Skip to content

KEP 753: SidecarContainers is GA #5081

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 4, 2025
Merged

KEP 753: SidecarContainers is GA #5081

merged 1 commit into from
Feb 4, 2025

Conversation

SergeyKanzhelev
Copy link
Member

  • One-line PR description:

SidecarContainer feature is going GA.

  • Issue link:

#753

  • Other comments:

All bugs listed were reviewed and are not critical for GA promotion.

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/kep Categorizes KEP tracking issues and PRs modifying the KEP directory labels Jan 23, 2025
@k8s-ci-robot k8s-ci-robot added sig/node Categorizes an issue or PR as relevant to SIG Node. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jan 23, 2025
mrunalp
mrunalp approved these changes Jan 23, 2025
View reviewed changes
Copy link
Contributor

@mrunalp mrunalp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 23, 2025
@SergeyKanzhelev SergeyKanzhelev mentioned this pull request Jan 23, 2025
Closed
15 tasks
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 30, 2025
@kannon92
Copy link
Contributor

kannon92 commented Jan 31, 2025
edited
Loading

PRR shadow:

Are there any tests for feature enablement/disablement?
Not yet, but it is planned/required to add them before graduation to Beta.

Can you update this to reflect the reality for GA?

https://github.com/kubernetes/enhancements/blob/ee4c27a15a9f8107deb2831654e4054314e0b7bb/keps/sig-node/753-sidecar-containers/README.md#what-are-other-known-failure-modes

I think the TBD should be filled out here as part of the GA promotion.

@toVersus
Copy link

toVersus commented Feb 2, 2025
edited
Loading

Can you update this to reflect the reality for GA?

It looks like there are no unit tests for enabling/disabling the SidecarContainers feature. Most likely, a test like the following should have been added to pkg/registry/core/pod/strategy_test.go.

TestSidecarContainersEnablement 
func TestSidecarContainersEnablement(t *testing.T) {
	containerRestartPolicyAlways := api.ContainerRestartPolicyAlways
	defaultTerminationGracePeriodSeconds := int64(30)

	getInitContainerRestartPolicy := func(pod *api.Pod) *api.ContainerRestartPolicy {
		return pod.Spec.InitContainers[0].RestartPolicy
	}

	podWithInitContainerRestartPolicy := func() *api.Pod {
		return &api.Pod{
			ObjectMeta: metav1.ObjectMeta{
				Namespace:       "default",
				Name:            "foo",
				ResourceVersion: "1",
			},
			Spec: api.PodSpec{
				DNSPolicy:     api.DNSDefault,
				RestartPolicy: api.RestartPolicyAlways,
				InitContainers: []api.Container{
					{
						Name:                     "restartable1",
						Image:                    "image",
						ImagePullPolicy:          "IfNotPresent",
						TerminationMessagePolicy: "File",
						RestartPolicy:            &containerRestartPolicyAlways,
					},
				},
				Containers: []api.Container{
					{
						Name:                     "regular1",
						Image:                    "image",
						ImagePullPolicy:          "IfNotPresent",
						TerminationMessagePolicy: "File",
					},
				},
				TerminationGracePeriodSeconds: &defaultTerminationGracePeriodSeconds,
			},
		}
	}

	podWithoutInitContainerRestartPolicy := func() *api.Pod {
		return &api.Pod{
			ObjectMeta: metav1.ObjectMeta{
				Namespace:       "default",
				Name:            "foo",
				ResourceVersion: "1",
			},
			Spec: api.PodSpec{
				DNSPolicy:     api.DNSDefault,
				RestartPolicy: api.RestartPolicyAlways,
				InitContainers: []api.Container{
					{
						Name:                     "restartable1",
						Image:                    "image",
						ImagePullPolicy:          "IfNotPresent",
						TerminationMessagePolicy: "File",
					},
				},
				Containers: []api.Container{
					{
						Name:                     "regular1",
						Image:                    "image",
						ImagePullPolicy:          "IfNotPresent",
						TerminationMessagePolicy: "File",
					},
				},
				TerminationGracePeriodSeconds: &defaultTerminationGracePeriodSeconds,
			},
		}
	}

