pod LifecycleHandler should support a `sleep` option

[thockin]

Many people use exec to run sleep in their container. This works, but it's kludgey and requirtes them to have a sleep binary in the image. We should offer sleep as a first-class thing.

I hacked up a quick POC. This is obviopusly incomplete (no tests, no feature gate, poor API docs, etc) but could be a starting point for someone who wants to contribute. I assume it would have to sit in Alpha for a while to deal with back-rev kubelets, so the sooner it gets in the sooner it van be used.

This might warrant a micro KEP, but that's not something to be afraid of. Happy to help if someone wants to pick this up.

My hacky POC:

diff --git a/pkg/apis/core/types.go b/pkg/apis/core/types.go
index fbbecb00d58..67a16fe629c 100644
--- a/pkg/apis/core/types.go
+++ b/pkg/apis/core/types.go
@@ -2316,6 +2316,8 @@ type LifecycleHandler struct {
 	// lifecycle hooks will fail in runtime when tcp handler is specified.
 	// +optional
 	TCPSocket *TCPSocketAction
+	// Sleep pauses further lifecycle progress for a defined time period.
+	Sleep *SleepAction
 }
 
 type GRPCAction struct {
@@ -2353,6 +2355,12 @@ type Lifecycle struct {
 	PreStop *LifecycleHandler
 }
 
+// SleepAction describes an action which simply sleeps.
+type SleepAction struct {
+	// Seconds is the number of seconds to sleep.
+	Seconds int32
+}
+
 // The below types are used by kube_client and api_server.
 
 // ConditionStatus defines conditions of resources
diff --git a/pkg/kubelet/lifecycle/handlers.go b/pkg/kubelet/lifecycle/handlers.go
index 910c7a42edc..8b56aada182 100644
--- a/pkg/kubelet/lifecycle/handlers.go
+++ b/pkg/kubelet/lifecycle/handlers.go
@@ -26,6 +26,7 @@ import (
 	"net/url"
 	"strconv"
 	"strings"
+	"time"
 
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
@@ -86,6 +87,9 @@ func (hr *handlerRunner) Run(ctx context.Context, containerID kubecontainer.Cont
 			klog.V(1).ErrorS(err, "HTTP lifecycle hook for Container in Pod failed", "path", handler.HTTPGet.Path, "containerName", container.Name, "pod", klog.KObj(pod))
 		}
 		return msg, err
+	case handler.Sleep != nil:
+		hr.runSleepHandler(ctx, handler.Sleep.Seconds)
+		return "", nil
 	default:
 		err := fmt.Errorf("invalid handler: %v", handler)
 		msg := fmt.Sprintf("Cannot run handler: %v", err)
@@ -201,6 +205,10 @@ func discardHTTPRespBody(resp *http.Response) {
 	}
 }
 
+func (hr *handlerRunner) runSleepHandler(ctx context.Context, seconds int32) {
+	time.Sleep(time.Duration(seconds) * time.Second)
+}
+
 // NewAppArmorAdmitHandler returns a PodAdmitHandler which is used to evaluate
 // if a pod can be admitted from the perspective of AppArmor.
 func NewAppArmorAdmitHandler(validator apparmor.Validator) PodAdmitHandler {
diff --git a/staging/src/k8s.io/api/core/v1/types.go b/staging/src/k8s.io/api/core/v1/types.go
index 0d491bdf84f..2971306c998 100644
--- a/staging/src/k8s.io/api/core/v1/types.go
+++ b/staging/src/k8s.io/api/core/v1/types.go
@@ -2536,6 +2536,8 @@ type LifecycleHandler struct {
 	// lifecycle hooks will fail in runtime when tcp handler is specified.
 	// +optional
 	TCPSocket *TCPSocketAction `json:"tcpSocket,omitempty" protobuf:"bytes,3,opt,name=tcpSocket"`
+	// Sleep pauses further lifecycle progress for a defined time period.
+	Sleep *SleepAction
 }
 
 // Lifecycle describes actions that the management system should take in response to container lifecycle
@@ -2561,6 +2563,12 @@ type Lifecycle struct {
 	PreStop *LifecycleHandler `json:"preStop,omitempty" protobuf:"bytes,2,opt,name=preStop"`
 }
 
+// SleepAction describes an action which simply sleeps.
+type SleepAction struct {
+	// Seconds is the number of seconds to sleep.
+	Seconds int32 `json:"seconds" protobuf:"varint,1,opt,name=seconds"`
+}
+
 type ConditionStatus string
 
 // These are valid condition statuses. "ConditionTrue" means a resource is in the condition.

