In-place VM Hotplug (without live-migration) #46
Conversation
kubevirt-bot
added
do-not-merge/work-in-progress
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
iholder101
force-pushed
the
vep/in-place-hotplug
branch
from
ff667aa to
88936ee
Compare
kubevirt-bot
removed
the
do-not-merge/work-in-progress
|
/release-note-none |
kubevirt-bot
added
release-note-none
|
@iholder101 can you please double check if this works with guaranteed resources? As far as I know, it doesn't. |
Very good observation, thank you!
I will definitely try to dig into understanding where this limitation is coming from and emphasizing its importance to us. If it will be decided that indeed dedicated-cpus are out of scope, we can fallback to the migration strategy for these specific VMs. I will update the VEP accordingly. |
|
/cc ( to follow up ) For resize question, please check PR ( there is a screencast at PRs description with current proposal status ) , please note solution considers lowest threshold to be the CPU pinned during startup. Looking forward for your comments/review in that PR, your use case is very interesting. |
|
@esotsal: GitHub didn't allow me to request PR reviews from the following users: esotsal. Note that only kubevirt members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
iholder101
force-pushed
the
vep/in-place-hotplug
branch
from
88936ee to
6db00f3
Compare
Updated the VEP accordingly. |
Thank you very much for the pointer! I'll review the PR soon! |
| - [ ] Turn this feature on by default. | ||
|
|
There was a problem hiding this comment.
I think we should add GA Kubernetes In-Place resize as a requirement
There was a problem hiding this comment.
My opinion is that beta features should (in most cases) be enabled by default, this is also Kubernetes' policy and I think it makes a lot of sense. It will enable to test and experiment a feature upstream before fully committing to it.
There's a related discussion about about this in kubevirt/kubevirt#14427, which aims to enable a path forward for beta features being on by default.
There was a problem hiding this comment.
Yes, I understand that Beta features should be enabled by default. This is why I think it would be better to wait until this feature gate is GA in Kubernetes before making it Beta in KubeVirt. I'm not sure we should have default behavior that depends on Kubernetes Beta/Alpha feature gates. We have a similar requirement for the ImageVolume feature gate.
There was a problem hiding this comment.
The general rule is that our feature gate will be 1 graduation phase below Kubernetes.
ImageVolumes are Beta on Kubernetes, therefore we allow it to become Alpha in Kubevirt.
Same goes for GA and Beta with the pod resize FG.
| * Admins / namespace owners. | ||
|
|
||
| ## User Stories | ||
|
|
There was a problem hiding this comment.
As a user, in order to hotplug additional devices, I also need to hotplug more memory to support the new pass through devices.
There was a problem hiding this comment.
Interesting, @rthallisey are we planning to support hot plug for host devices?
@iholder101, what resources are currently supported, or is it entirely open?
There was a problem hiding this comment.
Thanks @rthallisey! I've added that!
@iholder101, what resources are currently supported, or is it entirely open?
@vladikr According to the feature's non-goals:
updating extended resources or any other resource types besides CPU, memory
So yeah, only memory and CPU resources are currently supported.
There was a problem hiding this comment.
With PT devices, it's very difficult support to live migration - also kvm won't allow it. So avoiding live migrate will make hot plug of host devices possible. The tricky part to support this feature is you will often need to hot plug memory to be used only by the compute container, not given to the guest, as part of the device hotplug.
There was a problem hiding this comment.
The tricky part to support this feature is you will often need to hot plug memory to be used only by the compute container, not given to the guest
That should be entirely possible!
There was a problem hiding this comment.
How will you secure when reducing memory that you will avoid out of memory situations, given that it is not possible to get the exact memory usage from the container runtime ?
There was a problem hiding this comment.
How will you secure when reducing memory that you will avoid out of memory situations, given that it is not possible to get the exact memory usage from the container runtime ?
This topic is still under discussions, since with cgroups v2 lowering memory limits will be accepted and cause OOM kills, and if k8s will do the validation it's bound to an inherit TOC/TOU race. More info can be found here: https://github.com/kubernetes/enhancements/tree/61abddca34caac56d22b7db48734b7040dc68b43/keps/sig-node/1287-in-place-update-pod-resources#memory-limit-decreases.
In any case, hot-unplug is not yet supported in Kubevirt in general. We can think of relaxing this limitation if the k8s feature will come up with a decent solution to this problem.
iholder101
force-pushed
the
vep/in-place-hotplug
branch
from
6db00f3 to
bdccf80
Compare
Signed-off-by: Itamar Holder <[email protected]>
Signed-off-by: Itamar Holder <[email protected]>
iholder101
force-pushed
the
vep/in-place-hotplug
branch
from
bdccf80 to
2d2c805
Compare
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with /lifecycle stale |
kubevirt-bot
added
the
lifecycle/stale
|
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with /lifecycle rotten |
kubevirt-bot
added
lifecycle/rotten
|
/remove-lifecycle rotten |
kubevirt-bot
removed
the
lifecycle/rotten
6 participants
VEP Metadata
Tracking issue: #45
SIG label: sig/compute
What this PR does
Recently, memory and CPU hotplug was added to KubeVirt. This allows users to add memory and CPU to a running VM on the fly.
When a VM gets hotplugged, the underlying virt-launcher pod's resources need to be modified accordingly. Traditionally in Kubernetes, pods are immutable. Once a pod is created, its resource requests and limits cannot be changed. Therefore, the hotplug feature was implemented by live-migrating the VM which would result in a new virt-launcher pod with the updated resources.
On the hotplug's original design proposal (that pre-dated the VEP process) it's written:
Fortunately, the in-place pod resize feature was graduated to beta in Kubernetes 1.33. Therefore, Kubevirt should aim to move away from live-migrating the VM on hotplug and instead use the in-place pod resize feature.
Notes for reviewers
This is more of a tracker VEP for this change, as there is no API change.