add KEP for pod ready++ #1991
add KEP for pod ready++ #1991
Conversation
k8s-ci-robot
added
size/M
k8s-github-robot
added
sig/architecture
|
I encourage you to get this PR submitted once @thockin and/or @dchen1107 approve of the scope. Err on the side of smaller targeted PRs that take on a single topic. Once things have settled create a PR to move it from "provisional" to "implementable". That provides a "last call" to make sure that everyone is on the same page. The goal is to avoid 100+ comment PRs that tackle all topics at once. |
keps/sig-network/0007-pod-ready++.md
Outdated
|
|
||
| ### Implementation Details/Notes/Constraints | ||
|
|
||
| This proposal mostly involves kubelet changes: |
There was a problem hiding this comment.
I would detail that the ready condition must continue to be the FINAL signal for controllers to proceed (for compat) which complicates the design overall.
MAYBE also add a short blurb about all-containers-ready (e.g. for endpoints) vs pod-ready? Maybe that belongs in the doc (but sharing docs with community sucks)
keps/sig-network/0007-pod-ready++.md
Outdated
|
|
||
| ## Proposal | ||
|
|
||
| [K8s Proposal: Pod Ready++](https://docs.google.com/document/d/1VFZbc_IqPf_Msd-jul7LKTmGjvQ5qRldYOFV0lGqxf8/edit#) |
There was a problem hiding this comment.
Is it worth converting that to markdown to be pasted inline here? What is the precedent @calebamiles ?
There was a problem hiding this comment.
I'd vote for adding it here at least once the outstanding comments on the doc have been resolved - I think there's value in consistent use of git source control for tracking changes.
keps/sig-network/0007-pod-ready++.md
Outdated
|
|
||
| ## Table of Contents | ||
|
|
||
| A table of contents is helpful for quickly jumping to sections of a KEP and for highlighting any additional information provided beyond the standard KEP template. |
There was a problem hiding this comment.
Probably can drop the "Why we need a table of contents" text here :)
keps/sig-network/0007-pod-ready++.md
Outdated
|
|
||
| ## Proposal | ||
|
|
||
| [K8s Proposal: Pod Ready++](https://docs.google.com/document/d/1VFZbc_IqPf_Msd-jul7LKTmGjvQ5qRldYOFV0lGqxf8/edit#) |
There was a problem hiding this comment.
I'd vote for adding it here at least once the outstanding comments on the doc have been resolved - I think there's value in consistent use of git source control for tracking changes.
|
|
||
| ### Goals | ||
|
|
||
| - Allow extra signals for pod readiness. |
There was a problem hiding this comment.
Perhaps there are a set of signals that we should implement as part of completing this KEP and as part of proving the API?
There was a problem hiding this comment.
I added a user adoption item in the graduation criteria. I would not tied this proposal with specific feature for now.
|
|
||
| ## Summary | ||
|
|
||
| This proposal aims to add extensibility to pod readiness. Besides container readiness, external feedback can be injected into PodStatus and influence pod readiness. Thus, achieving pod “ready++”. |
There was a problem hiding this comment.
I think a better summary is to recognize that what will really happen is to split the concept of "pod ready" into two pieces, for two different sets of consumers. The current text focuses one one set of consumers, the "workload controllers" that want "pod ready ++". The other set of consumers is the load balancers, network policy implementors, and so on that contribute to the "pod ready ++" based on "plain old pod ready". Remember, a load balancer (for example) has to react to a pod before all the load balancers and whatever have reacted to the pod. Following is a suggested rewording.
This proposal splits the concept of pod readiness into two concepts, for two distinct sets of consumers. One set of consumers is the workload controllers and other clients that simply want to know when a pod is fully ready for use. They care about a concept of readiness that we may call "ready++" and is stricter than the concept that is supported today; ready++ also indicates that all the relevant load balancers, traffic filters, and whatever have been adjusted to account for the pod. The other set of consumers is those very load balancers, traffic filters, and whatever. They need to continue to react to today's looser concept of readiness, while contributing to the stricter concept. For example, a load balancer needs to put a new pod into its backend set without waiting for ready++, while also contributing its own bit into ready++.
|
This propsoal should explicitly explain how load balancers, NetworkPolicy implementations, and so on will continue to sense "plain old pod ready". |
k8s-ci-robot
added
size/L
|
Ported the proposal from google doc into the PR. PTAL |
| For the workloads that take pod readiness as a critical signal for its decision making, they will automatically comply with this proposal without any change. Majority, if not all, of the workloads satisfy this condition. | ||
|
|
||
| ##### Kubelet | ||
| - Use PATCH instead of PUT to update PodStatus fields that are dictated by kubelet. |
There was a problem hiding this comment.
What is the advantage of using Patch instead of Put here ?
There was a problem hiding this comment.
Avoid conflicts. Similar to node status.
| - lastProbeTime: null | ||
| lastTransitionTime: 2018-01-01T00:00:00Z | ||
| status: "False" | ||
| type: www.example.com/feature-1 |
There was a problem hiding this comment.
is this documented somewhere on how to create custom Conditions ?
There was a problem hiding this comment.
Patch is the way to go.
|
|
||
| Pod readiness indicates whether the pod is ready to serve traffic. Pod readiness is dictated by kubelet with user specified readiness probe. On the other hand, pod readiness determines whether pod address shows up on the address list on related endpoints object. K8s primitives that manage pods, such as Deployment, only takes pod status into account for decision making, such as advancement during rolling update. | ||
|
|
||
| For example, during deployment rolling update, a new pod becomes ready. On the other hand, service, network policy and load-balancer are not yet ready for the new pod due to whatever reason (e.g. slowness in api machinery, endpoints controller, kube-proxy, iptables or infrastructure programming). This may cause service disruption or lost of backend capacity. In extreme cases, if rolling update completes before any new replacement pod actually start serving traffic, this will cause service outage. |
There was a problem hiding this comment.
how does this cause loss of backend capacity ?
There was a problem hiding this comment.
pod ready does not mean pod is serving traffic. Hence loss of backend capacity.
There was a problem hiding this comment.
@freehan I mean how is this part better than without this feature . Overall I agree just want to understand the reasoning here
| … | ||
| ``` | ||
|
|
||
| Another pod condition `ContainerReady` will be introduced to capture the old pod `Ready` condition. |
There was a problem hiding this comment.
ContainersReady (plural) I think
There was a problem hiding this comment.
But there may be on one container in pod :P
| Custom pod condition can be injected thru PATCH action using KubeClient. Please be noted that “kubectl patch” does not support patching object status. Need to use client-go or other KubeClient implementations. | ||
|
|
||
| Naming Convention: | ||
| The type of custom pod condition must comply with k8s label key format. For example, “www.example.com/feature-1”. |
There was a problem hiding this comment.
Will we allow "naked" named or do we require the prefix?
|
May be worth documenting why we don't want to allow updates. |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: thockin The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
|
||
| Another pod condition `ContainerReady` will be introduced to capture the old pod `Ready` condition. | ||
| ``` | ||
| ContainerReady is true == containers are ready |
There was a problem hiding this comment.
Will this replace the old Ready condition or in addition. ? It has to be in addition otherwise this is a breaking change
add KEP for pod ready++
KEP for pod ready++