-
Notifications
You must be signed in to change notification settings - Fork 40k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kubelet: check for illegal container state transition #54597
kubelet: check for illegal container state transition #54597
Conversation
a1bbc4b
to
5a36fc4
Compare
/sig node |
is there any benefit to doing the same check on the other side of the channel? doing it here is definitely good. |
/assign @derekwaynecarr |
5a36fc4
to
420b272
Compare
I don't think so. The only writer to the channel is |
fair enough. /lgtm |
fyi @dchen1107 |
420b272
to
be7093c
Compare
@derekwaynecarr improved error message to include pod namespace and name. please re-lgtm. |
/lgtm |
/test pull-kubernetes-node-e2e |
@joelsmith I think it is breaking them. Looking at it. |
be7093c
to
449fc02
Compare
@joelsmith I've restricted the check to pods with |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: derekwaynecarr, joelsmith, sjenning Associated issue: 54499 The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
Automatic merge from submit-queue (batch tested with PRs 54597, 54593, 54081, 54271, 54600). If you want to cherry-pick this change to another branch, please follow the instructions here. |
xref kubernetes#54597 :100644 100644 a2047a8b54... 6b9f3cffd0... M pkg/kubelet/status/status_manager.go
Automatic merge from submit-queue (batch tested with PRs 53962, 54708). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Prevent successful containers from restarting with OnFailure restart policy **What this PR does / why we need it**: This is a follow-on to #54597 which makes sure that its validation also applies to pods with a restart policy of OnFailure. This deficiency was pointed out by @smarterclayton here: #54530 (comment) **Which issue this PR fixes** This is another fix to address #54499 **Release note**: ```release-note NONE ```
supersedes #54530
Puts a state transition check in the kubelet status manager to detect and block illegal transitions; namely from terminated to non-terminated.
@smarterclayton @derekwaynecarr @dashpole @joelsmith @frobware
I confirmed that the reproducer in #54499 does not work with this check in place. The erroneous kubelet status update is rejected:
After fix #54593, I do not see the message with the above mentioned reproducer.