kubelet: Move KillContainer to container runtime. #6068
Conversation
|
|
||
| // KillContainer kills a docker container with the given containerID. | ||
| // TODO(yifan): To use strong type for the containerID. | ||
| func KillContainer(client DockerInterface, containerID string, |
There was a problem hiding this comment.
Hmmm I'm not sure I like how this is looking. It seems like all the readiness and event recording should be outside of the runtime. It is conceptually all work Kubelet does outside of what container runtime it uses. Do you have a plan on how readiness, ref, and recorder will be used in the runtime? Seems like Kubelet can call KillContainer (which kills) and can do teh recording and readiness itself from the status.
There was a problem hiding this comment.
@vmarmol I got your point. The reason here is if we want to let container runtime hide the pod infra container behind the interface, we will need to kill and restart the whole pod in the runtime. So we need to be able to manage the readiness, and report events in the runtime.
There could be other approaches that can leave the kubelet to manage the readiness, ref, etc.
One came to my mind is to add something like preparePod for the kubelet. After entering into syncPod, preparePod will be invoked first:
switch container runtime choice:
case docker: check and compare the pod infra container, kill everything if necessary
case rocket: no-op
case other: ...
There was a problem hiding this comment.
@vmarmol OK, I think container runtime interface should not hide the implicit killing/restart. Probably it's better to add some code to kubelet to handle different container runtime.
There was a problem hiding this comment.
Let me just hold this, and take a time to rethink. I will try for the preparePod, see how that looks :)
There was a problem hiding this comment.
If the runtime does do it implicitly I agree that it should set the readiness itself (or provide some information about the restarted containers). I don't want the Kubelet to do something different depending on the runtime so the approach you have today is preferred.
I will wait for your rethinking though :)
There was a problem hiding this comment.
@vmarmol Thank you. I am thinking that maybe we don't need to let container runtime manage the restart of the whole pod. Maybe we can figure out a way that let the containers restart during the reconciliation process.
For example:
docker.RunContainer() {
if needRestartPodInfraContainer {
restartPodInfraContainer()
invalidateRunningPod().
}
}
kubelet.syncPod()
for each container in runningPod:
restart := hashChanged || unhealthy || invalid
if restart {
restartContainer()
}
}
}
By this we can pull the ref, readiness, etc out :)
There was a problem hiding this comment.
@vmarmol I have spread thoughts here: #6100 (comment)
Think we can just go that way, still let container runtime to handle refs, readiness for now, but move them out of the RunContainer() or KillContainer(). We can come back to revisit this later. How do you think about that?
There was a problem hiding this comment.
I liked your suggestion to have the runtime do KillContainer() and handle KillPod() in the Kubelet for now. This will let is set readiness and record events. Is this what you had in mind?
There was a problem hiding this comment.
Let me put those together options together, just a second :)
|
Options to handle pod infra container:
func dockertools.RunContainer() {
if needToRecreatePodInfraContainer {
killAndRecreatedPodInfraContainer()
for each container in running pod {
killContainer()
}
}
runContainer()
}Pros: No additional logic for kubelet, kubelet just needs to compare the running containers with their desired states, the pod infra container will be recreated at the first run of RunContainer() if it's necessary.
func dockertools.RunContainer() {
if needToRecreatePodInfraContainer {
killAndRecreatedPodInfraContainer()
for each container in running pod {
container.Hash = SomeInvalidHash
}
}
runContainer()
}Pros: No additional logic for kubelet. Also no ref, readiness management for the container runtime.
switch container runtime choice {
case docker:
if needToRecreatePodInfraContainer {
killAndRecreatedPodInfraContainer()
re-listing the running pod
}
case rocket: no-op
case other: ...Pros: The interface of the container runtime can be simpler, and it does not need to deal with ref, readiness, etc. I think 2) or 3) is better than 1). |
|
@pmorie AFAIK Rocket creates a top-level "container" with namespaces and then runs other containers within that container. We'd configure the top-level as we do today for the pod infra and run the others similar to what we do today in Docker. |
|
@pmorie vmarmol /cc @jonboulle |
|
Not sure why I'm being CCed (I think Yifan is explaining things pretty well - pods are the fundamental execution unit in Rocket so it should be able to manage them natively without futzing around with infra containers), but let me know if there's anything I can clear up :-). |
|
Is this PR still relevant given our other discussions? |
|
@vmarmol So if we decide to take the |
|
Closing since we're moving elsewhere. Feel free to re-open or re-send when we get here. |
Following #6039
@vmarmol @dchen1107