fix(executor): Handle sidecar killing in a process-namespace-shared pod #4575
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Daisuke Taniwaki <daisuketaniwaki@gmail.com>
dtaniwaki
commented
Nov 20, 2020
| @@ -80,6 +80,9 @@ func TerminatePodWithContainerID(c KubernetesClientInterface, containerID string | |||
| log.Infof("Container %s is already terminated: %v", container.ContainerID, container.State.Terminated.String()) | |||
| return nil | |||
| } | |||
| if pod.Spec.ShareProcessNamespace != nil && *pod.Spec.ShareProcessNamespace { | |||
| return fmt.Errorf("cannot terminate a process-namespace-shared Pod %s", pod.Name) | |||
There was a problem hiding this comment.
If it immediately returns an error here, the wait container exit with 0 and the pod succeeds. It's also the same in other error returns in this method too. Was it expected behavior?
There was a problem hiding this comment.
Added a unit test of this method. I think we should have e2e tests for all the executors. If we had, this functional test had found the problem.
There was a problem hiding this comment.
We have e2e smoke test for 3 of the executors?
There was a problem hiding this comment.
Ah, you're right. The problem occurs on the combination of k8sapi and shareProcessNamespace.
Signed-off-by: Daisuke Taniwaki <daisuketaniwaki@gmail.com>
alexec
approved these changes
Nov 23, 2020
|
LGTM |
alexcapras
pushed a commit
to alexcapras/argo
that referenced
this pull request
Dec 2, 2020
Signed-off-by: github@finnesand.no <github@finnesand.no> feat(ui): Add Template/Cron workflow filter to workflow page. Closes argoproj#4532 (argoproj#4543) Signed-off-by: Tianchu Zhao <evantczhao@gmail.com> feat(executor): Auto create s3 bucket if not present. Signed-off-by: Alex Capras <alexcapras@gmail.com> Apply codegen Signed-off-by: Alex Capras <alexcapras@gmail.com> Add argo-e2e label to test wf Signed-off-by: Alex Capras <alexcapras@gmail.com> chore: Updated stress test YAML (argoproj#4569) Signed-off-by: Alex Collins <alex_collins@intuit.com> docs: Updated kubectl apply command in manifests README (argoproj#4577) Signed-off-by: Stefan Gloutnikov <stefan@gloutnikov.com> feat(controller): Make MAX_OPERATION_TIME configurable. Close argoproj#4239 (argoproj#4562) Signed-off-by: Alex Collins <alex_collins@intuit.com> docs: Fix a typo in example (argoproj#4590) Signed-off-by: Takayoshi Nishida <takayoshi.nishida@gmail.com> feat(controller): Retry transient offload errors. Resolves argoproj#4464 (argoproj#4482) Signed-off-by: Alex Collins <alex_collins@intuit.com> fix(server): use the correct name when downloading artifacts (argoproj#4579) Signed-off-by: Daniel Herman <dherman@factset.com> fix(server): serve artifacts directly from disk to support large artifacts (argoproj#4589) Signed-off-by: Daniel Herman <dherman@factset.com> fix(executor): Handle sidecar killing in a process-namespace-shared pod (argoproj#4575) Signed-off-by: Daisuke Taniwaki <daisuketaniwaki@gmail.com> docs: Add JSON schema for IDE validation (argoproj#4581) Signed-off-by: Paul Brabban <paul.brabban@gmail.com> refactor: Use polling model for workflow phase metric (argoproj#4557) Signed-off-by: Simon Behar <simbeh7@gmail.com> Addressing reviewers comments Signed-off-by: Alex Capras <alexcapras@gmail.com> Addressing reviewers comments docs: Minor typo fix (argoproj#4610) Signed-off-by: Paavo Pokkinen <paavo.pokkinen@vaimo.com> fix(controller): Prevent tasks with names starting with digit to use either 'depends' or 'dependencies' (argoproj#4598) Signed-off-by: terrytangyuan <terrytangyuan@gmail.com> fix(docs): Bring minio chart instructions up to date (argoproj#4586) Signed-off-by: Ranga Krishnan <ranga@bei.re> fix(executor): Fixed waitMainContainerStart returning prematurely. Closes argoproj#4599 (argoproj#4601) Signed-off-by: fsiegmund <siegmund@slb.com> feat(controller): Enhanced artifact repository ref. See argoproj#3184 (argoproj#4458) Signed-off-by: Alex Collins <alex_collins@intuit.com> fix: Null check pagination variable (argoproj#4617) Signed-off-by: Simon Behar <simbeh7@gmail.com> fix: Perform fields filtering server side (argoproj#4595) Signed-off-by: Simon Behar <simbeh7@gmail.com> fix(server): Correct webhook event payload marshalling. Fixes argoproj#4572 (argoproj#4594) Signed-off-by: Alex Collins <alex_collins@intuit.com> feat(ui): Add columns--narrower-height to AttributeRow (argoproj#4371) fix: Fix TestCleanFieldsExclude (argoproj#4625) Signed-off-by: Simon Behar <simbeh7@gmail.com> fix(argo-server): fix global variable validation error with reversed dag.tasks (argoproj#4369) Signed-off-by: chenyu.zheng <chenyu.zheng@hulu.com> fix: derive jsonschema and fix up issues, validate examples dir… (argoproj#4611) Signed-off-by: Paul Brabban <paul.brabban@gmail.com> fix(ui): Reference secrets in EnvVars. Fixes argoproj#3973 (argoproj#4419) Signed-off-by: Alejandro Tejera <aletepe@gmail.com> fix(ui): Fix Snyk issues (argoproj#4631) Signed-off-by: Alex Collins <alex_collins@intuit.com> feat(executor): More informative log when executors do not support output param from base image layer (argoproj#4620) Signed-off-by: terrytangyuan <terrytangyuan@gmail.com> Codegen patch. Signed off by alexcapras@gmail.com Codegen patch. Signed off by alexcapras@gmail.com Delete test.patch
