|
| 1 | +--- |
| 2 | +layout: blog |
| 3 | +title: 'Kubernetes 1.25:Pod 新增 PodHasNetwork 状况' |
| 4 | +date: 2022-09-14 |
| 5 | +slug: pod-has-network-condition |
| 6 | +--- |
| 7 | +<!-- |
| 8 | +layout: blog |
| 9 | +title: 'Kubernetes 1.25: PodHasNetwork condition for pods' |
| 10 | +date: 2022-09-14 |
| 11 | +slug: pod-has-network-condition |
| 12 | +--> |
| 13 | + |
| 14 | +<!-- |
| 15 | +**Author:** |
| 16 | +Deep Debroy (Apple) |
| 17 | +--> |
| 18 | +**作者:** |
| 19 | +Deep Debroy (Apple) |
| 20 | + |
| 21 | +<!-- |
| 22 | +Kubernetes 1.25 introduces Alpha support for a new kubelet-managed pod condition |
| 23 | +in the status field of a pod: `PodHasNetwork`. The kubelet, for a worker node, |
| 24 | +will use the `PodHasNetwork` condition to accurately surface the initialization |
| 25 | +state of a pod from the perspective of pod sandbox creation and network |
| 26 | +configuration by a container runtime (typically in coordination with CNI |
| 27 | +plugins). The kubelet starts to pull container images and start individual |
| 28 | +containers (including init containers) after the status of the `PodHasNetwork` |
| 29 | +condition is set to `True`. Metrics collection services that report latency of |
| 30 | +pod initialization from a cluster infrastructural perspective (i.e. agnostic of |
| 31 | +per container characteristics like image size or payload) can utilize the |
| 32 | +`PodHasNetwork` condition to accurately generate Service Level Indicators |
| 33 | +(SLIs). Certain operators or controllers that manage underlying pods may utilize |
| 34 | +the `PodHasNetwork` condition to optimize the set of actions performed when pods |
| 35 | +repeatedly fail to come up. |
| 36 | +--> |
| 37 | +Kubernetes 1.25 引入了对 kubelet 所管理的新的 Pod 状况 `PodHasNetwork` 的 Alpha 支持, |
| 38 | +该状况位于 Pod 的 status 字段中 。对于工作节点,kubelet 将使用 `PodHasNetwork` 状况从容器运行时 |
| 39 | +(通常与 CNI 插件协作)创建 Pod 沙箱和网络配置的角度准确地了解 Pod 的初始化状态。 |
| 40 | +在 `PodHasNetwork` 状况的 status 设置为 `True` 后,kubelet 开始拉取容器镜像并启动独立的容器 |
| 41 | +(包括 Init 容器)。从集群基础设施的角度报告 Pod 初始化延迟的指标采集服务 |
| 42 | +(无需知道每个容器的镜像大小或有效负载等特征)就可以利用 `PodHasNetwork` |
| 43 | +状况来准确生成服务水平指标(Service Level Indicator,SLI)。 |
| 44 | +某些管理底层 Pod 的 Operator 或控制器可以利用 `PodHasNetwork` 状况来优化 Pod 反复出现失败时要执行的操作。 |
| 45 | + |
| 46 | +<!-- |
| 47 | +### How is this different from the existing Initialized condition reported for pods? |
| 48 | +
|
| 49 | +The kubelet sets the status of the existing `Initialized` condition reported in |
| 50 | +the status field of a pod depending on the presence of init containers in a pod. |
| 51 | +--> |
| 52 | +### 这与现在为 Pod 所报告的 Intialized 状况有何不同? |
| 53 | + |
| 54 | +根据 Pod 中是否存在 Init 容器,kubelet 会设置在 Pod 的 status 字段中报告的 `Initialized` 状况的状态。 |
| 55 | + |
| 56 | +<!-- |
| 57 | +If a pod specifies init containers, the status of the `Initialized` condition in |
| 58 | +the pod status will not be set to `True` until all init containers for the pod |
| 59 | +have succeeded. However, init containers, configured by users, may have errors |
| 60 | +(payload crashing, invalid image, etc) and the number of init containers |
| 61 | +configured in a pod may vary across different workloads. Therefore, |
