-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Kubernetes extended resources for container components through attributes that override container and pod specification #920
Comments
A drawback of the approach to support only a specific subset of the resources field is that the Devfile spec needs to follow the evolution of the Kubernetes pod resources field specification. This wouldn't be a big issue if it was stable and clearly defined. However, the spec defines limits and requests as type Object (https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.24/#resourcerequirements-v1-core). Hence, the definition of limits and requests is open which is also demonstrated by the variety of fields interpreted by Kubernetes as documented here: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/. Examples are:
When it comes to gpus, the docs https://kubernetes.io/docs/tasks/manage-gpus/scheduling-gpus/ introduces .com/gpu (e.g. amd.com/gpu or nvidia.com/gpu) for device plugins. I just wanted to point this out to discuss whether it might make sense to just pass-through all the fields under the resources field. The devfile spec could just follow the Kubernetes spec and define it as object as well to leave open what is inside. |
This makes me again think about the purpose of the We already a several issues about adding more fields from k8s container definition to devfile container definition.
I think that need to decide between the following options and stick to it:
|
From a user perspective
Overall, I prefer the idea of @Javatar81 of making the definition of ressources in the |
I'm ok with that, that means that we will be taking the first approach that I mentioned in #920 (comment) But that also means that we should add the other things like |
After discussions during today's devfile cabal we agreed on:
Example n.1: add components:
- name: go
+ attributes:
+ container-overrides: {"resources": {"limits": "nvidia.com/gpu": 1"}}
container:
image: ... Example n.2: specify the pod components:
- name: go
+ attributes:
+ pod-overrides: {"spec":{"securityContext":{"runAsUser":1000,"runAsGroup":3000,"fsGroup":2000}}}
container:
image: ...
... |
This sounds like a very flexible solution to address the problem. :-) Would this be part of the Devfile 2.2 spec? How does it relate to #860 and devfile/devworkspace-operator#852 ? |
I've opened DevWorkspace Operator PR devfile/devworkspace-operator#944 that implements support for the Some additional assumptions this implementation makes, at the moment:
|
@amisevsk +1 to your proposal. I have updated the description and samples to reflect that. @kadel hopefully this syntax works for you too. @miboettc it won't be part of the spec. It's a convention to use free-form attributes to specify pod and container overrides. In other words it will be implented earlier (without change to the API) but there won't be syntax validation (the devfile will be considered correct even if the pod-spec is syntactically invalid). And we have closed #860 in favor of devfile/devworkspace-operator#944. And this will also address devfile/devworkspace-operator#852. |
To add, devfile/devworkspace-operator#944 has been updated to support |
I have a few concerns about proposed json form. Lets say that original pod spec contains something like this spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000 and I want to change just the value of {"spec":{"securityContext":{"runAsUser":1001}}} Now lets say that I want to change spec:
securityContext:
runAsUser: 1001 How would I define this in this json notation? Wouldn't the @amisevsk How would DevspaceOperator interpret
I liked the original syntax that @l0rd had in #920 (comment) before. ["spec.securityContext.runAsUser: 1001"] and ["spec.securityContext: {'runAsUser': 1001}"] |
The DevWorkspace Operator currently treats the values defined in
it would mean each implementation would require ad-hoc handling of every single field (e.g. we'd need to parse out
and
would require writing a custom parser that understands the Kubernetes pod spec API, which would lead to more confusion and be harder to use than the well-defined Kubernetes strategic patch format. To support not merging fields and instead replacing, Kubernetes strategic merge supports directives like |
PR devfile/devworkspace-operator#967 adds support for strategic patch directives to DWO (see doc) |
Ok makes sense. I was not aware that this is intended to work as Strategic Merge Patch. We need to make sure that this is properly documented, so users know what to expect. |
What happens when |
There's no "local level" since pod overrides apply to the pod that holds all containers -- Pod overrides in DWO are applied first in the order they appear within components, then from the top-level attribute, with later values merging over earlier ones. |
Closing as complete |
/area api
Which functionality do you think we should add?
Why is this needed? Is your feature request related to a problem?
Devfiles don't allow to specify request/limits for resources other than memory and CPU. But there are cases where developers workloads require extended resources (e.g.
nvidia.com/gpu
).Detailed description:
Kubernetes nodes can be assigned with extended resources (besides memory and CPU) and workloads can request and limit the use of those resources.
For example NVIDIA GPU operator advertises
nvidia.com/gpu
resources on the cluster nodes so that a Pod that requires them can specify the request and limit quantities:Describe the solution you'd like
Use devfile and components attributes to override pod and container spec:
JSON container overrides
YAML container overrides
pod overrides at devfile attributes level (both YAML and JSON are supported)
pod overrides at container attributes level (both YAML and JSON are supported)
Additional context
The request comes from OpenShift Dev Spaces customers that were able to achieve that with devfile v1
kubernetes
components. With devfile v2kubernetes
components run in their own pod and may not have access to the source code (that is mounted in the main pod).The text was updated successfully, but these errors were encountered: