Add EmptyDir volume and container overlay capacity isolation

[jingxu97]

This PR adds the support for isolating the emptyDir volume use. If user
sets a size limit for emptyDir volume, kubelet's eviction manager monitors its usage
and evict the pod if the usage exceeds the limit.

This feature is part of local storage capacity isolation and described in the proposal kubernetes/community#306

Release note:

Alpha feature: allows users to set storage limit to isolate EmptyDir volumes. It enforces the limit by evicting pods that exceed their storage limits  

[NickrenREN]

err = m.evictPod(...) ?

[NickrenREN]

s/2016/2017

[thockin]

Files should not have capital letters in their names

[thockin]

I did not review all the eviction logic, just the API

[thockin]

Don't document the default as "nil" (that's a go-ism). Instead document as "If not specified, the default is to not enforce a limit". Though we might want to loosen this and say "If not specified, the default limit is implementation defined". Default tmpfs is (I think) 1/2 physical mem. Default disk is all storage, etc. I don't think we need to define that here, though.

[thockin]

"is disabled"

[thockin]

Files should not have capital letters in their names

[ddysher]

Shouldn't this be k8s.io/kubernetes/pkg/kubelet/apis/stats/v1alpha1?

[jingxu97]

Thanks for catching it. fix it. strange it was working in this way too...

[ddysher]

Why can't we return early since the pod is already evicted?

[jingxu97]

The logic here is to evict all pods that violate the size limit for emptyDir volume. So we have to continue with the loop even after some pods are evicted.

[jingxu97]

Actually, you are right, return early is fine.

[dashpole]

@vishh @derekwaynecarr, any preference as to whether doing local volume evictions is part of the same control loop as the rest of evictions? The main advantage of having them together is to not perform other evictions when pods are already being evicted for exceeding their local volume storage space

[dashpole]

gracePeriod is always passed as 0, so you dont need it as an argument.

[jingxu97]

will this change in the future?

[dashpole]

It could, but adding a parameter to a function is easy enough. Better to leave it out for now.

[dashpole]

Changes to the eviction manager need unit testing as well.

[dashpole]

Just a couple small things

[dashpole]

This is probably left over from testing. Remove

[jingxu97]

fixed

[dashpole]

instead of Cmp(*zero), I think you can use Sign

[jingxu97]

changed

[dashpole]

Since we are passing in a relevant message to evictPod, why not do the logging inside of evictPod using that message. evictPod doesnt need to return an error in this case, and we can avoid having essentially the same log messages duplicated in 3 places.

[jingxu97]

fixed, put logging inside of evictPod, and return bool to indicate whether pod is evicted or not

[dashpole]

Does it matter whether the pod is evicted or not? I believe we set the pod's status to failed, so kubelet housekeeping will terminate it even if the eviction manager failed.
Essentially, we should treat any pod that we attempt to evict as evicted.

[jingxu97]

addressed the comments. @dashpole PTAL

[falenn]

This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a temporary error. The following address(es) deferred: curtis.l.bates@gmail.com Domain imwiz.com has exceeded the max emails per hour (173/150 (115%)) allowed. Message will be reattempted later

…

------- This is a copy of the message, including all the headers. ------ Received: from github-smtp2-ext2.iad.github.net ([192.30.252.193]:45681 helo=github-smtp2b-ext-cp1-prd.iad.github.net) by box969.bluehost.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.87) (envelope-from <noreply@github.com>) id 1dGU8E-000QTR-8a for dev@imwiz.com; Thu, 01 Jun 2017 11:43:34 -0600 Date: Thu, 01 Jun 2017 10:43:23 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1496339003; bh=B+ObljmZ5DCGW8z6BDSL8CP5MjEMQL1mHGl1TzAqIgs=; h=From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=x1esfSNpWD2lAcEg08vJBK9OwfCGtIktXyti8PHS2KLK+16Uss1Cicap6D3ifx3vw 8hKw6JYQv06ZfW5qKB7R5hLJSYZOgVcsrtCD0LV6QKCo6JaQZVEBv+zNvqyjqgWHug z8+ij/hSpEeClA7TUWS1kEojUf5+HjqiZFUiJGbE= From: Kubernetes Submit Queue <notifications@github.com> Reply-To: kubernetes/kubernetes <reply@reply.github.com> To: kubernetes/kubernetes <kubernetes@noreply.github.com> Cc: Subscribed <subscribed@noreply.github.com> Message-ID: <kubernetes/kubernetes/pull/45686/c305567316@github.com> In-Reply-To: <kubernetes/kubernetes/pull/45686@github.com> References: <kubernetes/kubernetes/pull/45686@github.com> Subject: Re: [kubernetes/kubernetes] Add EmptyDir volume capacity isolation (#45686) Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5930523b6b593_633a3f90a0a15c3c3415"; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: list X-GitHub-Sender: k8s-merge-robot X-GitHub-Recipient: falenn X-GitHub-Reason: subscribed List-ID: kubernetes/kubernetes <kubernetes.kubernetes.github.com> List-Archive: https://github.com/kubernetes/kubernetes List-Post: <mailto:reply@reply.github.com> List-Unsubscribe: <mailto:unsub+000ab60a4fc71667972ec148ee09c82ad73e7bf321f496c892cf000000011548143b92a169ce0d98d100@reply.github.com>, <https://github.com/notifications/unsubscribe/AAq2CvmN_qeNvOh8dgRVdyPYzVjFBsU5ks5r_vg7gaJpZM4NYi21> X-Auto-Response-Suppress: All X-GitHub-Recipient-Address: dev@imwiz.com X-Spam-Status: No, score=-5.0 X-Spam-Score: -49 X-Spam-Bar: ----- X-Ham-Report: Spam detection software, running on the system "box969.bluehost.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: /lgtm cancel //PR changed after LGTM, removing LGTM. @dashpole @jingxu97 @smarterclayton @thockin @vishh -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: #45686 (comment) [...] Content analysis details: (-5.0 points, 4.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at http://www.dnswl.org/, high trust [192.30.252.193 listed in list.dnswl.org] -2.8 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [192.30.252.193 listed in wl.mailspike.net] -0.0 SPF_PASS SPF: sender matches SPF record 1.3 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 1.7 AWL AWL: Adjusted score from AWL reputation of From: address X-Spam-Flag: NO