[k8s-ci-robot]

@thockin: This issue is currently awaiting triage.

If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[Namanl2001]

/assign

[Namanl2001]

Hi @thockin, I'm interested in working on this, but I would like to understand this issue clearly before starting. Therefore I have a few questions from the issue description -

1. when/why users want to run sleep in their container?
2. what is a sleep binary?
3. what does the following mean:
   a. feature gate
   b. back-rev kubelets
4. for this feature, should we draft a KEP before making any code changes?

Thanks

[thockin]

https://www.google.com/search?q=Pod+lifecycle+preStop+%22sleep%22&sxsrf=ALiCzsadORiMMt3ZS8rI22iWfGHaKw4jBg%3A1671131131335&ei=-2-bY_-IFPPekPIPqcC_yAI&ved=0ahUKEwi_8tLLqPz7AhVzL0QIHSngDykQ4dUDCBA&uact=5&oq=Pod+lifecycle+preStop+%22sleep%22&gs_lcp=Cgxnd3Mtd2l6LXNlcnAQAzIICCEQwwQQoAEyCAghEMMEEKABMggIIRDDBBCgAToKCAAQRxDWBBCwAzoFCCEQoAFKBAhBGABKBAhGGABQzQZYrRJgvBVoAXABeACAAb4BiAHLApIBAzAuMpgBAKABAcgBCMABAQ&sclient=gws-wiz-serp

It's kind of a hack, but it's what people are doing today and it works.

The TL;DR is that they want to block the delivery of SIGTERM. The preStop hook has that effect. preStop has an exec option, so people exec sleep. The way exec works is that we run a command INSIDE the container, which means the command being run must exist in the container image. This is unpleasant because the more stuff you put in your image, the more opportunities there are for security problems.

So I posit that making a way to do it in the API would be nicer.

Feature gates are how we put code in the tree but don't turn it on by default. See pkg/features/kube_features.go .

The problem we need to consider in adding a new API field like this is what happens when someone consumes the API but only knows about the older API without this new field? We specifically allow kubelet to be older than the API server by several releases. So, suppose:

• we add this field in v1.27
• user creates a pod with lifecycle.preStop.sleep set to 10 seconds
• API server accepts the pod
• kubelet is still v1.26, so does not know about sleep
• kubelet sees the pod with lifecycle.preStop set but none of the fields it knows about are set
  • is this an error? That would be bad
  • does it ignore the field? That would be bad

So the way we handle this usually is a feature gate. What should happen is:

• we add this field in v1.27, but alpha feature-gated and off by default
  • this means you can't use it unless you SPECIFICALLY enable the feature-gate
  • we add the code to implement the feature but reject any API operations that try to use it
  • if you enable the feature gate, you are accepting responsibility for version-skew problems
• we wait for 3 releases (max supported kubelet skew)
  • in a v1.30 apiserver, the oldest kubelet we support is v1.27, which supports sleep
• we change the gate in v1.30 to beta and on by default
• user creates a pod with lifecycle.preStop.sleep set to 10 seconds
• API server accepts the pod
• kubelet is still v1.27, which does know about sleep
• kubelet can enact sleep

There are lots of examples of API changes that follow a similar pattern. Most don't affect kubelet, so only need to wait 1 release. Unfortunately, kubelet is a bigger deal.

Writing a small KEP probably makes sense.

[aojea]

It's kind of a hack, but it's what people are doing today and it works.

this sounds like a house of bugs for sig-node and sig-network, is not only the impact on the pod lifecycle that is worrysome, because there still a lot more work to have it completely right:

#113606
#113717

, is also the impact on things like probes, per example, there were important regressions that went unnoticed during several releases

https://github.com/kubernetes/kubernetes/issues?q=is%3Aissue+probe+is%3Aclosed+label%3Akind%2Fregression