| 62 | +cluster-wide, infrastructural SLIs around pod initialization cannot depend on |
| 63 | +the `Initialized` condition of pods. |
| 64 | +--> |
| 65 | +如果 Pod 指定了 Init 容器,则 Pod 状态中的 `Initialized` 状况的 status 将不会设置为 `True`, |
| 66 | +直到该 Pod 的所有 Init 容器都成功为止。但是,用户配置的 Init 容器可能会出现错误(有效负载崩溃、无效镜像等), |
| 67 | +并且 Pod 中配置的 Init 容器数量可能因工作负载不同而异。 |
| 68 | +因此,关于 Pod 初始化的集群范围基础设施 SLI 不能依赖于 Pod 的 `Initialized` 状况。 |
| 69 | + |
| 70 | +<!-- |
| 71 | +If a pod does not specify init containers, the status of the `Initialized` |
| 72 | +condition in the pod status is set to `True` very early in the lifecycle of the |
| 73 | +pod. This occurs before the kubelet initiates any pod runtime sandbox creation |
| 74 | +and network configuration steps. As a result, a pod without init containers will |
| 75 | +report the status of the `Initialized` condition as `True` even if the container |
| 76 | +runtime is not able to successfully initialize the pod sandbox environment. |
| 77 | +--> |
| 78 | +如果 Pod 未指定 Init 容器,则在 Pod 生命周期的早期, |
| 79 | +Pod 状态中的 `Initialized` 状况的 status 会被设置为 `True`。 |
| 80 | +这一设置发生在 kubelet 开始创建 Pod 运行时沙箱及配置网络之前。 |
| 81 | +因此,即使容器运行时未能成功初始化 Pod 沙箱环境,没有 Init 容器的 |
| 82 | +Pod 也会将 `Initialized` 状况的 status 报告为 `True`。 |
| 83 | + |
| 84 | +<!-- |
| 85 | +Relative to either situation above, the `PodHasNetwork` condition surfaces more |
| 86 | +accurate data around when the pod runtime sandbox was initialized with |
| 87 | +networking configured so that the kubelet can proceed to launch user-configured |
| 88 | +containers (including init containers) in the pod. |
| 89 | +--> |
| 90 | +相对于上述任何一种情况,`PodHasNetwork` 状况会在 Pod 运行时沙箱被初始化并配置了网络时能够提供更准确的数据, |
| 91 | +这样 kubelet 可以继续在 Pod 中启动用户配置的容器(包括 Init 容器)。 |
| 92 | + |
| 93 | +<!-- |
| 94 | +Note that a node agent may dynamically re-configure network interface(s) for a |
| 95 | +pod by watching changes in pod annotations that specify additional networking |
| 96 | +configuration (e.g. `k8s.v1.cni.cncf.io/networks`). Dynamic updates of pod |
| 97 | +networking configuration after the pod sandbox is initialized by Kubelet (in |
| 98 | +coordination with a container runtime) are not reflected by the `PodHasNetwork` |
| 99 | +condition. |
| 100 | +--> |
| 101 | +请注意,节点代理可以通过监视指定附加网络配置(例如 `k8s.v1.cni.cncf.io/networks`)的 Pod 注解变化, |
| 102 | +来动态地为 Pod 重新配置网络接口。Pod 沙箱被 Kubelet 初始化(结合容器运行时)之后 |
| 103 | +Pod 网络配置的动态更新不反映在 `PodHasNetwork` 状况中。 |
| 104 | + |
| 105 | +<!-- |
| 106 | +### Try out the PodHasNetwork condition for pods |
| 107 | +
|
| 108 | +In order to have the kubelet report the `PodHasNetwork` condition in the status |
| 109 | +field of a pod, please enable the `PodHasNetworkCondition` feature gate on the |
| 110 | +kubelet. |
| 111 | +
|
| 112 | +For a pod whose runtime sandbox has been successfully created and has networking |
| 113 | +configured, the kubelet will report the `PodHasNetwork` condition with status set to `True`: |
| 114 | +--> |
| 115 | +### 试用 Pod 的 `PodHasNetwork` 状况 |
| 116 | + |
| 117 | +为了让 kubelet 在 Pod 的 status 字段中报告 `PodHasNetwork` 状况,需在 kubelet 上启用 |
| 118 | +`PodHasNetworkCondition` 特性门控。 |
| 119 | + |
| 120 | +对于已成功创建运行时沙箱并已配置网络的 Pod,在 status 设置为 `True` 后, |
| 121 | +kubelet 将报告 `PodHasNetwork` 状况: |
