OCPBUGS-35911: E2E: Add test to verify runc process excludes the cpus used by pod.

[SargunNarula]

Adding a test to verify that runc does not use CPUs assigned to guaranteed pods.

Original bug link - https://bugzilla.redhat.com/show_bug.cgi?id=1910386

[openshift-ci-robot]

@SargunNarula: This pull request explicitly references no jira issue.

In response to this:

Adding a test to verify that runc does not use CPUs assigned to guaranteed pods.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: SargunNarula
Once this PR has been reviewed and has the lgtm label, please assign marsik for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@SargunNarula: This pull request references Jira Issue OCPBUGS-35911, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.17.0) matches configured target version for branch (4.17.0)
• bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

No GitHub users were found matching the public email listed for the QA contact in Jira ([email protected]), skipping review request.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

Adding a test to verify that runc does not use CPUs assigned to guaranteed pods.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@SargunNarula: This pull request references Jira Issue OCPBUGS-35911, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.17.0) matches configured target version for branch (4.17.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

No GitHub users were found matching the public email listed for the QA contact in Jira ([email protected]), skipping review request.

In response to this:

Adding a test to verify that runc does not use CPUs assigned to guaranteed pods.

Original bug link - https://bugzilla.redhat.com/show_bug.cgi?id=1910386

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[shajmakh]

Thanks for this. I added few initial comments below

[shajmakh]

let's add error handling here please

[SargunNarula]

The test fails at this line with context deadline error, every time Expect error is added. I have manually verified that If expect is removed, the rm task gets completed at the system. I tried using custom context with context.WithDeadline & context.WithTimeout but still the test failed. This happens at the next error handling part as well.

[shajmakh]

I wouldn't completely ignore the error though, a warning report or a klog.Error is fine.
also we can make sure that after this command is executed the file was indeed deleted as a workaround for handling the error

[ffromani]

+1 to what Shereen wrote

[SargunNarula]

I have removed the intermediate file logic, hence this command is not required. On the other places added the error handling.

[shajmakh]

let's please add error handling in all places

[SargunNarula]

Added a comment above regarding facing context deadline error, it is applicable here too.

[SargunNarula]

With new logic, file handling is not performed. Yet error handling is added at places required.

[mrniranjan]

looks good to me from my side.

[shajmakh]

let's please add By() and logs where it fits to help view the flow of the test when debugging

[ffromani]

the testing logic can be maybe simplified, but no major objections it seems
questions and possible improvements inside

[ffromani]

why do we need to copy the data into an intermediate file and can't we read it directly and store in a variable in this test?
if we need an itermediate file, since we go in append mode, let's make sure the file is actually empty before the test starts. If because a bug the file is not created properly, we will have corrupted state very hard to notice.
Another approach (possibly better) is to create a temp file for this test.

I think the simpler solution is to just avoid the intermediate file

[SargunNarula]

Thanks @ffromani , for the simpler solution advice. Revised with latest commit.

[ffromani]

if this can't fail , let's just omit the error return value.
I'd call it makePod rather than getPod

[SargunNarula]

Revised with latest commit.

[ffromani]

or

overlap := guaranteedPodCpus.Intersection(runcCpus).List()
Expect(overlap).To(BeEmpty(), "Overlap found between guaranteedPod cpus (%s) and runtime Cpus (%s), not expected behaviour", guaranteedPodCpus, runcCpus)

[SargunNarula]

This is a much better way, Thanks. Revised.

[ffromani]

+1 to what Shereen wrote

[shajmakh]

nit: Expect().ToNot(Equal(0)) = Expect().ToNot(BeEmpty())

[shajmakh]

how do we guarantee that the pod will be created with a different name from the GU pod?

[shajmakh]

an info report would be helpful here, something like:
klog.InfoS("<QoS> pod %s/%s was successfully created", updatedPodObj.Namespace,updatedPodObj.Name)
same for the best-effort

[shajmakh]

you can avoid after each because the creation of the pods is done in the specific It(), you can convert that to defer after each pods creation (as close as possible to the creation):

guaranteedPod = makePod(ctx, workerRTNode, true)
err := testclient.Client.Create(ctx, guaranteedPod)
Expect(err).ToNot(HaveOccurred(), "Failed to create guaranteed pod")
defer deleteTestPod(ctx, guaranteedPod)

[ffromani]

I'm not sure this tests checks the correct thing. We do check a BE pod has no overlap with CPUs exclusively assigned to a Guaranteed pod, but the problem here is not what happens at runtime, but what happened at pod creation time. Once the pod goes running, runc is terminated, and there's no trace of where did it run

[openshift-ci]

@SargunNarula: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[SargunNarula]

@ffromani The original issue identified was that when launching a guaranteed pod running a cyclic test, the runc container creation process was observed to be running on isolated CPUs. This process inadvertently utilized the CPUs allocated to the cyclic test.

The resolution involved ensuring that the cpuset.cpus configuration is passed during container creation.

Additionally, since runc follows a two-step creation process, the initialization process (executed as /usr/bin/pod, which is a symlink to /usr/bin/runc) is started within a container. This container is assigned the cpuset.cpus values. This behavior can be confirmed by examining the config.json of the initialization container to verify that the appropriate CPU allocation is applied, reserved CPUs in the case of a guaranteed pod, or all available CPUs in the case of a Best-Effort (BE) pod.

Reference:

• https://github.com/opencontainers/runc/blob/9b3fe30e19273e88aaa2812e918fdc100d0d49be/libcontainer/README.md?plain=1#L18

• cpu manager: specify the container CPU set during the creation kubernetes/kubernetes#98019

Based on these observations, the current patch may not effectively validate this scenario. I will work on a revised patch to accurately verify the CPUs being utilized.