From 513153eee95e84ed8546a2e4ab660be98834d61a Mon Sep 17 00:00:00 2001
From: Jon Huhn <nojnhuh@users.noreply.github.com>
Date: Fri, 19 Sep 2025 11:50:05 -0500
Subject: [PATCH 01/11] Copy KEP template

---
 .../README.md                                 | 830 ++++++++++++++++++
 .../kep.yaml                                  |  51 ++
 2 files changed, 881 insertions(+)
 create mode 100644 keps/sig-node/5322-dra-driver-permanent-allocation-failure/README.md
 create mode 100644 keps/sig-node/5322-dra-driver-permanent-allocation-failure/kep.yaml

diff --git a/keps/sig-node/5322-dra-driver-permanent-allocation-failure/README.md b/keps/sig-node/5322-dra-driver-permanent-allocation-failure/README.md
new file mode 100644
index 00000000000..590a43e28b7
--- /dev/null
+++ b/keps/sig-node/5322-dra-driver-permanent-allocation-failure/README.md
@@ -0,0 +1,830 @@
+<!--
+**Note:** When your KEP is complete, all of these comment blocks should be removed.
+
+Follow the guidelines of the [documentation style guide].
+In particular, wrap lines to a reasonable length, to make it
+easier for reviewers to cite specific portions, and to minimize diff churn on
+updates.
+
+[documentation style guide]: https://github.com/kubernetes/community/blob/master/contributors/guide/style-guide.md
+
+To get started with this template:
+
+- [ ] **Pick a hosting SIG.**
+  Make sure that the problem space is something the SIG is interested in taking
+  up. KEPs should not be checked in without a sponsoring SIG.
+- [ ] **Create an issue in kubernetes/enhancements**
+  When filing an enhancement tracking issue, please make sure to complete all
+  fields in that template. One of the fields asks for a link to the KEP. You
+  can leave that blank until this KEP is filed, and then go back to the
+  enhancement and add the link.
+- [ ] **Make a copy of this template directory.**
+  Copy this template into the owning SIG's directory and name it
+  `NNNN-short-descriptive-title`, where `NNNN` is the issue number (with no
+  leading-zero padding) assigned to your enhancement above.
+- [ ] **Fill out as much of the kep.yaml file as you can.**
+  At minimum, you should fill in the "Title", "Authors", "Owning-sig",
+  "Status", and date-related fields.
+- [ ] **Fill out this file as best you can.**
+  At minimum, you should fill in the "Summary" and "Motivation" sections.
+  These should be easy if you've preflighted the idea of the KEP with the
+  appropriate SIG(s).
+- [ ] **Create a PR for this KEP.**
+  Assign it to people in the SIG who are sponsoring this process.
+- [ ] **Merge early and iterate.**
+  Avoid getting hung up on specific details and instead aim to get the goals of
+  the KEP clarified and merged quickly. The best way to do this is to just
+  start with the high-level sections and fill out details incrementally in
+  subsequent PRs.
+
+Just because a KEP is merged does not mean it is complete or approved. Any KEP
+marked as `provisional` is a working document and subject to change. You can
+denote sections that are under active debate as follows:
+
+```
+<<[UNRESOLVED optional short context or usernames ]>>
+Stuff that is being argued.
+<<[/UNRESOLVED]>>
+```
+
+When editing KEPS, aim for tightly-scoped, single-topic PRs to keep discussions
+focused. If you disagree with what is already in a document, open a new PR
+with suggested changes.
+
+One KEP corresponds to one "feature" or "enhancement" for its whole lifecycle.
+You do not need a new KEP to move from beta to GA, for example. If
+new details emerge that belong in the KEP, edit the KEP. Once a feature has become
+"implemented", major changes should get new KEPs.
+
+The canonical place for the latest set of instructions (and the likely source
+of this file) is [here](/keps/NNNN-kep-template/README.md).
+
+**Note:** Any PRs to move a KEP to `implementable`, or significant changes once
+it is marked `implementable`, must be approved by each of the KEP approvers.
+If none of those approvers are still appropriate, then changes to that list
+should be approved by the remaining approvers and/or the owning SIG (or
+SIG Architecture for cross-cutting KEPs).
+-->
+# KEP-NNNN: Your short, descriptive title
+
+<!--
+This is the title of your KEP. Keep it short, simple, and descriptive. A good
+title can help communicate what the KEP is and should be considered as part of
+any review.
+-->
+
+<!--
+A table of contents is helpful for quickly jumping to sections of a KEP and for
+highlighting any additional information provided beyond the standard KEP
+template.
+
+Ensure the TOC is wrapped with
+  <code>&lt;!-- toc --&rt;&lt;!-- /toc --&rt;</code>
+tags, and then generate with `hack/update-toc.sh`.
+-->
+
+<!-- toc -->
+- [Release Signoff Checklist](#release-signoff-checklist)
+- [Summary](#summary)
+- [Motivation](#motivation)
+  - [Goals](#goals)
+  - [Non-Goals](#non-goals)
+- [Proposal](#proposal)
+  - [User Stories (Optional)](#user-stories-optional)
+    - [Story 1](#story-1)
+    - [Story 2](#story-2)
+  - [Notes/Constraints/Caveats (Optional)](#notesconstraintscaveats-optional)
+  - [Risks and Mitigations](#risks-and-mitigations)
+- [Design Details](#design-details)
+  - [Test Plan](#test-plan)
+      - [Prerequisite testing updates](#prerequisite-testing-updates)
+      - [Unit tests](#unit-tests)
+      - [Integration tests](#integration-tests)
+      - [e2e tests](#e2e-tests)
+  - [Graduation Criteria](#graduation-criteria)
+  - [Upgrade / Downgrade Strategy](#upgrade--downgrade-strategy)
+  - [Version Skew Strategy](#version-skew-strategy)
+- [Production Readiness Review Questionnaire](#production-readiness-review-questionnaire)
+  - [Feature Enablement and Rollback](#feature-enablement-and-rollback)
+  - [Rollout, Upgrade and Rollback Planning](#rollout-upgrade-and-rollback-planning)
+  - [Monitoring Requirements](#monitoring-requirements)
+  - [Dependencies](#dependencies)
+  - [Scalability](#scalability)
+  - [Troubleshooting](#troubleshooting)
+- [Implementation History](#implementation-history)
+- [Drawbacks](#drawbacks)
+- [Alternatives](#alternatives)
+- [Infrastructure Needed (Optional)](#infrastructure-needed-optional)
+<!-- /toc -->
+
+## Release Signoff Checklist
+
+<!--
+**ACTION REQUIRED:** In order to merge code into a release, there must be an
+issue in [kubernetes/enhancements] referencing this KEP and targeting a release
+milestone **before the [Enhancement Freeze](https://git.k8s.io/sig-release/releases)
+of the targeted release**.
+
+For enhancements that make changes to code or processes/procedures in core
+Kubernetes—i.e., [kubernetes/kubernetes], we require the following Release
+Signoff checklist to be completed.
+
+Check these off as they are completed for the Release Team to track. These
+checklist items _must_ be updated for the enhancement to be released.
+-->
+
+Items marked with (R) are required *prior to targeting to a milestone / release*.
+
+- [ ] (R) Enhancement issue in release milestone, which links to KEP dir in [kubernetes/enhancements] (not the initial KEP PR)
+- [ ] (R) KEP approvers have approved the KEP status as `implementable`
+- [ ] (R) Design details are appropriately documented
+- [ ] (R) Test plan is in place, giving consideration to SIG Architecture and SIG Testing input (including test refactors)
+  - [ ] e2e Tests for all Beta API Operations (endpoints)
+  - [ ] (R) Ensure GA e2e tests meet requirements for [Conformance Tests](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/conformance-tests.md)
+  - [ ] (R) Minimum Two Week Window for GA e2e tests to prove flake free
+- [ ] (R) Graduation criteria is in place
+  - [ ] (R) [all GA Endpoints](https://github.com/kubernetes/community/pull/1806) must be hit by [Conformance Tests](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/conformance-tests.md) within one minor version of promotion to GA
+- [ ] (R) Production readiness review completed
+- [ ] (R) Production readiness review approved
+- [ ] "Implementation History" section is up-to-date for milestone
+- [ ] User-facing documentation has been created in [kubernetes/website], for publication to [kubernetes.io]
+- [ ] Supporting documentation—e.g., additional design documents, links to mailing list discussions/SIG meetings, relevant PRs/issues, release notes
+
+<!--
+**Note:** This checklist is iterative and should be reviewed and updated every time this enhancement is being considered for a milestone.
+-->
+
+[kubernetes.io]: https://kubernetes.io/
+[kubernetes/enhancements]: https://git.k8s.io/enhancements
+[kubernetes/kubernetes]: https://git.k8s.io/kubernetes
+[kubernetes/website]: https://git.k8s.io/website
+
+## Summary
+
+<!--
+This section is incredibly important for producing high-quality, user-focused
+documentation such as release notes or a development roadmap. It should be
+possible to collect this information before implementation begins, in order to
+avoid requiring implementors to split their attention between writing release
+notes and implementing the feature itself. KEP editors and SIG Docs
+should help to ensure that the tone and content of the `Summary` section is
+useful for a wide audience.
+
+A good summary is probably at least a paragraph in length.
+-->
+
+## Motivation
+
+<!--
+This section is for explicitly listing the motivation, goals, and non-goals of
+this KEP.  Describe why the change is important and the benefits to users. The
+motivation section can optionally provide links to [experience reports] to
+demonstrate the interest in a KEP within the wider Kubernetes community.
+
+[experience reports]: https://github.com/golang/go/wiki/ExperienceReports
+-->
+
+### Goals
+
+<!--
+List the specific goals of the KEP. What is it trying to achieve? How will we
+know that this has succeeded?
+-->
+
+### Non-Goals
+
+<!--
+What is out of scope for this KEP? Listing non-goals helps to focus discussion
+and make progress.
+-->
+
+## Proposal
+
+<!--
+This is where we get down to the specifics of what the proposal actually is.
+This should have enough detail that reviewers can understand exactly what
+you're proposing, but should not include things like API designs or
+implementation. What is the desired outcome and how do we measure success?.
+The "Design Details" section below is for the real
+nitty-gritty.
+-->
+
+### User Stories (Optional)
+
+<!--
+Detail the things that people will be able to do if this KEP is implemented.
+Include as much detail as possible so that people can understand the "how" of
+the system. The goal here is to make this feel real for users without getting
+bogged down.
+-->
+
+#### Story 1
+
+#### Story 2
+
+### Notes/Constraints/Caveats (Optional)
+
+<!--
+What are the caveats to the proposal?
+What are some important details that didn't come across above?
+Go in to as much detail as necessary here.
+This might be a good place to talk about core concepts and how they relate.
+-->
+
+### Risks and Mitigations
+
+<!--
+What are the risks of this proposal, and how do we mitigate? Think broadly.
+For example, consider both security and how this will impact the larger
+Kubernetes ecosystem.
+
+How will security be reviewed, and by whom?
+
+How will UX be reviewed, and by whom?
+
+Consider including folks who also work outside the SIG or subproject.
+-->
+
+## Design Details
+
+<!--
+This section should contain enough information that the specifics of your
+change are understandable. This may include API specs (though not always
+required) or even code snippets. If there's any ambiguity about HOW your
+proposal will be implemented, this is the place to discuss them.
+-->
+
+### Test Plan
+
+<!--
+**Note:** *Not required until targeted at a release.*
+The goal is to ensure that we don't accept enhancements with inadequate testing.
+
+All code is expected to have adequate tests (eventually with coverage
+expectations). Please adhere to the [Kubernetes testing guidelines][testing-guidelines]
+when drafting this test plan.
