Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-70128

Secondary Scheduler is failing to watch resourceclaims objects

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • None
    • 4.22
    • Node / Numa aware Scheduling
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • Critical
    • None
    • None
    • Rejected
    • None
    • Proposed
    • Release Note Not Required
    • Hide
      The latest updates on the default kube scheduler enables Dynamic Resources plugin by default. This is problematic and blocks the topology-aware scheduler because the scheduler cluster role does not have permission to list and watch ResourceClaims. So far, the secondary scheduler has been deployed using an adjusted Kubernetes scheduler profile with only the NRT plugin enabled, providing topology-awareness capabilities. The fix for this is to disable the DRA default plugin, which deviates from how the default scheduler works. With this update, the secondary scheduler deployed using numaresources-operator does not consider ResourceClaims while checking workloads, and it should not support DRA till further notice.
      Show
      The latest updates on the default kube scheduler enables Dynamic Resources plugin by default. This is problematic and blocks the topology-aware scheduler because the scheduler cluster role does not have permission to list and watch ResourceClaims. So far, the secondary scheduler has been deployed using an adjusted Kubernetes scheduler profile with only the NRT plugin enabled, providing topology-awareness capabilities. The fix for this is to disable the DRA default plugin, which deviates from how the default scheduler works. With this update, the secondary scheduler deployed using numaresources-operator does not consider ResourceClaims while checking workloads, and it should not support DRA till further notice.
    • None
    • None
    • None
    • None

      Description of problem:

      The secondary scheduler is inheriting the standard scheduler profile which began watch for resourceclaims objects which are necessary as part of DRA feature promotion.
It's likely that the scheduler framework will unconditionally watch the resourcelaims even if we disable the DRA scheduler plugins.
The secondary scheduler should not enable DRA.
In this case we need to update the RBAC rules of the secondary scheduler to allow watching for resourceclaims.
      1 reflector.go:205] "Failed to watch" err="failed to list *v1.ResourceClaim: resourceclaims.resource.k8s.io is forbidden: User \"system:serviceaccount:openshift-numaresources:secondary-scheduler\" cannot list resource \"resourceclaims\" in API group \"resource.k8s.io\" at the cluster scope" logger="UnhandledError" reflector="k8s.io/client-go/informers/factory.go:160" type="*v1.ResourceClaim"

      Version-Release number of selected component (if applicable):

      4.21

      How reproducible:

      Steps to Reproduce:

          1.
    2.
    3.

      Actual results:

      Expected results:

      Additional info:

              rhn-support-shajmakh Shereen Haj
              rh-ee-rshemtov Roy Shemtov
              None
              None
              Roy Shemtov Roy Shemtov
              None
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: