github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
839014ac04432ef43106c8ebb39a7a6ece3e117b
kubernetes/pkg
History
Kubernetes Submit Queue 4796c7b409 Merge pull request #40727 from Random-Liu/handle-cri-in-place-upgrade 
Automatic merge from submit-queue

CRI: Handle cri in-place upgrade

Fixes https://github.com/kubernetes/kubernetes/issues/40051.

## How does this PR restart/remove legacy containers/sandboxes?
With this PR, dockershim will convert and return legacy containers and infra containers as regular containers/sandboxes. Then we can rely on the SyncPod logic to stop the legacy containers/sandboxes, and the garbage collector to remove the legacy containers/sandboxes.

To forcibly trigger restart:
* For infra containers, we manually set `hostNetwork` to opposite value to trigger a restart (See [here](https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/kuberuntime/kuberuntime_manager.go#L389))
* For application containers, they will be restarted with the infra container.
## How does this PR avoid extra overhead when there is no legacy container/sandbox?
For the lack of some labels, listing legacy containers needs extra `docker ps`. We should not introduce constant performance regression for legacy container cleanup. So we added the `legacyCleanupFlag`:
* In `ListContainers` and `ListPodSandbox`, only do extra `ListLegacyContainers` and `ListLegacyPodSandbox` when `legacyCleanupFlag` is `NotDone`.
* When dockershim starts, it will check whether there are legacy containers/sandboxes.
  * If there are none, it will mark `legacyCleanupFlag` as `Done`.
  * If there are any, it will leave `legacyCleanupFlag` as `NotDone`, and start a goroutine periodically check whether legacy cleanup is done.
This makes sure that there is overhead only when there are legacy containers/sandboxes not cleaned up yet.

## Caveats
* In-place upgrade will cause kubelet to restart all running containers.
* RestartNever container will not be restarted.
* Garbage collector sometimes keep the legacy containers for a long time if there aren't too many containers on the node. In that case, dockershim will keep performing extra `docker ps` which introduces overhead.
  * Manually remove all legacy containers will fix this.
  * Should we garbage collect legacy containers/sandboxes in dockershim by ourselves? /cc @yujuhong 
* Host port will not be reclaimed for the lack of checkpoint for legacy sandboxes. https://github.com/kubernetes/kubernetes/pull/39903 /cc @freehan 

/cc @yujuhong @feiskyer @dchen1107 @kubernetes/sig-node-api-reviews 
**Release note**:

```release-note
We should mention the caveats of in-place upgrade in release note.
```
2017-02-03 22:17:56 -08:00
..
api
Merge pull request #39914 from kevin-wangzefeng/forgiveness-library-changes
2017-02-03 15:05:55 -08:00
apimachinery/tests
Update generated files
2017-01-29 21:41:45 +01:00
apis
Autogenerated changes
2017-02-02 15:26:10 +01:00
auth
Update authn/authz owners and reviewers
2017-01-27 08:55:44 -05:00
capabilities
Enable auto-generating sources rules
2017-01-05 14:14:13 -08:00
client
CRI Portforward needs to forward websocket ports
2017-02-01 18:03:42 -07:00
cloudprovider
Merge pull request #40763 from derekwaynecarr/log-noise-aws
2017-01-31 20:40:47 -08:00
controller
Merge pull request #40918 from k82cn/pv_ctrl_typo
2017-02-03 07:37:25 -08:00
conversion
Revert "Remove conversion package"
2017-01-22 15:41:06 -08:00
credentialprovider
Merge pull request #40142 from colemickens/colemickens-acr-login-server
2017-01-25 00:40:02 -08:00
features
update critical pod annotation flag gate to mention that BestEffort pods are not supported
2017-02-02 11:32:23 -08:00
fieldpath
Merge pull request #34533 from yuexiao-wang/fix-commends
2017-01-30 09:05:22 -08:00
fields
move pkg/fields to apimachinery
2017-01-19 09:50:16 -05:00
generated
Init containers in GA - generated code
2017-02-03 01:08:25 +01:00
hyperkube
Enable auto-generating sources rules
2017-01-05 14:14:13 -08:00
kubeapiserver
Update generated files
2017-02-03 08:15:46 +01:00
kubectl
Merge pull request #39914 from kevin-wangzefeng/forgiveness-library-changes
2017-02-03 15:05:55 -08:00
kubelet
Merge pull request #40727 from Random-Liu/handle-cri-in-place-upgrade
2017-02-03 22:17:56 -08:00
kubemark
move client/record
2017-01-31 19:14:13 -05:00
labels
add back just enough empty packages to allow heapster cycles to succeed
2017-01-17 08:07:30 -05:00
master
Update generated files
2017-02-03 08:15:46 +01:00
metrics
refactor: move ListOptions references to metav1
2017-01-23 17:52:46 -05:00
probe
start the apimachinery repo
2017-01-11 09:09:48 -05:00
proxy
move client/record
2017-01-31 19:14:13 -05:00
quota
Update generated files
2017-01-29 21:41:45 +01:00
registry
Plumb subresource through subjectaccessreview
2017-02-03 16:07:55 -05:00
routes
Update generated files
2017-02-03 08:15:46 +01:00
runtime
add back just enough empty packages to allow heapster cycles to succeed
2017-01-17 08:07:30 -05:00
security
Update generated files
2017-01-24 20:56:03 +01:00
securitycontext
securitycontext: move docker-specific logic into kubelet/dockertools
2017-01-27 12:25:46 -08:00
serviceaccount
Allow reading ECDSA key files containing parameter blocks
2017-02-01 10:18:58 -05:00
ssh
use apimachinery packages instead of client-go packages
2017-01-13 14:04:54 -05:00
types
add back just enough empty packages to allow heapster cycles to succeed
2017-01-17 08:07:30 -05:00
util
Merge pull request #40645 from brendandburns/fr
2017-01-31 21:27:52 -08:00
version
genericapiserver: cut off kube pkg/version dependency
2017-01-17 12:34:05 +01:00
volume
Prevent pv controller from forcefully overwrite provisioned volume name
2017-02-01 12:19:20 -05:00
watch
add back just enough empty packages to allow heapster cycles to succeed
2017-01-17 08:07:30 -05:00
BUILD
Update generated files
2017-02-03 08:15:46 +01:00
OWNERS
Updated top level owners file to match new format
2017-01-19 11:29:16 -08:00