CNF-24269 Add Core control-plane PerformanceProfile

[imiller0]

Add PerformanceProfile and Tuned configuration for Core control-plane MCP. Number of reserved/isolated CPUs, hugepages, and systemReserved memory are all variable content.

The kube-compare reference uses the same PerformanceProfile template for both control plane and worker profiles with differences keyed off the machineConfigPoolSelector.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: imiller0

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [imiller0]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a control-plane PerformanceProfile, supplies control-plane CPU allocation values, enhances the Helm PerformanceProfile template to detect/render control-plane profiles, updates the overlay and Tuned recommendation to target control-plane, and updates kube-compare ignore rules.

Changes

Control-plane performance profile configuration

Layer / File(s)	Summary
Control-plane profile template values and reference configuration telco-core/configuration/template-values/hw-types.yaml, telco-core/configuration/reference-crs/required/performance/PerformanceProfile-control-plane.yaml	CPU core allocations (control-plane-reserved, control-plane-isolated) added. New control-plane-profile PerformanceProfile manifest defines kubelet systemReserved, kernel args (irdma blacklist), CPU isolated/reserved, IRQ loadbalancing, master selectors, workload hints, single-NUMA topology, and user-level networking.
Helm template enhancement for control-plane detection and rendering telco-core/configuration/reference-crs-kube-compare/required/performance/PerformanceProfile.yaml	Helm template computes $isControlPlane from machineConfigPoolSelector, conditionally renames the profile to control-plane-profile, validates/parses kubeletconfig.experimental for control-plane (fails on non-empty allowedUnsafeSysctls), removes example comments from CPU fields, conditionally renders hugepages/kernelPageSize/machineConfigPoolSelector/nodeSelector, and sets net.userLevelNetworking based on control-plane detection.
Overlay integration and tuned profile definition telco-core/configuration/core-overlay.yaml, telco-core/configuration/reference-crs/required/performance/TunedPerformancePatch.yaml	Overlay adds the control-plane PerformanceProfile reference and templates its CPU values; TunedPerformancePatch recommendations replaced worker entries with a single master (machineconfiguration.openshift.io/role: master) recommendation and adds control-plane-profile with a sysctl override.
Comparison ignore configuration telco-core/configuration/reference-crs-kube-compare/compare_ignore	Adds required/performance/PerformanceProfile-control-plane.yaml to kube-compare's ignore list with explanatory comment.

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically identifies the main change: adding a PerformanceProfile for the Core control-plane, which is the primary objective of the changeset.
Description check	✅ Passed	The description accurately explains the changes: adding PerformanceProfile and Tuned configuration for control-plane MCP with parameterized values and template reuse between control-plane and worker profiles.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@telco-core/configuration/reference-crs-kube-compare/required/performance/PerformanceProfile.yaml`:
- Around line 14-25: The template currently calls fromJson on the
"kubeletconfig.experimental" annotation without guarding for its absence which
can cause a failure; update the logic that builds $config (where you currently
do {{- $config := (index (.metadata.annotations | default dict)
"kubeletconfig.experimental") | fromJson }}) to default the annotation to an
empty JSON object (e.g., "{}") or skip fromJson when missing, then proceed to
check $config.allowedUnsafeSysctls and render
kubeletconfig.experimental.systemReserved as before; ensure references to
$isControlPlane, kubeletconfig.experimental, $config, fromJson,
allowedUnsafeSysctls, and systemReserved are preserved so the same checks and
fail message remain valid.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: 5b66416c-0dac-4f7d-9dcb-b1d089fb8f2e

📥 Commits

Reviewing files that changed from the base of the PR and between fda0964 and e8a21e8.

📒 Files selected for processing (6)

• telco-core/configuration/core-overlay.yaml
• telco-core/configuration/reference-crs-kube-compare/compare_ignore
• telco-core/configuration/reference-crs-kube-compare/required/performance/PerformanceProfile.yaml
• telco-core/configuration/reference-crs/required/performance/PerformanceProfile-control-plane.yaml
• telco-core/configuration/reference-crs/required/performance/TunedPerformancePatch.yaml
• telco-core/configuration/template-values/hw-types.yaml

[coderabbitai]

♻️ Duplicate comments (1)

telco-core/configuration/reference-crs-kube-compare/required/performance/PerformanceProfile.yaml (1)

14-25: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Potential template failure if kubeletconfig.experimental annotation is missing.

The fromJson call on line 16 will fail if the annotation doesn't exist (empty string). This was flagged in a prior review.