	testCases := []struct {
		description string
		gateEnabled bool
		newPod      *api.Pod
		wantPod     *api.Pod
	}{
		{
			description: "gate enabled, creating pods with init container's restart policy",
			gateEnabled: true,
			newPod:      podWithInitContainerRestartPolicy(),
			wantPod:     podWithInitContainerRestartPolicy(),
		},
		{
			description: "gate disabled, creating pods with init container's restart policy",
			gateEnabled: false,
			newPod:      podWithInitContainerRestartPolicy(),
			wantPod:     podWithoutInitContainerRestartPolicy(),
		},
	}

	for _, tc := range testCases {
		t.Run(tc.description, func(t *testing.T) {
			featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.SidecarContainers, tc.gateEnabled)

			newPod := tc.newPod

			Strategy.PrepareForCreate(genericapirequest.NewContext(), newPod)
			if errs := Strategy.Validate(genericapirequest.NewContext(), newPod); len(errs) != 0 {
				t.Errorf("Unexpected error: %v", errs.ToAggregate())
			}

			if diff := cmp.Diff(getInitContainerRestartPolicy(newPod), getInitContainerRestartPolicy(tc.wantPod)); diff != "" {
				t.Fatalf("Unexpected modification to container restart policy; diff (-got +want)\n%s", diff)
			}
		})
	}
}

However, once the SidecarContainers feature reaches GA and is locked to default in kubernetes/kubernetes#129731, the above test will no longer work and will need to be removed within that PR. I also looked at other KEPs, and in most cases, there are no unit tests for feature enablement/disablement. So, would simply updating the description be sufficient?

Edit: As shown in kubernetes/kubernetes#129731, using featuregatetesting.SetFeatureGateEmulationVersionDuringTest would have allowed us to keep the above test even after it graduated to GA. However, since there is already a test for enabling and disabling the SidecarContainers feature here, the above test case may not be necessary.

@toVersus
Copy link

toVersus commented Feb 2, 2025

I think the TBD should be filled out here as part of the GA promotion.

Two out of the three are already covered by E2E tests. So, should we just add links to the E2E tests?

Sidecar container uses a preStop hook that make the container exit during Pod shutdown, sidecar is restarted, leading to a CrashLoopBackOff

The last one is about unintended use case. I think that explaining it in the Sidecar Containers's best practice would make implementing a test in Kubernetes unnecessary. Writing a test for this could be a bit tricky, but if it's absolutely necessary, I can look into whether it can be implemented.

@SergeyKanzhelev SergeyKanzhelev mentioned this pull request Feb 3, 2025
Merged
@SergeyKanzhelev
Copy link
Member Author

thanks all, updated!

toVersus
toVersus reviewed Feb 3, 2025
View reviewed changes
@jpbetz
Copy link
Contributor

jpbetz commented Feb 4, 2025

/approve
For PRR

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 4, 2025
swatisehgal
swatisehgal approved these changes Feb 4, 2025
View reviewed changes
Copy link
Contributor

@swatisehgal swatisehgal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 4, 2025
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jpbetz, mrunalp, SergeyKanzhelev, swatisehgal

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit 2a8c6cb into kubernetes:master Feb 4, 2025
4 checks passed
@k8s-ci-robot k8s-ci-robot added this to the v1.33 milestone Feb 4, 2025
@SergeyKanzhelev SergeyKanzhelev deleted the sidecarGA branch February 4, 2025 16:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mrunalp mrunalp mrunalp approved these changes

@jeremyrickard jeremyrickard Awaiting requested review from jeremyrickard

+2 more reviewers

@toVersus toVersus toVersus left review comments

@swatisehgal swatisehgal swatisehgal approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees

@mrunalp mrunalp

@swatisehgal swatisehgal

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/kep Categorizes KEP tracking issues and PRs modifying the KEP directory lgtm "Looks good to me", indicates that a PR is ready to be merged. sig/node Categorizes an issue or PR as relevant to SIG Node. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
v1.33
Development

Successfully merging this pull request may close these issues.
7 participants
@SergeyKanzhelev @kannon92 @toVersus @jpbetz @k8s-ci-robot @mrunalp @swatisehgal