Initial transcription (with minor updates) of Knative Runtime Contract. #1471
Conversation
google-prow-robot
assigned glyn, jchesterpivotal, josephburnett, mbehrendt and mdemirhan
google-prow-robot
added
the
size/L
google-prow-robot
added
the
approved
|
/assign @RichieEscarez for tech writing if he's interested. |
docs/runtime-contract.md
Outdated
|
|
||
| | Name | Meaning | | ||
| |------|---------| | ||
| | `PORT` | Incress `containerPort` for ingress requests and health checks. See [Inbound network connectivity](#inbound-network-connectivity) for more details. |
docs/runtime-contract.md
Outdated
| ### Devices | ||
|
|
||
| Developers and container providers MUST NOT request additional devices beyond | ||
| the "Default Devices". |
There was a problem hiding this comment.
Is there a Default Devices section? I only see Default Filesystems.
There was a problem hiding this comment.
I think it refers to this part of the OCI spec.
However, that section says "In addition to any devices configured with this setting...", where "this setting" appears to be the enclosing "Devices" section. The Devices section in the OCI says that devices is an OPTIONAL list of devices that MUST be available, which MAY be supplied any way the runtime prefers.
So my reading is that "Default Devices" allows, by inclusion, non-Default Devices, meaning it contradicts this section.
On the interpretation rule given in "Background" ("... this document is assumed to override the general OCI recommendations"), it still makes sense, but it could be differently phrased. For example:
Developers and container providers MUST NOT use OCI
devicesto request additional devices beyond the OCI specification "Default Devices".
There was a problem hiding this comment.
Thanks, this wording with the explicit reference to the OCI spec is much clearer.
docs/runtime-contract.md
Outdated
| > propagation. | ||
|
|
||
| This option should only be set by the operator or platform provider, and MUST | ||
| NOT be configurable by the Knative developer. As mount propagation may be part |
There was a problem hiding this comment.
Does "Knative developer" mean a developer who contributes to Knative, or a developer who interacts with a Knative system? It seems to mean the former at https://github.com/knative/serving/pull/1471/files#diff-e5a9114cbfb7f985c0da2dfe04221c26R393, but I'm not sure what it means here or in the next 3 sections.
There was a problem hiding this comment.
Applied @jchesterpivotal's suggestion to define the personas of interest in the "Background" section. In this doc, "developer" or "Knative developer" should always mean an end-user who is writing code which will be run on knative (either as the main workload, or as part of a knative-aware tool or framework).
docs/runtime-contract.md
Outdated
| * `/sys/fs/cgroup/cpu/cpu.cfs_quota_us` | ||
|
|
||
| Additionally, operators [may restrict or prevent CPU scheduling for instances | ||
| when no requests are active](https://github.com/knative/serving/issues/848)). |
google-prow-robot
added
do-not-merge/hold
docs/runtime-contract.md
Outdated
| same port as HTTP/1.1. The developer MAY specify this port at deployment; if the | ||
| developer does not specify a port, the platform provider MUST provide a default. | ||
| Only one inbound `containerPort` SHALL be specified in the | ||
| `[core.v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#containerport-v1-core)` |
There was a problem hiding this comment.
formatting issue - code block ticks need to be inside the square brackets
docs/runtime-contract.md
Outdated
| #### Meta Requests | ||
|
|
||
| The | ||
| `[core.v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#container-v1-core)` |
There was a problem hiding this comment.
formatting issue - code block ticks need to be inside the square brackets
docs/runtime-contract.md
Outdated
|
|
||
| | Name | Meaning | | ||
| | ------ | --------------------------------------------------------------------------------------------------------------------------------------------------- | | ||
| | `PORT` | Incress `containerPort` for ingress requests and health checks. See [Inbound network connectivity](#inbound-network-connectivity) for more details. | |
docs/runtime-contract.md
Outdated
| - `/sys/fs/cgroup/cpu/cpu.cfs_quota_us` | ||
|
|
||
| Additionally, operators | ||
| [may restrict or prevent CPU scheduling for instances when no requests are active](https://github.com/knative/serving/issues/848)). |
docs/runtime-contract.md
Outdated
|
|
||
| Additionally, operators | ||
| [may restrict or prevent CPU scheduling for instances when no requests are active](https://github.com/knative/serving/issues/848)). | ||
| This is not currently feasible on Kubernetes, but is desireable for multitenant |
docs/runtime-contract.md
Outdated
| ### Control Groups | ||
|
|
||
| The control groups (cgroups) MUST be configured by the operator or platform | ||
| provider. The cgroup devices SHOULD be mounted as read-only. |
There was a problem hiding this comment.
Which cgroups, if any, are mandatory? This paragraph could be interpreted as saying "it doesn't matter which cgroups are configured, but it is the operator's or platform provider's responsibility to do the configuration" or even as "all known control groups must be configured" (which will be vague if new control groups are added to Linux in future).
There was a problem hiding this comment.
New cgroups are almost certain to appear -- eg, a large IaaS might like to provide fractional GPUs, TPUs or other specialist processing hardware.
There was a problem hiding this comment.
Thanks, rephrased this to more closely follow the OCI spec and refer to "cgroup controllers", and added the the selection of cgroup controllers was an operator decision.
docs/runtime-contract.md
Outdated
|
|
||
| In particular, the default Knative implementation relies on Kubernetes behavior | ||
| to implement container operation. In some cases, current Kubernetes behavior in | ||
| 2018 is not as performant as recommended in that documentation. The goal of the |
There was a problem hiding this comment.
What is "that documentation" in this context? Does it mean the OCI spec? Linux container configuration? Both?
There was a problem hiding this comment.
