KEP-5328: Node Capabilities

[pravk03]

• One-line PR description: Add the initial KEP for KEP 5328: Node Capabilities

• Issue link: Node Capabilities #5328

• Other comments:

[k8s-ci-robot]

Welcome @pravk03!

It looks like this is your first PR to kubernetes/enhancements 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes/enhancements has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[k8s-ci-robot]

Hi @pravk03. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: pravk03
Once this PR has been reviewed and has the lgtm label, please assign dchen1107 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• keps/sig-node/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[wojtek-t]

@dom4ha @sanposhiho @macsko - FYI

[wojtek-t]

Should this really be string=>string?
To make that useful, it needs to carry the semantic and be understood in exactly the same way by scheduler.

I don't have a counterproposal for it - but maybe we can somehow couple that with certain pod features?

[pravk03]

The string=>string format was chosen for its flexibility, similar to node labels and annotations. This allows us to represent diverse information types and easily add new capabilities without requiring API schema changes.

I agree that clear semantic understanding by the scheduler is necessary. This could be achieved through consistent, DNS-style keys where the naming convention itself (e.g. kubernetes.io/feature/featureName) effectively defines each capability ?

[wojtek-t]

1. How many capabilities do we expect here?
2. Once we decide to publish capability X in the status - are we effectively committing to publishing it forever? Or do we plan to no longer public it after X happens (whether X is an event or time-based)? If we never trim the capability - we're effectively risking growing the object forever

[pravk03]

Some capabilities, like those reflecting stable kernel or runtime features are expected to be long-lived and would persist as long as they remain relevant on the node. For capabilities tied to Kubelet features in alpha or beta stages, they can be be automatically deprecated after the feature becomes GA.

Its challenging to estimate the number of capabilities, the proposal's restriction to publishing only information actionable by control plane component (scheduler or admission controllers) is designed to inherently keep this number manageable.

[wojtek-t]

You should put sig-scheduling here and have a reviewer from that sig.

[dom4ha]

Shall it prevent pods from being scheduled or bound? We plan to separate workload scheduling from binding and scheduling may start considering non-existing pods yet, and so, not ready Nodes as well.

/cc @wojtek-t @x13n WDYT?

[wojtek-t]

This isn't dynamic - so we don't expect this to change anytime soon. So it should prevent scheduling.

[dom4ha]

IIUC some capabilities are, the ones that signify presence of necessary deamons. Newly turnup nodes would always start with such "missing" capabilities, but it would be temporary which should at least block binding.

[pravk03]

To avoid any race conditions, the key requirement for NodeCapabilities is to include static configurations available during kubelet bootstrap. We should not really have temporarily missing capabilities.

[dom4ha]

How the scheduling logic could be constructed if the specification which pod needs which capabilities can be designed? I think without it, the proposal is incomplete.

[pravk03]

I added some details on the kube-scheduler changes necessary and included example workflows in the Design section. PTAL.

[dom4ha]

Can you give some examples in User stories how pod requirement may map to specific capabilities?

[pravk03]

Thanks for the suggestion. Added some examples.

[pravk03]

/cc @tallclair @yujuhong

[sanposhiho]

/sig scheduling

[haircommander]

this inference is confusing to me. How will the scheduler know which features in a pod map to one on a node? is it going to be declarative within kubernetes, or imperative?