-
Notifications
You must be signed in to change notification settings - Fork 40.1k
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
Allow Hostname and Subdomain to be set if empty #51199
Allow Hostname and Subdomain to be set if empty #51199
Conversation
Removing label |
Spec: api.PodSpec{Hostname: "bar"}, | ||
}, | ||
api.Pod{ | ||
ObjectMeta: metav1.ObjectMeta{Name: "foo", DeletionTimestamp: &now}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why the DeletionTimestamp
?
You verified that endpoints will react to the Pod update and bring back the DNS entry? |
It looks like we will never reach kubernetes/pkg/controller/statefulset/stateful_set_control.go Lines 420 to 443 in 2f00e6d
Is it worth handling the case where the Pod is Unready precisely because its hostname/subdomain is missing? |
It may be worth doing the update, that is the way the control loop was originally written. If we do this, it should go into master and get cherry picked back. I'd like to minimize drift in the main control loop. |
1a39c75
to
1c3f9d4
Compare
/lgtm @kow3ns Are you planning to address Unready Pods before 1.7.5 as well? |
@@ -195,7 +195,12 @@ func initIdentity(set *apps.StatefulSet, pod *v1.Pod) { | |||
func updateIdentity(set *apps.StatefulSet, pod *v1.Pod) { | |||
pod.Name = getPodName(set, getOrdinal(pod)) | |||
pod.Namespace = set.Namespace | |||
|
|||
if pod.Spec.Hostname == "" { | |||
pod.Spec.Hostname = pod.Name |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why isn't this reading the annotation as well?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The annotations and the fields are both constructed from the name and serviceName as below. What information would I want from the existing annotations?
pkg/api/validation/validation.go
Outdated
|
||
// allow hostname and subdomain to be updated if they are empty. This allows for migration between the beta | ||
// annotations and the GA field | ||
if oldPod.Spec.Hostname == "" && oldPod.Spec.Hostname != newPod.Spec.Hostname { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
second clause on both of these if statements is not actually necessary...
pkg/api/validation/validation.go
Outdated
@@ -2703,6 +2703,16 @@ func ValidatePodUpdate(newPod, oldPod *api.Pod) field.ErrorList { | |||
|
|||
// handle updateable fields by munging those fields prior to deep equal comparison. | |||
mungedPod := *newPod | |||
|
|||
// allow hostname and subdomain to be updated if they are empty. This allows for migration between the beta | |||
// annotations and the GA field |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
expand this comment, is it supposed to stay this way forever?
/approve Need the branch manager to sign off, too. |
1c3f9d4
to
5d2c40d
Compare
// Enforce the StatefulSet invariants - we do this without respect to the Pod's readiness so that the endpoints | ||
// controller can be notified of identity changes if a Pod becomes unready due to a DNS inconsistency with respect | ||
// to the Pods identity. | ||
if !identityMatches(set, replicas[i]) || !storageMatches(set, replicas[i]) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I tried a manual test of this and found a bug. We also need to put the check for hostname/subdomain back into identityMatches()
, or else this doesn't trigger.
837765e
to
34760c2
Compare
pod.Namespace == set.Namespace | ||
pod.Namespace == set.Namespace && | ||
pod.Spec.Hostname != "" && | ||
pod.Spec.Subdomain != "" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I just had a thought:
ServiceName is allowed to be empty in 1.7+ [1], so we should do something like:
(pod.Spec.Subdomain != "" || set.ServiceName == "")
Otherwise we will continually send Pod updates for any StatefulSet with an empty ServiceName.
[1] The reason ServiceName can't be empty in <1.7 is because the annotation gets added anyway, and then the Pod fails validation. In 1.7+ we no longer set the annotation, and the field has no distinction between ""
and unset.
and updates the StatefulSet controller to set them when empty
34760c2
to
4373f33
Compare
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: enisoc, kow3ns, lavalamp Associated issue: 48327 The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
/retest |
/retest Review the full test history for this PR. |
8 similar comments
/retest Review the full test history for this PR. |
/retest Review the full test history for this PR. |
/retest Review the full test history for this PR. |
/retest Review the full test history for this PR. |
/retest Review the full test history for this PR. |
/retest Review the full test history for this PR. |
/retest Review the full test history for this PR. |
/retest Review the full test history for this PR. |
/test all [submit-queue is verifying that this PR is safe to merge] |
Automatic merge from submit-queue. |
@kow3ns: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Commit found in the "release-1.7" branch appears to be this PR. Removing the "cherrypick-candidate" label. If this is an error find help to get your PR picked. |
@enisoc - thanks. That LGTM. |
What this PR does / why we need it:
This PR allows the Hostname and Subdomain field of v1.PodSpec to be set when empty, and modifies the StatefulSet controller to set them when empty.
For #48327:
We have merged #50942 to ensure that the Hostname and Subdomain fields are set when a new Pod is created. Users should upgrade to 1.6.9 and perform a rolling restart of all Pods in their StatefulSets to ensure that these fields are set prior to an upgrade to 1.7.5.
We have merged #51149 and #51044 to rollback the attempted mutation introduced in #44137.
This PR allows the Hostname and Subdomain field to be set exactly once, so that when users fail to read the notes, and encounter this issue, their clusters should self heal (even though they will experience a temporary network disruption for Pods in their StatefulSets.)