Skip to content

Fix that PodIP field is temporarily removed for a terminal pod #125404

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 15, 2024
Merged

Fix that PodIP field is temporarily removed for a terminal pod #125404

merged 1 commit into from
Jul 15, 2024

Conversation

mimowo
Copy link
Contributor

@mimowo mimowo commented Jun 10, 2024
edited
Loading

What type of PR is this?

/kind bug
/kind regression

What this PR does / why we need it:

Additionally, due to the bug there is one more unnecessary API call sent by Kubelet.

Which issue(s) this PR fixes:

Fixes #125370

Special notes for your reviewer:

apiVersion: batch/v1
kind: Job
metadata:
  name: pi
spec:
  template:
    spec:
      containers:
      - name: pi
        image: howardjohn/shell
        command:
        - bash
        - -c
        - |
          sleep 3
          exit 0
      restartPolicy: Never
  backoffLimit: 1

Output to > kubectl get pod -w -ocustom-columns=NAME:.metadata.name,PHASE:.status.phase,IP:.status.podIP | ts "%Y-%m-%d %H:%M:%.S":
before:

2024-06-10 09:43:05.083475 NAME       PHASE     IP
2024-06-10 09:43:05.083657 pi-bslsx   Pending   <none>
2024-06-10 09:43:05.087107 pi-bslsx   Pending   <none>
2024-06-10 09:43:05.095358 pi-bslsx   Pending   <none>
2024-06-10 09:43:07.197929 pi-bslsx   Running   10.244.1.21
2024-06-10 09:43:10.203104 pi-bslsx   Running   10.244.1.21
2024-06-10 09:43:11.324259 pi-bslsx   Succeeded   <none>
2024-06-10 09:43:12.208545 pi-bslsx   Succeeded   10.244.1.21
2024-06-10 09:43:12.219699 pi-bslsx   Succeeded   10.244.1.21

after fix (note there is no extra API status update):

2024-06-10 09:38:16.270212 NAME       PHASE     IP
2024-06-10 09:38:16.270374 pi-xgtw6   Pending   <none>
2024-06-10 09:38:16.275953 pi-xgtw6   Pending   <none>
2024-06-10 09:38:16.283406 pi-xgtw6   Pending   <none>
2024-06-10 09:38:17.954194 pi-xgtw6   Running   10.244.1.20
2024-06-10 09:38:20.960806 pi-xgtw6   Running   10.244.1.20
2024-06-10 09:38:22.130329 pi-xgtw6   Succeeded   10.244.1.20
2024-06-10 09:38:22.974978 pi-xgtw6   Succeeded   10.244.1.20

Note that the last status update in both cases is the removal of the Job finalizer.

Some questions potential questions based on my priv chats:

  1. why in the broken version the last status update contains the IP?
    This is because the last status update is triggered by syncTerminatedPod which generates the apiPodStatus based on the podStatus which is passed from the cache in pod_workers. In contrary, the status update triggered by syncTerminating pods was just based on the container runtime containerRuntime.GetPodStatus.
  2. Why does the container runtime not populate the IP information for stopped pods?
    Because of the explicit check for SANDBOX_READY here
  3. Why does the podStatus cache contains the IP information when syncTerminatedPod is called. Because it gets updated inside updateCache. Note that, in that case we also fallback to oldPodStatus.IP for stopped containers, see here.
  4. Are there more fields that need to be copied?
    It seems not. When calling containerRuntime.GetPodStatus on a stopped pod all fields except for podStatus except for IP and Timestamp are returned. The Timestamp field seems only be used when storing in cache, see here, and here . However, we don't store this status in cache.
  5. Why copy the information at the podStatus (*kubecontainer.PodStatus) level, not at the apiPodStatus (v1.PodStatus) level?
    Both would work, but adjusting the underlying structure is less code (single field vs two), and keeps them consistent as commented here
  6. Is a more generic approach possible, rather than fixing a specific field?
    Possibly, we could fallback the IPs inside generateAPIPodStatus or convertStatusToAPIStatus, which also have access to oldPodStatus, containing the IPs, but this would affect many more code paths. The proposed fix is minimal to only fix the new status update introduced in Give terminal phase correctly to all pods that will not be restarted #115331: https://github.com/kubernetes/kubernetes/pull/115331/files#diff-67dd9e8f3ee257072765326cb4f242852554a2c0753563fa51e292c0a63a7b94R2022
  7. Why after the fix there is one less status update? Because kubelet skips sending status update if there is no difference (skips sending patch if empty inside PatchPodStatus). The only difference between the 2 status updates triggered by syncTerminatingPod and syncTerminatedPod was the presence of the IP fields, so syncTerminatedPod is skipped.

Does this PR introduce a user-facing change?

