Add blog post for PodHasNetwork condition #36197
Conversation
k8s-ci-robot
added
cncf-cla: yes
k8s-ci-robot
added
language/en
✅ Pull request preview available for checkingBuilt without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify site settings. |
k8s-ci-robot
added
the
lgtm
|
LGTM label has been added. Git tree hash: 8b7ca860043ea81551160a40e885292995009efa
|
|
/retitle Add blog post for PodHasNetwork condition |
k8s-ci-robot
changed the title
ddebroy
force-pushed
the
podHasNetworkBlog2
branch
from
08b0ca2
to
ba5f4a8
Compare
k8s-ci-robot
removed
the
lgtm
ddebroy
force-pushed
the
podHasNetworkBlog2
branch
from
ba5f4a8
to
8df6acd
Compare
|
/lgtm Tweaks welcome (either before merge, or afterwards) |
k8s-ci-robot
added
the
lgtm
|
LGTM label has been added. Git tree hash: a30ccee5f224329a523dd385d9dffaecc70722c3
|
ddebroy
force-pushed
the
podHasNetworkBlog2
branch
from
8df6acd
to
dd2305b
Compare
k8s-ci-robot
removed
the
lgtm
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
LGTM label has been added. Git tree hash: ffab27cc705a287edc4733dff0810ce611d2febe
|
| accurate data around when the pod runtime sandbox was initialized with | ||
| networking configured so that the kubelet can proceed to launch user-configured | ||
| containers (including init containers) in the pod. | ||
|
|
There was a problem hiding this comment.
| Additionally, some cloud providers may attach additional network interface(s) to the network namespace of a pod, via CNI, some time after the pod is up and running with a loopback interface. In this case the `PodHasNetwork` condition may not reflect whether all network interfaces of the pod are initialized. | |
There was a problem hiding this comment.
if you think this needs more clarification in the general context for most pod lifecycles .. feel free to leave it out.. we can discuss further
There was a problem hiding this comment.
Is this special behavior strictly something that happens in the cloud? (could an on-prem cluster do something similar?)
If we're adding text here, we could make it clear that PodHasNetwork means that for each configured address family, the kubelet sees that [the one IP address that a conformant network plugin should set up for that address family] is configured and up.
Would need better wording than mine, mind!
There was a problem hiding this comment.
I had a brief sync about this with Mike yesterday. My understanding is what Mike described above could be possible if some other (privileged) node agent aside from the Kubelet is configuring things in the network namespace of the pod out-of-band from Kubelet's pod sandbox bring-up and network configuration through CRI (i.e. outside of the Kubelet runtime => CRI => Runtime (containerd/crio/etc) => CNI => CNI plugins flow). I will make a note of this.
There was a problem hiding this comment.
FYI: CRI (or wider - cloud providers, as suggested by @mikebrow) can do anything it/they want at any point of pod lifecycle. it can call a cni plugin, or multiple of them, or whatever it wants. but that's out of the scope of the description of "kubernetes contract".
i didn't yet red the mentioned KEP so i'm not touching the topic how the data should be explained, but looking on @mikebrow description i would expect that PodHasNetwork will be only describing status of the default network connectivity, ignoring all "whathever will cri call/setup" things which are not the default access to kubeapi network things (like e.g. what is hold in extensions under the https://github.com/k8snetworkplumbingwg/ meaning, or more precisely under the https://docs.google.com/document/d/1Ny03h6IDVy_e_vmElOqR7UdTPAG_RNydhVE1Kx54kFQ/edit#heading=h.hylsbqoj5fxd extension)
There was a problem hiding this comment.
Clarified this. For reference, https://github.com/maiqueb/multus-dynamic-networks-controller appears to be a concrete PoC implementation of what was being referred to above.
|
@ddebroy would you have capacity to update this based on feedback so far? |
|
Yes, I will be addressing all the outstanding feedback by EoD. |
|
/assign |
ddebroy
force-pushed
the
podHasNetworkBlog2
branch
from
dd2305b
to
384a733
Compare
k8s-ci-robot
removed
the
lgtm
Signed-off-by: Deep Debroy <ddebroy@gmail.com>
ddebroy
force-pushed
the
podHasNetworkBlog2
branch
from
384a733
to
2c0be33
Compare
|
All comments and feedback above have been addressed. |
|
@aojea did you want to check this further? |
I don't have enough knowledge of the feature to judge, but it seems to correctly match the KEP, sig-network and CNI implementors will follow up and try to give more feedback for the next stages |
| @@ -0,0 +1,123 @@ | |||
| --- | |||
| layout: blog | |||
| title: 'Kubernetes 1.25: PodHasNetwork condition for pods' | |||
There was a problem hiding this comment.
nit:
| title: 'Kubernetes 1.25: PodHasNetwork condition for pods' | |
| title: 'Kubernetes 1.25: PodHasNetwork Condition for Pods' |
|
LGTM label has been added. Git tree hash: 64187c5cb755f36fb7abbaa6fe008055df21f53c
|
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: sftim The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
per example, I just noticed that pod with hostNetwork true are not covered |
I think this is OK to publish as-is. We (blog team) could also accept a PR to tweak things, so long as @ddebroy doesn't object. It's also OK to update after publication; for that situation, I like to mark that there's been an update. |
|
ah, no, it was not directed to the blog post, I just realized that is a follow up on this feature, I didn't find it covered 😄 |
| configuration by a container runtime (typically in coordination with CNI | ||
| plugins). The kubelet starts to pull container images and start individual | ||
| containers (including init containers) after the status of the `PodHasNetwork` | ||
| condition is set to `True`. Metrics collection services that report latency of |
There was a problem hiding this comment.
(nit)
| condition is set to `True`. Metrics collection services that report latency of | |
| condition is set to `"True"`. Metrics collection services that report latency of |
Conditions are a string value used like a ternary enum.
Thanks for pointing that out. I addressed it at kubernetes/kubernetes#111358 (comment) and will clarify this in followup PRs to the docs and blog. |
SGTM |
Blog post for PodHasNetwork condition feature [https://github.com/kubernetes/enhancements/issues/3085]
Supersedes #35645