-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kubeadm: Add kubelet instance configuration to configure CRI socket for each node #4658
base: master
Are you sure you want to change the base?
Conversation
HirazawaUi
commented
May 23, 2024
- One-line PR description: Add kubelet instance configuration to configure CRI socket for each node.
- Issue link: Add kubelet instance configuration to configure CRI socket for each node #4654
- Other comments:
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: HirazawaUi The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
746488e
to
53e0fb5
Compare
ddc3eb1
to
40a8912
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@HirazawaUi thanks for starting work on the KEP.
- the formatting is inconsistent. sometimes you use quotes around names sometimes not. some quotes are not closed. sometimes cri is not uppercase. please make everything consistent.
- we shouldn't talk about the --cri-scoket flag, you can instead just the kubeadm CRI socket option, the kubelet CRI socket option, the CRI socket node annotation
- this KEP has two important goals that are not so clear 1) don't write the --container-runtime-endpoint flag in the kubeadm-flags.env file 2) stop writing the annotation on the Node object, please make these clearer in the Goals section
- i think the plan for init/join/upgrade is not very clear across the different kubeadm versions until this feature graduates
feature freeze is in two weeks June 14th
https://github.com/kubernetes/sig-release/tree/master/releases/release-1.31
keps/sig-cluster-lifecycle/kubeadm/4656-add-instance-configuration/README.md
Outdated
Show resolved
Hide resolved
keps/sig-cluster-lifecycle/kubeadm/4656-add-instance-configuration/README.md
Outdated
Show resolved
Hide resolved
keps/sig-cluster-lifecycle/kubeadm/4656-add-instance-configuration/README.md
Outdated
Show resolved
Hide resolved
keps/sig-cluster-lifecycle/kubeadm/4656-add-instance-configuration/README.md
Outdated
Show resolved
Hide resolved
keps/sig-cluster-lifecycle/kubeadm/4656-add-instance-configuration/README.md
Outdated
Show resolved
Hide resolved
keps/sig-cluster-lifecycle/kubeadm/4656-add-instance-configuration/README.md
Outdated
Show resolved
Hide resolved
keps/sig-cluster-lifecycle/kubeadm/4656-add-instance-configuration/README.md
Outdated
Show resolved
Hide resolved
keps/sig-cluster-lifecycle/kubeadm/4656-add-instance-configuration/README.md
Outdated
Show resolved
Hide resolved
keps/sig-cluster-lifecycle/kubeadm/4656-add-instance-configuration/README.md
Outdated
Show resolved
Hide resolved
keps/sig-cluster-lifecycle/kubeadm/4656-add-instance-configuration/README.md
Outdated
Show resolved
Hide resolved
|
||
## Drawbacks | ||
|
||
## Alternatives |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
how about using a feature gate, and why is that not our first choice?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I initially thought that this feature would be invisible to ordinary users, and feature gate would increase its complexity (and I'm not sure whether it makes sense to use feature gate on kubeadm), so I implemented it in multiple versions to control version skew and compatibility.
If we use feature gate, then the Design Details
will become relatively simple. We only need to implement the feature and use feature gate to control whether it is enabled. There is no need to use multiple versions implemented to consider compatibility and version skew.
Let me think and redesign it based on feature gate.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if the feature gate is the main approach what alternatives do we have? this section "alternatives" must include one or more alternatives that are not the primary choice of the KEP.
55ea8f6
to
8b0eaf4
Compare
@neolit123 Thanks, I have fixed according to your suggestion. |
keps/sig-cluster-lifecycle/kubeadm/4656-add-instance-configuration/README.md
Outdated
Show resolved
Hide resolved
keps/sig-cluster-lifecycle/kubeadm/4656-add-instance-configuration/README.md
Outdated
Show resolved
Hide resolved
keps/sig-cluster-lifecycle/kubeadm/4656-add-instance-configuration/README.md
Outdated
Show resolved
Hide resolved
#3983 adds support for a drop-in kubelet configuration directory. It allows override the configuration for the Kubelet located at In this KEP, we may need to consider how to work well with the feature in the context of the kubeadm tool. |
i prefer to not mix core functionality in kubeadm with 3983, because kubeadm already has the patches mechanism and it's an older feature. if the user uses also 3983, those files will take precedence. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is getting in a better shape.