+
+[testing-guidelines]: https://git.k8s.io/community/contributors/devel/sig-testing/testing.md
+-->
+
+[ ] I/we understand the owners of the involved components may require updates to
+existing tests to make this code solid enough prior to committing the changes necessary
+to implement this enhancement.
+
+##### Prerequisite testing updates
+
+<!--
+Based on reviewers feedback describe what additional tests need to be added prior
+implementing this enhancement to ensure the enhancements have also solid foundations.
+-->
+
+##### Unit tests
+
+<!--
+In principle every added code should have complete unit test coverage, so providing
+the exact set of tests will not bring additional value.
+However, if complete unit test coverage is not possible, explain the reason of it
+together with explanation why this is acceptable.
+-->
+
+<!--
+Additionally, for Alpha try to enumerate the core package you will be touching
+to implement this enhancement and provide the current unit coverage for those
+in the form of:
+- <package>: <date> - <current test coverage>
+The data can be easily read from:
+https://testgrid.k8s.io/sig-testing-canaries#ci-kubernetes-coverage-unit
+
+This can inform certain test coverage improvements that we want to do before
+extending the production code to implement this enhancement.
+-->
+
+- `<package>`: `<date>` - `<test coverage>`
+
+##### Integration tests
+
+<!--
+Integration tests are contained in https://git.k8s.io/kubernetes/test/integration.
+Integration tests allow control of the configuration parameters used to start the binaries under test.
+This is different from e2e tests which do not allow configuration of parameters.
+Doing this allows testing non-default options and multiple different and potentially conflicting command line options.
+For more details, see https://github.com/kubernetes/community/blob/master/contributors/devel/sig-testing/testing-strategy.md
+
+If integration tests are not necessary or useful, explain why.
+-->
+
+<!--
+This question should be filled when targeting a release.
+For Alpha, describe what tests will be added to ensure proper quality of the enhancement.
+
+For Beta and GA, document that tests have been written,
+have been executed regularly, and have been stable.
+This can be done with:
+- permalinks to the GitHub source code
+- links to the periodic job (typically https://testgrid.k8s.io/sig-release-master-blocking#integration-master), filtered by the test name
+- a search in the Kubernetes bug triage tool (https://storage.googleapis.com/k8s-triage/index.html)
+-->
+
+- [test name](https://github.com/kubernetes/kubernetes/blob/2334b8469e1983c525c0c6382125710093a25883/test/integration/...): [integration master](https://testgrid.k8s.io/sig-release-master-blocking#integration-master?include-filter-by-regex=MyCoolFeature), [triage search](https://storage.googleapis.com/k8s-triage/index.html?test=MyCoolFeature)
+
+##### e2e tests
+
+<!--
+This question should be filled when targeting a release.
+For Alpha, describe what tests will be added to ensure proper quality of the enhancement.
+
+For Beta and GA, document that tests have been written,
+have been executed regularly, and have been stable.
+This can be done with:
+- permalinks to the GitHub source code
+- links to the periodic job (typically a job owned by the SIG responsible for the feature), filtered by the test name
+- a search in the Kubernetes bug triage tool (https://storage.googleapis.com/k8s-triage/index.html)
+
+We expect no non-infra related flakes in the last month as a GA graduation criteria.
+If e2e tests are not necessary or useful, explain why.
+-->
+
+- [test name](https://github.com/kubernetes/kubernetes/blob/2334b8469e1983c525c0c6382125710093a25883/test/e2e/...): [SIG ...](https://testgrid.k8s.io/sig-...?include-filter-by-regex=MyCoolFeature), [triage search](https://storage.googleapis.com/k8s-triage/index.html?test=MyCoolFeature)
+
+### Graduation Criteria
+
+<!--
+**Note:** *Not required until targeted at a release.*
+
+Define graduation milestones.
+
+These may be defined in terms of API maturity, [feature gate] graduations, or as
+something else. The KEP should keep this high-level with a focus on what
+signals will be looked at to determine graduation.
+
+Consider the following in developing the graduation criteria for this enhancement:
+- [Maturity levels (`alpha`, `beta`, `stable`)][maturity-levels]
+- [Feature gate][feature gate] lifecycle
+- [Deprecation policy][deprecation-policy]
+
+Clearly define what graduation means by either linking to the [API doc
+definition](https://kubernetes.io/docs/concepts/overview/kubernetes-api/#api-versioning)
+or by redefining what graduation means.
+
+In general we try to use the same stages (alpha, beta, GA), regardless of how the
+functionality is accessed.
+
+[feature gate]: https://git.k8s.io/community/contributors/devel/sig-architecture/feature-gates.md
+[maturity-levels]: https://git.k8s.io/community/contributors/devel/sig-architecture/api_changes.md#alpha-beta-and-stable-versions
+[deprecation-policy]: https://kubernetes.io/docs/reference/using-api/deprecation-policy/
+
+Below are some examples to consider, in addition to the aforementioned [maturity levels][maturity-levels].
+
+#### Alpha
+
+- Feature implemented behind a feature flag
+- Initial e2e tests completed and enabled
+
+#### Beta
+
+- Gather feedback from developers and surveys
+- Complete features A, B, C
+- Additional tests are in Testgrid and linked in KEP
+- More rigorous forms of testing—e.g., downgrade tests and scalability tests
+- All functionality completed
+- All security enforcement completed
+- All monitoring requirements completed
+- All testing requirements completed
+- All known pre-release issues and gaps resolved
+
+**Note:** Beta criteria must include all functional, security, monitoring, and testing requirements along with resolving all issues and gaps identified
+
+#### GA
+
+- N examples of real-world usage
+- N installs
+- Allowing time for feedback
+- All issues and gaps identified as feedback during beta are resolved
+
+**Note:** GA criteria must not include any functional, security, monitoring, or testing requirements.  Those must be beta requirements.
+
+**Note:** Generally we also wait at least two releases between beta and
+GA/stable, because there's no opportunity for user feedback, or even bug reports,
+in back-to-back releases.
+
+**For non-optional features moving to GA, the graduation criteria must include
+[conformance tests].**
+
+[conformance tests]: https://git.k8s.io/community/contributors/devel/sig-architecture/conformance-tests.md
+
+#### Deprecation
+
+<!--
+- Announce deprecation and support policy of the existing flag
+- Two versions passed since introducing the functionality that deprecates the flag (to address version skew)
+- Address feedback on usage/changed behavior, provided on GitHub issues
+- Deprecate the flag
+-->
+
+### Upgrade / Downgrade Strategy
+
+<!--
+If applicable, how will the component be upgraded and downgraded? Make sure
+this is in the test plan.
+
+Consider the following in developing an upgrade/downgrade strategy for this
+enhancement:
+- What changes (in invocations, configurations, API use, etc.) is an existing
+  cluster required to make on upgrade, in order to maintain previous behavior?
+- What changes (in invocations, configurations, API use, etc.) is an existing
+  cluster required to make on upgrade, in order to make use of the enhancement?
+-->
+
+### Version Skew Strategy
+
+<!--
+If applicable, how will the component handle version skew with other
+components? What are the guarantees? Make sure this is in the test plan.
+
+Consider the following in developing a version skew strategy for this
+enhancement:
+- Does this enhancement involve coordinating behavior in the control plane and nodes?
+- How does an n-3 kubelet or kube-proxy without this feature available behave when this feature is used?
+- How does an n-1 kube-controller-manager or kube-scheduler without this feature available behave when this feature is used?
+- Will any other components on the node change? For example, changes to CSI,
+  CRI or CNI may require updating that component before the kubelet.
+-->
+
+## Production Readiness Review Questionnaire
+
+<!--
+
+Production readiness reviews are intended to ensure that features merging into
+Kubernetes are observable, scalable and supportable; can be safely operated in
+production environments, and can be disabled or rolled back in the event they
+cause increased failures in production. See more in the PRR KEP at
+https://git.k8s.io/enhancements/keps/sig-architecture/1194-prod-readiness.
+
+The production readiness review questionnaire must be completed and approved
+for the KEP to move to `implementable` status and be included in the release.
+
+In some cases, the questions below should also have answers in `kep.yaml`. This
+is to enable automation to verify the presence of the review, and to reduce review
+burden and latency.
+
+The KEP must have a approver from the
+[`prod-readiness-approvers`](http://git.k8s.io/enhancements/OWNERS_ALIASES)
+team. Please reach out on the
+[#prod-readiness](https://kubernetes.slack.com/archives/CPNHUMN74) channel if
+you need any help or guidance.
+-->
+
+### Feature Enablement and Rollback
+
+<!--
+This section must be completed when targeting alpha to a release.
+-->
+
+###### How can this feature be enabled / disabled in a live cluster?
+
+<!--
+Pick one of these and delete the rest.
+
+Documentation is available on [feature gate lifecycle] and expectations, as
+well as the [existing list] of feature gates.
+
+[feature gate lifecycle]: https://git.k8s.io/community/contributors/devel/sig-architecture/feature-gates.md
+[existing list]: https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/
+-->
+
+- [ ] Feature gate (also fill in values in `kep.yaml`)
+  - Feature gate name:
+  - Components depending on the feature gate:
+- [ ] Other
+  - Describe the mechanism:
+  - Will enabling / disabling the feature require downtime of the control
+    plane?
+  - Will enabling / disabling the feature require downtime or reprovisioning
+    of a node?
+
+###### Does enabling the feature change any default behavior?
+
+<!--
+Any change of default behavior may be surprising to users or break existing
+automations, so be extremely careful here.
+-->
+
+###### Can the feature be disabled once it has been enabled (i.e. can we roll back the enablement)?
+
+<!--
+Describe the consequences on existing workloads (e.g., if this is a runtime
+feature, can it break the existing applications?).
+
+Feature gates are typically disabled by setting the flag to `false` and
+restarting the component. No other changes should be necessary to disable the
+feature.
+
+NOTE: Also set `disable-supported` to `true` or `false` in `kep.yaml`.
+-->
+
+###### What happens if we reenable the feature if it was previously rolled back?
+
+###### Are there any tests for feature enablement/disablement?
+
+<!--
+The e2e framework does not currently support enabling or disabling feature
+gates. However, unit tests in each component dealing with managing data, created
+with and without the feature, are necessary. At the very least, think about
+conversion tests if API types are being modified.
+
+Additionally, for features that are introducing a new API field, unit tests that
+are exercising the `switch` of feature gate itself (what happens if I disable a
+feature gate after having objects written with the new field) are also critical.
+You can take a look at one potential example of such test in:
+https://github.com/kubernetes/kubernetes/pull/97058/files#diff-7826f7adbc1996a05ab52e3f5f02429e94b68ce6bce0dc534d1be636154fded3R246-R282
+-->
+
+### Rollout, Upgrade and Rollback Planning
+
+<!--
+This section must be completed when targeting beta to a release.
+-->
+