Oops, that was "this document". Thanks!
docs/runtime-contract.md
Outdated
| In particular, the default Knative implementation relies on Kubernetes behavior | ||
| to implement container operation. In some cases, current Kubernetes behavior in | ||
| 2018 is not as performant as recommended in that documentation. The goal of the | ||
| Knative developers is to push as much of the required functionality into |
There was a problem hiding this comment.
Perhaps "Knative authors", "Knative contributors", or "Knative contributing developers".
There was a problem hiding this comment.
Thanks, I'd missed this. "Knative authors" seems accurate here, and was probably what drove the "who is a developer" question.
docs/runtime-contract.md
Outdated
| In order to achieve these properties, containers which are operated as part of a | ||
| serverless platform SHOULD observe the following properties: | ||
|
|
||
| - Fast startup time (<1s in the presence of container image layer caching), |
There was a problem hiding this comment.
Perhaps "<1s until a request or event can be processed, given the presence of container image layer caching"
docs/runtime-contract.md
Outdated
| contents from a particular execution. Because containers (particularly failing | ||
| containers) can experience frequent starts, operators or platform providers | ||
| SHOULD limit the total space consumed by these failures. | ||
| - The termination message on container exit should be written to |
There was a problem hiding this comment.
Suggest:
The termination message on container exit, or the last few lines of log output (as per Kubernetes termination messages), SHOULD be written to
/dev/termination-log.
I'm not sure which of "and/or" and "exclusive or" is meant by "or" here. I'm also not sure what is intended by "per Kubernetes termination messages" -- does this mean they are part of this standard by reference, or are they given as an example?
There was a problem hiding this comment.
Sorry, was attempting to reference FallbackToLogsOnError as reasonable behavior. Mentioned that explicitly instead of by partially elided reference.
docs/runtime-contract.md
Outdated
| of its source, the selected port will be made available in the `PORT` | ||
| environment variable. | ||
|
|
||
| It is expected that the serverless platform will provide HTTPS termination and |
There was a problem hiding this comment.
"It is expected ... will" is a little vague -- does this mean SHOULD or MAY?
docs/runtime-contract.md
Outdated
| sandbox MAY be enforced by the platform operator; any such application profiles | ||
| SHOULD be configured and applied in a consistent mechanism outside of the | ||
| container specification. As the seccomp policy may be part of the platform | ||
| security hardening, operators may tune this from time to time as the threat |
There was a problem hiding this comment.
"may" -> "MAY"; or perhaps even "may" -> "SHOULD"
docs/runtime-contract.md
Outdated
|
|
||
| This option should only be set by the operator or platform provider, and MUST | ||
| NOT be configurable by the Knative developer. As mount propagation may be part | ||
| of the platform security hardening, operators may tune this from time to time as |
There was a problem hiding this comment.
"may" -> "MAY" or "SHOULD"
docs/runtime-contract.md
Outdated
|
|
||
| ### Masked Paths | ||
|
|
||
| This option should only be set by the operator or platform provider, and MUST |
There was a problem hiding this comment.
"should" -> "SHOULD". Though it's unclear why this wouldn't be "MUST" if developers are given "MUST NOT".
There was a problem hiding this comment.
Or "MAY", come to think of it.
docs/runtime-contract.md
Outdated
|
|
||
| This option should only be set by the operator or platform provider, and MUST | ||
| NOT be configurable by the Knative developer. As masked paths may be part of the | ||
| platform security hardening, operators may tune this from time to time as the |
There was a problem hiding this comment.
"may" -> "MAY" or "SHOULD".
docs/runtime-contract.md
Outdated
|
|
||
| ### Readonly Paths | ||
|
|
||
| This option should only be set by the operator or platform provider, and MUST |
There was a problem hiding this comment.
"should" -> "SHOULD" or "MAY"
|
Thanks for the review, especially @jchesterpivotal |
Standardize capitalization of Kubernetes.
|
/hold cancel This is ready for another look, and I totally missed that it still had a hold. |
google-prow-robot
removed
the
do-not-merge/hold
There was a problem hiding this comment.
I think all of @jchesterpivotal's comments have been resolved, but if I'm wrong about that @jchesterpivotal, please open an issue or PR correcting me.
I have some minor comments but since time is of the essence I'm giving @evankanderson the option to ignore them.
/lgtm
/hold
docs/runtime-contract.md
Outdated
| on the inbound container port for readiness and liveness checks; platform | ||
| providers SHOULD disallow other probe methods. | ||
| definition below). If specified, liveness and readiness probes are REQUIRED to | ||
| be of the the `httpGet` or `tcpSocket` types, and MUST target the inbound |
docs/runtime-contract.md
Outdated
| Additionally, operators or the platform MAY restrict or prevent CPU scheduling | ||
| for instances when no requests are active, | ||
| [where this capability is available](https://github.com/knative/serving/issues/848). | ||
| The Knative developers are currently discussing the best implementations options |
There was a problem hiding this comment.
There was a problem hiding this comment.
Thanks, excised "Knative developers" everywhere. It's now "Knative authors" here, and "developers" elsewhere.
google-prow-robot
added
lgtm
There was a problem hiding this comment.
@grantr I believe all my nitpicks have been fixed and my concerns have been discussed.
/lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: evankanderson, grantr, jchesterpivotal The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/hold cancel |
google-prow-robot
removed
the
do-not-merge/hold
Fixes #627
Proposed Changes
This was substantially discussed in this Google doc with various amendments which improved it. It's time to commit some of this to formal contract; I've selected a handful of reviewers from that doc, but encourage additional suggestions/improvements.
One additional item to follow on from this would be some guidance to implementers & operators about where to expose contextual information to containers; the main avenues would be environment variables, mounted config maps, network services, and request headers. That will be a subsequent PR, though.
Release Note