enabled as a policy option, we remove the reserved cores from the shared pool at the stage of calculation DefaultCPUSet and remove the `MinSharedCPUs` from the list of available cores for exclusive allocation.
-
-![MinSharedCPUs](./strict-cpu-allocation.png)
-
-When `strict-cpu-reservation` is disabled:
-```console
-Total CPU cores: 64
-ReservedSystemCPUs: 6
-defaultCPUSet = Reserved (6) + 58 (available for exclusive allocation)
-```
-
-When `strict-cpu-reservation` is enabled:
-```console
-Total CPU cores: 64
-ReservedSystemCPUs: 6
-MinSharedCPUs: 4
-defaultCPUSet = MinSharedCPUs (4) + 54 (available for exclusive allocation)
-```
-
-Prototype PR for the option is created:
-https://github.com/kubernetes/kubernetes/pull/123979/commits
-
-Add `numMinSharedCPUs` as part of `strict-cpu-reservation` option in Kubelet configuration:
-
-```yaml
-kind: KubeletConfiguration
-apiVersion: kubelet.config.k8s.io/v1beta1
-featureGates:
-  ...
-  CPUManagerPolicyOptions: true
-  CPUManagerPolicyAlphaOptions: true
-cpuManagerPolicy: static
-cpuManagerPolicyOptions:
-  strict-cpu-reservation: { "enable": "true", "numMinSharedCPUs": 4 }
-reservedSystemCPUs: "0,32,1,33,16,48"
-...
-```
-
-In Node API, we add `exclusive-cpu` in Node Allocatable for Kube-scheduler to consume.
-
-```
-  "status": {
-    "capacity": {
-      "cpu": "64",
-      "exclusive-cpu": "64",
-      "ephemeral-storage": "832821572Ki",
-      "hugepages-1Gi": "0",
-      "hugepages-2Mi": "0",
-      "memory": "196146004Ki",
-      "pods": "110"
-    },
-    "allocatable": {
-      "cpu": "58",
-      "exclusive-cpu": "54",
-      "ephemeral-storage": "767528359485",
-      "hugepages-1Gi": "0",
-      "hugepages-2Mi": "0",
-      "memory": "186067796Ki",
-      "pods": "110"
-    },
-  ...
-```
-
-In kube-scheduler, `ExlusiveMilliCPU` is added in scheduler's `Resource` structure and `NodeResourcesFit` plugin is extended to filter out nodes that can not meet pod's exclusive CPU request.
-
-A new item `ExclusiveMilliCPU` is added in the scheduler `Resource` structure:
-
-```
-// Resource is a collection of compute resource.
-type Resource struct {
-        MilliCPU          int64
-        ExclusiveMilliCPU int64    // added
-        Memory            int64
-        EphemeralStorage  int64
-        // We store allowedPodNumber (which is Node.Status.Allocatable.Pods().Value())
-        // explicitly as int, to avoid conversions and improve performance.
-        AllowedPodNumber int
-        // ScalarResources
-        ScalarResources map[v1.ResourceName]int64
-}
-```
-
-A new node fitting failure 'Insufficient exclusive cpu' is added in the `NodeResourcesFit` plugin:
-
-```
-        if podRequest.MilliCPU > 0 && podRequest.MilliCPU > (nodeInfo.Allocatable.MilliCPU-nodeInfo.Requested.MilliCPU) {
-                insufficientResources = append(insufficientResources, InsufficientResource{
-                        ResourceName: v1.ResourceCPU,
-                        Reason:       "Insufficient cpu",
-                        Requested:    podRequest.MilliCPU,
-                        Used:         nodeInfo.Requested.MilliCPU,
-                        Capacity:     nodeInfo.Allocatable.MilliCPU,
-                })
-        }
-        if nodeInfo.Allocatable.ExclusiveMilliCPU > 0 {    // added
-                if podRequest.ExclusiveMilliCPU > 0 && podRequest.ExclusiveMilliCPU > (nodeInfo.Allocatable.ExclusiveMilliCPU-nodeInfo.Requested.ExclusiveMilliCPU) {
-                        insufficientResources = append(insufficientResources, InsufficientResource{
-                                ResourceName: v1.ResourceExclusiveCPU,
-                                Reason:       "Insufficient exclusive cpu",
-                                Requested:    podRequest.ExclusiveMilliCPU,
-                                Used:         nodeInfo.Requested.ExclusiveMilliCPU,
-                                Capacity:     nodeInfo.Allocatable.ExclusiveMilliCPU,
-                        })
-                }
-        }
-```
-
-#### Archived Risk Mitigation (Option 2)
-
-The problem with `MinSharedCPUs` is that it creates another complication like memory and hugpages, new resources vs overlapping resources, exclusive-cpus is a subset of cpu.
-
-Currently the noderesources scheduler plugin does not filter out the best-effort pods in the case there's no available CPU.
-
-Another option is to force the cpu requests for best effort pods to 1 MilliCPU in kubelet for the purpose of resource availability checks (or, equivalently, check there's at least 1 MilliCPU allocatable). This option is meant to be simpler than option-1, but it can create runaway pods similar to that in https://github.com/kubernetes/kubernetes/issues/84869.
+- `cpu_manager_shared_pool_size_millicores`: report shared pool size, in millicores (e.g. 13500m), expected to be non-zone otherwise best-effort pods will starve
+- `cpu_manager_exclusive_cpu_allocation_count`: report exclusively allocated cores, counting full cores (e.g. 16)
 
