►
Description
Kubernetes Enhancement Proposal (KEP) Reading Club is an initiative by sig-architecture.
KEPs covered in this session:
- https://github.com/kubernetes/enhancements/pull/2640
- https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/2000-graceful-node-shutdown
A
Okay,
hi
welcome,
so
this
is
the
I
don't
know
which
session
of
cafe
ring
club,
but
this
is
the
next
session
of
the
cap.
Reading
club
today
is
the
2nd
of
august
2021
and,
as
a
general
reminder,
this
meeting
as
all
communities
meetings
follows
the
cncf
code
of
conduct.
A
So
today's
two
caps,
if
you
haven't,
if
you
don't
already
know
or
have
the.
A
Okay,
so
let's
try
to
like:
let's,
let's
try
to
get
through
like
the
first
one
and
it's
okay,
we
can
take
our
time,
let's
not
rush
it,
because
I.
B
A
Probably
give
like
15
minutes
or
like
so
for
this
one
gap,
and
then
we
can
discuss
it's
okay,
if
you
can
just
discuss
one
today,
I'm
fine
with
that
as
well.
So
let's
just
put
like
a
thumbs
up
reaction
on
your
screen
or
like
in
the
chat.
If
you.
A
A
Okay,
sorry
about
that,
let
me
just
give
like
a
brief
overview,
so
what
happens
is
every
week
every
two
weeks
we
have
this
session
and
people
such
as
caps
that
are
of
interest
to
them
or
if
they
are
an
author
of
the
cap,
they
suggest
the
cap
for
us
to
like,
go
through
and
read
and
understand
and
provide
feedback
on
if
we
can.
Otherwise
it's
just.
If
you
find
a
cap
interesting,
you
suggest
that,
and
we
all
read
it
together
and
discuss
it
later
on
and
kept
this.
This
has
been
going
like
said.
A
A
lot
so
kept
stands
for
kubernetes
enhancement
proposal,
it's
the
new
mechanism
for
getting
new
features
in
or
deprecating
older
features,
or
even
deleting
all
difficulties
or
updating
current
features.
So
that's
the
whole
process
of
getting
those
things
into
the
kubernetes
project,
and
the
purpose
of
this
is
basically
to
like
familiarize
ourselves
with
the
whole
process,
and
things
like
that
and
kepler
is
like
the
reading.
Our
character
is
the
best
way
to
know
familiarize
ourselves
with
the
future.
Okay.
A
So
could
you
briefly
explain
what
is
prr
so
pr
stands
for
production
readiness
review?
I
personally
am
not
too
familiar
with,
like
the
whole
thought
process
behind
it,
but
let
me
just
note
that
down
so
that
I
think
dems
is
like
the
best
person.
E
Yeah
I
mean
I
I
even
I
didn't
know
what
how
what's
the
full
form
of
pr.
So
even
that
much
was
helpful.
Thank
you.
A
B
A
A
E
E
C
C
A
Thanks
for
joining
in,
if
we
have
questions,
we
can
probably
get
started.
E
I
have
a
very
general
question
not
like
before,
starting
with
the
cap:
what
do
what
do
we
mean
by
feature
gate
because
yeah
there
is,
we
are
talking
about
protecting
secrets
and
config
map
in
two
cases
in
the
entry
and
the
outre
resources,
and
one
of
them
is
enabled
through
a
feature
gate
and
the
other
one
is
through
a
flag.
So
what
do
we
really
mean
by
feature
gate
in
general.
A
I
can
probably
take
like
what
is
a
feature
gate,
but
I'm
not
too
sure
about
the
distinction
between
the
flag
enabling
through
the
flag
and
enabling
to
the
feature
gate
for
the
entry
and
others
so
feature
gate
in
general.
Is
it's
like
a
mechanism
for
you
to
enable
features
that
are
probably
like
alpha
or
beta?
So
if
a
feature
is
an
alpha,
then
the
feature
gate
for
that
would
be
by
default
set
to
false.
So
you
won't
be
able
to
use
that
feature
in
the
binaries
that
come
out.
A
And
if
a
feature
is
in
beta,
then
that
feature
gate
by
default
is
set
to
true,
meaning
that
if
you
want
to
disable
it,
then
you
would
have
to
explicitly
go
over
and
disable
it.
And
when
a
feature
is
in
beta,
it's
usually
meant
to
like
get
further
feedback
from
the
community
and
like
continually
improve
on.
