KEP-3953: Node Resource Hot Plug

[Karthik-K-N]

• One-line PR description: Node Resource Hot Plug

• Issue link: Node Resource Hot Plug #3953

• Other comments:

[bart0sh]

/assign @mrunalp @SergeyKanzhelev @klueska

[kad]

/cc

[ffromani]

/cc

[fmuyassarov]

/cc

[Karthik-K-N]

Thanks @ffromani , @bart0sh for the inputs, I have updated the KEP with more details. Please take a look when time permits.

I think the most important open point is the hardware model, as we already seeing very clearly the limit of the cadvisor hardware model.

As you might be aware there is an ongoing efforts to fetch the machine info via CRI and in future I think it should not be much efforts to adopt.

[ffromani]

Thanks @ffromani , @bart0sh for the inputs, I have updated the KEP with more details. Please take a look when time permits.

I think the most important open point is the hardware model, as we already seeing very clearly the limit of the cadvisor hardware model.

As you might be aware there is an ongoing efforts to fetch the machine info via CRI and in future I think it should not be much efforts to adopt.

Sure, I can't recall which hardware representation model (if we agreed already) is gonna be used in that case

[iholder101]

Thank you @Karthik-K-N!
Let me know if you have any questions regarding the NodeSwap KEP.

[iholder101]

Currently, if a node is hotplugged with additional memory, do swap limits get updated? IIUC the answer is no, and this can perhaps serve as a justification for why this approach is needed.

More generally, IIUC restarting kubelet is a workaround in the sense that kubelet doesn't expect a situation where it would spawn on a node with already running containers that need to be modified based on node's resources being changed. Please keep me honest here as I'm not 100% sure that's the case.

[iholder101]

Another thought: is it dangerous to hotplug the node without restarting kubelet?
If it is, then ensuring the kubelet would restart can be considered as a stability enhancement.

[deads2k]

Thanks for the PRR update. PRR lgtm for alpha.

Separate from PRR, some kind of reaction when resources are removed seems far better than doing nothing. Even if it's to indicate a problem in node status.

approving PRR.

/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: deads2k, Karthik-K-N
Once this PR has been reviewed and has the lgtm label, please ask for approval from mrunalp. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• keps/prod-readiness/OWNERS [deads2k]
• keps/sig-node/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[SergeyKanzhelev]

would those two result in a new CRI API calls? Which ones? How we will order these calls when we have many Pods and how we will react on failing calls?

[Karthik-K-N]

We decided to use UpdateContainerResources CRI method for updating both OOMScoreAdj and Swap, Initial plan is to serially update the containers across Pods.
Incase of errors to have retry mechanism like SynchPod.

[SergeyKanzhelev]

I would appreciate a bit more details here. If resize failed on a pod, does it mean that we need to fail it? Or notify user somehow? Do we report the size change back to scheduler BEFORE all Pods confirmed the resize or AFTER? What would be implications if scheduler want to use extra resources BEFORE all Pods were actually resized?

[Karthik-K-N]

Sure definitely, We will update the KEP with more information.

[pbetkier]

Components should not depend on hotplugging being the implementation of Node resize, see my comment in Motivation. In particular IMO Cluster Autoscaler should watch Node changes and observe allocatable changing, that's all it needs to know to make its decisions AFAIK. Same goes for Scheduler?

[pbetkier]

Components should not depend on hotplugging being the implementation of Node resize, see my comment in Motivation.

[pbetkier]

To avoid terminating Pods we could perform Node scale-down in 3 phases:

• Block admission on the Node
• Perform scale-down (hotunplug)
• Unblock admission on the Node

These phases could be performed either manually by an operator or automatically with calls from some control plane (which is out of scope for KEP).

[Karthik-K-N]

Noted, But we may need to evaluate resource availability for already running pods, hence running podReAdmission is necessary. Ref: https://docs.google.com/document/d/1KfjPRmCc8Xk0xxa4S8ZRle6VMzc1C6MQg4ivOaoB150/edit?disco=AAAAt7P2DTA

[thockin]

This implies that the scale-down is something kubernetes knows about before it happens, right? How does it come to learn about an imminent scale event?

And even then, we still need to define what happens when you get a surprise.

[dom4ha]

FYI, eviction is a topic in itself, especially being able to assess what would be an impact on affected workflows and how to migrate pods with as little impact as possible. But all of it is well described in KEP-4563 (#4565).

[pbetkier]

Why can we afford not adjusting reserved resources? If we increase Node's CPU/memory significantly, we allow to run way more Pods and reinitialize existing components to detect more resources.