 
 ### Test Plan
@@ -298,7 +175,7 @@ No new integration tests for kubelet are planned.
   - CPU Manager works with `strict-cpu-reservation` policy option
 
 - Basic functionality
-1. Enable `CPUManagerPolicyAlphaOptions` feature gate and `strict-cpu-reservation` policy option.
+1. Enable `CPUManagerPolicyBetaOptions` feature gate and `strict-cpu-reservation` policy option.
 2. Create a simple pod of Burstable QoS type.
 3. Verify the pod is not using the reserved CPU cores.
 4. Delete the pod.
@@ -313,8 +190,9 @@ No new integration tests for kubelet are planned.
 
 #### Beta
 
-- [ ] Gather feedback from consumers of the new policy option.
-- [ ] Verify no major bugs reported in the previous cycle.
+- [X] Gather feedback from consumers of the new policy option.
+- [X] Verify no major bugs reported in the previous cycle.
+- [X] Ensure proper e2e tests are in place.
 
 #### GA
 
@@ -333,33 +211,33 @@ No changes needed.
 
 ### Feature Enablement and Rollback
 
-The `/var/lib/kubelet/cpu\_manager\_state` needs to be removed when enabling or disabling the feature.
+The `/var/lib/kubelet/cpu_manager_state` needs to be removed when enabling or disabling the feature.
 
 ###### How can this feature be enabled / disabled in a live cluster?
 
 - [X] Feature gate (also fill in values in `kep.yaml`)
-  - Feature gate name: `CPUManagerPolicyAlphaOptions`
+  - Feature gate name: `CPUManagerPolicyBetaOptions`
   - Components depending on the feature gate: `kubelet`
 - [X] Change the kubelet configuration to set a `CPUManager` policy of `static` and a `CPUManager` policy option of `strict-cpu-reservation`
   - Will enabling / disabling the feature require downtime of the control plane? No
-  - Will enabling / disabling the feature require downtime or reprovisioning of a node?  No -- removing `/var/lib/kubelet/cpu\_manager\_state` and restarting kubelet are enough.
+  - Will enabling / disabling the feature require downtime or reprovisioning of a node?  No -- removing `/var/lib/kubelet/cpu_manager_state` and restarting kubelet are enough.
 
 
 ###### Does enabling the feature change any default behavior?
 
 Yes. Reserved CPU cores will be strictly used for system daemons and interrupt processing no longer available for workloads.
 