+###### How can a rollout or rollback fail? Can it impact already running workloads?
+
+<!--
+Try to be as paranoid as possible - e.g., what if some components will restart
+mid-rollout?
+
+Be sure to consider highly-available clusters, where, for example,
+feature flags will be enabled on some API servers and not others during the
+rollout. Similarly, consider large clusters and how enablement/disablement
+will rollout across nodes.
+-->
+
+###### What specific metrics should inform a rollback?
+
+<!--
+What signals should users be paying attention to when the feature is young
+that might indicate a serious problem?
+-->
+
+###### Were upgrade and rollback tested? Was the upgrade->downgrade->upgrade path tested?
+
+<!--
+Describe manual testing that was done and the outcomes.
+Longer term, we may want to require automated upgrade/rollback tests, but we
+are missing a bunch of machinery and tooling and can't do that now.
+-->
+
+###### Is the rollout accompanied by any deprecations and/or removals of features, APIs, fields of API types, flags, etc.?
+
+<!--
+Even if applying deprecation policies, they may still surprise some users.
+-->
+
+### Monitoring Requirements
+
+<!--
+This section must be completed when targeting beta to a release.
+
+For GA, this section is required: approvers should be able to confirm the
+previous answers based on experience in the field.
+-->
+
+###### How can an operator determine if the feature is in use by workloads?
+
+<!--
+Ideally, this should be a metric. Operations against the Kubernetes API (e.g.,
+checking if there are objects with field X set) may be a last resort. Avoid
+logs or events for this purpose.
+-->
+
+###### How can someone using this feature know that it is working for their instance?
+
+<!--
+For instance, if this is a pod-related feature, it should be possible to determine if the feature is functioning properly
+for each individual pod.
+Pick one more of these and delete the rest.
+Please describe all items visible to end users below with sufficient detail so that they can verify correct enablement
+and operation of this feature.
+Recall that end users cannot usually observe component logs or access metrics.
+-->
+
+- [ ] Events
+  - Event Reason: 
+- [ ] API .status
+  - Condition name: 
+  - Other field: 
+- [ ] Other (treat as last resort)
+  - Details:
+
+###### What are the reasonable SLOs (Service Level Objectives) for the enhancement?
+
+<!--
+This is your opportunity to define what "normal" quality of service looks like
+for a feature.
+
+It's impossible to provide comprehensive guidance, but at the very
+high level (needs more precise definitions) those may be things like:
+  - per-day percentage of API calls finishing with 5XX errors <= 1%
+  - 99% percentile over day of absolute value from (job creation time minus expected
+    job creation time) for cron job <= 10%
+  - 99.9% of /health requests per day finish with 200 code
+
+These goals will help you determine what you need to measure (SLIs) in the next
+question.
+-->
+
+###### What are the SLIs (Service Level Indicators) an operator can use to determine the health of the service?
+
+<!--
+Pick one more of these and delete the rest.
+-->
+
+- [ ] Metrics
+  - Metric name:
+  - [Optional] Aggregation method:
+  - Components exposing the metric:
+- [ ] Other (treat as last resort)
+  - Details:
+
+###### Are there any missing metrics that would be useful to have to improve observability of this feature?
+
+<!--
+Describe the metrics themselves and the reasons why they weren't added (e.g., cost,
+implementation difficulties, etc.).
+-->
+
+### Dependencies
+
+<!--
+This section must be completed when targeting beta to a release.
+-->
+
+###### Does this feature depend on any specific services running in the cluster?
+
+<!--
+Think about both cluster-level services (e.g. metrics-server) as well
+as node-level agents (e.g. specific version of CRI). Focus on external or
+optional services that are needed. For example, if this feature depends on
+a cloud provider API, or upon an external software-defined storage or network
+control plane.
+
+For each of these, fill in the following—thinking about running existing user workloads
+and creating new ones, as well as about cluster-level services (e.g. DNS):
+  - [Dependency name]
+    - Usage description:
+      - Impact of its outage on the feature:
+      - Impact of its degraded performance or high-error rates on the feature:
+-->
+
+### Scalability
+
+<!--
+For alpha, this section is encouraged: reviewers should consider these questions
+and attempt to answer them.
+
+For beta, this section is required: reviewers must answer these questions.
+
+For GA, this section is required: approvers should be able to confirm the
+previous answers based on experience in the field.
+-->
+
+###### Will enabling / using this feature result in any new API calls?
+
+<!--
+Describe them, providing:
+  - API call type (e.g. PATCH pods)
+  - estimated throughput
+  - originating component(s) (e.g. Kubelet, Feature-X-controller)
+Focusing mostly on:
+  - components listing and/or watching resources they didn't before
+  - API calls that may be triggered by changes of some Kubernetes resources
+    (e.g. update of object X triggers new updates of object Y)
+  - periodic API calls to reconcile state (e.g. periodic fetching state,
+    heartbeats, leader election, etc.)
+-->
+
+###### Will enabling / using this feature result in introducing new API types?
+
+<!--
+Describe them, providing:
+  - API type
+  - Supported number of objects per cluster
+  - Supported number of objects per namespace (for namespace-scoped objects)
+-->
+
+###### Will enabling / using this feature result in any new calls to the cloud provider?
+
+<!--
+Describe them, providing:
+  - Which API(s):
+  - Estimated increase:
+-->
+
+###### Will enabling / using this feature result in increasing size or count of the existing API objects?
+
+<!--
+Describe them, providing:
+  - API type(s):
+  - Estimated increase in size: (e.g., new annotation of size 32B)
+  - Estimated amount of new objects: (e.g., new Object X for every existing Pod)
+-->
+
+###### Will enabling / using this feature result in increasing time taken by any operations covered by existing SLIs/SLOs?
+
+<!--
+Look at the [existing SLIs/SLOs].
+
+Think about adding additional work or introducing new steps in between
+(e.g. need to do X to start a container), etc. Please describe the details.
+
+[existing SLIs/SLOs]: https://git.k8s.io/community/sig-scalability/slos/slos.md#kubernetes-slisslos
+-->
+
+###### Will enabling / using this feature result in non-negligible increase of resource usage (CPU, RAM, disk, IO, ...) in any components?
+
+<!--
+Things to keep in mind include: additional in-memory state, additional
+non-trivial computations, excessive access to disks (including increased log
+volume), significant amount of data sent and/or received over network, etc.
+This through this both in small and large cases, again with respect to the
+[supported limits].
+
+[supported limits]: https://git.k8s.io/community//sig-scalability/configs-and-limits/thresholds.md
+-->
+
+###### Can enabling / using this feature result in resource exhaustion of some node resources (PIDs, sockets, inodes, etc.)?
+
+<!--
+Focus not just on happy cases, but primarily on more pathological cases
+(e.g. probes taking a minute instead of milliseconds, failed pods consuming resources, etc.).
+If any of the resources can be exhausted, how this is mitigated with the existing limits
+(e.g. pods per node) or new limits added by this KEP?
+
+Are there any tests that were run/should be run to understand performance characteristics better
+and validate the declared limits?
+-->
+
+### Troubleshooting
+
+<!--
+This section must be completed when targeting beta to a release.
+
+For GA, this section is required: approvers should be able to confirm the
+previous answers based on experience in the field.
+
+The Troubleshooting section currently serves the `Playbook` role. We may consider
+splitting it into a dedicated `Playbook` document (potentially with some monitoring
+details). For now, we leave it here.
+-->
+
+###### How does this feature react if the API server and/or etcd is unavailable?
+
+###### What are other known failure modes?
+
+<!--
+For each of them, fill in the following information by copying the below template:
+  - [Failure mode brief description]
+    - Detection: How can it be detected via metrics? Stated another way:
+      how can an operator troubleshoot without logging into a master or worker node?
+    - Mitigations: What can be done to stop the bleeding, especially for already
+      running user workloads?
+    - Diagnostics: What are the useful log messages and their required logging
+      levels that could help debug the issue?
+      Not required until feature graduated to beta.
+    - Testing: Are there any tests for failure mode? If not, describe why.
+-->
+
+###### What steps should be taken if SLOs are not being met to determine the problem?
+
+## Implementation History
+
+<!--
+Major milestones in the lifecycle of a KEP should be tracked in this section.
+Major milestones might include:
+- the `Summary` and `Motivation` sections being merged, signaling SIG acceptance
+- the `Proposal` section being merged, signaling agreement on a proposed design
+- the date implementation started
+- the first Kubernetes release where an initial version of the KEP was available
+- the version of Kubernetes where the KEP graduated to general availability
+- when the KEP was retired or superseded
+-->
+
+## Drawbacks
+
+<!--
+Why should this KEP _not_ be implemented?
+-->
+
+## Alternatives
+
+<!--
+What other approaches did you consider, and why did you rule them out? These do
+not need to be as detailed as the proposal, but should include enough
+information to express the idea and why it was not acceptable.
+-->
+
+## Infrastructure Needed (Optional)
+
+<!--
+Use this section if you need things from the project/SIG. Examples include a
+new subproject, repos requested, or GitHub details. Listing these here allows a
+SIG to get the process for these resources started right away.
+-->
diff --git a/keps/sig-node/5322-dra-driver-permanent-allocation-failure/kep.yaml b/keps/sig-node/5322-dra-driver-permanent-allocation-failure/kep.yaml
new file mode 100644
index 00000000000..5dfddc15e73
--- /dev/null
+++ b/keps/sig-node/5322-dra-driver-permanent-allocation-failure/kep.yaml
@@ -0,0 +1,51 @@
+title: KEP Template
+kep-number: NNNN
+authors:
+  - "@jane.doe"
+owning-sig: sig-xyz
+participating-sigs:
+  - sig-aaa
+  - sig-bbb
+status: provisional|implementable|implemented|deferred|rejected|withdrawn|replaced
+creation-date: yyyy-mm-dd
+reviewers:
+  - TBD
+  - "@alice.doe"
+approvers:
+  - TBD
+  - "@oscar.doe"
+
+see-also:
+  - "/keps/sig-aaa/1234-we-heard-you-like-keps"
+  - "/keps/sig-bbb/2345-everyone-gets-a-kep"
+replaces:
+  - "/keps/sig-ccc/3456-replaced-kep"
+
+# The target maturity stage in the current dev cycle for this KEP.
+# If the purpose of this KEP is to deprecate a user-visible feature
+# and a Deprecated feature gates are added, they should be deprecated|disabled|removed.
+stage: alpha|beta|stable
+
+# The most recent milestone for which work toward delivery of this KEP has been
+# done. This can be the current (upcoming) milestone, if it is being actively
+# worked on.
+latest-milestone: "v1.19"
+
+# The milestone at which this feature was, or is targeted to be, at each stage.
+milestone:
+  alpha: "v1.19"
+  beta: "v1.20"
+  stable: "v1.22"
+
+# The following PRR answers are required at alpha release
+# List the feature gate name and the components for which it must be enabled
+feature-gates:
+  - name: MyFeature
+    components:
+      - kube-apiserver
+      - kube-controller-manager
+disable-supported: true
+
+# The following PRR answers are required at beta release
+metrics:
+  - my_feature_metric

