Can one of the admins verify that this patch is reasonable to test? (reply "ok to test", or if you trust the user, reply "add to whitelist")

If this message is too spammy, please complain to ixdy.

Cool!

WRT this as a patch - I think the hardest part is going to be sure that we're happy with the interface between core kubelet and runtimes. Since it's been on my plate this week, things like the networking tie-ins to runtimes is less-than-obvious.

Now that we have potentially 3 implementations of runtime, we should pause and think about abstractions.

@thockin The interface between core kublet and runtimes is ok except networking. Although it works well for current kubernetes networking model, it is very difficult to do things like multi-tenant networking.

cc @kubernetes/goog-node

Now that we have potentially 3 implementations of runtime, we should pause and think about abstractions.

We have some pod-level abstraction in kubelet/container, but we'd like to improve them.

We probably want to discuss this PR in the node team meeting, so I am assigning it to @dchen1107 for now.

Labelling this PR as size/XXL

@yujuhong @dchen1107

Have you discussed this PR in the node team meeting?

@feiskyer, @dchen1107 was out last week. We'll talk about this either today or tomorrow.

@thockin @dchen1107 @yujuhong What's the progress of node team meeting?

Thanks for your pr, and really nice work by implementing today's Container Runtime interface. But I am hesitated to take this as is for now:

1. I am not very happy with today's Runtime API. You must notice it already you have to duplicate most of code for SyncPod for both rkt and docker support including all those Kubernetes defined policy: StartPolicy, PullPolicy, etc. Runtime API is in today's shape due to many reasons, and it is not final one yet. One reason is mismatching network model between docker and rkt. Both docker and rkt are evolving, which help us to get right level of abstraction between Kubernetes and runtime. But not today.

2. Can we make this as part of contrib (https://github.com/kubernetes/contrib) instead of Kubernetes core? There are many features missing here, and you already listed a bunch of them. But there should be more. How does cAdvisor integrate with this model?

3. We are working on adding a bunch of resource management related features: such as qos, overcommit. What are the impact with this new Runtime? cc @bgrant0607 @davidopp

4. Who should be the maintainer of this runtime? Can we have unittests for this? Can we have integration tests? Can we enable e2e for a new runtime. CoreOS rkt team is working with us closely to have all those tests I listed above. How about this one?

On another hand, I love this since I believe it could enable new usecases for the customer. Is it possible you give a demo to our community hangout every Friday 10:00am? If there are big demanding on this, we could re prioritize this?

cc/ @bgrant0607 @thockin @brendandburns

First off, let me say that it would be awesome to have support for hyper and I would love to see a demo of this at community meeting sometime.

I think the right way forward for this PR (and other PRs like this in the future) is to implement a client/server version of the container runtime, so that container runtimes can be run outside of the kubelet process and implementations can be built in the kubernetes/contrib tree rather than the core tree.

To that end, I have filed #13768.

@feiskyer if you are up for it, we would be happy to merge an implementation of such a client/server interface (if you can build it...)

And then you can use that as the basis for integrating hyper into kubernetes. (and it can also be the basis for additional experimental container runtimes)

Let me know what you think of this, I would be happy to help with design, reviews, etc.

Best!
--brendan

1. I am not very happy with today's Runtime API. You must notice it already you have to duplicate most of code for SyncPod for both rkt and docker support including all those Kubernetes defined policy: StartPolicy, PullPolicy, etc. Runtime API is in today's shape due to many reasons, and it is not final one yet. One reason is mismatching network model between docker and rkt. Both docker and rkt are evolving, which help us to get right level of abstraction between Kubernetes and runtime. But not today.

I think so, there should be an abstraction that most pod management codes could be reused accross all container runtimes.

2. Can we make this as part of contrib (https://github.com/kubernetes/contrib) instead of Kubernetes core? There are many features missing here, and you already listed a bunch of them. But there should be more. How does cAdvisor integrate with this model?

Currently, kubelet container runtime is strongly binding to Kubernetes core. I don't think it's easy to make a runtime as part of contrib. If you have any way, please tell me.

cAdvisor is not working with hyper, since hyper is vm-based. I think a new plugin/agent for Heapster is more appropriate.

3. We are working on adding a bunch of resource management related features: such as qos, overcommit. What are the impact with this new Runtime? cc @bgrant0607 @davidopp

Hyper is still on quick evolving, more features can be added to hyper if needed.

4. Who should be the maintainer of this runtime? Can we have unittests for this? Can we have integration tests? Can we enable e2e for a new runtime. CoreOS rkt team is working with us closely to have all those tests I listed above. How about this one?

Hyper team is the maintainer of this runtime. We could work togather on setting up all the tests needed.

On another hand, I love this since I believe it could enable new usecases for the customer. Is it possible you give a demo to our community hangout every Friday 10:00am? If there are big demanding on this, we could re prioritize this?

I could show some hyper demos on community hangout, please tell me how to join community hangout. By the way, is every Friday 10:00am US-Pacific time?

cc/ @bgrant0607 @thockin @brendandburns @dchen1107

@brendandburns It's a great idea of making a c/s version of the container runtime and I'm very glad to be up for it.

Yes, community hangout is every Friday 10:00am US-Pacific time. I can put your demo to hangout schedule. How about Sept 18th?

@dchen1107 Time is ok, how can I join community hangout?

@feiskyer I scheduled your demo on Sept 18th, you can access it at https://docs.google.com/document/d/1VQDIAB0OqiSjIHI8AWMvSdceWhnz56jNpZrLs6o7NJY/edit#

Can you access this link: https://plus.google.com/hangouts/_/google.com/k8s-community?authuser=0

@dchen1107 Thanks.

@feiskyer I am assuming you cannot access hangout link I provided above without any issue, and the demo is tomorrow at 10:am PST.

Also could you please send me your personal email address to dawnchen@google.com? I want to invite you to our discussion on Container Runtime interface. Thanks!

@dchen1107 Thanks for tip, I can access hangout without any issue.

I'm closing this because of #17048