A
So
that's
why
it's
by
default
set
to
true
and
it's
at
a
relatively
stable
state
now
when
it
finally
reaches
ga
after
getting
feedback
and
increasing
consistent
consensus,
and
things
like
that,
when
it's
in
ga
you
don't
really
need
a
feature
flag
over
there,
it's
it's
there
in
kubernetes
by
default,
you
can't
really
disable
it
and
yeah
it's
there.
Basically,
you
want
to
see.
A
Sorry,
first
first
things
first,
just
to
make
sure
I
don't
mispronounce
your
name
is
it?
Is
it
masaki?
Is
that
right?
Did
I
get
it
right
or,
if
not.
A
Hi,
sorry,
do
you
want
to
take
like
the
second
half
of
the
question
so
like
for
entry,
you
enable
a
feature
gate,
but
for
out
of
three
you
do
it
through
a
flag.
D
A
E
A
Okay,
okay,
I
think
we
can
like
revisit
that
soon,
but
are
there
any
like
specific
questions.
E
I
I
have
just
one
another,
so
we
are
talking
about
entry
and
out
of
three
tree
resources
and
in
it
like,
enabling
the
secret
and
conflict
map
protection
on
both
of
them,
and
so
what
I
understood
after
reading
the
gap,
it's
like,
we
are
introducing
two
new
controllers.
That's
right!.
A
So,
okay
got
it
dislike
as
a
follow-up
to
that.
The
finalizers
that
are
added
to
these
conflicts
and
secret
maps
were
these
all.
Are
these
already
present
or
does
the
cap
introduce
these
finalizers.
A
E
In
in
very
broader
sense,
how
how
we
are
checking
whether
something
is
being
used
like
a
secret
is
being
used
by
a
board.
I
see
there
are
lots
of
tests
written
there.
E
So
what's
the
process
like
how
we
are
using
whether
a
secret
or
a
conflict
map
is
being
used
by
a
certain
resource
or
not.
E
Okay,
okay,
yeah,
make
sense,
and
I
have
just
one
another
question,
so
I
there
is
a
section
talking
about
risk
and
mitigations
and
it
is
talking
about
a
condition
where,
where
everything
in
a
namespace
is
deleted,
but
but
because
pv
still
remains,
after,
like
resources
in
our
inner
name,
space
are
deleted,
so
the
secret
will
remain,
which
is
like
the
pvs
are
using
the
secret
as
volumes
or
or
something
like
that.
E
So
there
is
a
situation
there
and
we
are
considering
this
as
one
of
the
blocking
conditions,
because
here
the
user
would
have
to
go
manually
and
delete
the
finalizers
to
delete
the
secrets
up
so,
like
our
design,
details
actually
takes
care
of
this
particular
situation
or
it's
it's
a
known
issue.
At
the
moment.
It's
a
broker.
D
E
Okay
and-
and
there
is
a
way
somewhere
down-
I
I
see-
I'm
just
just
give
me
a
second
so
there
somewhere
in
the
cape,
it's
mentioned
that
if
we
have
to
man,
okay,
I
I
think
that
man
will
be
deleting
the
secretism
is
a
known
thing:
okay,
sorry,
yeah!
That's
all
from.
A
A
What
aspects
can
people
like
reach
out
and
like
offer
help
in
and
like
how
can
they
contribute
further
to
this
particular
feature,
how
much
work
is
to
be
done
and
where
can
people
help
out
if
anyone
is.
A
Sure
so,
as
like
a
closing
question
for
this
particular
tip,
what
work
is
remaining
and
where
can
people
offer
help
in
if
any
and
like?
Where
can
people
help
and
contribute
for
this
particular
feature,
if
they're
interested.
D
Yeah,
actually,
this
cape
has
a
lot
of
discussion
around
how
to
implement.
I
I
first
thought
we
can
go
ahead
with
the
similar
implementation
to
pb
and
pvc
protection,
but
their
discussion
continues.
D
I've
created
another
kit
for
in-use
protection.
It's
a
generic
mechanism
to
protect
some
of
the
features
some
of
the
resource
when
it
is
in
use.
D
I
would
expect
other
people
also
joined
the
discussion
on
the
other
cape.
Could
you
check
the
link.
D
And
and
also
any
feedback
will
come
here.
E
Generally,
this
secret
protection
and
config
map
protection,
this
entire
new
feature
will
fall
under
but
sig
like
precisely.
This
work
will
be
tracked
by
what's
sick.
A
A
A
A
C
E
So
we
are
talking
about
adding
a
new
new
config
filled
shutdown
grace
period
so,
and
we
are
talking
about
having
a
graceful
shutdown
for
pods,
no,
not
at
the
moment.