From 444c9d6a558c92f732591b22da48017776d2a772 Mon Sep 17 00:00:00 2001
From: Jon Huhn <nojnhuh@users.noreply.github.com>
Date: Fri, 19 Sep 2025 14:25:39 -0500
Subject: [PATCH 02/11] amend! Copy KEP template

KEP-5322: DRA: Handle permanent driver allocation failures
---
 .../README.md                                 | 54 ++++++++++++++++---
 .../kep.yaml                                  | 47 ++++++----------
 2 files changed, 62 insertions(+), 39 deletions(-)

diff --git a/keps/sig-node/5322-dra-driver-permanent-allocation-failure/README.md b/keps/sig-node/5322-dra-driver-permanent-allocation-failure/README.md
index 590a43e28b7..7e14f3e30ce 100644
--- a/keps/sig-node/5322-dra-driver-permanent-allocation-failure/README.md
+++ b/keps/sig-node/5322-dra-driver-permanent-allocation-failure/README.md
@@ -65,7 +65,7 @@ If none of those approvers are still appropriate, then changes to that list
 should be approved by the remaining approvers and/or the owning SIG (or
 SIG Architecture for cross-cutting KEPs).
 -->
-# KEP-NNNN: Your short, descriptive title
+# KEP-5322: DRA: Handle permanent driver allocation failures
 
 <!--
 This is the title of your KEP. Keep it short, simple, and descriptive. A good
@@ -90,9 +90,9 @@ tags, and then generate with `hack/update-toc.sh`.
   - [Goals](#goals)
   - [Non-Goals](#non-goals)
 - [Proposal](#proposal)
-  - [User Stories (Optional)](#user-stories-optional)
-    - [Story 1](#story-1)
-    - [Story 2](#story-2)
+  - [User Stories](#user-stories)
+    - [Efficiency](#efficiency)
+    - [Visibility of Errors](#visibility-of-errors)
   - [Notes/Constraints/Caveats (Optional)](#notesconstraintscaveats-optional)
   - [Risks and Mitigations](#risks-and-mitigations)
 - [Design Details](#design-details)
@@ -173,6 +173,18 @@ useful for a wide audience.
 A good summary is probably at least a paragraph in length.
 -->
 
+For Dynamic Resource Allocation (DRA), the kubelet interfaces with a separate
+driver component via gRPC which is responsible for attaching devices to
+containers based on scheduler outcomes. When drivers indicate to the kubelet
+that a failure occurred during that process, the kubelet will try again later.
+This strategy enables the kubelet to overcome transient failures in drivers, but
+is wasteful when the error is deterministic based on unchanged inputs.
+
+This KEP proposes additions to the gRPC interface between the kubelet and DRA
+drivers to enable drivers to report permanent failures, and updates to the
+kubelet to respond to those errors by ceasing to continuously retry invoking the
+DRA driver.
+
 ## Motivation
 
 <!--
@@ -184,6 +196,22 @@ demonstrate the interest in a KEP within the wider Kubernetes community.
 [experience reports]: https://github.com/golang/go/wiki/ExperienceReports
 -->
 
+Several failure modes of the DRA driver's `NodePrepareResources` gRPC method are
+not possible to resolve by trying again with the same input the way the kubelet
+currently handles all failures:
+
+- The opaque `config` associated with a request in a ResourceClaim may be
+  invalid
+- A device allocated by the scheduler may have just been found by the driver to
+  be unusable
+
+Pods with unfulfillable DRA allocations will stay stuck in a non-erroneous
+pending state until manual intervention is taken to identify the cause for the
+lack of progress and ultimately delete and recreate the Pod. In the meantime,
+the kubelet will waste time retrying an operation that is known will fail the
+same way as it did previously. Making the permanent nature of the error known as
+soon as possible allows the quickest path for remediation.
+
 ### Goals
 
 <!--
@@ -191,6 +219,10 @@ List the specific goals of the KEP. What is it trying to achieve? How will we
 know that this has succeeded?
 -->
 
+- Minimize the amount of unnecessary work done by the kubelet and DRA drivers.
+- Enable workloads to more responsively reschedule Pods in a permanent failure
+  state.
+
 ### Non-Goals
 
 <!--
@@ -209,7 +241,7 @@ The "Design Details" section below is for the real
 nitty-gritty.
 -->
 
-### User Stories (Optional)
+### User Stories
 
 <!--
 Detail the things that people will be able to do if this KEP is implemented.
@@ -218,9 +250,17 @@ the system. The goal here is to make this feel real for users without getting
 bogged down.
 -->
 
-#### Story 1
+#### Efficiency
+
+As a cluster administrator, I want to minimize the amount of unnecessary work
+done by critical components like the kubelet and DRA drivers to maximize their
+availability for more important work.
+
+#### Visibility of Errors
 
-#### Story 2
+As a workload administrator, I want to ensure that my workloads are able to
+start up as quickly and reliably as possible by proactively rescheduling Pods
+when their allocated DRA resources cannot be fulfilled.
 