Additionally, if systemReserved key is missing from the parsed config, line 24 will produce "systemReserved": null which creates an invalid kubelet configuration.

Proposed fix

    {{- if $isControlPlane }}
    # systemReserved: when used, it should be tailored for each environment.
-   {{- $config := (index (.metadata.annotations | default dict) "kubeletconfig.experimental") | fromJson }}
+   {{- $rawConfig := index (.metadata.annotations | default dict) "kubeletconfig.experimental" }}
+   {{- $config := $rawConfig | default "{}" | fromJson }}
    {{- if hasKey $config "allowedUnsafeSysctls" }}
      {{- if ne (len $config.allowedUnsafeSysctls) 0 }}
        {{- fail "Control plane PerformanceProfile must not have any allowedUnsafeSysctls" }}
      {{- end }}
    {{- end }}
+   {{- if not (hasKey $config "systemReserved") }}
+     {{- fail "Control plane PerformanceProfile must have systemReserved in kubeletconfig.experimental annotation" }}
+   {{- end }}
    kubeletconfig.experimental: |

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@telco-core/configuration/reference-crs-kube-compare/required/performance/PerformanceProfile.yaml`
around lines 14 - 25, The template can fail when the
"kubeletconfig.experimental" annotation is missing and can emit invalid JSON if
"systemReserved" is absent; change the parsing to default the annotation to an
empty JSON object string before fromJson (e.g. assign the raw annotation to a
variable with default "{}" and then call fromJson into $config), keep the
existing conditional checks against $config.allowedUnsafeSysctls, and when
rendering kubeletconfig.experimental ensure "systemReserved" is rendered as a
non-null JSON object by using a default empty map (e.g. $config.systemReserved |
default dict) before toJson so the output produces valid JSON instead of null.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In
`@telco-core/configuration/reference-crs-kube-compare/required/performance/PerformanceProfile.yaml`:
- Around line 14-25: The template can fail when the "kubeletconfig.experimental"
annotation is missing and can emit invalid JSON if "systemReserved" is absent;
change the parsing to default the annotation to an empty JSON object string
before fromJson (e.g. assign the raw annotation to a variable with default "{}"
and then call fromJson into $config), keep the existing conditional checks
against $config.allowedUnsafeSysctls, and when rendering
kubeletconfig.experimental ensure "systemReserved" is rendered as a non-null
JSON object by using a default empty map (e.g. $config.systemReserved | default
dict) before toJson so the output produces valid JSON instead of null.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: 853bb5bb-8f1e-489e-9379-fd9b42556850

📥 Commits

Reviewing files that changed from the base of the PR and between e8a21e8 and 30d7b33.

📒 Files selected for processing (6)

• telco-core/configuration/core-overlay.yaml
• telco-core/configuration/reference-crs-kube-compare/compare_ignore
• telco-core/configuration/reference-crs-kube-compare/required/performance/PerformanceProfile.yaml
• telco-core/configuration/reference-crs/required/performance/PerformanceProfile-control-plane.yaml
• telco-core/configuration/reference-crs/required/performance/TunedPerformancePatch.yaml
• telco-core/configuration/template-values/hw-types.yaml

✅ Files skipped from review due to trivial changes (1)

• telco-core/configuration/reference-crs-kube-compare/compare_ignore

🚧 Files skipped from review as they are similar to previous changes (3)

• telco-core/configuration/template-values/hw-types.yaml
• telco-core/configuration/reference-crs/required/performance/PerformanceProfile-control-plane.yaml
• telco-core/configuration/reference-crs/required/performance/TunedPerformancePatch.yaml

[imiller0]

/hold

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@telco-core/configuration/core-overlay.yaml`:
- Around line 135-141: The control-plane PerformanceProfile patch currently only
templates spec.cpu.* and leaves kubeletconfig.experimental.systemReserved.memory
and hugepages hard-coded in
reference-crs/required/performance/PerformanceProfile-control-plane.yaml; update
the overlay to also patch kubeletconfig.experimental.systemReserved.memory and
kubeletconfig.kubeletConfig.podPidsLimit/hugepages (or the hugepages entries
present in that file) by sourcing values from the same hw-types ConfigMap keys
(e.g., add templated patches that read control-plane memory and hugepage sizes
from hw-types, analogous to the existing
control-plane-reserved/control-plane-isolated usage), or alternatively move the
control-plane profile under the same templated path used by worker profiles so
all performance-sensitive fields are consistently parameterized.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: 4be7fb8c-e4a6-491f-a6dc-cf4e998abbe2

📥 Commits

Reviewing files that changed from the base of the PR and between 30d7b33 and 8bee47d.