 The feature is only enabled when all following conditions are met:
-1. The `CPUManagerPolicyAlphaOptions` feature gate must be enabled
-2. The `static` `CPUManager` policy must be selected
+1. The `static` `CPUManager` policy must be selected
+2. The `CPUManagerPolicyBetaOptions` feature gate must be enabled
 3. The new `strict-cpu-reservation` policy option must be selected
 4. The `reservedSystemCPUs` is not empty
 
 ###### Can the feature be disabled once it has been enabled (i.e. can we roll back the enablement)?
 
-Yes, the feature can be disabled by either:
-1. Disable feature gate `CPUManagerPolicyAlphaOptions` or remove `strict-cpu-reservation` from the list of `CPUManager` policy options
-2. Remove `/var/lib/kubelet/cpu\_manager\_state` and restart kubelet
+Yes, the feature can be disabled by:
+1. Disable feature gate `CPUManagerPolicyBetaOptions` or remove `strict-cpu-reservation` from the list of `CPUManager` policy options
+2. Remove `/var/lib/kubelet/cpu_manager_state` and restart kubelet
 
 ###### What happens if we reenable the feature if it was previously rolled back?
 
@@ -381,7 +259,7 @@ If the feature rollout fails, burstable and best-efforts continue to run on the
 If the feature rollback fails, burstable and best-efforts continue not to run on the reserved CPU cores.
 In either case, existing workload will not be affected.
 
-When enabling or disabling the feature, make sure `/var/lib/kubelet/cpu\_manager\_state` is removed before restarting kubelet otherwise kubelet restart could fail.
+When enabling or disabling the feature, make sure `/var/lib/kubelet/cpu_manager_state` is removed before restarting kubelet otherwise kubelet restart could fail.
 
 <!--
 Try to be as paranoid as possible - e.g., what if some components will restart
@@ -411,7 +289,7 @@ Longer term, we may want to require automated upgrade/rollback tests, but we
 are missing a bunch of machinery and tooling and can't do that now.
 -->
 
-We manually test it in our internal environment and it works.
+We use the feature in our internal environment and it works.
 
 ###### Is the rollout accompanied by any deprecations and/or removals of features, APIs, fields of API types, flags, etc.?
 
@@ -425,7 +303,7 @@ No.
 
 ###### How can an operator determine if the feature is in use by workloads?
 
-Inspect the `defaultCpuSet` in `/var/lib/kubelet/cpu\_manager\_state`:
+Inspect the `defaultCpuSet` in `/var/lib/kubelet/cpu_manager_state`:
 - When the feature is disabled, the reserved CPU cores are included in the `defaultCpuSet`.
 - When the feature is enabled, the reserved CPU cores are not included in the `defaultCpuSet`.
 
@@ -447,9 +325,9 @@ This feature allows users to protect infrastructure services from bursty workloa
 
 ###### What are the SLIs (Service Level Indicators) an operator can use to determine the health of the service?
 
-https://github.com/kubernetes/kubernetes/pull/127506:
-- `cpu\_manager\_shared\_pool\_size\_millicores`: report shared pool size, in millicores (e.g. 13500m), expected to be non-zone otherwise best-effort pods will starve
-- `cpu\_manager\_exclusive\_cpu\_allocation\_count`: report exclusively allocated cores, counting full cores (e.g. 16)
+Monitor the following kubelet counters:
+- `cpu_manager_shared_pool_size_millicores`: report shared pool size, in millicores (e.g. 13500m), expected to be non-zone otherwise best-effort pods will starve
+- `cpu_manager_exclusive_cpu_allocation_count`: report exclusively allocated cores, counting full cores (e.g. 16)
 
 ###### Are there any missing metrics that would be useful to have to improve observability of this feature?
 

keps/sig-node/4540-strict-cpu-reservation/kep.yaml

@@ -8,20 +8,19 @@ status: implementable
 creation-date: 2024-03-06
 reviewers:
   - "@ffromani"
-  - "@klueska"                                                                          
   - "@swatisehgal"                                                                      
 approvers:
   - "@sig-node-tech-leads"                                                              
 see-also: []
 replaces: []
 
 # The target maturity stage in the current dev cycle for this KEP.
-stage: alpha
+stage: beta
 
 # The most recent milestone for which work toward delivery of this KEP has been
 # done. This can be the current (upcoming) milestone, if it is being actively
 # worked on.
-latest-milestone: "v1.32"
+latest-milestone: "v1.33"
 
 # The milestone at which this feature was, or is targeted to be, at each stage.
 milestone:
@@ -32,7 +31,7 @@ milestone:
 # The following PRR answers are required at alpha release
 # List the feature gate name and the components for which it must be enabled
 feature-gates:
-  - name: "CPUManagerPolicyAlphaOptions"                                                
+  - name: "CPUManagerPolicyBetaOptions"
     components:                                                                         
       - kubelet
 disable-supported: true