KEP-5307 Initial KEP for container restart policy #5308
Conversation
yuanwang04
commented
May 16, 2025
yuanwang04
commented
- One-line PR description: Initial KEP for container restart policy
- Issue link: Container restart rules to customize the pod restart policy #5307
- Other comments: Discussion link https://docs.google.com/document/d/13fQu343OBEM2ICHLXfWHrApmzskd4nY3xWI27EbMJyI/edit?tab=t.0
k8s-ci-robot
added
the
cncf-cla: yes
k8s-ci-robot
added
kind/kep
|
Welcome @yuanwang04! |
k8s-ci-robot
added
the
needs-ok-to-test
|
Hi @yuanwang04. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
k8s-ci-robot
added
the
size/XXL
| we may need to implement as described here: https://github.com/kubernetes/enhancements/issues/3329#issuecomment-1571643421 | ||
|
|
||
| ``` | ||
| restartPolicy: Never |
There was a problem hiding this comment.
@dchen1107 I remember you had a concern with having Never pod with the container inside it that has restart count increasing. How strong is this concern? Strong enough to iontroduce the restartPolicy: Custom?
yuanwang04
force-pushed
the
container-restart-policy
branch
from
6cb2b80 to
0cbfc18
Compare
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: yuanwang04 The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
yuanwang04
force-pushed
the
container-restart-policy
branch
from
0cbfc18 to
040ffef
Compare
| - name: myapp1 | ||
| # the default behavior is inherited from the Pod’s restartPolicy | ||
| restartPolicy: Custom | ||
| # pod-level API for specifying container restart rules |
There was a problem hiding this comment.
This API is at the container level it seems.
There was a problem hiding this comment.
Yes, just mentioning it here since there are some discussion around whether we need to introduce another pod-level restart policy #5308 (comment)
There was a problem hiding this comment.
A big concern is once we introduced pod-level restart policy, how to interact with job failure policy? Maybe not today.
| The container restart will still follow the exponential backoff to avoid | ||
| excessive resource consumption due to restarts. | ||
|
|
||
| ## Design Details |
There was a problem hiding this comment.
How does this interact with PodFailurePolicy?
There was a problem hiding this comment.
Added discussion around Job's PodFailurePolicy. Basically, this shouldn't affect how Job handles pod failures. Job only checks container exit codes (for PodFailurePolicy) when the Pod finished (and restartPolicy=Never). However, if the container is restarted by the proposed container restart policy, the pod will still be Running, and Job controller will not kick in.
yuanwang04
force-pushed
the
container-restart-policy
branch
4 times, most recently
from
dd2b1f7 to
bee6cce
Compare
yuanwang04
force-pushed
the
container-restart-policy
branch
from
bee6cce to
67df630
Compare
| containers: | ||
| - name: myapp1 | ||
| # the default behavior is inherited from the Pod’s restartPolicy | ||
| restartPolicy: Custom |
There was a problem hiding this comment.
I would suggest to consider alternative names, maybe:
- "RuleBased"
- "Conditional"
I'm leaning to "RuleBased" to match the "restartRules" name.
| # the default behavior is inherited from the Pod’s restartPolicy | ||
| restartPolicy: Custom | ||
| # pod-level API for specifying container restart rules | ||
| restartRules: |
There was a problem hiding this comment.
I would suggest to propose the full API, similarly as here, and provide this yaml as an example.
| know that this has succeeded? | ||
| --> | ||
|
|
||
| - Allow the Pod with the restartPolicy=Custom to keep restarting a container |
There was a problem hiding this comment.
| - Allow the Pod with the restartPolicy=Custom to keep restarting a container | |
| - Introduce API which allows to keep restarting a container |
I guess at this point we don't need to provide the shape of the API
|
|
||
| #### Story 1 | ||
|
|
||
| The Pod with two containers - one is the main container and one is the sidecar |
There was a problem hiding this comment.
I would suggest to orient the "Story" from the perspective of the Kubernetes users. For example, as an ML researcher I'm creating long-running AI/ML workloads. Pods in such workloads are unavoidable due to various reasons, but in many cases they are recoverable. I would like to be able to avoid re-scheduling the workload as this consumes signifficant amount of time, and only restart the failed container "in-place".
Feel free to rephrase as you see fit.
| may have containers restarted and have the restart count higher than 0. This may | ||
| also affect how Job `podFailurePolicy` interacts with pod failures. |
There was a problem hiding this comment.
Actually, I think this approach is fully transparent to the Job controller, because the Job controller only matches Pods in terminal phase. It is mentioned here:
| This works with Job `podFailurePolicy` without any changes on Job API. Currently, | ||
| Job only checks for `podFailurePolicy` after the Pod has finished running. | ||
| Kubelet restarting the container of the Pod will not change the Pod's status. | ||
| This is the ideal improvement where the Job configured `podFailurePolicy` |
There was a problem hiding this comment.
I suggest to avoid phrases like " ideal improvement", let's leave it to reviewers :)
| The proposal is to implement a simple API with the very limited set of | ||
| allowed values to [Container](https://github.com/kubernetes/kubernetes/blob/master/pkg/apis/core/types.go#L2528) | ||
| under k8s.io/apis/core. The shape of API is informed by some future improvements |
There was a problem hiding this comment.
| The proposal is to implement a simple API with the very limited set of | |
| allowed values to [Container](https://github.com/kubernetes/kubernetes/blob/master/pkg/apis/core/types.go#L2528) | |
| under k8s.io/apis/core. The shape of API is informed by some future improvements | |
| The proposal is to extend the Pod's [container API](https://github.com/kubernetes/kubernetes/blob/master/pkg/apis/core/types.go#L2528) to allow to restarting containers based on | |
| the container's end state, e.g. exit code. |
I would suggest to avoid using adjective like "simple API", or "very limited set". Let's leave it to the readers / reviewers to assess.
| we may need to implement as described here: | ||
| https://github.com/kubernetes/enhancements/issues/3329#issuecomment-1571643421 |
There was a problem hiding this comment.
Actually, this reference is slightly different that the current proposal. One difference is that the reference assumes "OnFailure". Instead of design details I would propose to move it to the Notes and Caveats section.
| # The following PRR answers are required at alpha release | ||
| # List the feature gate name and the components for which it must be enabled | ||
| feature-gates: | ||
| - name: MyFeature |
|
|
||
| # The following PRR answers are required at beta release | ||
| metrics: | ||
| - my_feature_metric |
There was a problem hiding this comment.
Cleanup. This is alpha, so IIUC no need for metric yet.
|
@yuanwang04 thank you for the work, I like this proposal, AFAIK this approach is fully compatible with the Job's podFailurePolicy (at least if I'm not missing something), because when Pod's restartPolicy: Never, then Job's podFailurePolicy only analyzes pods which reach the "Failed" phase. Here, the pods avoid reaching the failed phase. Once they reach, they will be matched against podFailurePolicy which may decide to recreate the entire pod. |
