Break up the monolithic volumes code in kubelet into very small individual
modules with a well-defined interface. Move them all into their own packages
and beef up testing along the way.
Added a kubelet config source for watching pods on apiserver.
The pods are converted to boundpods for merging with other
config sources.
The preferred way to create a kubelet is now to pass an apiserver
client but not an etcd client. Changed cmd/integration to use
apiserver to talk to kubelets. And cmd/kubernetes.
Unit, integration, and e2e tests pass, except for a failure of the pd
e2e test which was unrelated.
# *** ERROR: *** Some files have not been gofmt'd. To fix these
# errors, run gofmt -s -w <file>, or cut and paste the following:
# gofmt -s -w pkg/kubecfg/resource_printer.go pkg/proxy/config/config.go pkg/runtime/types.go
#
# Your commit will be aborted unless you override this warning. To
# commit in spite of these format errors, delete the following line:
# COMMIT_BLOCKED_ON_GOFMT
Make all kubelet config sources ensure that UID and Namespace are defaulted, if
need be.
We can *almost* disable the "if blank" logic for UID, except for tests that
call APIs that do not run through SyncPods. We really ought to be enforcing
invariants better.
This is makes it possible to read back "known" pods from disk without
getting other (non-pod) kubelet dirs in the mix. Ditto for containers
within a pod. This is just saner overall. Pods now nest in a pods/
dir. Likewise containers.
Fixes issue #3202.
* Validates SyncFrequency and minimum GC age and propagates error to RunKubelet
* Defaults for Kubelet config and minor cleanup
* cmd Kubelet MinimumGCAge to 1m instead of 0
Hold the pullLock while pulling regular container images, not just the
network container.
Also: previously, the locks were grabbed at too-low a layer in the
callstack, leaving a (narrow) window where images could be pulled and
then garbage collected before being used.
This change takes the existing pullLock a layer higher in the call stack
so the critical regions encompass the entire find+delete and pull+use
operation in both cases.
This adds --cluster_dns and --cluster_domain flags to kubelet. If
non-empty, kubelet will set docker --dns and --dns-search flags based on
these. It uses the cluster DNS and appends the hosts's DNS servers.
Likewise for DNS search domains.
This also adds API support to bypass cluster DNS entirely, needed to
bootstrap DNS.
BoundPods on a node. PR #1865 has a wrong assumption, with which any
PodUpdate operation will cause rest of running containers without updates
are killed as an unexpected ones.
Fix#2028
There are three values that uniquely identify a pod on a host -
the configuration source (etcd, file, http), the pod name, and the
pod namespace. This change ensures that configuration properly
makes those names unique by changing podFullName to contain both
name (currently ID in v1beta1, Name in v1beta3) and namespace.
The Kubelet does not properly handle information requests for
pods not in the default namespace at this time.
Public access to the DockerHub is not guaranteed in all environments,
add a flag to the kubelet that allows it to use a different image (like
one on a private registry) as well as only pull the first time the
image is needed.
Fixes#1545
Move a lot of common error logging into better buckets:
glog.Errorf() - Always an error
glog.Warningf() - Something unexpected, but probably not an error
glog.V(0) - Generally useful for this to ALWAYS be visible
to an operator
* Programmer errors
* Logging extra info about a panic
* CLI argument handling
glog.V(1) - A reasonable default log level if you don't want
verbosity
* Information about config (listening on X, watching Y)
* Errors that repeat frequently that relate to conditions
that can be corrected (pod detected as unhealthy)
glog.V(2) - Useful steady state information about the service
* Logging HTTP requests and their exit code
* System state changing (killing pod)
* Controller state change events (starting pods)
* Scheduler log messages
glog.V(3) - Extended information about changes
* More info about system state changes
glog.V(4) - Debug level verbosity (for now)
* Logging in particularly thorny parts of code where
you may want to come back later and check it
The sync frequency should be part of the syncLoop and resync no
less often than every X seconds. The current implementation runs
even if a config update was delivered less than X seconds ago.
Different information is needed to perform setup versus teardown. It
makes sense to separate these two interfaces since when we call teardown
from the reconciliation loop, we cannot rely on having the
information provided by the api definition of the volume.
Determines the set of active volumes versus the set of valid volumes
defined by the manifests. If there is an active volume that is not
defined in any of the manifests, deletes and cleans up that volume.
math.MaxInt64 represents 8 exabytes, which is a good limit for memory.
Also, this is the type used by Docker, so it's not possible to get any
value bigger than math.MaxInt64 as memory limit (both ram and swap) on a
Docker container.
Relevant discussion at #589 (more precisely,
https://github.com/GoogleCloudPlatform/kubernetes/pull/589#issuecomment-50640605).
This makes two main changes:
- Runs syncPod in a separate Go routine (and enforces only one of those
runs at a time).
- Uses the pod list to determine if a container should be running or
should be killed (used to use the output of syncPod).
Since Docker pulls are synchronized by the Docker daemon we still block
on that, but pods can now be removed and prepared for starting without
blocking on long pulls.
Also transfer the Kubelet from using ContainerManifest.ID to source specific
identifiers with namespacing. Move goroutine behavior out of kubelet/ and
into integration.go and cmd/kubelet/kubelet.go for better isolation.
The pause image is a 240KB image that simply pauses waiting on a signal.
Use this for the net container which only needs to act as a placeholder.
Current net image is ~2.5MB. From my tests, this reduces startup time
for the net container from ~14s to ~6s.
The -etcd_servers flag is used inconsistently by the Kubernetes commands,
both externally and internally.
This patch fixes the issue by using the same type to represent a list of
etcd servers internally, and declares the -etcd_servers flag consistently
across all commands.
This patch should be 100% backwards compatible with no changes in behavior.
