Deprecate Kubelet RunOnce mode

[HirazawaUi]

What type of PR is this?

/kind feature

What this PR does / why we need it:

Deprecate kubelet support for RunOnce mode.

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?

Added a alpha feature, behind the `LegacyNodeRunOnceMode` feature gate.
The feature gate is enabled by default. When the feature gate is disabled, we do not allow users to run in RunOnce mode.

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/4580-deprecate-kubelet-runonce/README.md

[HirazawaUi]

/hold
Until kubernetes/enhancements#4736 merged.

[HirazawaUi]

/retest

[HirazawaUi]

/retest

[HirazawaUi]

/retest

[toVersus]

As mentioned in the KEP-4580, why don't you log this as a warning level message?

Suggested change

	klog.InfoS("WARNING: RunOnce mode has been deprecated, and will be removed in a future release")
	klog.Warning("WARNING: RunOnce mode has been deprecated, and will be removed in a future release")

I was just wondering, if kubelet's log level is set to error or higher, the deprecation warning is missed. Should we consider always writing deprecation message without relying on klog? Never mind, since klog only has the -v option, it will probably always be logged even with -v=0.

[HirazawaUi]

As mentioned in the KEP-4580, why don't you log this as a warning level message?

This is what I originally wanted to do, but lint doesn't like the warning function, so I chose to use InfoS instead.

If the PR is approved, I will modify the KEP

[tallclair]

Could just make it an error.

Suggested change

	klog.InfoS("WARNING: RunOnce mode has been deprecated, and will be removed in a future release")
	klog.ErrorS("RunOnce mode is deprecated, and will be removed in a future release")

[HirazawaUi]

/retest

[a-mccarthy]

Hi @HirazawaUi, I'm Abbie the comms lead for 1.31. Can you share the status of this PR? We are close to publishing the mid-cycle blog and this deprecation is listed. I'd like to make sure we should still include this in the blog.

Also, can you make sure this PR is linked in kubernetes/enhancements#4580? thanks!

cc: @neoaggelos

[HirazawaUi]

@a-mccarthy This PR is waiting for review. I will remind the reviewer of sig-node to review it later in slack.

[HirazawaUi]

Also, can you make sure this PR is linked in kubernetes/enhancements#4580? thanks!

added.

[HirazawaUi]

/cc @tallclair
May you take a look at it?

[mrunalp]

@thockin I see this akin to #126084. So, we should drop the language around removal, right?

[mrunalp]

@HirazawaUi Also, we should adjust the language to encourage migrating to alternatives covered in the KEP for this.

[HirazawaUi]

Also, we should adjust the language to encourage migrating to alternatives covered in the KEP for this.

Added. Do you think we should add the URL for podman kube? (I believe it's not necessary because the URL for podman kube might change).

[bart0sh]

/triage accepted
/priority important-soon

[HirazawaUi]

/test pull-kubernetes-unit

[thockin]

Unlike the gitRepo volume case, this is not a part of the API, so it counts as "admin-facing" (as per https://kubernetes.io/docs/reference/using-api/deprecation-policy). Thus it is possible to deprecate, but the KEP does not discuss the actual timeline. I'd appreciate clarity on that (see https://kubernetes.io/docs/reference/using-api/deprecation-policy/#deprecating-a-feature-or-behavior in particular)

[thockin]

panic will dump a backtrace - is that really what we need? It will appear to users as a bug or crash.

[HirazawaUi]

It's not uncommon for panic to occur in kubelet, a similar use cases like:

kubernetes/pkg/kubelet/status/status_manager.go

Lines 199 to 207 in 0caeba5

	if utilfeature.DefaultFeatureGate.Enabled(features.InPlacePodVerticalScaling) {
	stateImpl, err := state.NewStateCheckpoint(m.stateFileDirectory, podStatusManagerStateFile)
	if err != nil {
	// This is a crictical, non-recoverable failure.
	klog.ErrorS(err, "Could not initialize pod allocation checkpoint manager, please drain node and remove policy state file")
	panic(err)
	}
	m.state = stateImpl
	}

[thockin]

I leave this for.kubele reviewers, but IMO panic is not a very obvious failure mechanism

[haircommander]

yeah I agree that panic is a bit much. Can you exist with an error and log an error instead? Personally I think panics should be reserved for coding errors, whereas this is a configuration error.

[thockin]

See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/feature-gates.md#deprecation

It describes how to deprecate with gates (though in this case you want to start with it enabled, to satisfy deprecation policy)

[thockin]

I would leave a TODO here to change default to false in or after 1.34

[HirazawaUi]

See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/feature-gates.md#deprecation

It describes how to deprecate with gates (though in this case you want to start with it enabled, to satisfy deprecation policy)

Thanks for the reminder.

I would leave a TODO here to change default to false in or after 1.34

Since the KEP describes that it will be set to false by default in v1.32, I have added comment according to the KEP.

[thockin]

The deprecation policy is a little vague about this. It says "Deprecated behaviors must function for no less than 1 year after their announced deprecation." Do we think that "function" means "by default" or "with effort" ?

My read of it was "by default"

[HirazawaUi]

All right, I have updated the comment.

[k8s-ci-robot]

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[thockin]

LGTM if OK with node folks

/approve
/hold

Clear hold when fully reviewed

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: HirazawaUi, thockin

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• cmd/kubelet/OWNERS [thockin]
• pkg/features/OWNERS [thockin]
• pkg/kubelet/apis/config/OWNERS [thockin]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[haircommander]

can you update the merge conflict too please @HirazawaUi ?

[HirazawaUi]

/close
ref: kubernetes/enhancements#4736 (comment)

[k8s-ci-robot]

@HirazawaUi: Closed this PR.

In response to this:

/close
ref: kubernetes/enhancements#4736 (comment)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.