----==_mimepart_5930523b6b593_633a3f90a0a15c3c3415 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit /lgtm cancel //PR changed after LGTM, removing LGTM. @dashpole @jingxu97 @smarterclayton @thockin @vishh

-- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: #45686 (comment) ----==_mimepart_5930523b6b593_633a3f90a0a15c3c3415 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit <p>/lgtm cancel //PR changed after LGTM, removing LGTM. <a href="https://github.com/dashpole" class="user-mention">@dashpole</a> <a href="https://github.com/jingxu97" class="user-mention">@jingxu97</a> <a href="https://github.com/smarterclayton" class="user-mention">@smarterclayton</a> <a href="https://github.com/thockin" class="user-mention">@thockin</a> <a href="https://github.com/vishh" class="user-mention">@vishh</a></p> <p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">&mdash;<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="#45686 (comment)">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AAq2Cpu3p24GLtJqTDUpNwFiScXHWZibks5r_vg7gaJpZM4NYi21">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/AAq2CqQ3xploWN3q-yY6cQY_hlRtkUWzks5r_vg7gaJpZM4NYi21.gif" width="1" /></p> <div itemscope itemtype="http://schema.org/EmailMessage"> <div itemprop="action" itemscope itemtype="http://schema.org/ViewAction"> <link itemprop="url" href="#45686 (comment)"></link> <meta itemprop="name" content="View Pull Request"></meta> </div> <meta itemprop="description" content="View this Pull Request on GitHub"></meta> </div> <script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/kubernetes/kubernetes","title":"kubernetes/kubernetes","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/kubernetes/kubernetes"}},"updates":{"snippets":[{"icon":"PERSON","message":"@k8s-merge-robot in #45686: /lgtm cancel //PR changed after LGTM, removing LGTM. @dashpole @jingxu97 @smarterclayton @thockin @vishh"}],"action":{"name":"View Pull Request","url":"#45686 (comment)"}}}</script> ----==_mimepart_5930523b6b593_633a3f90a0a15c3c3415--

[k8s-github-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: falenn, jingxu97, thockin, vishh

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

• pkg/api/OWNERS [thockin]
• pkg/kubelet/eviction/OWNERS [thockin,vishh]
• test/e2e_node/OWNERS [thockin,vishh]

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

[jingxu97]

@k8s-bot unit test this

[jingxu97]

@k8s-bot pull-kubernetes-e2e-kops-aws test this

[jingxu97]

@k8s-bot gce etcd3 e2e test this

[jingxu97]

@k8s-bot pull-kubernetes-verify test this

[jingxu97]

@k8s-bot kops aws e2e test this

[k8s-ci-robot]

@jingxu97: The following tests failed, say /retest to rerun them all:

Test name	Commit	Details	Rerun command
Jenkins unit/integration	f4cedab5e4c7481d41311a6b26eb984e21fcd476	link	@k8s-bot unit test this
Jenkins kops AWS e2e	f4cedab5e4c7481d41311a6b26eb984e21fcd476	link	@k8s-bot kops aws e2e test this
Jenkins Kubemark GCE e2e	f4cedab5e4c7481d41311a6b26eb984e21fcd476	link	@k8s-bot kubemark e2e test this
Jenkins Bazel Build	f4cedab5e4c7481d41311a6b26eb984e21fcd476	link	@k8s-bot bazel test this
Jenkins GCE Node e2e	f4cedab5e4c7481d41311a6b26eb984e21fcd476	link	@k8s-bot node e2e test this
Jenkins GCE etcd3 e2e	f4cedab5e4c7481d41311a6b26eb984e21fcd476	link	@k8s-bot gce etcd3 e2e test this
Jenkins verification	f4cedab5e4c7481d41311a6b26eb984e21fcd476	link	@k8s-bot verify test this

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[jingxu97]

@k8s-bot kops aws e2e test this

[jingxu97]

rebased, add /lgtm back

[k8s-github-robot]

Automatic merge from submit-queue

[andyxning]

@jingxu97

• Why we choose to evict a pod when the usage if exceed the limit?
• IMO, we use the monitor and check logic to enforce this logic? Kubelet does not depends on any disk quota hard limit that underlying fs supports, i.e., xfs quota.