@@ -155,12 +155,22 @@ semantics, as opposed to Jobs.
155155
156156### Risks and Mitigations
157157
158- Jobs have a known issue in which more than one Pod can be started even if
159- parallelism and completion are set to 1 ([reference]). In the case of indexed
160- Jobs, this translates to more than one Pod having the same index.
158+ - More than one pod per index
159+ Jobs have a known issue in which more than one Pod can be started even if
160+ parallelism and completion are set to 1 ([reference]). In the case of indexed
161+ Jobs, this translates to more than one Pod having the same index.
161162
162- Just like for existing Job patterns, workloads have to handle duplicates at the
163- application level.
163+ Just like for existing Job patterns, workloads have to handle duplicates at the
164+ application level.
165+
166+ - Jobs with a high number of parallelism produce starvation on small jobs
167+
168+ This problem is not unique to Indexed Jobs, but the new API might motivate
169+ use cases with higher degree of parallelism.
170+
171+ In a Job sync, the controller will be limited to create or delete up to 500
172+ Pods. The controller processes the remaining operations in subsequent syncs,
173+ which it schedules with no delay.
164174
165175[reference]: https://kubernetes.io/docs/concepts/workloads/controllers/job/#handling-pod-and-container-failures
166176
@@ -212,7 +222,7 @@ type JobStatus struct {
212222
213223 // CompletedIndexes holds the completed indexes when .spec.completionMode =
214224 // "Indexed" in a text format. The indexes are represented as decimal integers
215- // separated by commas. The numbers are listed in increasing order. Two or
225+ // separated by commas. The numbers are listed in increasing order. Three or
216226 // more consecutive numbers are compressed and represented by the first and
217227 // last element of the series, separated by a hyphen.
218228 // For example, if the completed indexes are 1, 3, 4, 5 and 7, they are
@@ -335,15 +345,15 @@ gate enabled and disabled.
335345# ### Alpha -> Beta Graduation
336346
337347- Complete features :
338- - Indexed Jobs when tracking completion without lingering Pods
348+ - Indexed Jobs when tracking completion with finalizers.
339349 [kubernetes/enhancements#2307](https://github.com/kubernetes/enhancements/issues/2307).
340350
341351 Keeping the size of .status.completedIndexes is desirable to reduce load
342352 on watchers. We will evaluate holding of from counting completed Pods that
343353 have an outlying index. That is, contiguous indexes would be counted first.
344354 This allows to keep the size of the compressed list small.
345- - Gather feedback from end users and operators' developers. Open questions :
346- - Are stable Pod names necessary?
355+ - Add metrics.
356+ - Enable feature gate IndexedJob by default.
347357- Tests are in Testgrid and linked in KEP
348358
349359# ### Beta -> GA Graduation
@@ -419,69 +429,72 @@ _This section must be completed when targeting alpha to a release._
419429_This section must be completed when targeting beta graduation to a release._
420430
421431* **How can a rollout fail? Can it impact already running workloads?**
422- Try to be as paranoid as possible - e.g., what if some components will restart
423- mid-rollout?
432+
433+ If the new kube-controller-manager crashes, it's possible that an older
434+ version of it would pick it up. In 1.21, when the IndexedJob feature is
435+ disabled (default), the controller would not sync Indexed Jobs, that is : the
436+ controller doesn't create or delete Pods and doesn't update Job status.
437+ Running Pods are not affected.
424438
425439* **What specific metrics should inform a rollback?**
426440
441+ - job_sync_duration_seconds shows significantly more latency for label
442+ mode=Indexed Jobs than mode=NonIndexed.
443+ - job_sync_total shows more errors for mode=Indexed than mode=NonIndexed.
444+ - job_finished_total shows that Jobs with mode=Indexed don't finish.
445+
427446* **Were upgrade and rollback tested? Was the upgrade->downgrade->upgrade path tested?**
428- Describe manual testing that was done and the outcomes.
429- Longer term, we may want to require automated upgrade/rollback tests, but we
430- are missing a bunch of machinery and tooling and can't do that now.
447+
448+ Manual test :
449+
450+ 1. Deploy k8s 1.21 cluster
451+ 1. Upgrade to 1.22
452+ 1. Create Indexed Job with big number of completions and pods that run for ~10min.
453+ 1. Downgrade to 1.21. Verify that no new pods are created for the Indexed Job.
454+ 1. Upgrade to 1.22. Verify that new pods are created for Indexed Job.
431455
432456* **Is the rollout accompanied by any deprecations and/or removals of features, APIs,
433457fields of API types, flags, etc.?**
434- Even if applying deprecation policies, they may still surprise some users.
458+
459+ No
435460
436461# ## Monitoring Requirements
437462
438463_This section must be completed when targeting beta graduation to a release._
439464
440465* **How can an operator determine if the feature is in use by workloads?**
441- Ideally, this should be a metric. Operations against the Kubernetes API (e.g.,
442- checking if there are objects with field X set) may be a last resort. Avoid
443- logs or events for this purpose.
