-
Notifications
You must be signed in to change notification settings - Fork 38.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Should the kubelet perform a version check on the container runtime? #12090
Comments
We have a mostly-unwritten rule of "3 docker revisions", but we definitely On Fri, Jul 31, 2015 at 8:44 AM, Paul Morie notifications@github.com
|
Should it be an input decision to the scheduler? For example, if I upgrade my cluster to docker 1.9, we cannot use new features until docker 1.12? |
So far we have avoided depending on new features until 3 versions work. We On Fri, Jul 31, 2015 at 9:09 AM, Derek Carr notifications@github.com
|
Kubelet does a docker version check already, and healthcheck will failed if the version, API version lower than X. But that is very basic, and not related to featureset in a given docker version. Maybe kubelet could maintain a small list of feature set for docker versions, so that kubelet could query if a feature is present. If it is required, kubelet could even publish the featureset through NodeStatus? |
That makes a lot of sense to me - we for instance will want to be able to On Jul 31, 2015, at 2:13 PM, Dawn Chen notifications@github.com wrote: Kubelet does a docker version check already, and healthcheck will failed if — |
cc/ @bgrant0607 on potential API extension. |
I don't want the scheduler, admission control, and other parts of the system to need to reason about what API features work with what Docker version. We'd need to be able to consolidate the logic into something akin to a feature map evaluated in a single place, such as admission control. I'm not saying it's the best thing to do, but internally we push this problem onto users. Not all kernel and container-runtime behaviors are explicit in our API, and we could try our best to determine which features worked on each version, but we'd also sometimes be wrong or out of date (e.g., when Docker is updated independently of Kubernetes). We're going to need a mechanism for Kubelet to export system attributes via labels. Users could then constrain against those labels. We'd need to finish the work on the more general label selector #341, at least for nodeSelector. |
@bgrant0607 Interesting. Here's a semi-related problem: which nodes have SELinux enabled? |
Notes from today's hangout:
I think the alternatives are:
I was suggesting (1), but see some advantages to (3). (2) is likely not practical, since that would make some constraints completely implicit. |
cc/ @pwittrock |
…ported by the container runtime and OS to the master.
…ported by the container runtime and OS to the master.
See also #9044. |
And #4855 |
@pwittrock is on leave for now. Will pick up the work once he is back. Retarget this one to 1.2 |
Kubelet doesn't some minimal docker version check since 1.1 release. Kubelet also support --node-labels for 1.2 release now. I am closing this issue. |
Proper functioning of the kubelet and node depends upon an expected version of whatever container runtime the kubelet uses. For example, the proposal for QoS tiers being explored in #12035 will rely on the CPU quota feature introduced in docker 1.7, and I believe there is some code that depends upon docker 1.6. Another example: eventually mount propagation mode control in docker will be required to correctly containerize the kubelet. Should we have a version check in the kubelet for each container runtime to ensure the minimum usable version is present, and at least warn the user if not?
@derekwaynecarr @smarterclayton @bgrant0607
The text was updated successfully, but these errors were encountered: