Redesign mount propagation #659
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
|
@jsafrane: These labels do not exist in this repository: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
For alpha annotation, I know there is attempt to have real fields in alpha in https://docs.google.com/document/d/1wuoSqHkeT51mQQ7dIFhUKrdi3-1wbKrNWeIL4cKb9zU/edit#, but it seems it has not been implemented yet. Alpha annotation is still described as preferred way to introduce new fields in https://github.com/kubernetes/community/blob/master/contributors/devel/api_changes.md |
|
We discussed at sig-node meeting, and agreed with the redesign the proposal scope. But this feature is not targeted for 1.7 release. |
|
This is required change for openstack-on-kubernetes too. Could we please add sig-openstack to this review? |
|
+1 for sig-openstack. I would also greatly benefit from it for some high energy physics work I do. If the patch set is ready for 1.7 will it go in? Is there anything I can do to help get it ready faster? |
|
This is also required for local volume provisioner. The provisioner is running as a daemonset to monitor local volume and post PV to kubernetes. To correctly detect volume capacity, the daemonset pod must mount hostpath (path where volume is detected) as rshared. Are we targeting alpha in 1.8 now? |
|
yes, we missed 1.7 |
|
Thanks for confirm. I'd be happy to test it out when implementation is out. |
|
I updated the PR with the latest development:
|
jsafrane
force-pushed
the
fix-shared-propagation
branch
from
8536f25
to
cd1a7dd
Compare
| it will be marked as deprecated from the beginning. | ||
| Developers / testers can enable it in their clusters manually. | ||
| Mount propagation may be redesigned or even removed in any future release. | ||
| * The default mount propagation will be `rslave`, which is different to current |
There was a problem hiding this comment.
Earlier, it says the default is private, to not break backwards compatiblity. Why is it rslave here?
There was a problem hiding this comment.
thanks for spotting this, the default should be rslave, which should not break backward compatibility (testing needed!) and enables this use case kubernetes/kubernetes#46444 (comment)
jsafrane
force-pushed
the
fix-shared-propagation
branch
from
cd1a7dd
to
041526e
Compare
|
Ping. What is the status of getting this into 1.8? I don't see it marked for 1.8. I'm stuck on k8s 1.4 currently, as I need this kind of functionality and docker 1.9 is the last version to default mounts to shared and k8s 1.4 is the last version to support docker 1.9. I would be happy if this was merged but hidden behind an experimental flag or something, just so those of us that need to make forward progress can do so. |
|
ping |
|
@jsafrane It would indeed be nice to have this as alpha in v1.8 |
|
@luxas, all that's missing is review of #46444 |
jsafrane
force-pushed
the
fix-shared-propagation
branch
from
041526e
to
60a34d4
Compare
|
/lgtm We discussed this design in a meeting on Monday July 24. I am fine with this. One thing I just remembered is that there is a pending design to add "HostPathType" to hostpath volumesource: kubernetes/kubernetes#46597 |
k8s-ci-robot
added
the
lgtm
|
@saad-ali |
|
@timstclair was there any discussion about feature gate vs --exeprimental cmdline argument? I am happy with both, I just need a decision. |
So, let there be type LinuxVolume struct {
MountPropagation string
WrappedVolume *VolumeSource
}
type VolumeSource struct {
... aws, gce, hostPath, emptyDir, git, ...
LinuxVolume *LinuxVolumeSource
}
In my world, |
|
I agree. Properties on how something gets mounted is a totally different thing than what the thing storing the data is. hostPath, emptyDir, etc will need the flag. not, recreate volume types for rsharedHostPath and rsharedEmptyDir. Once namedEmptyDir becomes a thing, it will want it too. |
|
@thockin yeah, I get the desire for a correct api. Totally a good thing to get right. Just saying, for an alpha, getting it perfect is not so critical. I'm totally fine accepting the risk of writing software against an api that is expected to drastically change in future releases. That part is easy. Living without this feature is really really hard. I'm facing a 1.4 -> 1.8 migration path already, with broken steps in between. :/ Several of these releases are already unsupported. As for openstack on k8s, it can't really be a complete thing until this feature merges in some form or another. Neutron really needs it. |
| * Node conformance suite will check that mount propagation in /var/lib/kubelet | ||
| works. | ||
| * During alpha, all the behavior above must be explicitly enabled by | ||
| `kubelet --feature-gates=MountPropagation=true` |
There was a problem hiding this comment.
ICYMI
Field gate proposal: #869
| @@ -73,13 +79,18 @@ type VolumeMount struct { | |||
| // Required. | |||
| MountPath string `json:"mountPath"` | |||
| // Optional. | |||
| Propagation string `json:"propagation"` | |||
| Propagation PropagationMode `json:"propagation,omitempty"` | |||
There was a problem hiding this comment.
This field name is very vague. So is the file name, by the way. Propagation of what? In what direction?
There was a problem hiding this comment.
This field name is very vague... Propagation of what? In what direction?
Renamed to MountPropagation with more documentation around. Still, I don't want to put whole kernel documentation there.