Fix the bug where PodIP field is temporarily removed for a terminal pod

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. kind/bug Categorizes issue or PR as related to a bug. kind/regression Categorizes issue or PR as related to a regression from a prior release. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Jun 10, 2024
@k8s-ci-robot k8s-ci-robot added area/kubelet area/test sig/node Categorizes an issue or PR as relevant to SIG Node. sig/testing Categorizes an issue or PR as relevant to SIG Testing. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Jun 10, 2024
@mimowo mimowo mentioned this pull request Jun 10, 2024
Closed
@ffromani
Copy link
Contributor

/triage accepted
/priority important-soon

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Jun 10, 2024
@mimowo
Copy link
Contributor Author

mimowo commented Jun 10, 2024

cc @bobbypage

ffromani
ffromani reviewed Jun 10, 2024
View reviewed changes
Copy link
Contributor

@ffromani ffromani left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

/cc @aojea

@k8s-ci-robot k8s-ci-robot requested a review from aojea June 10, 2024 07:48
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 10, 2024
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: 87e79b63ca3f4f611a434e8cf4f88260d03e40ea

@ffromani
Copy link
Contributor

/hold

waiting for review from @bobbypage - feel free to remove anytime

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jun 10, 2024
@mimowo
Copy link
Contributor Author

mimowo commented Jun 10, 2024

/test pull-kubernetes-unit
Seems like an unrelated flake in unit tests, opened issue: #125406

@mimowo mimowo force-pushed the fix-kubelet-podip branch from 338edd4 to 66eccac Compare July 9, 2024 18:17
smarterclayton
smarterclayton reviewed Jul 12, 2024
View reviewed changes
@smarterclayton
Copy link
Contributor

/approve

LGTM but will let David or Sergey drive the final ack.

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: aojea, mimowo, smarterclayton

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 12, 2024
@mimowo
Copy link
Contributor Author

mimowo commented Jul 12, 2024

Thank you, so the remaining question is about cherry-pick. I'm not sure we have enough signal based on #125370 (comment). However, I would vote for it because:

  1. it is a regression
  2. the behavior when IP gets lost for one request and returns back will be confusing for debugging, like oncalling
  3. there is one request to the API server per pod lifetime to gain
  4. the change is small so the risk is minimal

@aojea
Copy link
Member

aojea commented Jul 12, 2024

@mimowo you may need to squash the commits for the backport

LGTM , defer to @SergeyKanzhelev final lgtm

I'm +1 on the backport because the fix is contained and there are a lot of informers that depend on PodIPs field, missing the field can lead to corner and complex cases

@mimowo mimowo force-pushed the fix-kubelet-podip branch from 66eccac to 5f1ab75 Compare July 12, 2024 19:36
@mimowo
Copy link
Contributor Author

mimowo commented Jul 12, 2024

@mimowo you may need to squash the commits for the backport

Thanks! done

@aojea
Copy link
Member

aojea commented Jul 12, 2024

/assign @SergeyKanzhelev @bobbypage

@SergeyKanzhelev
Copy link
Member

/lgtm

thank you!

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 15, 2024
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: 678395c1479986fbbefeb59c1087a7a91c0fb5bc

@k8s-ci-robot k8s-ci-robot merged commit 5427708 into kubernetes:master Jul 15, 2024
14 of 15 checks passed
@k8s-ci-robot k8s-ci-robot added this to the v1.31 milestone Jul 15, 2024
This was referenced Jul 16, 2024
Merged
Merged
Merged
Closed
@mimowo
Copy link
Contributor Author

mimowo commented Jul 16, 2024

Thank you! I have prepared the cherry-picks for review since 1.27 when the regression started, even though 1.27 is EOL currently. It probably does not hurt to cherry-pick there, otherwise I will just close that PR.

@rphillips rphillips mentioned this pull request Jul 16, 2024
Merged
This was referenced Jul 16, 2024
Closed
Closed
k8s-ci-robot added a commit that referenced this pull request Jul 17, 2024
@k8s-ci-robot
Merge pull request #126115 from mimowo/automated-cherry-pick-of-#1254…
105481d 
…04-upstream-release-1.30

Automated cherry pick of #125404: Fix that PodIP field is not set for terminal pod
k8s-ci-robot added a commit that referenced this pull request Jul 17, 2024
@k8s-ci-robot
Merge pull request #126116 from mimowo/automated-cherry-pick-of-#1254…
ce743fa 
…04-upstream-release-1.29

Automated cherry pick of #125404: Fix that PodIP field is not set for terminal pod
k8s-ci-robot added a commit that referenced this pull request Jul 17, 2024
@k8s-ci-robot
Merge pull request #126117 from mimowo/automated-cherry-pick-of-#1254…
2fb5847 
…04-upstream-release-1.28

Automated cherry pick of #125404: Fix that PodIP field is not set for terminal pod
@SergeyKanzhelev SergeyKanzhelev mentioned this pull request Aug 5, 2024
Merged
25 tasks
@mimowo mimowo deleted the fix-kubelet-podip branch January 31, 2025 11:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smarterclayton smarterclayton smarterclayton left review comments

@mtaufen mtaufen Awaiting requested review from mtaufen

@saschagrunert saschagrunert Awaiting requested review from saschagrunert

@ffromani ffromani Awaiting requested review from ffromani

@shaneutt shaneutt Awaiting requested review from shaneutt

@bobbypage bobbypage Awaiting requested review from bobbypage

+3 more reviewers

@aojea aojea aojea left review comments

@SergeyKanzhelev SergeyKanzhelev SergeyKanzhelev left review comments

@tallclair tallclair tallclair left review comments

Reviewers whose approvals may not affect merge requirements
Assignees

@bobbypage bobbypage

@SergeyKanzhelev SergeyKanzhelev

@ffromani ffromani

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/kubelet area/test cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. kind/regression Categorizes issue or PR as related to a regression from a prior release. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/node Categorizes an issue or PR as relevant to SIG Node. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
SIG Node: code and documentation PRs
Archived in project
Milestone
v1.31
Development

Successfully merging this pull request may close these issues.

Pod IP temporarily removed from status when pod transitions to a terminal state
10 participants
@mimowo @ffromani @k8s-ci-robot @bobbypage @Vyom-Yadav @aojea @shaneutt @smarterclayton @SergeyKanzhelev @tallclair