Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

api: add support for NRI-native CDI injection #98

Merged
merged 7 commits into from
Aug 13, 2024

Conversation

klihub
Copy link
Member

@klihub klihub commented Jul 10, 2024

Add support for native CDI injection through NRI. With this patch set in place, a plugin can now directly request injection of CDI devices by fully qualified CDI device names. This is considerably simpler than what is currently required from an NRI plugin to perform CDI injection: perform CDI device resolution, then injection to an (almost) empty OCI Spec, inspect the resulting OCI Spec and convert the differences to a set of low-level NRI adjustments for devices, mounts, env. vars. and OCI hooks to effectively do the same through the NRI protocol.

/cc @elezar

@klihub klihub requested a review from fuweid July 10, 2024 14:32
@klihub klihub changed the title api: native CDI injection api: add support for NRI-native CDI injection Jul 10, 2024
@elezar
Copy link

elezar commented Jul 10, 2024

/cc

pkg/adaptation/result.go Outdated Show resolved Hide resolved
@klihub klihub force-pushed the devel/native-cdi-injection branch 2 times, most recently from e8cec5a to 9aadde9 Compare July 10, 2024 16:08
pkg/adaptation/result.go Outdated Show resolved Hide resolved
@elezar
Copy link

elezar commented Jul 11, 2024

This change would make containers/nri-plugins#327 redundant. Is there a way to detect that we're working with a runtime / plugin that supports CDI devices natively?

@klihub klihub force-pushed the devel/native-cdi-injection branch 2 times, most recently from cbfdea5 to c304705 Compare July 11, 2024 13:05
@klihub klihub force-pushed the devel/native-cdi-injection branch from c304705 to 460b41a Compare July 12, 2024 07:54
@klihub
Copy link
Member Author

klihub commented Jul 12, 2024

This change would make containers/nri-plugins#327 redundant.

I rolled this PR actually with that CDI injecting NRI plugin in mind (I mentioned this in the initial review of that plugin PR). The idea was to test/see how we could do native CDI injection through NRI. And, if we're happy enough with the result to merge it, to make the implementation of actual CDI device injection in that plugin much easier.

There are both pros and cons with this approach. The pros are

  • no need to track CDI evolution so closely (even a recompile is not necessary when CDI is extended)
  • no need to reimplement existing CDI injection logic in terms of NRI adjustments
  • does not tie CDI capabilities to NRI capabilities (technically we can allow such container mutation capabilities to CDI which we don't want to allow in NRI)

The cons are maybe that it is a bit superficial, as currently the container mutation capabilities offered by NRI are a superset of what is needed for CDI injection.

Is there a way to detect that we're working with a runtime / plugin that supports CDI devices natively?

Currently no other means than checking RuntimeName and RuntimeVersion in the plugin configuration NRI message, then using explicit knowledge about which runtime/version support started appearing in.

@klihub klihub requested review from fuweid and yylt July 12, 2024 12:16
Copy link
Member

@fuweid fuweid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@klihub klihub requested a review from elezar July 18, 2024 08:58
@mikebrow mikebrow self-assigned this Jul 22, 2024
Copy link

@elezar elezar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @klihub

This looks fine at a high level now. My last comments are effectively nits or notes on unit test coverage.

plugins/device-injector/device-injector.go Outdated Show resolved Hide resolved
plugins/device-injector/device-injector.go Outdated Show resolved Hide resolved
Copy link
Member

@mikebrow mikebrow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

some comments, cheers!

pkg/adaptation/result.go Outdated Show resolved Hide resolved
pkg/adaptation/result.go Outdated Show resolved Hide resolved
// apply additions to collected adjustments
for _, d := range devices {
if err := r.owners.claimCDIDevice(id, d.Name, plugin); err != nil {
return err
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

// TODO: consider support for a higher level management plugin having the cap to adjust, esp. outside k8s scenarios

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you mean to verbatim include that comment here... as a reminder to consider that in the future ?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sort of.. suggesting the consideration of a TODO here, not that explicit text, or we can just open an issue though the way issues get removed when the bots are turned on :-)

plugins/device-injector/device-injector.go Outdated Show resolved Hide resolved
plugins/device-injector/README.md Show resolved Hide resolved
Devices are annotated using the `cdi-devices.nri.io` annotation key prefix.
The key `cdi-devices.nri.io/container.$CONTAINER_NAME` annotates CDI devices
to be injected into `$CONTAINER_NAME`. The keys `cdi-devices.nri.io` and
`cdi-devices.nri.io/pod` annotate CDI devices to be injected into all
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reasoning for both with and without /pod?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We've used in some of our existing components a similar annotation syntax/precedence. There the reasoning was to try provide both regularly symmetric annotation syntax ($KEY/pod vs. $KEY/container.$CONTAINER_NAME) and 'convenience' ($KEY interpreted as a shorthand notation/alias for $KEY/pod).

@mikebrow mikebrow added this to the 1.0 milestone Aug 1, 2024
@klihub klihub force-pushed the devel/native-cdi-injection branch from 4c99f6c to 7d223a9 Compare August 12, 2024 08:11
@klihub klihub force-pushed the devel/native-cdi-injection branch 4 times, most recently from 4f12658 to 7859c0d Compare August 12, 2024 13:19
Copy link

@elezar elezar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @klihub.

I think I'm down to nits and organisational questions / comments for the most part. Thanks for the cleanups. (for some of them it may be clearer if we have the refactorings as seprate commits / PRs).

pkg/adaptation/adaptation_suite_test.go Outdated Show resolved Hide resolved
pkg/adaptation/adaptation_suite_test.go Outdated Show resolved Hide resolved
pkg/adaptation/api.go Show resolved Hide resolved
pkg/api/adjustment.go Outdated Show resolved Hide resolved
pkg/runtime-tools/generate/generate.go Show resolved Hide resolved
pkg/runtime-tools/generate/generate.go Show resolved Hide resolved
plugins/device-injector/README.md Show resolved Hide resolved
plugins/device-injector/device-injector.go Show resolved Hide resolved
@klihub klihub force-pushed the devel/native-cdi-injection branch 2 times, most recently from 466a173 to 257d1ee Compare August 12, 2024 13:50
klihub added 3 commits August 12, 2024 16:52
Add support for native CDI injection. With this in place, a
plugin can now directly request injection of CDI devices by
device name. This is much simpler than first performing CDI
device resolution and injection, followed by a set of low-
level NRI adjustments for devices, mounts, env. vars. and
OCI hooks to effectively do the same.

Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
@klihub klihub force-pushed the devel/native-cdi-injection branch from 257d1ee to 7e6841a Compare August 12, 2024 13:53
Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
@klihub klihub force-pushed the devel/native-cdi-injection branch from 7e6841a to 6598645 Compare August 12, 2024 13:57
klihub and others added 2 commits August 12, 2024 17:01
Add support for injecting annotated CDI devices using the
new native NRI CDI injection API.

Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
Co-authored-by: Mike Brown <brownwm@us.ibm.com>
Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
@klihub klihub force-pushed the devel/native-cdi-injection branch from 6598645 to 4eb7075 Compare August 12, 2024 14:01
Copy link

@elezar elezar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @klihub.

This looks good from my side. (there is a minor comment string suggestion, but not a blocker at all).

Clarify order of preference for the possible annotations.

Co-authored-by: Mike Brown <brownwm@us.ibm.com>
Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
Copy link
Member

@mikebrow mikebrow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mikebrow mikebrow merged commit c9b4798 into containerd:main Aug 13, 2024
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants