DRA: restricted sharing #5691
Description
Enhancement Description
- One-line enhancement description (can be used as a release note): DRA drivers can limit how devices are shared between pods
We have different scenarios where users currently have to be aware of limitations of a DRA driver:
- Admin access grants additional pods access to in-use devices, across namespaces.
- Referencing the same ResourceClaim from different pods does the same within the same namespace.
- Referencing the same request from different containers does the same within a pod.
Some DRA drivers can only make a device available within a single container. They don't support any of these kinds of sharing. A DRA driver can fail NodePrepareResources for the first point (causing retries), but cannot prevent the other two because NodePrepareResources is only called once (causing unknown failures later).
Admins (first point) and users (next two points) need to be aware of these restrictions and avoid asking for sharing that isn't supported. Extending the description of a device would enable the control plane to prevent pod scheduling when it leads to one of the unsupported scenarios, which is a better way to fail.
- Kubernetes Enhancement Proposal:
- Discussion Link: discussed in the context of admin access (cc @ritazh) and network interfaces (cc @aojea)
- PRs by stage and milestone:
- Alpha - v1.xx
- KEP (
k/enhancements) update PR(s): - Code (
k/k) update PR(s): - Docs (
k/website) update PR(s):
- KEP (
- Alpha - v1.xx
/wg device-management
/cc @johnbelamaric @nojnhuh
Priority to be determined. Does not block graduation of admin access or ResourceClaim status.