keps/sig-cluster-lifecycle/kubeadm/4656-add-instance-configuration/README.md
Outdated
Show resolved
Hide resolved
keps/sig-cluster-lifecycle/kubeadm/4656-add-instance-configuration/README.md
Outdated
Show resolved
Hide resolved
keps/sig-cluster-lifecycle/kubeadm/4656-add-instance-configuration/README.md
Outdated
Show resolved
Hide resolved
keps/sig-cluster-lifecycle/kubeadm/4656-add-instance-configuration/README.md
Outdated
Show resolved
Hide resolved
keps/sig-cluster-lifecycle/kubeadm/4656-add-instance-configuration/README.md
Outdated
Show resolved
Hide resolved
keps/sig-cluster-lifecycle/kubeadm/4656-add-instance-configuration/README.md
Outdated
Show resolved
Hide resolved
keps/sig-cluster-lifecycle/kubeadm/4656-add-instance-configuration/README.md
Outdated
Show resolved
Hide resolved
keps/sig-cluster-lifecycle/kubeadm/4656-add-instance-configuration/README.md
Outdated
Show resolved
Hide resolved
keps/sig-cluster-lifecycle/kubeadm/4656-add-instance-configuration/README.md
Outdated
Show resolved
Hide resolved
|
||
## Drawbacks | ||
|
||
## Alternatives |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if the feature gate is the main approach what alternatives do we have? this section "alternatives" must include one or more alternatives that are not the primary choice of the KEP.
0c9ff56
to
82459f9
Compare
@neolit123 ready for review. |
ping @neolit123, because the freeze is coming |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@HirazawaUi thank you for the updates.
i'm aware that we are approaching feature freeze but this KEP is not in a clear state.
and i'm the only reviewer.
ideally we should have another approver from the kubeadm OWNER file to also +1/-1 the plan.
keps/sig-cluster-lifecycle/kubeadm/4656-add-kubelet-instance-configuration/README.md
Outdated
Show resolved
Hide resolved
keps/sig-cluster-lifecycle/kubeadm/4656-add-kubelet-instance-configuration/README.md
Outdated
Show resolved
Hide resolved
keps/sig-cluster-lifecycle/kubeadm/4656-add-kubelet-instance-configuration/README.md
Outdated
Show resolved
Hide resolved
keps/sig-cluster-lifecycle/kubeadm/4656-add-kubelet-instance-configuration/README.md
Outdated
Show resolved
Hide resolved
keps/sig-cluster-lifecycle/kubeadm/4656-add-kubelet-instance-configuration/README.md
Outdated
Show resolved
Hide resolved
keps/sig-cluster-lifecycle/kubeadm/4656-add-kubelet-instance-configuration/README.md
Outdated
Show resolved
Hide resolved
|
||
* A new e2e test will be added by using the kinder tool. | ||
|
||
### Graduation Criteria |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so there is a problem with the KEP currently
feature gates have two states: TRUE and FALSE
but the "Design details" and "Graduation Criteria" sections are organized as we both using and not using a feature gate, which is confusing.
your doc should be organized like this:
- in "Design details" explain the new feature gate
- say in which releases it will be alpha, beta, GA
- explain when it will be enabled by default
- explain what happens when it's enabled and not enabled to the different kubeadm commands
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I made some changes, please check if this is what we expected.
keps/sig-cluster-lifecycle/kubeadm/4656-add-kubelet-instance-configuration/kep.yaml
Outdated
Show resolved
Hide resolved
|
||
* A new e2e test will be added by using the kinder tool. | ||
|
||
### Graduation Criteria |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this section Graduation Criteria must explain what is required for the feature to graduate to Beta and GA . there is no graduation to Alpha.
keps/sig-cluster-lifecycle/kubeadm/4656-add-kubelet-instance-configuration/README.md
Outdated
Show resolved
Hide resolved
Ok, if the current KEP can't be approved before the freeze, I will continue to push it in v1.32. |
82459f9
to
080c92f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall LGTM.
+1 for this approach. Sorry for the late response.
### Goals | ||
|
||
* kubeadm currently adds an annotation with the key `kubeadm.alpha.kubernetes.io/cri-socket` to each Node object. We will deprecate and remove it. | ||
* Provide an instance configuration file named `/var/lib/kubelet/instance-config.yaml` for each node, in which the `ContainerRuntimeEndpoint` field is defined. During the `kubeadm init/join/upgrade` process, the instance configuration will be read and the `ContainerRuntimeEndpoint` field in `/var/lib/kubelet/config.yaml` will be overwritten. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a naming question.
We have another file in the same dir named kubeadm-flags.env
. Should this file be named with kubeadm prefix?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I’m not sure if we should follow the same naming convention as kubeadm-flags.env, let’s hear what @neolit123 thinks.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
config.yaml is also kubeadm generated but is not prefixed with "kubeadm" 🤔
because of that i'm leaning towards using "instance-config.yaml", but happy to discuss more and hear more ideas around the naming.
|
||
- Gather feedback from developers and surveys. | ||
- Implement changes in kubeadm upgrade apply/node GA phase. | ||
- Update the phases documentation. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After GA, we may not add the old alpha annotation.
- We may deprecate the annotation in Beta?
We can keep the annotation if the node is upgraded from older version, and it can be removed manually if they want then.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can keep the annotation if the node is upgraded from older version, and it can be removed manually if they want then.
Yes, this is what we want to do, once the feature gate is enabled, we will not set the CRI socket annotation during kubeadm init/join
, nor remove it on upgrade.
So I think it has nothing to do with which phase we are in, because we already have feature gates to help us control version skew.
080c92f
to
e069c54
Compare