KEP 5067: Pod Generation KEP creation #5068
Conversation
natasha41575
commented
Jan 21, 2025
natasha41575
commented
- One-line PR description: Create new KEP 5067: Pod Generation
- Issue link: Pod Generation #5067
- Other comments:
|
Skipping CI for Draft Pull Request. |
k8s-ci-robot
added
do-not-merge/work-in-progress
k8s-ci-robot
added
the
size/XL
|
/cc @tallclair |
natasha41575
changed the title
natasha41575
force-pushed
the
pod-generation-KEP
branch
from
f47b595 to
5908b37
Compare
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
natasha41575
force-pushed
the
pod-generation-KEP
branch
from
5908b37 to
32a9bd7
Compare
natasha41575
force-pushed
the
pod-generation-KEP
branch
6 times, most recently
from
a0da338 to
2539f5b
Compare
|
/assign @liggitt Mind being the API approver for this? |
natasha41575
force-pushed
the
pod-generation-KEP
branch
from
ce473ec to
6e885a8
Compare
natasha41575
force-pushed
the
pod-generation-KEP
branch
6 times, most recently
from
2baae8f to
e929629
Compare
| The `status.observedGeneration` feature can be disabled by setting the flag to 'false' | ||
| and restarting the Kubelet. | ||
|
|
||
| The `metadata.generation` functionality will intentionally not be behind a feature gate so cannot be |
There was a problem hiding this comment.
so when it is disabled on kubelet, it will stop setting it. Will it result in infinite loop of reconciliation as it sees that the observedGeneration is set on API server, but it is not setting it. So it wants to update it to empty, but API server doesn't allow it?
There was a problem hiding this comment.
I think you are right... let me make sure I have this right
- the kubelet has the feature enabled, and observedGeneration is set on a pod
- the feature is disabled on the kubelet
- the kubelet stops setting observedGeneration, so tries to "clear" it
- when the API server sees the observedGeneration unset in the incoming, it preserves the existing value, not letting it be cleared
- Repeat 3-4 forever
I'm not sure what is the right solution is. Is the best thing for the API server to allow observedGeneration to be cleared? I can see this being a problem with older clients that don't know about the observedGeneration field (similar to the risk you raised about older webhooks). But seems like making sure the feature can be disabled on kubelet is more important?
There was a problem hiding this comment.
kubelet can keep setting the observedGeneration if feature gate is disabled (it will either generate it from the pod spec if FG is on or just take whatever observedGeneration status already have and preserve it if FG is off)
@liggitt do we have a precedence here?
There was a problem hiding this comment.
We've certainly used presence of API fields to control kubelet behavior instead of or in combination with feature gates.
I think a reasonable path in the kubelet here is to use feature enabled || pod status has non-zero observedGeneration to decide whether to propagate metadata.generation to status.observedGeneration.
There was a problem hiding this comment.
I think a reasonable path in the kubelet here is to use feature enabled || pod status has non-zero observedGeneration to decide whether to propagate metadata.generation to status.observedGeneration.
SGTM
There was a problem hiding this comment.
Depending on the complexity of the logic in kubelet to calculate the "new" value of observedGeneration, we may be better off by preserving the existing value if FG is disabled instead of calculating a new one. Thank you for confirming
There was a problem hiding this comment.
I think the right way to set the new value of observedGeneration is to have the kubelet pass down the value of whatever metadata.generation is when it starts the sync loop all the way down to wherever it updates the pod status. From perusing through the source code, I don't anticipate this logic to be very complicated. So if the main concern is the complexity of the logic, I think we should be fine continuing to update observedGeneration after the FG is disabled rather than preserving the existing value.
There was a problem hiding this comment.
I folded this into the body of the KEP under "How can this feature be enabled / disabled in a live cluster?"
I'll wait for @SergeyKanzhelev's confirmation before closing this thread.
natasha41575
force-pushed
the
pod-generation-KEP
branch
from
e929629 to
12c84bc
Compare
|
/milestone v1.33 |
|
@natasha41575: You must be a member of the kubernetes/milestone-maintainers GitHub team to set the milestone. If you believe you should be able to issue the /milestone command, please contact your Milestone Maintainers Team and have them propose you as an additional delegate for this responsibility. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
natasha41575
force-pushed
the
pod-generation-KEP
branch
2 times, most recently
from
495d36e to
16073b2
Compare
| The `status.observedGeneration` feature can be disabled by setting the flag to 'false' | ||
| and restarting the Kubelet. | ||
|
|
||
| The `metadata.generation` functionality will intentionally not be behind a feature gate so cannot be |
natasha41575
force-pushed
the
pod-generation-KEP
branch
6 times, most recently
from
190cbaf to
81ec184
Compare
natasha41575
force-pushed
the
pod-generation-KEP
branch
from
81ec184 to
4626ecc
Compare