| 122 | + |
| 123 | +``` |
| 124 | +$ kubectl describe pod nginx1 |
| 125 | +Name: nginx1 |
| 126 | +Namespace: default |
| 127 | +... |
| 128 | +Conditions: |
| 129 | + Type Status |
| 130 | + PodHasNetwork True |
| 131 | + Initialized True |
| 132 | + Ready True |
| 133 | + ContainersReady True |
| 134 | + PodScheduled True |
| 135 | +``` |
| 136 | + |
| 137 | +<!-- |
| 138 | +For a pod whose runtime sandbox has not been created yet (and networking not |
| 139 | +configured either), the kubelet will report the `PodHasNetwork` condition with |
| 140 | +status set to `False`: |
| 141 | +--> |
| 142 | +对于尚未创建运行时沙箱(也未配置网络)的 Pod,在 status 设置为 `False` 后, |
| 143 | +kubelet 将报告 `PodHasNetwork` 状况: |
| 144 | + |
| 145 | +``` |
| 146 | +$ kubectl describe pod nginx2 |
| 147 | +Name: nginx2 |
| 148 | +Namespace: default |
| 149 | +... |
| 150 | +Conditions: |
| 151 | + Type Status |
| 152 | + PodHasNetwork False |
| 153 | + Initialized True |
| 154 | + Ready False |
| 155 | + ContainersReady False |
| 156 | + PodScheduled True |
| 157 | +``` |
| 158 | + |
| 159 | +<!-- |
| 160 | +### What’s next? |
| 161 | +
|
| 162 | +Depending on feedback and adoption, the Kubernetes team plans to push the |
| 163 | +reporting of the `PodHasNetwork` condition to Beta in 1.26 or 1.27. |
| 164 | +--> |
| 165 | +### 下一步是什么? |
| 166 | + |
| 167 | +Kubernetes 团队根据反馈和采用情况,计划在 1.26 或 1.27 中将 `PodHasNetwork` 状况的报告提升到 Beta 阶段。 |
| 168 | + |
| 169 | +<!-- |
| 170 | +### How can I learn more? |
| 171 | +
|
| 172 | +Please check out the |
| 173 | +[documentation](/docs/concepts/workloads/pods/pod-lifecycle/) for the |
| 174 | +`PodHasNetwork` condition to learn more about it and how it fits in relation to |
| 175 | +other pod conditions. |
| 176 | +--> |
| 177 | +### 我如何了解更多信息? |
| 178 | + |
| 179 | +请查阅 `PodHasNetwork` 状况有关的[文档](/zh-cn/docs/concepts/workloads/pods/pod-lifecycle/), |
| 180 | +以了解有关该状况的更多信息以及它与其他 Pod 状况的关系。 |
| 181 | + |
| 182 | +<!-- |
| 183 | +### How to get involved? |
| 184 | +
|
| 185 | +This feature is driven by the SIG Node community. Please join us to connect with |
| 186 | +the community and share your ideas and feedback around the above feature and |
| 187 | +beyond. We look forward to hearing from you! |
| 188 | +--> |
| 189 | +### 如何参与? |
| 190 | + |
| 191 | +此特性由 SIG Node 社区驱动。请加入我们与社区建立联系,并就上述特性及其他问题分享你的想法和反馈。 |
| 192 | +我们期待你的回音! |
| 193 | + |
| 194 | +<!-- |
| 195 | +### Acknowledgements |
| 196 | +
|
| 197 | +We want to thank the following people for their insightful and helpful reviews |
| 198 | +of the KEP and PRs around this feature: Derek Carr (@derekwaynecarr), Mrunal |
| 199 | +Patel (@mrunalp), Dawn Chen (@dchen1107), Qiutong Song (@qiutongs), Ruiwen Zhao |
| 200 | +(@ruiwen-zhao), Tim Bannister (@sftim), Danielle Lancashire (@endocrimes) and |
| 201 | +Agam Dua (@agamdua). |
| 202 | +--> |
| 203 | +### 致谢 |
| 204 | + |
| 205 | +我们要感谢以下人员围绕此特性对 KEP 和 PR 进行了极具洞察力和相当有助益的评审工作: |
| 206 | +Derek Carr (@derekwaynecarr)、Mrunal Patel (@mrunalp)、Dawn Chen (@dchen1107)、 |
| 207 | +Qiutong Song (@qiutongs)、Ruiwen Zhao (@ruiwen-zhao)、Tim Bannister (@sftim)、 |
| 208 | +Danielle Lancashire (@endocrimes) 和 Agam Dua (@agamdua)。 |
0 commit comments