📒 Files selected for processing (6)

• telco-core/configuration/core-overlay.yaml
• telco-core/configuration/reference-crs-kube-compare/compare_ignore
• telco-core/configuration/reference-crs-kube-compare/required/performance/PerformanceProfile.yaml
• telco-core/configuration/reference-crs/required/performance/PerformanceProfile-control-plane.yaml
• telco-core/configuration/reference-crs/required/performance/TunedPerformancePatch.yaml
• telco-core/configuration/template-values/hw-types.yaml

✅ Files skipped from review due to trivial changes (1)

• telco-core/configuration/template-values/hw-types.yaml

🚧 Files skipped from review as they are similar to previous changes (3)

• telco-core/configuration/reference-crs-kube-compare/compare_ignore
• telco-core/configuration/reference-crs/required/performance/PerformanceProfile-control-plane.yaml
• telco-core/configuration/reference-crs/required/performance/TunedPerformancePatch.yaml

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@telco-core/configuration/reference-crs-kube-compare/required/performance/PerformanceProfile.yaml`:
- Around line 55-57: The template is hardcoding defaultHugepagesSize as "1G";
replace the literal with the value from the profile spec so kube-compare renders
the actual requested size. In the block guarded by hasKey .spec "hugepages" (the
hugepages: section), read the size from the profile (e.g.
.spec.hugepages.defaultHugepagesSize or the appropriate
.spec.hugepages.<sizeField> used elsewhere in the PR) and output that value
instead of "1G", preserving YAML structure and indentation so different hugepage
sizes are correctly represented in the generated reference object.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: 54323f3c-e239-46c0-9db8-5e4c86ab092a

📥 Commits

Reviewing files that changed from the base of the PR and between 8bee47d and 453b45c.

📒 Files selected for processing (6)

• telco-core/configuration/core-overlay.yaml
• telco-core/configuration/reference-crs-kube-compare/compare_ignore
• telco-core/configuration/reference-crs-kube-compare/required/performance/PerformanceProfile.yaml
• telco-core/configuration/reference-crs/required/performance/PerformanceProfile-control-plane.yaml
• telco-core/configuration/reference-crs/required/performance/TunedPerformancePatch.yaml
• telco-core/configuration/template-values/hw-types.yaml

✅ Files skipped from review due to trivial changes (2)

• telco-core/configuration/reference-crs-kube-compare/compare_ignore
• telco-core/configuration/template-values/hw-types.yaml

🚧 Files skipped from review as they are similar to previous changes (2)

• telco-core/configuration/reference-crs/required/performance/TunedPerformancePatch.yaml
• telco-core/configuration/core-overlay.yaml

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Stop hardcoding defaultHugepagesSize in the shared template.

Line 57 always renders 1G, so kube-compare will produce the wrong reference object for any profile that uses a different hugepage size. That breaks the cross-file contract here because this template is the shared comparison source and the PR is explicitly parameterizing hugepages.

♻️ Suggested fix

   hugepages:
-    defaultHugepagesSize: 1G
+    defaultHugepagesSize: {{ .spec.hugepages.defaultHugepagesSize }}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	{{- if hasKey .spec "hugepages" }}
	hugepages:
	defaultHugepagesSize: 1G
	{{- if hasKey .spec "hugepages" }}
	hugepages:
	defaultHugepagesSize: {{ .spec.hugepages.defaultHugepagesSize }}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@telco-core/configuration/reference-crs-kube-compare/required/performance/PerformanceProfile.yaml`
around lines 55 - 57, The template is hardcoding defaultHugepagesSize as "1G";
replace the literal with the value from the profile spec so kube-compare renders
the actual requested size. In the block guarded by hasKey .spec "hugepages" (the
hugepages: section), read the size from the profile (e.g.
.spec.hugepages.defaultHugepagesSize or the appropriate
.spec.hugepages.<sizeField> used elsewhere in the PR) and output that value
instead of "1G", preserving YAML structure and indentation so different hugepage
sizes are correctly represented in the generated reference object.

[imiller0]

/unhold

[bartwensley]

One minor comment

[bartwensley]

Comment from Claude:

Previously hugepages was always rendered, so kube-compare would flag any PerformanceProfile missing it. The hasKey guard is necessary for the control-plane profile (which intentionally omits hugepages), but it also makes hugepages optional for worker profiles. A tighter guard like {{- if or (not $isControlPlane) (hasKey .spec "hugepages") }} would keep hugepages mandatory for workers while optional for control-plane.