So
my
question
was
like
if
I
am
understanding
it
properly,
we
are
talking
about
adding
a
new
film
in
the
cubelet
conflict
right,
yeah,
okay
and
I
have
a
follow-up
question
which
is
here
we
have.
We
are
talking
somewhere
like
how
we
are
going
to
calculate
the
time
like
for
how
long
it
will
wait.
E
We
are
talking,
will
categorize
supports
into
a
system
critical
and
on
another
category
as
well,
so
a
system
node,
critical
and
system
cluster
critical.
So
this
kind
of
categorization
we
already
have
some
mechanism
being
like
at
this
moment.
We
already.
B
E
A
Yeah,
I
think
system
cluster
critical,
those
are
existing
priority
classes
that
exist,
and
so
in
scheduling
you
have
different
priority
classes
that
you
can
have.
A
E
C
So
what
I
wanted
to
ask
was
like
it
mentions
that
the
reason
this
needs
to
be
done
is
so
that,
like
the
pods
can
be
gracefully,
shut
down
and
like
to
have
some
buffer
time.
What
I
wanted
to
know
was
like
does
anyone
know
of
any
examples
like
where
pods
like
need
to
do
something
before
they
shut
down
and
like
which
is
essential,
which
is
what
we
are
like
trying
to
provide
here.
A
So
one
thing
that
I
can
think
of
is
let's
say
you
are
running
some
application,
which
sort
of
opens
or
like
creates
certain
resources,
but
once
you
want
it
to
shut
down,
you
want
to
make
sure
that
those
resources
are
cleaned
up
in
the
way
that
you
define
so,
for
example,
like
I
can't
think
of
a
like
a
very
negative
effect
sort
of
use
case
happening.
But
I'm
sure
there
is
something
that.
A
Yeah
yeah
like
when
you
want
things
to
like,
and
also
most
importantly,
when
you
want
the
bot
to
follow
the
life
cycle
that
you
expect
it
to.
That
is
like
scheduled,
running,
then
terminating
and
so
on.
So
you
wanted
to
follow
the
normal
life
cycle
rather
than
it
being
abruptly
terminated
so
and
this
this
the
next
thing,
I'm
about
to
say
I'm
not
sure
of
but
another
implication
of
that
I
think
could
also
be
and
like
anyone
can
hear,
can
correct
me
right
wrong.
A
But
if
you,
if,
like
a
note
shuts
down
and
all
the
pods
they're,
also
shut
down
abruptly-
and
let's
say
you
didn't-
want
some
pot
there
to
shut
down
then
to
recreate
that
pod
and
reschedule
it,
you
would
have
another
additional
check
over
there,
rather
than
it
rather
than
like.
If
you
follow
the
normal
life
cycle
of
it,
then
through
the
normal
life
cycle,
you
would
get
know
that
something
is
shutting
down
and
then
in
the
normal
workflow
of
things
you
could.
A
E
I
I
have
just
one
one
question
or
a
one
open
question
or
one
point
to
make
so
number
one
like
doubt
an
open
question,
so
here
by
adding
a
graceful
not
not
shut
down,
we
are
making
sure
that
the
pods
have
time
to
shut
down
properly
or
something
like
that
right.
We
are
trying
to
help
the
at
the
pod
level.
With
this
with
this
node
graceful
shutdown.
E
Okay?
So
there
is
something
known
as
poor
disruption
budget,
which
also
I'm
just.
E
Okay,
okay,
so
I
I
was,
I
was
saying
like
there
is
something
known
as
poor
disruption
budget,
which
does
the
same
thing
so
where
poor
disruption
budget
is
used,
one
of
the
examples
could
be
when
we
are
upgrading
a
cluster
or
in
those
cases.
What
really
happens
is
we
need
to
up
like
we
are
upgrading
the
platform.
So,
for
example,
we
have
to
upgrade
the
kubernetes
version
itself
on
a
production
cluster.
E
So
what
we
do
is
we
we
try
to
gracefully,
do
it
node
by
node,
so
we
we
try
to
drain
one
node,
and
then
you
like
put
this
put
the
ports
on
different
node,
but
in
that
situation
this
kind
of
having
graceful
board
shutdown
helps
because
we
don't
want
to
right
away,
delete
everything.
That's
scheduled.
We
need
to
first
check
like
what
is
important
and
what
needs
to
be
scheduled
on
a
different
node
first
before
just
deleting
it
right
away.
E
A
It
I
don't
really
have
too
much
of
an
idea,
because
this
is
yeah.