466+
467+ - job_sync_total has values for the label mode=Indexed.
444468
445469* **What are the SLIs (Service Level Indicators) an operator can use to determine
446470the health of the service?**
447- - [ ] Metrics
448- - Metric name :
449- - [Optional] Aggregation method :
450- - Components exposing the metric :
451- - [ ] Other (treat as last resort)
452- - Details :
471+
472+ - [x] Metrics
473+ - Metric name (all new) :
474+ - job_sync_duration_seconds : tracks the latency of a Job sync.
475+ - job_sync_total : tracks the number of Job syncs.
476+ - job_finished_total : tracks the number of Jobs that finish as
477+ result=failed/succeeded
478+ - Components exposing the metric : kube-controller-manager
453479
454480* **What are the reasonable SLOs (Service Level Objectives) for the above SLIs?**
455- At a high level, this usually will be in the form of "high percentile of SLI
456- per day <= X". It's impossible to provide comprehensive guidance, but at the very
457- high level (needs more precise definitions) those may be things like :
458- - per-day percentage of API calls finishing with 5XX errors <= 1%
459- - 99% percentile over day of absolute value from (job creation time minus expected
460- job creation time) for cron job <= 10%
461- - 99,9% of /health requests per day finish with 200 code
462481
482+ - per-day percentage of job_sync_total with label result=error <= 1%
483+ - 99% percentile over day for job_sync_duration_seconds is <= 15s, assuming
484+ a client-side QPS limit of 50 calls per second.
485+
463486* **Are there any missing metrics that would be useful to have to improve observability
464487of this feature?**
465- Describe the metrics themselves and the reasons why they weren't added (e.g., cost,
466- implementation difficulties, etc.).
488+
489+ N/A
467490
468491# ## Dependencies
469492
470493_This section must be completed when targeting beta graduation to a release._
471494
472495* **Does this feature depend on any specific services running in the cluster?**
473- Think about both cluster-level services (e.g. metrics-server) as well
474- as node-level agents (e.g. specific version of CRI). Focus on external or
475- optional services that are needed. For example, if this feature depends on
476- a cloud provider API, or upon an external software-defined storage or network
477- control plane.
478496
479- For each of these, fill in the following—thinking about running existing user workloads
480- and creating new ones, as well as about cluster-level services (e.g. DNS) :
481- - [Dependency name]
482- - Usage description :
483- - Impact of its outage on the feature :
484- - Impact of its degraded performance or high-error rates on the feature :
497+ Feature only involves kube-apiserver and kube-controller-manager.
485498
486499
487500# ## Scalability
@@ -544,35 +557,37 @@ _This section must be completed when targeting beta graduation to a release._
544557
545558* **How does this feature react if the API server and/or etcd is unavailable?**
546559
560+ The job controller can't create or delete pods nor update job status.
561+ The metric job_sync_total increases for label result=error.
562+ Existing pods continue to run.
563+
547564* **What are other known failure modes?**
548- For each of them, fill in the following information by copying the below template :
549- - [Failure mode brief description]
550- - Detection : How can it be detected via metrics? Stated another way:
551- how can an operator troubleshoot without logging into a master or worker node?
552- - Mitigations : What can be done to stop the bleeding, especially for already
553- running user workloads?
554- - Diagnostics : What are the useful log messages and their required logging
555- levels that could help debug the issue?
556- Not required until feature graduated to beta.
557- - Testing : Are there any tests for failure mode? If not, describe why.
565+
566+ None.
558567
559568* **What steps should be taken if SLOs are not being met to determine the problem?**
560569
570+ 1. Check job_sync_total with label result=error. See if it varies for
571+ different completion modes.
572+ 1. Verify if kube-apiserver is healthy. If not, the Job controller can't operate.
573+ 1. Check job_sync_duration_seconds. If the latency is increased, verify if it
574+ varies for different completion modes.
575+ Note that latency increases linearly with the Job's parallelism.
576+
561577[supported limits] : https://git.k8s.io/community//sig-scalability/configs-and-limits/thresholds.md
562578[existing SLIs/SLOs] : https://git.k8s.io/community/sig-scalability/slos/slos.md#kubernetes-slisslos
563579
564580# # Implementation History
565581
566582* 2021-01-08: First version of the KEP in provisional status. Design Details
567583 completed.
568- * 2021-03-03-09: Feature implemented under feature gate disabled by default.
584+ * 2021-03-09: Feature implemented under feature gate disabled by default.
585+ * 2021-04-09: KEP updated for graduation to beta.
569586
570587# # Drawbacks
571588
572589* Adds more complexity to the Job controller in terms of Pod and Pod status
573590 management, as it introduces a new mode.
574- * Failed Pods are removed before being replaced by new Pods, reducing end-user
575- debugging capabilities. However, failed Pod persists when the whole Job fails.
576591
577592# # Alternatives
578593
0 commit comments