DRA: add CEL cost limit

pohly · pohly · commit 0ebef0cd4d1a · 2024-09-30T18:24:41.000+02:00
diff --git a/keps/sig-node/4381-dra-structured-parameters/README.md b/keps/sig-node/4381-dra-structured-parameters/README.md
@@ -1539,18 +1539,34 @@ type CELDeviceSelector struct {
     //
     //     cel.bind(dra, device.attributes["dra.example.com"], dra.someBool && dra.anotherBool)
     //
+    // The length of the expression must be smaller or equal to 10 Ki. The
+    // cost of evaluating it is also limited based on the estimated number
+    // of logical steps. Validation against those limits happens only when
+    // setting an expression for the first time or when changing
+    // it. Therefore it is possible to change these limits without
+    // affecting stored expressions. Those remain valid.
+    //
     // +required
     Expression string
 }
-```
-
-<<[UNRESOLVED pohly]>>
 
-Describe how CEL cost limits work.
+// CELSelectorExpressionMaxCost specifies the cost limit for a single CEL selector
+// evaluation.
+//
+// There is no overall budget for selecting a device, so the actual time
+// required for that is proportional to the number of CEL selectors and how
+// often they need to be evaluated, which can vary depending on several factors
+// (number of devices, cluster utilization, additional constraints).
+//
+// According to
+// https://github.com/kubernetes/kubernetes/blob/4aeaf1e99e82da8334c0d6dddd848a194cd44b4f/staging/src/k8s.io/apiserver/pkg/apis/cel/config.go#L20-L22,
+// this gives roughly 0.1 second for each expression evaluation.
+// However, this depends on how fast the machine is.
+const CELSelectorExpressionMaxCost = 1000000
 
-<<[/UNRESOLVED]>>
+// CELSelectorExpressionMaxLength is the maximum length of a CEL selector expression string.
+const CELSelectorExpressionMaxLength = 10 * 1024
 
-```yaml
 // DeviceConstraint must have exactly one field set besides Requests.
 type DeviceConstraint struct {
     // Requests is a list of the one or more requests in this claim which
@@ -1843,16 +1859,16 @@ type DeviceRequestAllocationResult struct {
     // +required
     Device string
 
-	// AdminAccess is a copy of the AdminAccess value in the
-	// request which caused this device to be allocated.
-	//
-	// New allocations are required to have this set. Old allocations made
-	// by Kubernetes 1.31 do not have it yet. Clients which want to
-	// support Kubernetes 1.31 need to look up the request and retrieve
-	// the value from there if this field is not set.
-	//
-	// +required
-	AdminAccess *bool
+    // AdminAccess is a copy of the AdminAccess value in the
+    // request which caused this device to be allocated.
+    //
+    // New allocations are required to have this set. Old allocations made
+    // by Kubernetes 1.31 do not have it yet. Clients which want to
+    // support Kubernetes 1.31 need to look up the request and retrieve
+    // the value from there if this field is not set.
+    //
+    // +required
+    AdminAccess *bool
 }
 
 // DeviceAllocationConfiguration gets embedded in an AllocationResult.
