Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proposal: Kubelet OCI runtime integration #26788

Closed
wants to merge 1 commit into from

Conversation

mrunalp
Copy link
Contributor

@mrunalp mrunalp commented Jun 3, 2016

* Use the release-note-* labels to set the release note state 
* Clear this block to use the PR title as the release note 
-OR-
* Enter your extended release note here

Analytics

Signed-off-by: Mrunal Patel mrunalp@gmail.com
Signed-off-by: Vishnu Kannan vishnuk@google.com


This change is Reviewable

@googlebot
Copy link

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed, please reply here (e.g. I signed it!) and we'll verify. Thanks.


  • If you've already signed a CLA, it's possible we don't have your GitHub username or you're using a different email address. Check your existing CLA data and verify that your email is set on your git commits.
  • If you signed the CLA as a corporation, please let us know the company's name.

@k8s-bot
Copy link

k8s-bot commented Jun 3, 2016

Can one of the admins verify that this patch is reasonable to test? If so, please reply "ok to test".
(Note: "add to whitelist" is no longer supported. Please update configurations in kubernetes/test-infra/jenkins/job-configs/kubernetes-jenkins-pull instead.)

This message may repeat a few times in short succession due to jenkinsci/ghprb-plugin#292. Sorry.

Otherwise, if this message is too spammy, please complain to ixdy.

@mrunalp
Copy link
Contributor Author

mrunalp commented Jun 3, 2016

@k8s-bot
Copy link

k8s-bot commented Jun 3, 2016

Can one of the admins verify that this patch is reasonable to test? If so, please reply "ok to test".
(Note: "add to whitelist" is no longer supported. Please update configurations in kubernetes/test-infra/jenkins/job-configs/kubernetes-jenkins-pull instead.)

This message may repeat a few times in short succession due to jenkinsci/ghprb-plugin#292. Sorry.

Otherwise, if this message is too spammy, please complain to ixdy.

1 similar comment
@k8s-bot
Copy link

k8s-bot commented Jun 3, 2016

Can one of the admins verify that this patch is reasonable to test? If so, please reply "ok to test".
(Note: "add to whitelist" is no longer supported. Please update configurations in kubernetes/test-infra/jenkins/job-configs/kubernetes-jenkins-pull instead.)

This message may repeat a few times in short succession due to jenkinsci/ghprb-plugin#292. Sorry.

Otherwise, if this message is too spammy, please complain to ixdy.

@k8s-github-robot k8s-github-robot added kind/design Categorizes issue or PR as related to design. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. release-note-label-needed labels Jun 3, 2016
@mrunalp mrunalp force-pushed the oci-proposal branch 2 times, most recently from aff4c1b to c95e34c Compare June 3, 2016 18:25
@mrunalp
Copy link
Contributor Author

mrunalp commented Jun 3, 2016

@googlebot I signed it

@vishh
Copy link
Contributor

vishh commented Jun 3, 2016

cc @mtaufen

@vishh vishh added release-note-none Denotes a PR that doesn't merit a release note. and removed release-note-label-needed labels Jun 3, 2016
Logging will work by using files to redirect stdout / stderr of the containers. Other higher level drivers could build
on top of files. Using files allow using disk quotas, impose Disk IO limits, and also avoid bottlenecks such as a SPOF
daemons. This approach also let’s Kubelet manage the lifecycle of logs with policies. Whenever there is disk pressure,
the kubelet can, Rotate log files of existing containers Prioritize logs from the first and last instance of a container
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The uppercase used in this sentence (Rotate, Prioritize, Delete) seems a little wield.

@vishh
Copy link
Contributor

vishh commented Jun 7, 2016

cc @matchstick

@resouer
Copy link
Contributor

resouer commented Jun 8, 2016

cc @feiskyer @resouer

@derekwaynecarr
Copy link
Member

@mrunalp @vishh LGTM, nice write-up

@derekwaynecarr
Copy link
Member

/cc @kubernetes/sig-node @kubernetes/rh-cluster-infra

API. The separation of client/server allows for faster iteration on the runtime integration development.

### Image management
For the first release, oci-runtime will continue to use docker-engine for managing images. The image management
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it possible not to depend on docker-engine? e.g., standalone implementation of docker registry client.

BTW, rkt could pull docker images without docker-engine.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 for not depending on docker-engine for pulling. Skopeo might be able to fit this use-case, or some other OCI tooling (cc @dgonyeo)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe not useful here but going to mention it anyway, I recently created a tool for fetching OCI images to disk: https://github.com/containers/oci-fetch

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We will create a separate proposal for image management using skopeo.