 ### Notes/Constraints/Caveats (Optional)
 
diff --git a/keps/sig-node/5322-dra-driver-permanent-allocation-failure/kep.yaml b/keps/sig-node/5322-dra-driver-permanent-allocation-failure/kep.yaml
index 5dfddc15e73..abe170199da 100644
--- a/keps/sig-node/5322-dra-driver-permanent-allocation-failure/kep.yaml
+++ b/keps/sig-node/5322-dra-driver-permanent-allocation-failure/kep.yaml
@@ -1,51 +1,34 @@
-title: KEP Template
-kep-number: NNNN
+title: "DRA: Handle permanent driver allocation failures"
+kep-number: 5322
 authors:
-  - "@jane.doe"
-owning-sig: sig-xyz
-participating-sigs:
-  - sig-aaa
-  - sig-bbb
-status: provisional|implementable|implemented|deferred|rejected|withdrawn|replaced
-creation-date: yyyy-mm-dd
+  - "@nojnhuh"
+owning-sig: sig-node
+participating-sigs: []
+status: provisional
+creation-date: 2025-09-19
 reviewers:
   - TBD
-  - "@alice.doe"
 approvers:
   - TBD
-  - "@oscar.doe"
 
 see-also:
-  - "/keps/sig-aaa/1234-we-heard-you-like-keps"
-  - "/keps/sig-bbb/2345-everyone-gets-a-kep"
-replaces:
-  - "/keps/sig-ccc/3456-replaced-kep"
+  - "/keps/sig-scheduling/5055-dra-device-taints-and-tolerations"
+replaces: []
 
-# The target maturity stage in the current dev cycle for this KEP.
-# If the purpose of this KEP is to deprecate a user-visible feature
-# and a Deprecated feature gates are added, they should be deprecated|disabled|removed.
-stage: alpha|beta|stable
+stage: alpha
 
 # The most recent milestone for which work toward delivery of this KEP has been
 # done. This can be the current (upcoming) milestone, if it is being actively
 # worked on.
-latest-milestone: "v1.19"
+latest-milestone: "v1.35"
 
-# The milestone at which this feature was, or is targeted to be, at each stage.
 milestone:
-  alpha: "v1.19"
-  beta: "v1.20"
-  stable: "v1.22"
+  alpha: "v1.35"
 
-# The following PRR answers are required at alpha release
-# List the feature gate name and the components for which it must be enabled
 feature-gates:
-  - name: MyFeature
+  - name: DRAHandlePermanentDriverFailures
     components:
-      - kube-apiserver
-      - kube-controller-manager
+      - kubelet
 disable-supported: true
 
-# The following PRR answers are required at beta release
-metrics:
-  - my_feature_metric
+metrics: []

From 34f83e4bdd7e31101e94dc503ab17d6a1da0dfdf Mon Sep 17 00:00:00 2001
From: Jon Huhn <nojnhuh@users.noreply.github.com>
Date: Mon, 29 Sep 2025 16:28:56 -0500
Subject: [PATCH 03/11] fixup! Copy KEP template

Fill out the rest of the doc
---
 .../README.md                                 | 194 +++++++++++++++---
 1 file changed, 170 insertions(+), 24 deletions(-)

diff --git a/keps/sig-node/5322-dra-driver-permanent-allocation-failure/README.md b/keps/sig-node/5322-dra-driver-permanent-allocation-failure/README.md
index 7e14f3e30ce..95e66f17b0b 100644
--- a/keps/sig-node/5322-dra-driver-permanent-allocation-failure/README.md
+++ b/keps/sig-node/5322-dra-driver-permanent-allocation-failure/README.md
@@ -10,26 +10,26 @@ updates.
 
 To get started with this template:
 
-- [ ] **Pick a hosting SIG.**
+- [X] **Pick a hosting SIG.**
   Make sure that the problem space is something the SIG is interested in taking
   up. KEPs should not be checked in without a sponsoring SIG.
-- [ ] **Create an issue in kubernetes/enhancements**
+- [X] **Create an issue in kubernetes/enhancements**
   When filing an enhancement tracking issue, please make sure to complete all
   fields in that template. One of the fields asks for a link to the KEP. You
   can leave that blank until this KEP is filed, and then go back to the
   enhancement and add the link.
-- [ ] **Make a copy of this template directory.**
+- [X] **Make a copy of this template directory.**
   Copy this template into the owning SIG's directory and name it
   `NNNN-short-descriptive-title`, where `NNNN` is the issue number (with no
   leading-zero padding) assigned to your enhancement above.
-- [ ] **Fill out as much of the kep.yaml file as you can.**
+- [X] **Fill out as much of the kep.yaml file as you can.**
   At minimum, you should fill in the "Title", "Authors", "Owning-sig",
   "Status", and date-related fields.
-- [ ] **Fill out this file as best you can.**
+- [X] **Fill out this file as best you can.**
   At minimum, you should fill in the "Summary" and "Motivation" sections.
   These should be easy if you've preflighted the idea of the KEP with the
   appropriate SIG(s).
-- [ ] **Create a PR for this KEP.**
+- [X] **Create a PR for this KEP.**
   Assign it to people in the SIG who are sponsoring this process.
 - [ ] **Merge early and iterate.**
   Avoid getting hung up on specific details and instead aim to get the goals of
@@ -93,15 +93,19 @@ tags, and then generate with `hack/update-toc.sh`.
   - [User Stories](#user-stories)
     - [Efficiency](#efficiency)
     - [Visibility of Errors](#visibility-of-errors)
-  - [Notes/Constraints/Caveats (Optional)](#notesconstraintscaveats-optional)
   - [Risks and Mitigations](#risks-and-mitigations)
 - [Design Details](#design-details)
+  - [API](#api)
+  - [Kubelet Handling](#kubelet-handling)
   - [Test Plan](#test-plan)
       - [Prerequisite testing updates](#prerequisite-testing-updates)
       - [Unit tests](#unit-tests)
       - [Integration tests](#integration-tests)
       - [e2e tests](#e2e-tests)
   - [Graduation Criteria](#graduation-criteria)
+    - [Alpha](#alpha)
+    - [Beta](#beta)
+    - [GA](#ga)
   - [Upgrade / Downgrade Strategy](#upgrade--downgrade-strategy)
   - [Version Skew Strategy](#version-skew-strategy)
 - [Production Readiness Review Questionnaire](#production-readiness-review-questionnaire)
@@ -114,7 +118,6 @@ tags, and then generate with `hack/update-toc.sh`.
 - [Implementation History](#implementation-history)
 - [Drawbacks](#drawbacks)
 - [Alternatives](#alternatives)
-- [Infrastructure Needed (Optional)](#infrastructure-needed-optional)
 <!-- /toc -->
 
 ## Release Signoff Checklist
@@ -230,6 +233,9 @@ What is out of scope for this KEP? Listing non-goals helps to focus discussion
 and make progress.
 -->
 
+- Automatically attempt to mitigate permanent errors, such as by deleting or
+  rescheduling Pods. That should be left to higher-level controllers.
+
 ## Proposal
 
 <!--
@@ -262,9 +268,9 @@ As a workload administrator, I want to ensure that my workloads are able to
 start up as quickly and reliably as possible by proactively rescheduling Pods
 when their allocated DRA resources cannot be fulfilled.
 
+<!--
 ### Notes/Constraints/Caveats (Optional)
 
-<!--
 What are the caveats to the proposal?
 What are some important details that didn't come across above?
 Go in to as much detail as necessary here.
@@ -285,6 +291,11 @@ How will UX be reviewed, and by whom?
 Consider including folks who also work outside the SIG or subproject.
 -->
 
+By retrying in all error cases, the current implementation is resilient to
+transient errors. Adding a path that does not retry opens up the possibility
+for miscategorized errors to cause a Pod to terminally fail even when a
+subsequent attempt might allow the Pod's startup to progress.
+
 ## Design Details
 
 <!--
@@ -294,6 +305,44 @@ required) or even code snippets. If there's any ambiguity about HOW your
 proposal will be implemented, this is the place to discuss them.
 -->
 
+Broadly, two changes are required to enable permanent errors to skip being
+retried:
+
+1. Allow DRA drivers to annotate errors encountered during the
+   `NodePrepareResources` gRPC call as being permanent.
+1. Update the kubelet to skip retrying to allocate resources for a Pod when a
+   previous request for that Pod failed permanently.
+
+### API
+
+The kubelet's DRA gRPC interface will be updated to allow drivers to express
+that an error is permanent with a new `permanent_error` field:
+
+```proto
+message NodePrepareResourceResponse {
+    // These are the additional devices that kubelet must
+    // make available via the container runtime. A claim
+    // may have zero or more requests and each request
+    // may have zero or more devices.
+    repeated Device devices = 1;
+    // If non-empty, preparing the ResourceClaim failed.
+    // Devices are ignored in that case.
+    string error = 2;
+    // When true and a non-empty error is returned, indicates that the
+    // error is permanent. Permanent errors are expected to fail
+    // consistently for a given request and should not be retried.
+    bool permanent_error = 3;
+}
+```
+
+### Kubelet Handling
+
+Once the kubelet receives a permanent error from a DRA driver for a given Pod,
+it must take the appropriate action to give up on the Pod permanently. More
+concretely, the kubelet will set the Pod's `status.phase` to `Failed`. The
+kubelet already knows not to continue reconciling `Failed` Pods and many other
+Pod controllers already handle `Failed` Pods.
+
 ### Test Plan
 
 <!--
@@ -307,7 +356,7 @@ when drafting this test plan.
 [testing-guidelines]: https://git.k8s.io/community/contributors/devel/sig-testing/testing.md
 -->
 
-[ ] I/we understand the owners of the involved components may require updates to
+[X] I/we understand the owners of the involved components may require updates to
 existing tests to make this code solid enough prior to committing the changes necessary
 to implement this enhancement.
 
