Network binding plugin: Support memory overhead

Currently, the passt network binding plugin requires the execution of a dedicated `passt` binary inside the compute container of the virt-launcher pod. This binary requires additional memory overhead to be requested for the virt-launcher pod. The deprecated passt binding used to require additional 800Mi of memory when forwarding all ports [1] before it was finally removed in [2]. Add additional field to the network binding plugin API in the KubeVirt CR that will enable the user to specify how much additional memory (if any) to request for the compute container in the virt-launcher pod. [1] https://github.com/kubevirt/kubevirt/blob/1732a6d12839836ca65241722c3ecfe14df480fd/pkg/virt-controller/services/renderresources.go#L395 [2] kubevirt/kubevirt#11915 Signed-off-by: Orel Misan <[email protected]>
kubevirt · Jun 18, 2024 · 8432599 · 8432599
1 parent 7ffba2c
commit 8432599
Showing 1 changed file with 14 additions and 1 deletion.
diff --git a/design-proposals/network-binding-plugin/network-binding-plugin.md b/design-proposals/network-binding-plugin/network-binding-plugin.md
@@ -189,6 +189,7 @@ the binding is referenced by name with optional additional arguments.
         - domainAttachment (a standard domain definition that exists in
           the core . E.g `tap`, `sriov`).
         - downwardAPI (E.g `device-info`)
+        - resourceOverhead (currently only additional memory overhead request for the compute container in the virt-launcher pod is supported)
 - VMI Specification CR:
     - Define a new binding subtree under spec-domain-devices-interfaces.
       Each interface has a binding subtree that contains a required name
@@ -387,6 +388,11 @@ Alternatives passing the domain attachment to sync VMI:
 Both of the options are not perfect, but the `virt-handler.SyncVMI`
 has fewer cons. Therefore, it was chosen.
 
+#### Additional resource requests for the virt-launcher compute container
+Some binding plugins may require an additional binary to be shipped inside the virt-launcher compute image.
+This binary requires additional resources that have to be explicitly stated.
+Currently, the API will only support requesting additional memory overhead for the compute container.
+
 ### Planning
 
 - Collect scenarios from the community contributors & users.
@@ -1173,7 +1179,8 @@ point, considering the option suggested in the
 ### Kubevirt CR Specification
 
 The passt-binding is registered to the Kubevirt CR, including the
-reference to the network-attachment-definition and the sidecar image.
+reference to the network-attachment-definition, the sidecar image 
+and the memory overhead it requires for the compute container.
 The plugin is then referenced by name from the VM Specification.
 
 ```yaml
@@ -1189,6 +1196,8 @@ spec:
         passt:
           networkAttachmentDefinition: default/netbindingpasst
           sidecarImage: quay.io/kubevirt/network-passt-binding
+          resourceOverhead:
+            memory: 800Mi
 ```
 
 ### VM Specification
@@ -1259,6 +1268,10 @@ metadata:
     k8s.v1.cni.cncf.io/networks: '[{"name":"netbindingpasst","namespace":"mynamespace","cni-args":{"logicNetworkName":"default"}}]'
 spec:
   containers:
+    - name: compute
+      resources:
+        requests:
+          memory: <some_value> + <overhead>
     - name: hook-sidecar-0  
       image: quay.io/kubevirt/network-passt-binding
 ```