[Karthik-K-N]

Some background about have it in non-goal: https://docs.google.com/document/d/1KfjPRmCc8Xk0xxa4S8ZRle6VMzc1C6MQg4ivOaoB150/edit?disco=AAABVzcLYu4

[thockin]

I think it's in-scope to be very clear that these values CAN CHANGE (so consumers know), but maybe out-of-scope on exactly if/how kubelet allows changing them on the fly?

[Karthik-K-N]

With our exploration we identified that the ratio can vary across different providers or flavors of Kubernetes offerings. For example in GKE its calculated as https://cloud.google.com/kubernetes-engine/docs/concepts/plan-node-sizes

Is it suggested standardize this formula and may be override them later by the downstream controllers?

[yujuhong]

Kind of agree that theses values are set and calculated by individual vendors/clouds today. It's not so meaningful to include some standard formula and adjust them automatically.

But we can discuss how someone can change this on-the-fly if needed to, and maybe provide some knobs to do so.

[Karthik-K-N]

But we can discuss how someone can change this on-the-fly if needed to, and maybe provide some knobs to do so.

Sure, I think this can be considered as an extension to this KEP and will add it in the Future Work.

[pbetkier]

We tried Node resizing with hot plug/unplug in GKE and noticed some components don't handle onlining of previously offlined CPUs well, e.g. Cilium not listening to perf events on the newly onlined CPUs. We also found other libraries that could be affected. We later switched to cgroups limiting on the guest + VMM-level throtling as a more reliable alternative.

I treat Node resizing as still a research space so I want to make sure there's an API for telling Kubelet what should be the current resources, as opposed to it discovering it on its own. It's what we discussed in the past with a new API for NRI plugins. This way hotplugging could be the default implementation, but replaceable with other solutions.

[Karthik-K-N]

Agreed, May be once we have some concrete resource API for kubelet , We can consider switching over to an option of swapping alternatives in the future if required without disrupting the overall system.

[thockin]

e.g. Cilium not listening to perf events on the newly onlined CPUs

Not blaming Cilium here, it's easy to assume something never changes when it has never actually changed. Even though we all KNOW that cpu hotplug is a thing. I do think we should apply pressure to these components to do proper fixes.

[pbetkier]

Note that with an external signal about the current VM size coming from NRI Kubelet could maybe react within ~1s as opposed to the current 5 minutes of cadvisor cache refresh (see my comment in Motivation).

[Karthik-K-N]

True, but cAdvisor is currently using default poll interval of 5 min, which can be customized through update_machine_info_interval for aggressive polling. On the similar lines, if needed we can customize poling interval in kubelet through a flag.

[thockin]

We should define an interface and assert a desired SLO. If that means polling more frequently or watching a different kernel mechanism, that goes BEHIND the interface

[Karthik-K-N]

Sure, we will explore and update as per your suggestion #3955 (comment)

[thockin]

I looked at this from a high level, but given the timeframe it seems unlikely to make theis KEP freeze -- how bad is that?

[thockin]

e.g. Cilium not listening to perf events on the newly onlined CPUs

Not blaming Cilium here, it's easy to assume something never changes when it has never actually changed. Even though we all KNOW that cpu hotplug is a thing. I do think we should apply pressure to these components to do proper fixes.

[thockin]

I think it's in-scope to be very clear that these values CAN CHANGE (so consumers know), but maybe out-of-scope on exactly if/how kubelet allows changing them on the fly?

[thockin]

Should it be removed from non-goals, then?

[thockin]

"Depend on" and "take advantage of" are different.

Should VPA know whether a node is vertically scalable? If it knew that, might it make better decisions? What SLOs would be needed to make it useful?

Or maybe that's just too complicated? I'm assuming that some smart, multi-dmensional scaling HAS to emerge, so it can decide between adding replicas or scaling-up pods (or some mix thereof). With IPPR it can really only look at the node capacity to make that decision. If as node could express "I have 12 cores, but I could have up to 32 with an 86% chance of success", would that be useful?

[thockin]

From a design POV, why is polling the way to go? With the luxury of distance, I would think something like this would be simpler:

Define an interface which calls a callback function when resources change.
Implement said interface in terms of cadvisor (which might poll underneath).
Consume those callback in kubelet (possibly through a queue and a periodic handler).

[Karthik-K-N]

Sure thank you for the idea. So inclined to polling in Kubelet as it was existing design in cAdvisor.
We will surely explore this path as it can be managed better for rate limiting if needed.

