-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Initial transcription (with minor updates) of Knative Runtime Contract. #1471
Initial transcription (with minor updates) of Knative Runtime Contract. #1471
Conversation
/assign @RichieEscarez for tech writing if he's interested. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor nits but otherwise LGTM. Holding for nits.
/lgtm
/hold
docs/runtime-contract.md
Outdated
|
||
| Name | Meaning | | ||
|------|---------| | ||
| `PORT` | Incress `containerPort` for ingress requests and health checks. See [Inbound network connectivity](#inbound-network-connectivity) for more details. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
typo: "Incress"
docs/runtime-contract.md
Outdated
### Devices | ||
|
||
Developers and container providers MUST NOT request additional devices beyond | ||
the "Default Devices". |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a Default Devices section? I only see Default Filesystems.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it refers to this part of the OCI spec.
However, that section says "In addition to any devices configured with this setting...", where "this setting" appears to be the enclosing "Devices" section. The Devices section in the OCI says that devices
is an OPTIONAL list of devices that MUST be available, which MAY be supplied any way the runtime prefers.
So my reading is that "Default Devices" allows, by inclusion, non-Default Devices, meaning it contradicts this section.
On the interpretation rule given in "Background" ("... this document is assumed to override the general OCI recommendations"), it still makes sense, but it could be differently phrased. For example:
Developers and container providers MUST NOT use OCI
devices
to request additional devices beyond the OCI specification "Default Devices".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, this wording with the explicit reference to the OCI spec is much clearer.
docs/runtime-contract.md
Outdated
> propagation. | ||
|
||
This option should only be set by the operator or platform provider, and MUST | ||
NOT be configurable by the Knative developer. As mount propagation may be part |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does "Knative developer" mean a developer who contributes to Knative, or a developer who interacts with a Knative system? It seems to mean the former at https://github.com/knative/serving/pull/1471/files#diff-e5a9114cbfb7f985c0da2dfe04221c26R393, but I'm not sure what it means here or in the next 3 sections.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Applied @jchesterpivotal's suggestion to define the personas of interest in the "Background" section. In this doc, "developer" or "Knative developer" should always mean an end-user who is writing code which will be run on knative (either as the main workload, or as part of a knative-aware tool or framework).
docs/runtime-contract.md
Outdated
* `/sys/fs/cgroup/cpu/cpu.cfs_quota_us` | ||
|
||
Additionally, operators [may restrict or prevent CPU scheduling for instances | ||
when no requests are active](https://github.com/knative/serving/issues/848)). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Extra close parens here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My only other nit is the inconsistency between the usage of kubernetes
and Kubernetes
docs/runtime-contract.md
Outdated
same port as HTTP/1.1. The developer MAY specify this port at deployment; if the | ||
developer does not specify a port, the platform provider MUST provide a default. | ||
Only one inbound `containerPort` SHALL be specified in the | ||
`[core.v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#containerport-v1-core)` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
formatting issue - code block ticks need to be inside the square brackets
docs/runtime-contract.md
Outdated
#### Meta Requests | ||
|
||
The | ||
`[core.v1.Container](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.10/#container-v1-core)` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
formatting issue - code block ticks need to be inside the square brackets
docs/runtime-contract.md
Outdated
|
||
| Name | Meaning | | ||
| ------ | --------------------------------------------------------------------------------------------------------------------------------------------------- | | ||
| `PORT` | Incress `containerPort` for ingress requests and health checks. See [Inbound network connectivity](#inbound-network-connectivity) for more details. | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ingress?
docs/runtime-contract.md
Outdated
- `/sys/fs/cgroup/cpu/cpu.cfs_quota_us` | ||
|
||
Additionally, operators | ||
[may restrict or prevent CPU scheduling for instances when no requests are active](https://github.com/knative/serving/issues/848)). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Extra ) on the end
docs/runtime-contract.md
Outdated
|
||
Additionally, operators | ||
[may restrict or prevent CPU scheduling for instances when no requests are active](https://github.com/knative/serving/issues/848)). | ||
This is not currently feasible on Kubernetes, but is desireable for multitenant |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
desirable
docs/runtime-contract.md
Outdated
### Control Groups | ||
|
||
The control groups (cgroups) MUST be configured by the operator or platform | ||
provider. The cgroup devices SHOULD be mounted as read-only. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Which cgroups, if any, are mandatory? This paragraph could be interpreted as saying "it doesn't matter which cgroups are configured, but it is the operator's or platform provider's responsibility to do the configuration" or even as "all known control groups must be configured" (which will be vague if new control groups are added to Linux in future).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
New cgroups are almost certain to appear -- eg, a large IaaS might like to provide fractional GPUs, TPUs or other specialist processing hardware.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, rephrased this to more closely follow the OCI spec and refer to "cgroup controllers", and added the the selection of cgroup controllers was an operator decision.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM except for clarification needed over which cgroups must be configured.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One thing we might like to add is a section defining personae referred to in the document -- operator, developer, customer, etc. We use these a little inconsistently.