So is the file name
What file name?
|
This change is |
jsafrane
force-pushed
the
fix-shared-propagation
branch
from
f67efc3
to
272c49b
Compare
|
We had a productive meeting yesterday with @thockin and @saad-ali and we're back at "Add an option in VolumeMount API".
I did more edits describing what exactly will be in alpha, see the last commit. @bgrant0607, can you please look at the API again? PR with Kubernetes changes will follow very shortly to catch 1.8 |
jsafrane
force-pushed
the
fix-shared-propagation
branch
from
272c49b
to
7a2b2f7
Compare
|
Revised proposal: /lgtm Thanks @jsafrane |
k8s-github-robot
added
size/L
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
Automatic merge from submit-queue |
|
Github notifications are useless :-( |
Automatic merge from submit-queue (batch tested with PRs 45724, 48051, 46444, 51056, 51605) Mount propagation in kubelet Together with #45724 it implements mount propagation as proposed in kubernetes/community#659 There is: - New alpha annotation that allows user to explicitly set propagation mode for each `VolumeMount` in pod containers (to be replaced with real `VolumeMount.Propagation` field during beta) + validation + tests. "Private" is the default one (= no change to existing pods). I know about proposal for real API fields for alpha feature in https://docs.google.com/document/d/1wuoSqHkeT51mQQ7dIFhUKrdi3-1wbKrNWeIL4cKb9zU/edit, but it seems it's not implemented yet. It would save me quite lot of code and ugly annotation. - Updated CRI API to transport chosen propagation to Docker. - New `kubelet --experimental-mount-propagation` option to enable the previous bullet without modifying types.go (worked around with changing `KubeletDeps`... not nice, but it's better than adding a parameter to `NewMainKubelet` and removing it in the next release...) ```release-note kubelet has alpha support for mount propagation. It is disabled by default and it is there for testing only. This feature may be redesigned or even removed in a future release. ``` @derekwaynecarr @dchen1107 @kubernetes/sig-node-pr-reviews
Automatic merge from submit-queue (batch tested with PRs 60476, 62462, 61391, 62535, 62394). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Private mount propagation This PR changes the default mount propagation from "rslave" (newly added in 1.10) to "private" (default in 1.9 and before). "rslave" as default causes regressions, see below. Value `"None"` has to be added to `MountPropagationMode` enum in API ("I don't want any propagation at all"), which translates to "private" on Linux. [We did not have use cases for it](kubernetes/community#659 (comment)), but we have them now. **Which issue(s) this PR fixes** Fixes #62397, fixes #62396 **Special notes for your reviewer**: CRI already has an option for private mount propagation in volumes, however it's called "PRIVATE", while Kubernetes API value is "None". I did not change PRIVATE to NONE to keep the interface stable. See `kubelet_pods.go`. **Release note**: ```release-note Default mount propagation has changed from "HostToContainer" ("rslave" in Linux terminology) to "None" ("private") to match the behavior in 1.9 and earlier releases. "HostToContainer" as a default caused regressions in some pods. ``` /sig storage /sig node
Automatic merge from submit-queue (batch tested with PRs 60476, 62462, 61391, 62535, 62394). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Private mount propagation This PR changes the default mount propagation from "rslave" (newly added in 1.10) to "private" (default in 1.9 and before). "rslave" as default causes regressions, see below. Value `"None"` has to be added to `MountPropagationMode` enum in API ("I don't want any propagation at all"), which translates to "private" on Linux. [We did not have use cases for it](kubernetes/community#659 (comment)), but we have them now. **Which issue(s) this PR fixes** Fixes #62397, fixes #62396 **Special notes for your reviewer**: CRI already has an option for private mount propagation in volumes, however it's called "PRIVATE", while Kubernetes API value is "None". I did not change PRIVATE to NONE to keep the interface stable. See `kubelet_pods.go`. **Release note**: ```release-note Default mount propagation has changed from "HostToContainer" ("rslave" in Linux terminology) to "None" ("private") to match the behavior in 1.9 and earlier releases. "HostToContainer" as a default caused regressions in some pods. ``` /sig storage /sig node Kubernetes-commit: 92065407b783a6de56ce181967c2a7778aa6521a
Automatic merge from submit-queue Redesign mount propagation The proposal won't work as it was merged, it makes too many directories as shared (see kubernetes#648). A different approach is needed, I've chosen 'Add an option in VolumeMount API', but I would be fine also with 'Add an option in HostPathVolumeSource', there is only very small difference to me. The proposal also describes how it will be implemented, especially during alpha phase. Fixes kubernetes#648 @kubernetes/sig-node-proposals @kubernetes/sig-storage-proposals
Signed-off-by: Zou Nengren <zouyee1989@gmail.com>
The proposal won't work as it was merged, it makes too many directories as shared (see #648).
A different approach is needed, I've chosen 'Add an option in VolumeMount API', but I would be fine also with 'Add an option in HostPathVolumeSource', there is only very small difference to me.
The proposal also describes how it will be implemented, especially during alpha phase.
Fixes #648
@kubernetes/sig-node-proposals @kubernetes/sig-storage-proposals