@@ -339,7 +388,9 @@ This can inform certain test coverage improvements that we want to do before
 extending the production code to implement this enhancement.
 -->
 
-- `<package>`: `<date>` - `<test coverage>`
+- `k8s.io/kubernetes/pkg/kubelet`: `2025-09-29` - `72.6%`
+- `k8s.io/kubernetes/pkg/kubelet/cm/dra`: `2025-09-29` - `81.7%`
+- `k8s.io/kubernetes/pkg/kubelet/kuberuntime`: `2025-09-29` - `69.5%`
 
 ##### Integration tests
 
@@ -365,7 +416,9 @@ This can be done with:
 - a search in the Kubernetes bug triage tool (https://storage.googleapis.com/k8s-triage/index.html)
 -->
 
-- [test name](https://github.com/kubernetes/kubernetes/blob/2334b8469e1983c525c0c6382125710093a25883/test/integration/...): [integration master](https://testgrid.k8s.io/sig-release-master-blocking#integration-master?include-filter-by-regex=MyCoolFeature), [triage search](https://storage.googleapis.com/k8s-triage/index.html?test=MyCoolFeature)
+These changes are focused on interactions between third-party DRA drivers and
+the kubelet. Since integration tests generally focus on interactions with etcd
+and the API server, integration tests for this feature will not be added.
 
 ##### e2e tests
 
@@ -384,7 +437,12 @@ We expect no non-infra related flakes in the last month as a GA graduation crite
 If e2e tests are not necessary or useful, explain why.
 -->
 
-- [test name](https://github.com/kubernetes/kubernetes/blob/2334b8469e1983c525c0c6382125710093a25883/test/e2e/...): [SIG ...](https://testgrid.k8s.io/sig-...?include-filter-by-regex=MyCoolFeature), [triage search](https://storage.googleapis.com/k8s-triage/index.html?test=MyCoolFeature)
+E2E tests will be added to verify that Pods referencing ResourceClaims which
+fail to allocate permanently transition to the `Failed` `status.phase`.
+
+Likewise, Pods referencing ResourceClaims which fail to allocate transiently
+should remain in the `Pending` phase until the transient error is overcome and
+the Pod reaches the `Running` phase.
 
 ### Graduation Criteria
 
@@ -461,6 +519,22 @@ in back-to-back releases.
 - Deprecate the flag
 -->
 
+#### Alpha
+
+- Feature implemented behind a feature flag
+- Initial e2e tests completed and enabled
+
+#### Beta
+
+- Gather feedback from developers and surveys
+- Additional tests are in Testgrid and linked in KEP
+
+#### GA
+
+- 3 examples of real-world usage
+- Allowing time for feedback
+- All issues and gaps identified as feedback during beta are resolved
+
 ### Upgrade / Downgrade Strategy
 
 <!--
@@ -490,6 +564,18 @@ enhancement:
   CRI or CNI may require updating that component before the kubelet.
 -->
 
+When the kubelet is a newer version which implements this KEP and a DRA driver
+is an older version whose gRPC interface does not yet include the
+`permanent_error` field, the kubelet will observe that all errors coming from a
+DRA driver's `NodePrepareResources` response are transient. This matches the
+current behavior where the kubelet does not yet implement this KEP.
+
+When the inverse is true and a DRA driver responds to `NodePrepareResources`
+with a permanent error to a kubelet that does not implement this KEP, then the
+error will be treated as a transient error. DRA drivers therefore should expect
+that identical requests may be made even when a permanent error was given in a
+prior response.
+
 ## Production Readiness Review Questionnaire
 
 <!--
@@ -532,15 +618,10 @@ well as the [existing list] of feature gates.
 [existing list]: https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/
 -->
 
-- [ ] Feature gate (also fill in values in `kep.yaml`)
-  - Feature gate name:
+- [X] Feature gate (also fill in values in `kep.yaml`)
+  - Feature gate name: DRAHandlePermanentDriverFailures
   - Components depending on the feature gate:
-- [ ] Other
-  - Describe the mechanism:
-  - Will enabling / disabling the feature require downtime of the control
-    plane?
-  - Will enabling / disabling the feature require downtime or reprovisioning
-    of a node?
+    - kubelet
 
 ###### Does enabling the feature change any default behavior?
 
@@ -549,6 +630,8 @@ Any change of default behavior may be surprising to users or break existing
 automations, so be extremely careful here.
 -->
 
+No
+
 ###### Can the feature be disabled once it has been enabled (i.e. can we roll back the enablement)?
 
 <!--
@@ -562,8 +645,17 @@ feature.
 NOTE: Also set `disable-supported` to `true` or `false` in `kep.yaml`.
 -->
 
+Yes, setting the feature gate to `false` will immediately cause all errors from
+DRA drivers to be handled by the kubelet the same way as they were previously.
+DRA drivers should not need to be aware of whether or not the kubelet implements
+or enables this feature in order to behave in a correct way.
+
 ###### What happens if we reenable the feature if it was previously rolled back?
 
+When the feature is reenabled, new errors that are classified as permanent will
+be handled the same way as if the feature were enabled initially. This feature
+does not require any persisted state.
+
 ###### Are there any tests for feature enablement/disablement?
 
 <!--
@@ -579,12 +671,16 @@ You can take a look at one potential example of such test in:
 https://github.com/kubernetes/kubernetes/pull/97058/files#diff-7826f7adbc1996a05ab52e3f5f02429e94b68ce6bce0dc534d1be636154fded3R246-R282
 -->
 
+This will be covered with unit tests for the kubelet.
+
 ### Rollout, Upgrade and Rollback Planning
 
 <!--
 This section must be completed when targeting beta to a release.
 -->
 
+Will be considered for beta.
+
 ###### How can a rollout or rollback fail? Can it impact already running workloads?
 
 <!--
@@ -597,6 +693,8 @@ rollout. Similarly, consider large clusters and how enablement/disablement
 will rollout across nodes.
 -->
 
+Will be considered for beta.
+
 ###### What specific metrics should inform a rollback?
 
 <!--
@@ -604,6 +702,8 @@ What signals should users be paying attention to when the feature is young
 that might indicate a serious problem?
 -->
 
+Will be considered for beta.
+
 ###### Were upgrade and rollback tested? Was the upgrade->downgrade->upgrade path tested?
 
 <!--
@@ -612,12 +712,16 @@ Longer term, we may want to require automated upgrade/rollback tests, but we
 are missing a bunch of machinery and tooling and can't do that now.
 -->
 
+Will be considered for beta.
+
 ###### Is the rollout accompanied by any deprecations and/or removals of features, APIs, fields of API types, flags, etc.?
 
 <!--
 Even if applying deprecation policies, they may still surprise some users.
 -->
 
+Will be considered for beta.
+
 ### Monitoring Requirements
 
 <!--
@@ -635,6 +739,8 @@ checking if there are objects with field X set) may be a last resort. Avoid
 logs or events for this purpose.
 -->
 
+Will be considered for beta.
+
 ###### How can someone using this feature know that it is working for their instance?
 
 <!--
@@ -644,7 +750,6 @@ Pick one more of these and delete the rest.
 Please describe all items visible to end users below with sufficient detail so that they can verify correct enablement
 and operation of this feature.
 Recall that end users cannot usually observe component logs or access metrics.
--->
 
 - [ ] Events
   - Event Reason: 
@@ -653,6 +758,9 @@ Recall that end users cannot usually observe component logs or access metrics.
   - Other field: 
 - [ ] Other (treat as last resort)
   - Details:
+-->
+
+Will be considered for beta.
 
 ###### What are the reasonable SLOs (Service Level Objectives) for the enhancement?
 
@@ -671,11 +779,12 @@ These goals will help you determine what you need to measure (SLIs) in the next
 question.
 -->
 
+Will be considered for beta.
+
 ###### What are the SLIs (Service Level Indicators) an operator can use to determine the health of the service?
 
 <!--
 Pick one more of these and delete the rest.
--->
 
 - [ ] Metrics
   - Metric name:
@@ -683,6 +792,9 @@ Pick one more of these and delete the rest.
   - Components exposing the metric:
 - [ ] Other (treat as last resort)
   - Details:
+-->
+
+Will be considered for beta.
 
 ###### Are there any missing metrics that would be useful to have to improve observability of this feature?
 
@@ -691,6 +803,8 @@ Describe the metrics themselves and the reasons why they weren't added (e.g., co
 implementation difficulties, etc.).
 -->
 
+Will be considered for beta.
+
 ### Dependencies
 
 <!--
@@ -714,6 +828,8 @@ and creating new ones, as well as about cluster-level services (e.g. DNS):
       - Impact of its degraded performance or high-error rates on the feature:
 -->
 
+Will be considered for beta.
+
 ### Scalability
 
 <!--
@@ -741,6 +857,9 @@ Focusing mostly on:
     heartbeats, leader election, etc.)
 -->
 
+Depending on the exact implementation, permanent errors will result in at most
+one extra API call per Pod to PATCH pods/status.
+
 ###### Will enabling / using this feature result in introducing new API types?
 
 <!--
@@ -750,6 +869,8 @@ Describe them, providing:
   - Supported number of objects per namespace (for namespace-scoped objects)
 -->
 
+No
+
 ###### Will enabling / using this feature result in any new calls to the cloud provider?
 
 <!--
@@ -758,6 +879,8 @@ Describe them, providing:
   - Estimated increase:
 -->
 
+No
+
 ###### Will enabling / using this feature result in increasing size or count of the existing API objects?
 
