[dev-1.29] Add docs for KEP 4216: Image pull per runtime class #44028
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
👷 Deploy Preview for kubernetes-io-vnext-staging processing.
|
k8s-ci-robot
added
the
size/XS
k8s-ci-robot
added
the
sig/docs
There was a problem hiding this comment.
Thanks.
Where's the rest of the documentation? I'd expect a mention within https://kubernetes.io/docs/concepts/containers/images/ and maybe also https://kubernetes.io/docs/concepts/containers/runtime-class/
content/en/docs/reference/command-line-tools-reference/feature-gates.md
Outdated
Show resolved
Hide resolved
content/en/docs/reference/command-line-tools-reference/feature-gates.md
Outdated
Show resolved
Hide resolved
@sftim there was a conversation related to this in the PR I have linked in the description #43541 (comment) |
kiashok
force-pushed
the
docs-kep4216-dev1.29
branch
2 times, most recently
from
02a3463 to
d7cd60f
Compare
content/en/docs/reference/command-line-tools-reference/feature-gates.md
Outdated
Show resolved
Hide resolved
|
/sig windows |
k8s-ci-robot
added
sig/windows
kiashok
force-pushed
the
docs-kep4216-dev1.29
branch
from
d7cd60f to
9847709
Compare
|
Quoting #43541 (comment):
Thanks, but (writing as a tech lead for SIG Docs), we disagree. Even if the ecosystem doesn't have this support today, that could change before v1.29 goes out of support. When we add functionality to Kubernetes that a user could use, we want to document it. Hence, please document the feature. Don't assume that readers will go the feature gates page or the source code to find out how Kubernetes works in this regard. For alpha, a few lines of documentation may be enough. For beta, the docs should be close to GA quality. |
As mentioned in the conversations on the other PR, there is no support from any container runtime and there is no working e2e functionality for this featue yet. The alpha changes for kubelet is only helping to plumb the newly introduced 'RuntimeHandler' ImageSpec CRI field to container runtimes and the runtimes that would like to support this feature can use it. Specifically I am working on adding support in containerd Runtime and when we go beta in 1.29 is when there will be something significant for the user to use. I think there is no value in adding any documentation for the feature in alpha at all at this point. |
There was a problem hiding this comment.
(reiterating the request for documentation, ahead of shipping a change that's exposed outside of Kubernetes itself)
kiashok
force-pushed
the
docs-kep4216-dev1.29
branch
from
9847709 to
1f6fde7
Compare
k8s-ci-robot
added
size/S
added generic documentation for this feature. |
| In K8s v1.29.0-alpha.3, CRI changes needed to support image pulls based on pod runtime class | ||
| has been introduced. It is under feature gate `RuntimeClassInImageCriApi` and off by default. | ||
|
|
||
| When the image pull per runtime class is GA, container images will be referenced as a tuple of | ||
| (imageName, runtimeHandler) instead of just the imageName or image digest. This will be helpful | ||
| in pulling suitable images for running VM based containers. | ||
| Container runtimes may or may not add support for this feature. |
There was a problem hiding this comment.
| In K8s v1.29.0-alpha.3, CRI changes needed to support image pulls based on pod runtime class | |
| has been introduced. It is under feature gate `RuntimeClassInImageCriApi` and off by default. | |
| When the image pull per runtime class is GA, container images will be referenced as a tuple of | |
| (imageName, runtimeHandler) instead of just the imageName or image digest. This will be helpful | |
| in pulling suitable images for running VM based containers. | |
| Container runtimes may or may not add support for this feature. | |
| {{< feature-state for_k8s_version="v1.29" state="alpha" >}} | |
| Kubernetes includes alpha support for performing image pulls based on the RuntimeClass of a Pod. | |
| If you enable the `RuntimeClassInImageCriApi` [feature gate](/docs/reference/command-line-tools-reference/feature-gates/), | |
| the kubelet references container images by a tuple of (image name, runtime handler) rather than just the | |
| image name or digest. Your {{< glossary_tooltip text="container runtime" term_id="container-runtime" >}} | |
| may adapt its behavior based on the selected runtime handler. Provided your container runtime does include | |
| support, this extra information passed via {{< glossary_tooltip text="CRI" term_id="cri" >}} is useful | |
| if you mix low level runtime based on virtualization with runtimes based on Linux (cgroup and namespace) process isolation. |
There was a problem hiding this comment.
@sftim I am not sure I understand what you mean by "if you mix low level runtime based on virtualization with runtimes based on Linux (cgroup and namespace) process isolation.".
There was a problem hiding this comment.
Changed to:
{{< feature-state for_k8s_version="v1.29" state="alpha" >}}
Kubernetes includes alpha support for performing image pulls based on the RuntimeClass of a Pod.
If you enable the RuntimeClassInImageCriApi feature gate,
the kubelet references container images by a tuple of (image name, runtime handler) rather than just the
image name or digest. Your {{< glossary_tooltip text="container runtime" term_id="container-runtime" >}}
may adapt its behavior based on the selected runtime handler.
Pulling images based on runtime class will be helpful for VM based containers like windows hyperV containers.
There was a problem hiding this comment.
The feature is only really relevant if you use different ways to run containers, on the same node. For example, if everything is gVisor on a node, you don't need this feature. Or if everything is Kata + Firecracker.
| @@ -44,6 +44,16 @@ There are additional rules about where you can place the separator | |||
| characters (`_`, `-`, and `.`) inside an image tag. | |||
| If you don't specify a tag, Kubernetes assumes you mean the tag `latest`. | |||
|
|
|||
| ## Image pull per runtime class | |||
There was a problem hiding this comment.
I would move this to just before the heading ## Serial and parallel image pulls, and make it a 3rd level (### heading).
|
Hello @kiashok! The deadline to have this PR merged is Tuesday, November 28. Enhancements that do not include required documentation may not be included in the release. Is there anything I can do to help get this ready to merge? Thanks! |
Signed-off-by: Kirtana Ashok <[email protected]> (cherry picked from commit 10a984d) Signed-off-by: Kirtana Ashok <[email protected]>
kiashok
force-pushed
the
docs-kep4216-dev1.29
branch
from
1f6fde7 to
edddb55
Compare
|
See #44028 (comment) for some pending feedback. /lgtm |
k8s-ci-robot
added
the
lgtm
|
LGTM label has been added. Git tree hash: 40a31711b1fb04c6d0114e7bc57de5ae46b847d1
|
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: katcosgrove The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
Add docs for KEP 4216: https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/4216-image-pull-per-runtime-class which has been accepted for k8s 1.29
P.S. : Opened this PR against dev-1.29 branch based on review comment here #43541 (comment)