Kubelet creates and manages node leases

[mtaufen]

This extends the Kubelet to create and periodically update leases in a
new kube-node-lease namespace. Based on KEP-0009,
these leases can be used as a node health signal, and will allow us to
reduce the load caused by over-frequent node status reporting.

• add NodeLease feature gate
• add kube-node-lease system namespace for node leases
• add Kubelet option for lease duration
• add Kubelet-internal lease controller to create and update lease
• add e2e test for NodeLease feature

I would like to determine a standard policy for lease renewal frequency, based on the configured lease duration, so that we don't need to expose frequency as an additional knob. The renew interval is currently calculated as 1/3 of the lease duration.

kubelet: Users can now enable the alpha NodeLease feature gate to have the Kubelet create and periodically renew a Lease in the kube-node-lease namespace. The lease duration defaults to 40s, and can be configured via the kubelet.config.k8s.io/v1beta1.KubeletConfiguration's NodeLeaseDurationSeconds field.

/cc @wojtek-t @liggitt

[k8s-github-robot]

[MILESTONENOTIFIER] Milestone Pull Request: Up-to-date for process

@mtaufen @yujuhong

Pull Request Labels

• sig/node: Pull Request will be escalated to these SIGs if needed.
• priority/important-soon: Escalate to the pull request owners and SIG owner; move out of milestone after several unsuccessful escalation attempts.
• kind/feature: New functionality.

Help

• Additional instructions
• Commands for setting labels

[rphillips]

if we calculate the sleep duration first, we can log the sleep time in the error message which is sometimes useful to see how long something is in a backoff loop.

[mtaufen]

done

[liggitt]

only if the feature is enabled

[mtaufen]

done

[liggitt]

would we only put leases in this namespace? would this be a logical place to put configmaps with node config as well?

[liggitt]

whatever name is selected here needs to be communicated well in advance, so cluster operators can reserve the namespace for system use. it does raise an interesting question about what namespaces the kube system components are entitled to claim in the future. anything prefixed with kube-? anything prefixed with kube-system?

[liggitt]

also, this doesn't really belong in meta/v1. it's fundamental to kube-apiserver and kubelet, but not to apimachinery (same really goes for kube-system and kube-public, but we can deal with those separately)

[rphillips]

kube-node would make sense to store node configmaps and leases. Thoughts?

[mtaufen]

would we only put leases in this namespace?

My understanding is just leases. This is what the KEP says:

for each Node there will be a corresponding Lease object with Name equal to Node name in a newly created dedicated namespace (we considered using kube-system namespace but decided that it's already too overloaded). That namespace should be created automatically (similarly to "default" and "kube-system", probably by NodeController) and never be deleted (so that nodes don't require permission for it).

Which implies you just use it for node leases, because not prefixing the lease names means you can't cleanly add any other type of lease to that namespace in the future.

needs to be communicated well in advance

My understanding is that we had already reserved the kube- prefix for namespaces? Maybe this isn't true? @thockin do you know?

this doesn't really belong in meta/v1

That's fair, but then where should we put the constants for standard system namespaces? Multiple consumers need them, so they should be in a common place.

[mtaufen]

Maybe just core/v1?

[liggitt]

looks like the others are already in pkg/apis/core/types.go... there or in core/v1/types.go is better than meta/v1

[mtaufen]

I talked to @bgrant0607 about kube-, given that this is the convention we think we should just explicitly reserve it: kubernetes/community#2379

[mtaufen]

Why aren't the other ones in core/v1 in addition to core? Just because they're in meta/v1 instead (odd, as you said)?
Should we put a constant for the node lease namespace in both core and core/v1?

[mtaufen]

moved to both for now

[liggitt]

is there a reason we're not using the injected clock here?

[mtaufen]

oops, good catch!

[mtaufen]

done

[liggitt]

7 seconds hard-coded? this looks weird...

[mtaufen]

I can make it a constant. I'm just keeping it consistent with what node registration does, for lack of a concrete principle to actually base the number on.

[yujuhong]

Not sure these need to match the node registration exactly, but if you want to, factoring them out to use in both places sounds good.

[mtaufen]

I'd rather keep them decoupled, but just set to the same number for now.

[liggitt]

is this working today in a test cluster with authz enabled? I expected to see modifications to the Node authorizer and NodeRestriction admission plugin to let kubelets mess with their own leases

[mtaufen]

Good point, I forgot about that. I will add those changes to this PR, and it probably makes sense to ensure the e2e test also runs in the standard e2e suite, instead of just the e2e node suite.

We also don't currently run the node authorizer/node restriction in the e2e node tests. Maybe I should revisit #60172?

[rphillips]

Do these client calls include a request timeout?

[liggitt]

heartbeatClient is explicitly constructed with a timeout to avoid eternal hangs, and a distinct QPS to avoid starvation by other kube API calls, but is currently fixed to corev1. need to adapt/widen that for use here

[mtaufen]

I believe that is configured on the client before it is passed to the controller.

[mtaufen]

If we want the timeout to match the heartbeat frequency, then we need a distinct client, since the Lease-based heartbeat potentially has a different frequency than the node status update, right?

[liggitt]

Taking the shorter of the two would probably be fine

[mtaufen]

done

[liggitt]

this is expecting to use the node name as the name of the lease object. Is that compatible with the currently allowed names of the lease objects? I can't remember if the initial PR limited them to single dns labels (e.g. no . characters). If so, we likely want to relax that

[mtaufen]

// ValidateLease validates a Lease.
func ValidateLease(lease *coordination.Lease) field.ErrorList {
	allErrs := validation.ValidateObjectMeta(&lease.ObjectMeta, true, validation.NameIsDNSSubdomain, field.NewPath("objectMeta"))
	allErrs = append(allErrs, ValidateLeaseSpec(&lease.Spec, field.NewPath("spec"))...)
	return allErrs
}

Looks like we just require the name to be a DNS subdomain, via validation.NameIsDNSSubdomain.

[yujuhong]

/lgtm

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mtaufen, wojtek-t, yujuhong

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• cmd/kubeadm/OWNERS [wojtek-t]
• cmd/kubelet/OWNERS [wojtek-t,yujuhong]
• pkg/apis/core/OWNERS [wojtek-t]
• pkg/features/OWNERS [wojtek-t]
• pkg/kubelet/OWNERS [wojtek-t,yujuhong]
• pkg/kubemark/OWNERS [wojtek-t]
• pkg/master/OWNERS [wojtek-t]
• plugin/pkg/admission/noderestriction/OWNERS [wojtek-t]
• plugin/pkg/auth/OWNERS [wojtek-t]
• staging/src/k8s.io/api/OWNERS [wojtek-t]
• test/OWNERS [wojtek-t]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

New changes are detected. LGTM label has been removed.

[mtaufen]

re-add label after rebase

[wojtek-t]

@mtaufen - please rebase one more time.

[k8s-ci-robot]

New changes are detected. LGTM label has been removed.

[mtaufen]

re-add label after rebase

[mtaufen]

/retest

[k8s-github-robot]

/test all [submit-queue is verifying that this PR is safe to merge]

[k8s-github-robot]

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions here.

[wojtek-t]

Great to see that merged.