 <!--
@@ -767,6 +890,8 @@ Describe them, providing:
   - Estimated amount of new objects: (e.g., new Object X for every existing Pod)
 -->
 
+No
+
 ###### Will enabling / using this feature result in increasing time taken by any operations covered by existing SLIs/SLOs?
 
 <!--
@@ -778,6 +903,9 @@ Think about adding additional work or introducing new steps in between
 [existing SLIs/SLOs]: https://git.k8s.io/community/sig-scalability/slos/slos.md#kubernetes-slisslos
 -->
 
+No. Startup latency is not affected because Pods affected by this feature never
+finish starting up.
+
 ###### Will enabling / using this feature result in non-negligible increase of resource usage (CPU, RAM, disk, IO, ...) in any components?
 
 <!--
@@ -790,6 +918,8 @@ This through this both in small and large cases, again with respect to the
 [supported limits]: https://git.k8s.io/community//sig-scalability/configs-and-limits/thresholds.md
 -->
 
+No
+
 ###### Can enabling / using this feature result in resource exhaustion of some node resources (PIDs, sockets, inodes, etc.)?
 
 <!--
@@ -802,6 +932,8 @@ Are there any tests that were run/should be run to understand performance charac
 and validate the declared limits?
 -->
 
+No
+
 ### Troubleshooting
 
 <!--
@@ -817,6 +949,8 @@ details). For now, we leave it here.
 
 ###### How does this feature react if the API server and/or etcd is unavailable?
 
+Will be considered for beta.
+
 ###### What are other known failure modes?
 
 <!--
@@ -832,8 +966,12 @@ For each of them, fill in the following information by copying the below templat
     - Testing: Are there any tests for failure mode? If not, describe why.
 -->
 
+Will be considered for beta.
+
 ###### What steps should be taken if SLOs are not being met to determine the problem?
 
+Will be considered for beta.
+
 ## Implementation History
 
 <!--
@@ -847,12 +985,20 @@ Major milestones might include:
 - when the KEP was retired or superseded
 -->
 
+- 1.35: Initial proposal and implementation
+
 ## Drawbacks
 
 <!--
 Why should this KEP _not_ be implemented?
 -->
 
+While this feature makes it more convenient to determine when a Pod needs to be
+rescheduled, it does not unlock any brand new use cases. It is already possible
+for a higher-level controller to determine that a Pod taking too much time to
+start up and act accordingly. The complexity of this change might outweigh the
+benefits.
+
 ## Alternatives
 
 <!--
@@ -861,9 +1007,9 @@ not need to be as detailed as the proposal, but should include enough
 information to express the idea and why it was not acceptable.
 -->
 
+<!--
 ## Infrastructure Needed (Optional)
 
-<!--
 Use this section if you need things from the project/SIG. Examples include a
 new subproject, repos requested, or GitHub details. Listing these here allows a
 SIG to get the process for these resources started right away.

From 535b8566e1a6d26c3c4a45bed5529d177af1def2 Mon Sep 17 00:00:00 2001
From: Jon Huhn <nojnhuh@users.noreply.github.com>
Date: Tue, 30 Sep 2025 17:48:33 -0500
Subject: [PATCH 04/11] fixup! Copy KEP template

Addressing Sergey's feedback
---
 .../README.md                                 | 52 +++++++++++++++++--
 1 file changed, 49 insertions(+), 3 deletions(-)

