Kubelet synchronizes pod states in a parallel manner.

[zhifei92]

What type of PR is this?

/sig node
/area kubelet
/kind cleanup

What this PR does / why we need it:

When a large number of pods are created or deleted on a node, parallelly calling syncPod within syncBatch can effectively boost the performance of pod status synchronization.Addressing the issue mentioned in #123875, #123877

unit test

Test Scenario: When syncpod has a 20ms latency with 100 pods updating their status concurrently.

1. Below are the test results without optimization

% make test WHAT=./pkg/kubelet/status GOFLAGS="-v" KUBE_TEST_ARGS='-run ^TestManyPodsUpdates$'
+++ [0428 18:37:36] Set GOMAXPROCS automatically to 12
+++ [0428 18:37:36] Running tests without code coverage and with -race
=== RUN   TestManyPodsUpdates
--- PASS: TestManyPodsUpdates (2.22s)
PASS
ok      k8s.io/kubernetes/pkg/kubelet/status    4.143s

2. the test results after optimization

% make test WHAT=./pkg/kubelet/status GOFLAGS="-v" KUBE_TEST_ARGS='-run ^TestManyPodsUpdates$'
+++ [0428 18:38:03] Set GOMAXPROCS automatically to 12
+++ [0428 18:38:04] Running tests without code coverage and with -race
=== RUN   TestManyPodsUpdates
--- PASS: TestManyPodsUpdates (0.09s)
PASS
ok      k8s.io/kubernetes/pkg/kubelet/status    2.010s

e2e test

spec latency/resource should be within limit when create 90 pods with 0s interval
env :virtualbox Ubuntu 22.04 4 cores 8GB mem on maxOS Intel Core i7

1. Below are the test results without optimization

{
  "version": "v2",
  "dataItems": [
    {
      "data": {
        "Perc100": 39425.357059,
        "Perc50": 36094.848409,
        "Perc90": 39269.009005,
        "Perc99": 39425.357059
      },
      "unit": "ms",
      "labels": {
        "datatype": "latency",
        "latencytype": "create-pod"
      }
    }
  ],
  "labels": {
    "desc": "latency/resource should be within limit when create 90 pods with 0s interval [Benchmark][NodeSpecialFeature:Benchmark]",
    "image": "Ubuntu 22.04.4 LTS",
    "machine": "cpu:4core,memory:7.8GB",
    "node": "ubuntu3",
    "test": "density_create_batch_90_0_0_5",
    "timestamp": "1715749372"
  }
}

2. the test results after optimization

{
  "version": "v2",
  "dataItems": [
    {
      "data": {
        "Perc100": 28667.124507,
        "Perc50": 25658.057549,
        "Perc90": 28422.753707,
        "Perc99": 28667.124507
      },
      "unit": "ms",
      "labels": {
        "datatype": "latency",
        "latencytype": "create-pod"
      }
    }
  ],
  "labels": {
    "desc": "latency/resource should be within limit when create 90 pods with 0s interval [Benchmark][NodeSpecialFeature:Benchmark]",
    "image": "Ubuntu 22.04.4 LTS",
    "machine": "cpu:4core,memory:7.8GB",
    "node": "ubuntu3",
    "test": "density_create_batch_90_0_0_5",
    "timestamp": "1715750021"
  }
}

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

[k8s-ci-robot]

Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[k8s-ci-robot]

This issue is currently awaiting triage.

If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[k8s-ci-robot]

Hi @zhifei92. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: zhifei92
Once this PR has been reviewed and has the lgtm label, please assign mrunalp for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• pkg/kubelet/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[zhifei92]

/assign @dims @rphillips Please help me review this. thks

[bart0sh]

@zhifei92 FWIW In my environment(Ubuntu 22.04 on Intel(R) Core(TM) i9-7920X CPU @ 2.90GHz 24 cores) the change slows down the test:
master:

kubernetes (master) $ make test WHAT=./pkg/kubelet/status GOFLAGS="-v" KUBE_TEST_ARGS='-count 1 -run ^TestManyPodsUpdates$'
+++ [0508 14:06:19] Set GOMAXPROCS automatically to 24
+++ [0508 14:06:19] Running tests without code coverage and with -race
=== RUN   TestManyPodsUpdates
--- PASS: TestManyPodsUpdates (0.05s)
PASS
ok  	k8s.io/kubernetes/pkg/kubelet/status	1.113s

this PR:

kubernetes (124596) $ make test WHAT=./pkg/kubelet/status GOFLAGS="-v" KUBE_TEST_ARGS='-count 1 -run ^TestManyPodsUpdates$'
+++ [0508 14:03:41] Set GOMAXPROCS automatically to 24
+++ [0508 14:03:42] Running tests without code coverage and with -race
=== RUN   TestManyPodsUpdates
--- PASS: TestManyPodsUpdates (0.13s)
PASS
ok  	k8s.io/kubernetes/pkg/kubelet/status	1.231s

[zhifei92]

"Yes, that's correct, especially if we're not simulating any latency scenarios, where the extra overhead of locks does become a factor. However, considering there is inherent network latency in the communication between the kubelet and the kube-apiserver, we need to emulate a delay of 10 to 20 milliseconds within the syncPod function to truly demonstrate the value of parallel processing."

[bart0sh]

It looks like provided unit test is not the best way to demonstrate benefits of the change. How about providing e2e test?

[zhifei92]

The e2e test should be better. I'll try it

[zhifei92]

@bart0sh Using the spec latency/resource should be within limit when create 90 pods with 0s interval should achieve the objective; if feasible, consider employing tc tc qdisc add dev lo root netem delay 20ms to simulate network latency.

[bart0sh]

I believe it would be better to have it reproducible in an e2e (not e2e_node) test case(s). This would allow us to avoid simulation and see a real life delays.

[zhifei92]

Sorry, I had mistakenly believed that an e2e_node test case was needed. I need to carefully contemplate how to cover this scenario using an end-to-end (e2e) test case. As I am not yet well-versed in e2e testing, it might take me some additional time to figure this out.

[HirazawaUi]

syncPod will cause multiple request to Apiserver, but kubelet's request to Apiserver is limited by kube-api-qps) and max-requests-inflight.

And if there is a large cluster, multiple pods are created at the same time, and the kubelet of multiple nodes runs syncPod in parallel at the same time, it will undoubtedly trigger throttling and affect the normal work of Apiserver.

This PR will bring unpredictable risks, I may prefer #123877

[zhifei92]

And if there is a large cluster, multiple pods are created at the same time, and the kubelet of multiple nodes runs syncPod in parallel at the same time, it will undoubtedly trigger throttling and affect the normal work of Apiserver.

This PR will bring unpredictable risks, I may prefer #123877

Thanks for your comment. The impact of GET operations on the API server and etcd is considerably less than that of LIST(list all pods). Coupled with the apiserver APF, QPS limits, and the Kubelet QPS limits, this should suffice for the majority of scenarios.