Passing CPU limits to orchestrator pod when using Kubernetes and `kuberun`

[grimbough]

Bug report

My Kubernetes cluster requires all pods to have both cpu limits and requests defined before they can be scheduled. I am currently unable to launch jobs using kuberun because the 'head pod' doesn't seem to be assigned a cpu limit, only a cpu request.

Expected behavior and actual behavior

I have set cpuLimits: true in my Nextflow config file and launch kuberun with -head-cpus 1. I expect this to create a 'head pod' running Nextflow, with a resource request specifying a cpu limit of 1. Unfortunately I receive the following error when the cluster tries to schedule the head pod:

ERROR ~ Request POST /api/v1/namespaces/seqera-test-ns1/pods returned an error code=403

  {
      "kind": "Status",
      "apiVersion": "v1",
      "metadata": {

      },
      "status": "Failure",
      "message": "pods \"jolly-albattani\" is forbidden: failed quota: capsule-seqera-test-1: must specify limits.cpu for: jolly-albattani",
      "reason": "Forbidden",
      "details": {
          "name": "jolly-albattani",
          "kind": "pods"
      },
      "code": 403
  }

The generated yaml defining the failed pod has the following resources section.

          resources:
            limits:
              memory: 2Gi
            requests:
              cpu: '1'
              memory: 2Gi

Since I am setting cpuLimits: true in my Nextflow config file I would expect this to be:

          resources:
            limits:
              cpu: '1'
              memory: 2Gi
            requests:
              cpu: '1'
              memory: 2Gi

Steps to reproduce the problem

I launch the workflow using:

nextflow kuberun 'https://github.com/nextflow-io/hello' -config nextflow.config.kuberun -head-cpus 1 -head-memory 2Gi

My nextflow.config.kuberun contains the following for the k8s scope:

k8s {
    context = 'nextflow'
    namespace = 'seqera-test-ns1'
    serviceAccount = 'nextflow-sa'
    computeResourceType = 'Pod'
    storageClaimName = 'global-pvc'
    storageMountPath = '/mnt'
    pullPolicy = 'Always'
    cpuLimits = true
}

Program output

The .nextflow.log output:

Jul-23 11:20:58.058 [main] DEBUG nextflow.k8s.K8sDriverLauncher - Created K8s configMap with name: nf-config-76366f34
Jul-23 11:20:58.182 [main] ERROR nextflow.cli.Launcher - @unknown
nextflow.k8s.client.K8sResponseException: Request POST /api/v1/namespaces/seqera-test-ns1/pods returned an error code=403

  {
      "kind": "Status",
      "apiVersion": "v1",
      "metadata": {

      },
      "status": "Failure",
      "message": "pods \"jolly-albattani\" is forbidden: failed quota: capsule-seqera-test-1: must specify limits.cpu for: jolly-albattani",
      "reason": "Forbidden",
      "details": {
          "name": "jolly-albattani",
          "kind": "pods"
      },
      "code": 403
  }

    at nextflow.k8s.client.K8sClient.makeRequestCall(K8sClient.groovy:674)
    at nextflow.k8s.client.K8sClient.makeRequest(K8sClient.groovy:630)
    at nextflow.k8s.client.K8sClient.post(K8sClient.groovy:585)
    at nextflow.k8s.client.K8sClient.podCreate(K8sClient.groovy:149)
    at nextflow.k8s.client.K8sClient.podCreate(K8sClient.groovy:163)
    at org.codehaus.groovy.vmplugin.v8.IndyInterface.fromCache(IndyInterface.java:321)
    at nextflow.k8s.K8sDriverLauncher.createK8sLauncherPod(K8sDriverLauncher.groovy:570)
    at org.codehaus.groovy.vmplugin.v8.IndyInterface.fromCache(IndyInterface.java:321)
    at nextflow.k8s.K8sDriverLauncher.run(K8sDriverLauncher.groovy:154)
    at nextflow.cli.CmdKubeRun.run(CmdKubeRun.groovy:97)
    at nextflow.cli.Launcher.run(Launcher.groovy:503)
    at nextflow.cli.Launcher.main(Launcher.groovy:657)

Environment

• Nextflow version: 24.04.3.5916
• Java version: openjdk version "11.0.23" 2024-04-16
• Operating system: Linux Mint 21.3
• Bash version: zsh 5.8.1 (x86_64-ubuntu-linux-gnu)

[bentsherman]

Looks like we forgot to apply cpuLimits to the kuberun submitter pod. Sorry about that. I'll draft a fix shortly