diff --git a/keps/sig-node/5322-dra-driver-permanent-allocation-failure/README.md b/keps/sig-node/5322-dra-driver-permanent-allocation-failure/README.md
index 95e66f17b0b..8281646393a 100644
--- a/keps/sig-node/5322-dra-driver-permanent-allocation-failure/README.md
+++ b/keps/sig-node/5322-dra-driver-permanent-allocation-failure/README.md
@@ -96,7 +96,9 @@ tags, and then generate with `hack/update-toc.sh`.
   - [Risks and Mitigations](#risks-and-mitigations)
 - [Design Details](#design-details)
   - [API](#api)
-  - [Kubelet Handling](#kubelet-handling)
+  - [Pod Admission Failure](#pod-admission-failure)
+  - [Preventing Repeated Failures](#preventing-repeated-failures)
+  - [Diagnosing Permanent Errors](#diagnosing-permanent-errors)
   - [Test Plan](#test-plan)
       - [Prerequisite testing updates](#prerequisite-testing-updates)
       - [Unit tests](#unit-tests)
@@ -335,14 +337,49 @@ message NodePrepareResourceResponse {
 }
 ```
 
-### Kubelet Handling
+Permanent errors are ones which occur consistently for a given input to the DRA
+driver's `NodePrepareResources` gPRC call. Errors not classified as permanent
+are expected to be transient and eventually resolve. Permanent errors may be
+caused by faulty, irrecoverable devices or by invalid opaque `config` associated
+with a ResourceClaim's request.
+
+### Pod Admission Failure
 
 Once the kubelet receives a permanent error from a DRA driver for a given Pod,
-it must take the appropriate action to give up on the Pod permanently. More
+it must take the appropriate action to give up on the Pod as permanently as possible. More
 concretely, the kubelet will set the Pod's `status.phase` to `Failed`. The
 kubelet already knows not to continue reconciling `Failed` Pods and many other
 Pod controllers already handle `Failed` Pods.
 
+In some cases, the kubelet will re-reconcile Pods in a `Failed` phase. DRA
+drivers should not depend on requests resulting in permanent errors to never be
+made again. Similarly, DRA drivers should still expect the kubelet to invoke the
+`NodeUnprepareResources` method even after a prior `NodePrepareResources` call
+returned a permanent error.
+
+### Preventing Repeated Failures
+
+If a higher-level Pod controller replaces a Pod in the `Failed` phase with a new
+Pod because of a permanent failure from a DRA driver, steps should be taken to
+prevent the replacement Pod from being allocated the same device which is
+expected to fail again the same way.
+
+When [device taints and tolerations](https://kep.k8s.io/5055) are available, DRA
+drivers should consider adding a taint for the device with the `NoSchedule`
+effect if it determines other requests for that device are also likely to fail.
+When a permanent error is caused by invalid configuration in the ResourceClaim's
+request and not by a faulty device, drivers may not taint the device if another
+request for the same device with different parameters is expected to succeed.
+When device taints are not available, DRA drivers may instead consider removing
+a device from the ResourceSlice to remove it from the pool.
+
+### Diagnosing Permanent Errors
+
+The kubelet already logs errors returned from DRA drivers'
+`NodePrepareResources` responses and will generate an Event referring to the
+affected Pods. These messages will be updated to indicate when the error is
+permanent.
+
 ### Test Plan
 
 <!--
@@ -444,6 +481,15 @@ Likewise, Pods referencing ResourceClaims which fail to allocate transiently
 should remain in the `Pending` phase until the transient error is overcome and
 the Pod reaches the `Running` phase.
 
+Other potential E2E test scenarios include:
+- Ensuring a Pod referencing a ResourceClaim that encountered a permanent error
+  can be deleted when different DRA driver instances handle the
+  `NodePrepareResources` and `NodeUnprepareResources` calls.
+- Ensuring that Pods experiencing permanent DRA errors do not interfere with the
+  cleanup of CSI resources.
+- Ensuring the kubelet leaks no resources when many Pods encounter permanent DRA
+  errors.
+
 ### Graduation Criteria
 
 <!--

From bb4638ba5860ede3845d031ce52993893e55636e Mon Sep 17 00:00:00 2001
From: Jon Huhn <nojnhuh@users.noreply.github.com>
Date: Wed, 1 Oct 2025 11:15:23 -0500
Subject: [PATCH 05/11] fixup! Copy KEP template

Rename, scrub usage of "allocate"
---
 .../README.md                                             | 8 ++++----
 .../kep.yaml                                              | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)
 rename keps/sig-node/{5322-dra-driver-permanent-allocation-failure => 5322-dra-driver-permanent-failure}/README.md (99%)
 rename keps/sig-node/{5322-dra-driver-permanent-allocation-failure => 5322-dra-driver-permanent-failure}/kep.yaml (91%)

diff --git a/keps/sig-node/5322-dra-driver-permanent-allocation-failure/README.md b/keps/sig-node/5322-dra-driver-permanent-failure/README.md
similarity index 99%
rename from keps/sig-node/5322-dra-driver-permanent-allocation-failure/README.md
rename to keps/sig-node/5322-dra-driver-permanent-failure/README.md
index 8281646393a..b7fe512d381 100644
--- a/keps/sig-node/5322-dra-driver-permanent-allocation-failure/README.md
+++ b/keps/sig-node/5322-dra-driver-permanent-failure/README.md
@@ -65,7 +65,7 @@ If none of those approvers are still appropriate, then changes to that list
 should be approved by the remaining approvers and/or the owning SIG (or
 SIG Architecture for cross-cutting KEPs).
 -->
-# KEP-5322: DRA: Handle permanent driver allocation failures
+# KEP-5322: DRA: Handle permanent driver failures
 
 <!--
 This is the title of your KEP. Keep it short, simple, and descriptive. A good
@@ -312,7 +312,7 @@ retried:
 
 1. Allow DRA drivers to annotate errors encountered during the
    `NodePrepareResources` gRPC call as being permanent.
-1. Update the kubelet to skip retrying to allocate resources for a Pod when a
+1. Update the kubelet to skip retrying to prepare allocated resources for a Pod when a
    previous request for that Pod failed permanently.
 
 ### API
@@ -475,9 +475,9 @@ If e2e tests are not necessary or useful, explain why.
 -->
 
 E2E tests will be added to verify that Pods referencing ResourceClaims which
-fail to allocate permanently transition to the `Failed` `status.phase`.
+receive permanent errors from DRA drivers transition to the `Failed` `status.phase`.
 
-Likewise, Pods referencing ResourceClaims which fail to allocate transiently
+Likewise, Pods referencing ResourceClaims which cause drivers to fail transiently
 should remain in the `Pending` phase until the transient error is overcome and
 the Pod reaches the `Running` phase.
 
diff --git a/keps/sig-node/5322-dra-driver-permanent-allocation-failure/kep.yaml b/keps/sig-node/5322-dra-driver-permanent-failure/kep.yaml
similarity index 91%
rename from keps/sig-node/5322-dra-driver-permanent-allocation-failure/kep.yaml
rename to keps/sig-node/5322-dra-driver-permanent-failure/kep.yaml
index abe170199da..f3056ebc653 100644
--- a/keps/sig-node/5322-dra-driver-permanent-allocation-failure/kep.yaml
+++ b/keps/sig-node/5322-dra-driver-permanent-failure/kep.yaml
@@ -1,4 +1,4 @@
-title: "DRA: Handle permanent driver allocation failures"
+title: "DRA: Handle permanent driver failures"
 kep-number: 5322
 authors:
   - "@nojnhuh"

From 0aa4687993789ee14db43d6c7b81c711c532e96c Mon Sep 17 00:00:00 2001
From: Jon Huhn <nojnhuh@users.noreply.github.com>
Date: Wed, 1 Oct 2025 11:20:46 -0500
Subject: [PATCH 06/11] fixup! Copy KEP template

Address Patrick's other comments
---
 .../sig-node/5322-dra-driver-permanent-failure/README.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/keps/sig-node/5322-dra-driver-permanent-failure/README.md b/keps/sig-node/5322-dra-driver-permanent-failure/README.md
index b7fe512d381..bb065ab7bda 100644
--- a/keps/sig-node/5322-dra-driver-permanent-failure/README.md
+++ b/keps/sig-node/5322-dra-driver-permanent-failure/README.md
@@ -213,7 +213,7 @@ currently handles all failures:
 Pods with unfulfillable DRA allocations will stay stuck in a non-erroneous
 pending state until manual intervention is taken to identify the cause for the
 lack of progress and ultimately delete and recreate the Pod. In the meantime,
-the kubelet will waste time retrying an operation that is known will fail the
+the kubelet will waste time retrying an operation that is known to fail the
 same way as it did previously. Making the permanent nature of the error known as
 soon as possible allows the quickest path for remediation.
 
@@ -367,12 +367,13 @@ expected to fail again the same way.
 When [device taints and tolerations](https://kep.k8s.io/5055) are available, DRA
 drivers should consider adding a taint for the device with the `NoSchedule`
 effect if it determines other requests for that device are also likely to fail.
-When a permanent error is caused by invalid configuration in the ResourceClaim's
-request and not by a faulty device, drivers may not taint the device if another
-request for the same device with different parameters is expected to succeed.
 When device taints are not available, DRA drivers may instead consider removing
 a device from the ResourceSlice to remove it from the pool.
 
+When a permanent error is caused by invalid configuration in the ResourceClaim's
+request and not by a faulty device, drivers should not taint the device if another
+request for the same device with different parameters is expected to succeed.
+
 ### Diagnosing Permanent Errors
 
 The kubelet already logs errors returned from DRA drivers'

From 14338168b6d67f96808436d35a4f3e798da6f5a1 Mon Sep 17 00:00:00 2001
From: Jon Huhn <nojnhuh@users.noreply.github.com>
Date: Sat, 4 Oct 2025 00:55:06 -0500
Subject: [PATCH 07/11] fixup! Copy KEP template

Add PRR YAML
---
 keps/prod-readiness/sig-node/5322.yaml | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 keps/prod-readiness/sig-node/5322.yaml

diff --git a/keps/prod-readiness/sig-node/5322.yaml b/keps/prod-readiness/sig-node/5322.yaml
new file mode 100644
index 00000000000..23866f15cde
--- /dev/null
+++ b/keps/prod-readiness/sig-node/5322.yaml
@@ -0,0 +1,5 @@
+kep-number: 5322
+alpha:
+  approver: "@jpbetz"
+beta:
+  approver: "@jpbetz"

From 66bb7717e7cf177c8960b617e86a7d62ab3d45aa Mon Sep 17 00:00:00 2001
From: Jon Huhn <nojnhuh@users.noreply.github.com>
Date: Fri, 10 Oct 2025 13:27:25 -0500
Subject: [PATCH 08/11] fixup! Copy KEP template

Remove beta PRR approver
---
 keps/prod-readiness/sig-node/5322.yaml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/keps/prod-readiness/sig-node/5322.yaml b/keps/prod-readiness/sig-node/5322.yaml
index 23866f15cde..2a00193b513 100644
--- a/keps/prod-readiness/sig-node/5322.yaml
+++ b/keps/prod-readiness/sig-node/5322.yaml
@@ -1,5 +1,3 @@
 kep-number: 5322
 alpha:
   approver: "@jpbetz"
-beta:
-  approver: "@jpbetz"

From 80d86ce1f72551137f2c640516758aec61430e8d Mon Sep 17 00:00:00 2001
From: Jon Huhn <nojnhuh@users.noreply.github.com>
Date: Mon, 13 Oct 2025 15:04:23 -0500
Subject: [PATCH 09/11] fixup! Copy KEP template

Update kep.yaml
---
 keps/sig-node/5322-dra-driver-permanent-failure/kep.yaml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/keps/sig-node/5322-dra-driver-permanent-failure/kep.yaml b/keps/sig-node/5322-dra-driver-permanent-failure/kep.yaml
index f3056ebc653..fb641786591 100644
--- a/keps/sig-node/5322-dra-driver-permanent-failure/kep.yaml
+++ b/keps/sig-node/5322-dra-driver-permanent-failure/kep.yaml
@@ -4,10 +4,11 @@ authors:
   - "@nojnhuh"
 owning-sig: sig-node
 participating-sigs: []
-status: provisional
+status: implementable
 creation-date: 2025-09-19
 reviewers:
-  - TBD
+  - "@pohly"
+  - "@SergeyKanzhelev"
 approvers:
   - TBD
 

From 36e43465909173d71d4d2bfa7edc39fb174d317c Mon Sep 17 00:00:00 2001
From: Jon Huhn <nojnhuh@users.noreply.github.com>
Date: Tue, 14 Oct 2025 11:29:24 -0500
Subject: [PATCH 10/11] fixup! Copy KEP template

Add @mrunalp as an approver
---
 keps/sig-node/5322-dra-driver-permanent-failure/kep.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/keps/sig-node/5322-dra-driver-permanent-failure/kep.yaml b/keps/sig-node/5322-dra-driver-permanent-failure/kep.yaml
index fb641786591..466a00d3b59 100644
--- a/keps/sig-node/5322-dra-driver-permanent-failure/kep.yaml
+++ b/keps/sig-node/5322-dra-driver-permanent-failure/kep.yaml
@@ -10,7 +10,7 @@ reviewers:
   - "@pohly"
   - "@SergeyKanzhelev"
 approvers:
-  - TBD
+  - "@mrunalp"
 
 see-also:
   - "/keps/sig-scheduling/5055-dra-device-taints-and-tolerations"

From 1806f5d3eea59beac8d0a5a8d088706d3c3d37d4 Mon Sep 17 00:00:00 2001
From: Jon Huhn <nojnhuh@users.noreply.github.com>
Date: Tue, 14 Oct 2025 11:29:47 -0500
Subject: [PATCH 11/11] fixup! Copy KEP template

`bool permanent_error` -> `error_type` enum
---
 .../README.md                                 | 21 ++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

diff --git a/keps/sig-node/5322-dra-driver-permanent-failure/README.md b/keps/sig-node/5322-dra-driver-permanent-failure/README.md
index bb065ab7bda..78baf143ed9 100644
--- a/keps/sig-node/5322-dra-driver-permanent-failure/README.md
+++ b/keps/sig-node/5322-dra-driver-permanent-failure/README.md
@@ -317,8 +317,8 @@ retried:
 
 ### API
 
-The kubelet's DRA gRPC interface will be updated to allow drivers to express
-that an error is permanent with a new `permanent_error` field:
+The kubelet's DRA gRPC interface will be updated to allow drivers to
+classify errors with a new `error_type` field:
 
 ```proto
 message NodePrepareResourceResponse {
@@ -330,10 +330,17 @@ message NodePrepareResourceResponse {
     // If non-empty, preparing the ResourceClaim failed.
     // Devices are ignored in that case.
     string error = 2;
-    // When true and a non-empty error is returned, indicates that the
-    // error is permanent. Permanent errors are expected to fail
-    // consistently for a given request and should not be retried.
-    bool permanent_error = 3;
+    // When a non-empty error is returned, indicates the
+    // type of error that occurred.
+    NodePrepareResourceResponseErrorType error_type = 3;
+}
+
+enum NodePrepareResourceResponseErrorType {
+    // Unknown errors are unclassified.
+    Unknown = 0;
+    // Permanent errors are expected to fail consistently
+    // for a given request and should not be retried.
+    Permanent = 1;
 }
 ```
 
@@ -613,7 +620,7 @@ enhancement:
 
 When the kubelet is a newer version which implements this KEP and a DRA driver
 is an older version whose gRPC interface does not yet include the
-`permanent_error` field, the kubelet will observe that all errors coming from a
+`error_type` field, the kubelet will observe that all errors coming from a
 DRA driver's `NodePrepareResources` response are transient. This matches the
 current behavior where the kubelet does not yet implement this KEP.