C
B
A
A
Okay,
I
see
so
from
like
the
initial
glance
at
like
the
link
you
sent.
What
I
understand
is
this
particular
camp.
Isn't
really
isn't
at
least
I
think
it
isn't
related
to
pdb.
A
If
you,
if
you
specify
a
port
distraction
budget
for
a
particular
quad
with
let's
say
a
replica
count
of
five-
and
you
say
a
pdp
of
three
for
that.
E
A
If
the
node
is
set
for
shutdown,
then
cubelet,
then,
through
system
b,
the
node
shutdown
will
be
delayed
by
so
in
so
many
seconds,
and
in
so
many
seconds
the
cubelet
can
attempt
to
gracefully
shut
down
critical
and
non-critical
thoughts
based
on
those
different
policies
that
were
mentioned,
and
once
those
are
done,
the
note
can
go
ahead
and
shut
down,
but
it
won't
really
ensure
that
the
disruption
budget
is
actually
met
or
like.
E
Yeah
yeah
yeah.
That
was
my
question
like
when
I
was
reading
it
that,
in
this
case,
when
we
are
when
we
are
implementing
this
feature
like
that
feature,
would
take
care
of
the
port
disruption
budget.
If,
if
any
is
set
like
it
would
take
care
of
that
or
it
was
just
right
away.
Wait
for
that
particular
minimum
seconds
that
we
are
introducing
and
then
right
away
yeah.
A
This
was
part
of
122
in
node,
so
I
think
there
is
a
pr,
but
that's
a
good
question
like
I've
written
it
down
in
that
in
the
dark,
so
you
can
probably
like
attach
it
in
the
questions
thread
so
that
you
can
get
a
better
idea.
Thank.
A
A
There
were
you
had
a
question
related
to
pre-stock
hooks.
What
is
it.
A
E
A
A
A
A
C
A
Yeah,
so
from
what
I
understand
right
before
a
container
is
terminated,
some
logic
defined
through
a
pre-stop
hook
for
that
container
is
executed.
So
if
you
want
something
along
the
terms
of,
if
you
want
some
action
to
take
place
inside
the
container,
then.
B
B
D
A
A
E
And
and
I'm
just
reading
in
the
official
documentation
under
the
pre-stock-
and
there
is
a
very
interesting
line
there-
it
says
the
pods
termination
grace
period
countdown
begins
before
the
pre-stock
hook
is
executed.
So,
regardless
of
the
output
of
the
outcome
of
the
handler,
the
container
will
eventually
terminate
within
the
ports
termination
grace
period.
So
it
means
like
the
the
pre-stop
logic.
C
I
think
it's
like
we
are
trying
to
trigger
this
pre-stop
hook.
If
so
that,
like,
if
there's
like
an
immediate
something
happens
in
the
note,
then
the
pre-stop
hook
won't
get
triggered
right,
because
the
note
didn't
know
that
it
had
to
shut
down
stuff.
At
least
that
is
what
my
understanding
was
that
this
would.
A
So
this
graceful
shutdown
is
to
delay
the
shutdown
of
the
node,
as
in
like
the
actual
box
or
the
machine
by
some
amount,
so
that
in
that
time
frame
you
can
actually
terminate
these
pods
and
those
containers
in
those
forms.
So
that's
why
you
have
that
graceful
shutdown
minus
something
as
the
grace
period
of
the
pod.
So
that
is
the
gray
sphere
that
is
stopped
above
in
the
cockpit.
C
E
So
so
we
are
saying
at
the
moment,
even
though
there
is
a
there
is
a
graceful
domination
like
grace
period
at
the
moment,
but
because
the
node
doesn't
have
any
at
the
moment,
so
it
doesn't
like
it.
The
poor,
dis
port
termination
doesn't
happen
properly,
so
we
are
trying
to
help
board
at
the
moment.
It's.
C
E
Yeah
I
mean
that
that's
what
the
impression
I
got
after
reading
like
we
are
switching
off
the
machine,
the
power
button.
So
I
was
thinking
in
my
like
when
the
power
button
is
off
to
me.
Really
everything
is
gone.
So
what
like
you
ask
what
what's
the
use
case
we
are
trying
to
help
her.
That
would
be
interesting
to
know
like
what's
the
example.
A
Like
if
there
is
no
power
supply,
then
yeah,
you
don't
really
have
a
choice,
but
in
case
a
shutdown
signal
is
received
that,
instead
of
immediately
initiating
a
shutdown
and
not
giving
leeway
for
graceful
termination,
this
sort
of
system
b
facilitates
that
delay
by
someone.