Honor status.podIP over status.podIPs and node.spec.podCIDR over node.spec.PodCIDRs when mismatched #88505
Conversation
k8s-ci-robot
added
release-note
liggitt
changed the title
k8s-ci-robot
added
approved
liggitt
added
the
priority/critical-urgent
k8s-ci-robot
removed
the
needs-priority
|
/retest |
|
This PR may require API review. If so, when the changes are ready, complete the pre-review checklist and request an API review. Status of requested reviews is tracked in the API Review project. |
|
naive question: |
No, the kubelet is the writer, and that function is generating the API status it should set. This PR is fixing the API server's treatment of requests made by older kubelets that weren't aware of the PodIPs field |
|
/retest |
There was a problem hiding this comment.
I'm not sure on this.
https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api_changes.md (search for "plural")
Upon any mutating API operation:
* If only the singular field is specified (e.g. an older client), API logic
must populate plural[0] from the singular value, and de-dup the plural
field.
* If only the plural field is specified (e.g. a newer client), API logic must
populate the singular value from plural[0].
* If both the singular and plural fields are specified, API logic must
validate that the singular value matches plural[0].
* Any other case is an error and must be rejected.
Clearly that isn't correct in the face of patch.
This would allow someone to send a PUT with podIP: X and podIPs: [ Y, Z ] which silently nukes podIPs, which seems wrong (I think?).
Would it be saner to do this silent change ONLY when dealing with some sort of patch? Is that even possible to know?
Either way, the documented bits are incorrect...
|
patch is indistinguishable from put that left the unpatched fields unmodified. if you want to do delta-specific behavior, you need the old object, which means you cannot do it in conversion, and would need to represent both the plural and singular field in the internal type and deal with the logic in the rest handler PrepareForUpdate function |
|
@khenidak
Are we OK with the precedent for pluralizing - writes that set `singular`
and do not sync `plural[0]` will cause `plural[]` to be reset
…On Tue, Feb 25, 2020 at 4:23 PM Jordan Liggitt ***@***.***> wrote:
patch is indistinguishable from put that left the unpatched fields
unmodified.
if you want to do delta-specific behavior, you need the old object, which
means you cannot do it in conversion, and would need to represent both the
plural and singular field in the internal type and deal with the logic in
the rest handler PrepareForUpdate function
—
You are receiving this because you were assigned.
Reply to this email directly, view it on GitHub
<#88505?email_source=notifications&email_token=ABKWAVFG4YT2D7TOORI6AXTREWY6LA5CNFSM4K22OJ42YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEM6GP6A#issuecomment-591161336>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABKWAVHSQHSCGWQQ6LW23K3REWY6LANCNFSM4K22OJ4Q>
.
|
|
/retest |
|
/test pull-kubernetes-conformance-image-test |
|
The referenced guidance assumed the ability to detect change in a field coming from a client (emphasis added) relative to the currently persisted value:
The place that has visibility to the old and new pod on updates is working with internal objects, at which point the information about the plural/singular field content has been lost in conversion (the internal object only has the plural field). That means we cannot follow that guidance with the internal pod types as they stand today. Since this impacts upgrades to 1.16, and the fix here will need to be picked back 2 releases, I'm inclined to resolve this bug in favor of old kubelet clients, and make the singular podIP rule in case of mismatch, rather than try to rework the pod internal types and conversion. |
|
I guess I don't see a choice. @khenidak for last confirm |
|
/lgtm @khenidak PTAL or we will remove the hold . We'll have to make the same change on EDIT: nodeIPs is not a thing :) I swear we had 2 cases we had to handle? |
k8s-ci-robot
added
do-not-merge/hold
|
looking at our handling of podCIDR/podCIDRs, which looks like it has a similar problem |
|
prior to 1.16, the rangeAllocator and cloudCIDRAllocator controllers updated node.spec.podCIDR using a patch: kubernetes/pkg/controller/nodeipam/ipam/adapter.go Lines 92 to 106 in 89a7468 in 1.16+, there are three methods to update node specs, all of which use patch: kubernetes/pkg/util/node/node.go Lines 194 to 207 in b383807 kubernetes/pkg/util/node/node.go Lines 179 to 186 in b383807 kubernetes/pkg/controller/nodeipam/ipam/adapter.go Lines 94 to 106 in b383807 These patch methods either just set the old node.spec.podCIDR field, or they set both the old and new podCIDR/podCIDRs field (for paths that are multi-CIDR-aware). That means our conversion handling of podCIDR/podCIDRs must follow the same approach as podIP/podIPs: if the singular and plural[0] disagree, assume we're dealing with an old client and let the singular rule. |
k8s-ci-robot
added
size/L
liggitt
changed the title
|
Updated with identical handling and tests for podCIDR/podCIDRs |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: liggitt, thockin The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
cherry-picks updated with podCIDR bits as well: |
|
I pinged Kal on slack.
If you need to proceed today, LGTM
…
|
|
I'll make sure we have clean CI signal on this and all the cherry-picks, then plan to unhold |
|
/retest |
|
picks are green. /hold cancel |
k8s-ci-robot
removed
the
do-not-merge/hold
…5-upstream-release-1.16 Automated cherry pick of #88505: Honor status.podIP over status.podIPs and node.spec.podCIDR over node.spec.PodCIDRs when mismatched
…5-upstream-release-1.17 Automated cherry pick of #88505: Honor status.podIP over status.podIPs and node.spec.podCIDR over node.spec.PodCIDRs when mismatched
What type of PR is this?
/kind api-change
/kind bug
What this PR does / why we need it:
When status.podIP and status.podIPs[0] do not agree, honor status.podIP as the older API field, rather than failing to convert.
This is required to support Kubelets < 1.16 running against API servers >= 1.16.
Kubelets >= 1.16 set both podIP and podIPs:
https://github.com/kubernetes/kubernetes/blob/release-1.16/pkg/kubelet/kubelet_pods.go#L1386-L1396
Kubelets < 1.16 only set podIP:
https://github.com/kubernetes/kubernetes/blob/release-1.15/pkg/kubelet/kubelet_pods.go#L1384-L1385
However, since kubelets update pod status with a patch API request, existing unknown fields are preserved. That means a 1.15 kubelet, when trying to modify a podIP, will only update the podIP field and not podIPs.
When node.spec.podCIDR and node.spec.podCIDRs[0] do not agree, honor node.spec.podCIDR as the older API field, rather than failing to convert.
prior to 1.16, the rangeAllocator and cloudCIDRAllocator controllers updated node.spec.podCIDR using a patch:
https://github.com/kubernetes/kubernetes/blob/release-1.15/pkg/controller/nodeipam/ipam/adapter.go#L92-L106
in 1.16+, there are three methods to update node specs, all of which use patch:
These patch methods either just set the old node.spec.podCIDR field, or they set both the old and new podCIDR/podCIDRs field (for paths that are multi-CIDR-aware).
Which issue(s) this PR fixes:
Fixes #88494
Does this PR introduce a user-facing change?:
/cc @thockin @khenidak
/sig network