@runcom @rhatdan

On Jun 15, 2016, at 1:56 PM, Euan Kemp notifications@github.com wrote:

In docs/proposals/kubelet-oci-runtime.md:

+runtime options to enable additional features. It should be possible to support pods using runc as it has all the
+primitives to support pods. In addition to runc, compatibility with OCI Specification will let kubernetes support other
+OCI compliant runtimes as well.
+
+## Design aspects
+The following subsections will discuss the various design aspects of the runc integration with kubelet. For the purposes
+of this doc, the kubelet runtime that will provide support for OCI compliant container runtimes will be referred to as
+oci-runtime.
+
+### Runtime API
+The implementation will make use of the kubelet runtime API (#25899). The
+kubelet will implement the client API and the container runtimes including the one for OCI will implement the server
+API. The separation of client/server allows for faster iteration on the runtime integration development.
+
+### Image management
+For the first release, oci-runtime will continue to use docker-engine for managing images. The image management
👍 for not depending on docker-engine for pulling. Skopeo might be able to fit this use-case, or some other OCI tooling (cc @dgonyeo)


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, that's eventually what we would like to see here and skopeo already does support pulling images w/o any docker dependencies. Skopeo aims at handling all image formats out there and we've recently been adding support for OCI as well.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To me, image sharing and indexing shoukd be build on top of skopeo in image managers. Agree we should focus on this though.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Something like graphc (or something built for clusters would fit also on top of skopeo)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@runcom I have yet to see a graphc demo although it has been brought up in lots of discussions. My understanding is that graphc is for handling the filesystems like overlayfs, btrfs, etc. I am discussing a content-addressable store that is shared similar to the rkt CAS store. Which, if needed, we are happy to pull out into a library.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The eventual goal is to make image pulls and storage pluggable in oci-runtime. As part of a MVP we decided to use the docker daemon. If there is a better or easier and stable solution, then we can use that too I guess. WDYT @mrunalp ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It depends on what we want to do with layer sharing. If we are fine with vfs for rootfs in first cut then skopeo could handle pulling images.

@dims
Copy link
Member

dims commented Nov 11, 2016

@k8s-bot test this issue

@dims
Copy link
Member

dims commented Nov 11, 2016

@mrunalp looks like verify failed

I1110 16:37:18.869] FAILED   hack/make-rules/../../hack/verify-munge-docs.sh    17s

@dims
Copy link
Member

dims commented Nov 14, 2016

@saad-ali : this seems to be just a proposal, does it need to merge? ( cc @vishh @mrunalp @dchen1107 )

@saad-ali saad-ali modified the milestones: v1.6, v1.5 Nov 15, 2016
@saad-ali
Copy link
Member

@saad-ali : this seems to be just a proposal, does it need to merge? ( cc @vishh @mrunalp @dchen1107 )

Proposals can wait until post-code freeze to merge.

@k8s-github-robot k8s-github-robot added kind/design Categorizes issue or PR as related to design. kind/old-docs do-not-merge DEPRECATED. Indicates that a PR should not merge. Label can only be manually applied/removed. labels Dec 1, 2016
@k8s-github-robot
Copy link

This PR hasn't been active in 30 days. It will be closed in 59 days (Feb 13, 2017).

cc @dchen1107 @mrunalp @vishh

You can add 'keep-open' label to prevent this from happening, or add a comment to keep it open another 90 days

@k8s-github-robot
Copy link

[APPROVALNOTIFIER] Needs approval from an approver in each of these OWNERS Files:

We suggest the following people:
cc @thockin
You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@calebamiles
Copy link
Contributor

@k8s-bot test this

@k8s-ci-robot
Copy link
Contributor

@mrunalp: The following test(s) failed:

Test name Commit Details Rerun command
Jenkins GKE smoke e2e dce95c8 link @k8s-bot cvm gke e2e test this
Jenkins GCE etcd3 e2e dce95c8 link @k8s-bot gce etcd3 e2e test this
Jenkins GCI GKE smoke e2e dce95c8 link @k8s-bot gci gke e2e test this
Jenkins Kubemark GCE e2e dce95c8 link @k8s-bot kubemark e2e test this

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@ncdc
Copy link
Member

ncdc commented Mar 14, 2017

Removing from v1.6

@ncdc ncdc removed this from the v1.6 milestone Mar 14, 2017
@falenn
Copy link

falenn commented Mar 14, 2017 via email

@k8s-ci-robot k8s-ci-robot added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. and removed keep-open labels Dec 15, 2017
@cblecker
Copy link
Member

Design docs now live here: https://git.k8s.io/community/contributors/design-proposals
As this will never be merged into k/k, I'm going to close this. If this is still alive in some aspect, a new PR should be opened against the correct repo.

/remove-lifecycle frozen
/close

@k8s-ci-robot k8s-ci-robot removed the lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. label Feb 10, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
do-not-merge DEPRECATED. Indicates that a PR should not merge. Label can only be manually applied/removed. kind/design Categorizes issue or PR as related to design. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.