-
Notifications
You must be signed in to change notification settings - Fork 40k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Initial work on running windows containers on Kubernetes #31707
Initial work on running windows containers on Kubernetes #31707
Conversation
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please visit https://cla.developers.google.com/ to sign. Once you've signed, please reply here (e.g.
|
Can one of the admins verify that this patch is reasonable to test? If so, please reply "ok to test". This message will repeat several times in short succession due to jenkinsci/ghprb-plugin#292. Sorry. |
8 similar comments
Can one of the admins verify that this patch is reasonable to test? If so, please reply "ok to test". This message will repeat several times in short succession due to jenkinsci/ghprb-plugin#292. Sorry. |
Can one of the admins verify that this patch is reasonable to test? If so, please reply "ok to test". This message will repeat several times in short succession due to jenkinsci/ghprb-plugin#292. Sorry. |
Can one of the admins verify that this patch is reasonable to test? If so, please reply "ok to test". This message will repeat several times in short succession due to jenkinsci/ghprb-plugin#292. Sorry. |
Can one of the admins verify that this patch is reasonable to test? If so, please reply "ok to test". This message will repeat several times in short succession due to jenkinsci/ghprb-plugin#292. Sorry. |
Can one of the admins verify that this patch is reasonable to test? If so, please reply "ok to test". This message will repeat several times in short succession due to jenkinsci/ghprb-plugin#292. Sorry. |
Can one of the admins verify that this patch is reasonable to test? If so, please reply "ok to test". This message will repeat several times in short succession due to jenkinsci/ghprb-plugin#292. Sorry. |
Can one of the admins verify that this patch is reasonable to test? If so, please reply "ok to test". This message will repeat several times in short succession due to jenkinsci/ghprb-plugin#292. Sorry. |
Can one of the admins verify that this patch is reasonable to test? If so, please reply "ok to test". This message will repeat several times in short succession due to jenkinsci/ghprb-plugin#292. Sorry. |
@@ -176,9 +176,6 @@ func SetDefaults_KubeletConfiguration(obj *KubeletConfiguration) { | |||
if obj.DockerExecHandlerName == "" { | |||
obj.DockerExecHandlerName = "native" | |||
} | |||
if obj.DockerEndpoint == "" { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems like a better answer is conditionalize this on !windows
I signed it! (Covered under Corporate Agreement - Apprenda) |
We found a Contributor License Agreement for you (the sender of this pull request) and all commit authors, but as best as we can tell these commits were authored by someone else. If that's the case, please add them to this pull request and have them confirm that they're okay with these commits being contributed to Google. If we're mistaken and you did author these commits, just reply here to confirm. |
@alexbrand I agree my commits can be used. Not sure how to tell that to k8s-bot. |
a4e3892
to
5ae8964
Compare
Looks like the build ran into #27462 here. |
GCE e2e build/test passed for commit 5ae8964. |
1b8804b
to
9e6815e
Compare
@brendandburns is it needed for both CLAs, Google and CNCF? Both @jbhurat and @csrwng are failing the Google one 🤔 |
Jenkins unit/integration failed for commit 9e6815e. Full PR test history. The magic incantation to run this job again is |
This LGTM, with some small comments. |
@@ -1463,8 +1463,6 @@ func validateVolumeMounts(mounts []api.VolumeMount, volumes sets.String, fldPath | |||
} | |||
if len(mnt.MountPath) == 0 { | |||
allErrs = append(allErrs, field.Required(idxPath.Child("mountPath"), "")) | |||
} else if strings.Contains(mnt.MountPath, ":") { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
doesn't seem like this should be removed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
or at least conditionalize this on windows?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My question here is, where exactly does this runs, the kubelet? I was under the impression this validation would happen at the API server and having that said, just couldn't conditionalize on Windows, e.g. if GOOS=="windows"
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah, good point. Can you instead make this check deeper?
e.g. `[A-Za-z]:' is ok, anything else isn't. Also if there are any forward slashes '/' then there better not be any colons.
Basically heuristically guess if it is a windows or linux path and then do the ':' validation if it looks like a Linux path.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually, it seems that:
c:/my/path
works with Windows Containers (there's some translation in place)/my:path
is valid Unix path
Please, advise.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As agreed on Slack between me and @brendandburns, this is without effect.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, yeah, this is fine with me given that /foo:bar/baz is apparently a valid unix path. It's unclear why this check was there to begin with.
@@ -1122,23 +1120,6 @@ func (dm *DockerManager) fmtDockerOpts(opts []dockerOpt) ([]string, error) { | |||
return fmtOpts, nil | |||
} | |||
|
|||
func (dm *DockerManager) getSecurityOpts(pod *api.Pod, ctrName string) ([]dockerOpt, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you restore this function to this location so that we minimize the diff?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(ah, nm you moved this out to a different file...)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, needs different impls for now.
LGTM |
@brendandburns can you label this to be released with 1.5? |
@k8s-bot test this [submit-queue is verifying that this PR is safe to merge] |
Automatic merge from submit-queue |
Automatic merge from submit-queue Powershell script to start kubelet and kube-proxy **What this PR does / why we need it**: This PR adds a powershell script to run kubelet and kube-proxy on Windows. It expects the required arguments like `API Server` location and uses appropriate defaults. **Which issue this PR fixes** : fixes # #34270 **Special notes for your reviewer**: This PR is for supporting Windows Server Containers for k8s, the work for which is covered under kubernetes/enhancements#116 This PR should be merged after #31707 and #36079 PRs are merged **Release note**: ```release-note ```
This is the first stab at getting the Kubelet running on Windows (fixes #30279), and getting it to deploy network-accessible pods that consist of Windows containers. Thanks @csrwng, @jbhurat for helping out.
The main challenge with Windows containers at this point is that container networking is not supported. In other words, each container in the pod will get it's own IP address. For this reason, we had to make a couple of changes to the kubelet when it comes to setting the pod's IP in the Pod Status. Instead of using the infra-container's IP, we use the IP address of the first container.
Other approaches we investigated involved "disabling" the infra container, either conditionally on
runtime.GOOS
or having a separate windows-docker container runtime that re-implemented some of the methods (would require some refactoring to avoid maintainability nightmare).Other changes:
More detailed documentation on how to setup the Windows kubelet can be found at https://docs.google.com/document/d/1IjwqpwuRdwcuWXuPSxP-uIz0eoJNfAJ9MWwfY20uH3Q.
cc: @ikester @brendandburns @jstarks
This change is