docs/runtime-contract.md
Outdated
|
||
In particular, the default Knative implementation relies on Kubernetes behavior | ||
to implement container operation. In some cases, current Kubernetes behavior in | ||
2018 is not as performant as recommended in that documentation. The goal of the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is "that documentation" in this context? Does it mean the OCI spec? Linux container configuration? Both?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oops, that was "this document". Thanks!
docs/runtime-contract.md
Outdated
In particular, the default Knative implementation relies on Kubernetes behavior | ||
to implement container operation. In some cases, current Kubernetes behavior in | ||
2018 is not as performant as recommended in that documentation. The goal of the | ||
Knative developers is to push as much of the required functionality into |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps "Knative authors", "Knative contributors", or "Knative contributing developers".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, I'd missed this. "Knative authors" seems accurate here, and was probably what drove the "who is a developer" question.
docs/runtime-contract.md
Outdated
In order to achieve these properties, containers which are operated as part of a | ||
serverless platform SHOULD observe the following properties: | ||
|
||
- Fast startup time (<1s in the presence of container image layer caching), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps "<1s until a request or event can be processed, given the presence of container image layer caching"
docs/runtime-contract.md
Outdated
contents from a particular execution. Because containers (particularly failing | ||
containers) can experience frequent starts, operators or platform providers | ||
SHOULD limit the total space consumed by these failures. | ||
- The termination message on container exit should be written to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggest:
The termination message on container exit, or the last few lines of log output (as per Kubernetes termination messages), SHOULD be written to
/dev/termination-log
.
I'm not sure which of "and/or" and "exclusive or" is meant by "or" here. I'm also not sure what is intended by "per Kubernetes termination messages" -- does this mean they are part of this standard by reference, or are they given as an example?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, was attempting to reference FallbackToLogsOnError
as reasonable behavior. Mentioned that explicitly instead of by partially elided reference.
docs/runtime-contract.md
Outdated
of its source, the selected port will be made available in the `PORT` | ||
environment variable. | ||
|
||
It is expected that the serverless platform will provide HTTPS termination and |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"It is expected ... will" is a little vague -- does this mean SHOULD or MAY?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SHOULD, thanks.
docs/runtime-contract.md
Outdated
sandbox MAY be enforced by the platform operator; any such application profiles | ||
SHOULD be configured and applied in a consistent mechanism outside of the | ||
container specification. As the seccomp policy may be part of the platform | ||
security hardening, operators may tune this from time to time as the threat |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"may" -> "MAY"; or perhaps even "may" -> "SHOULD"
docs/runtime-contract.md
Outdated
|
||
This option should only be set by the operator or platform provider, and MUST | ||
NOT be configurable by the Knative developer. As mount propagation may be part | ||
of the platform security hardening, operators may tune this from time to time as |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"may" -> "MAY" or "SHOULD"
docs/runtime-contract.md
Outdated
|
||
### Masked Paths | ||
|
||
This option should only be set by the operator or platform provider, and MUST |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"should" -> "SHOULD". Though it's unclear why this wouldn't be "MUST" if developers are given "MUST NOT".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Or "MAY", come to think of it.
docs/runtime-contract.md
Outdated
|
||
This option should only be set by the operator or platform provider, and MUST | ||
NOT be configurable by the Knative developer. As masked paths may be part of the | ||
platform security hardening, operators may tune this from time to time as the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"may" -> "MAY" or "SHOULD".
docs/runtime-contract.md
Outdated
|
||
### Readonly Paths | ||
|
||
This option should only be set by the operator or platform provider, and MUST |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"should" -> "SHOULD" or "MAY"
Thanks for the review, especially @jchesterpivotal |
Standardize capitalization of Kubernetes.
/hold cancel This is ready for another look, and I totally missed that it still had a hold. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think all of @jchesterpivotal's comments have been resolved, but if I'm wrong about that @jchesterpivotal, please open an issue or PR correcting me.
I have some minor comments but since time is of the essence I'm giving @evankanderson the option to ignore them.
/lgtm
/hold
docs/runtime-contract.md
Outdated
on the inbound container port for readiness and liveness checks; platform | ||
providers SHOULD disallow other probe methods. | ||
definition below). If specified, liveness and readiness probes are REQUIRED to | ||
be of the the `httpGet` or `tcpSocket` types, and MUST target the inbound |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Double the
here
docs/runtime-contract.md
Outdated
Additionally, operators or the platform MAY restrict or prevent CPU scheduling | ||
for instances when no requests are active, | ||
[where this capability is available](https://github.com/knative/serving/issues/848). | ||
The Knative developers are currently discussing the best implementations options |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, excised "Knative developers" everywhere. It's now "Knative authors" here, and "developers" elsewhere.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@grantr I believe all my nitpicks have been fixed and my concerns have been discussed.
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: evankanderson, grantr, jchesterpivotal The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/hold cancel |
Fixes #627
Proposed Changes
This was substantially discussed in this Google doc with various amendments which improved it. It's time to commit some of this to formal contract; I've selected a handful of reviewers from that doc, but encourage additional suggestions/improvements.
One additional item to follow on from this would be some guidance to implementers & operators about where to expose contextual information to containers; the main avenues would be environment variables, mounted config maps, network services, and request headers. That will be a subsequent PR, though.
Release Note