alexcapras
pushed a commit
to alexcapras/argo
that referenced
this pull request
Dec 2, 2020
Signed-off-by: github@finnesand.no <github@finnesand.no> feat(ui): Add Template/Cron workflow filter to workflow page. Closes argoproj#4532 (argoproj#4543) Signed-off-by: Tianchu Zhao <evantczhao@gmail.com> feat(executor): Auto create s3 bucket if not present. Signed-off-by: Alex Capras <alexcapras@gmail.com> Apply codegen Signed-off-by: Alex Capras <alexcapras@gmail.com> Add argo-e2e label to test wf Signed-off-by: Alex Capras <alexcapras@gmail.com> chore: Updated stress test YAML (argoproj#4569) Signed-off-by: Alex Collins <alex_collins@intuit.com> docs: Updated kubectl apply command in manifests README (argoproj#4577) Signed-off-by: Stefan Gloutnikov <stefan@gloutnikov.com> feat(controller): Make MAX_OPERATION_TIME configurable. Close argoproj#4239 (argoproj#4562) Signed-off-by: Alex Collins <alex_collins@intuit.com> docs: Fix a typo in example (argoproj#4590) Signed-off-by: Takayoshi Nishida <takayoshi.nishida@gmail.com> feat(controller): Retry transient offload errors. Resolves argoproj#4464 (argoproj#4482) Signed-off-by: Alex Collins <alex_collins@intuit.com> fix(server): use the correct name when downloading artifacts (argoproj#4579) Signed-off-by: Daniel Herman <dherman@factset.com> fix(server): serve artifacts directly from disk to support large artifacts (argoproj#4589) Signed-off-by: Daniel Herman <dherman@factset.com> fix(executor): Handle sidecar killing in a process-namespace-shared pod (argoproj#4575) Signed-off-by: Daisuke Taniwaki <daisuketaniwaki@gmail.com> docs: Add JSON schema for IDE validation (argoproj#4581) Signed-off-by: Paul Brabban <paul.brabban@gmail.com> refactor: Use polling model for workflow phase metric (argoproj#4557) Signed-off-by: Simon Behar <simbeh7@gmail.com> Addressing reviewers comments Signed-off-by: Alex Capras <alexcapras@gmail.com> Addressing reviewers comments docs: Minor typo fix (argoproj#4610) Signed-off-by: Paavo Pokkinen <paavo.pokkinen@vaimo.com> fix(controller): Prevent tasks with names starting with digit to use either 'depends' or 'dependencies' (argoproj#4598) Signed-off-by: terrytangyuan <terrytangyuan@gmail.com> fix(docs): Bring minio chart instructions up to date (argoproj#4586) Signed-off-by: Ranga Krishnan <ranga@bei.re> fix(executor): Fixed waitMainContainerStart returning prematurely. Closes argoproj#4599 (argoproj#4601) Signed-off-by: fsiegmund <siegmund@slb.com> feat(controller): Enhanced artifact repository ref. See argoproj#3184 (argoproj#4458) Signed-off-by: Alex Collins <alex_collins@intuit.com> fix: Null check pagination variable (argoproj#4617) Signed-off-by: Simon Behar <simbeh7@gmail.com> fix: Perform fields filtering server side (argoproj#4595) Signed-off-by: Simon Behar <simbeh7@gmail.com> fix(server): Correct webhook event payload marshalling. Fixes argoproj#4572 (argoproj#4594) Signed-off-by: Alex Collins <alex_collins@intuit.com> feat(ui): Add columns--narrower-height to AttributeRow (argoproj#4371) fix: Fix TestCleanFieldsExclude (argoproj#4625) Signed-off-by: Simon Behar <simbeh7@gmail.com> fix(argo-server): fix global variable validation error with reversed dag.tasks (argoproj#4369) Signed-off-by: chenyu.zheng <chenyu.zheng@hulu.com> fix: derive jsonschema and fix up issues, validate examples dir… (argoproj#4611) Signed-off-by: Paul Brabban <paul.brabban@gmail.com> fix(ui): Reference secrets in EnvVars. Fixes argoproj#3973 (argoproj#4419) Signed-off-by: Alejandro Tejera <aletepe@gmail.com> fix(ui): Fix Snyk issues (argoproj#4631) Signed-off-by: Alex Collins <alex_collins@intuit.com> feat(executor): More informative log when executors do not support output param from base image layer (argoproj#4620) Signed-off-by: terrytangyuan <terrytangyuan@gmail.com> Codegen patch. Signed off by alexcapras@gmail.com Codegen patch. Signed off by alexcapras@gmail.com Delete test.patch Signed-off-by: Alex Capras <alexcapras@gmail.com>
alexec
pushed a commit
that referenced
this pull request
Dec 3, 2020
…od (#4575) Signed-off-by: Daisuke Taniwaki <daisuketaniwaki@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Checklist:
I found sending
SIGTERMfails to stop a container ifshareProcessNamespace: trueis set with the k8sapi executor because the PID of a container isn't1. I understand it doesn't make sense using the option without the pns executor, but my company's cluster forcibly setshareProcessNamespace: truebut we haven't evaluated the pns executor yet. We should at least report the invalid option to users.I also improved error messages during sidecar killing.