[thockin]

I like this topic.

Why NOT restart kubelet? It's certainly going to be less complicated, technically.

Is it too slow? Is thsat something we should fix anyway? Having kubelet restarts be reliably fast and safe is a win.

Would that only be a partial solution (e.g. kubelet plugins have the same problem)?

etc.

I am not saying "do it with a restart" but "convince me that a restart is bad or insufficient"

[thockin]

We should always be level triggered. Events are great, but frequent re-validation is where it's at.

[Karthik-K-N]

Agreed, Intention was to mention kubelet failing to react/ignoring to any hot plug instances. So will rephrase accordingly to mention its level triggered.

[thockin]

I would add the risk that bringing new NAMED resources (as opposed to aggregate resources) on-line can trip up naive consumers.

• Anything that spawns per-CPU things (threads, workpools, etc)
• Anything that is aware of relationships (e.g NUMA)
• Hot-plugging other devices (e.g. GPUs) might trip up applications or libraries (e.g. is CUDA/NCCL ready for this?)

[thockin]

We should define an interface and assert a desired SLO. If that means polling more frequently or watching a different kernel mechanism, that goes BEHIND the interface

[johnbelamaric]

/cc

[haosdent]

If some existing pods have been pinned to the old remaining CPU set, would the re-init update them after new CPU cores appear?

[Karthik-K-N]

No, hotplug only supplements additional CPUs rather than re-assigning new set of reuired CPUs.

[haosdent]

Suggested change

	Hence, it is necessary to handle the updates in the compute capacity in a graceful fashion across the cluster, than adopting to reset the cluster components to achieve the same.
	Hence, it is necessary to handle capacity updates gracefully across the cluster, rather than resetting the cluster components to achieve the same outcome.

[haosdent]

Suggested change

	With this proposal its also necessary to recalculate and update OOMScoreAdj and swap limit for the pods that had been existing before resize. But this carries small overhead due to recalculation of swap and OOMScoreAdj.
	With this proposal its also necessary to recalculate and update OOMScoreAdj and swap limit for the pods that had been existing before resize. But this carries a small overhead due to recalculation of swap and OOMScoreAdj.

[haosdent]

Suggested change

	* downsize- > upsize
	* downsize -> upsize

[haosdent]

Suggested change

	we intend to propose a separate KEP dedicated to hotunplug of resources to address the same.
	We intend to propose a separate KEP dedicated to hotunplug of resources to address that.

[haosdent]

Suggested change

	In case of rollout failures, running workloads are not affected, If the pods are on pending state they remain
	in the pending state only.
	In case of rollout failures, running workloads are not affected. If pods are in the pending state, they remain pending.

[haosdent]

Suggested change

	In a conventional Kubernetes environment, the cluster resources might necessitate modification because of inaccurate resource allocation during cluster initialization or escalating workload over time,
	necessitating supplementary resources within the cluster.
	In a conventional Kubernetes environment, cluster resources might need modification because of inaccurate resource allocation or due to escalating workloads over time, requiring supplementary resources within the cluster.

[haosdent]

Would we add a flag to control the poll duration about kubelet reading new machine info from cAdvisor

[sftim]

Flag, possibly not. Did you mean "field within the kubelet configuration file?"

(using command line arguments to kubelet is mostly deprecated in favor of using configuration fields)

[Karthik-K-N]

As suggested in comment , we have decided to move away from poll mechanism to level triggered mechanism, Where we continuously watch for resize changes from cAdvisor and handle them accordingly.

[sanposhiho]

Coming from the ping on SIG-Scheduling slack and take a glance at it.
Overall I don't see any mention of what changes are needed for which part of the scheduler for this proposal. Do you mean we don't need any change on the scheduler because node's status is updated and the scheduler watches it? (If Yes, can you update the KEP to clarify that point?)

Also, it only mention "With increase in cluster resources" scenario? Would it be impossible to decrease the resources?
EDIT: looks like that's out of scope of this KEP.
https://kubernetes.slack.com/archives/C09TP78DV/p1739505791133219?thread_ts=1739425555.326269&cid=C09TP78DV

[sftim]

When we graduate to beta, and on Linux, we could consider a test along the lines of:

• start or wipe a server. Offline half the CPUs
• Configure the kubelet and define some static Pods
• start the kubelet
• SIGSTOP the kubelet
• wait a little while
• online some CPUs
• wake up / continue the kubelet
• observe that the kubelet notices the new CPUs within a timespan, and notifies its API server
• optionally, online some more CPUs