Recreate pod sandbox when the sandbox does not have an IP address.

[caseydavenport]

What this PR does / why we need it:

Attempts to fix a bug where Pods do not receive networking when the kubelet restarts during pod creation.

Which issue this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged):

fixes # #48510

Release note:

NONE

[caseydavenport]

/sig network
/release-note-none

[caseydavenport]

I've run a few tests with this, but haven't yet been able to reproduce the issue this was intended to fix (which was occurring pretty reliably on v1.7.0).

Still want to do some more runs to see if I can repro.

[caseydavenport]

/test pull-kubernetes-kubemark-e2e-gce
/test pull-kubernetes-unit

[caseydavenport]

Huh, kubemark tests seem to be failing due to OAuth issues:

I0717 19:00:31.142] Your "OAuth 2.0 Service Account" credentials are invalid. Please run
I0717 19:00:31.142]   $ gcloud auth login
I0717 19:00:31.142] Type position out of range

[caseydavenport]

/retest

[caseydavenport]

@Random-Liu any chance you could take a look and see if you think this approach makes any sense?

[caseydavenport]

@kubernetes/sig-network-pr-reviews ^

[caseydavenport]

/retest

[caseydavenport]

/test pull-kubernetes-bazel-test

[dcbw]

@caseydavenport I want to get to a place where the runtime tracks whether the container was fully set up or not (including networking), and I guess they'd have to checkpoint that state somewhere too and validate on GetPodStatus(). I feel like your solution here is the best thing we can do now, but perhaps could we add a FIXME that it should be pushed to the runtimes to correctly report whether the pod was fully set up or not?

[dcbw]

/lgtm

[dcbw]

/lgtm

[caseydavenport]

/retest

[feiskyer]

The fix LGTM.

@caseydavenport Could you fix the unit tests?

[caseydavenport]

/retest

[caseydavenport]

I believe I've fixed the UTs (plus added a new one for this fix).

The last round of failures appeared to be unrelated at a glance.

[feiskyer]

/retest

[dcbw]

/lgtm

[caseydavenport]

@dcbw given #48510 is in the 1.8 milestone can we get this PR added as well?

[feiskyer]

given #48510 is in the 1.8 milestone can we get this PR added as well?

+1. This is fixing a v1.8 issues.

ping @Random-Liu for approval.

[dims]

/kind bug

@jdumars @kubernetes/sig-release-members Can you please add the milestone 1.8 for this bug?

[dchen1107]

Do we know why IP address is not allocated for the pod? My concern is that we paper-over the real issue here. But I guess this is best solution we could come up so far, I am ok with it as a temporary workaround.

[caseydavenport]

We know of at least one scenario, which this PR is meant to fix - it's a condition in which the kubelet gets restarted during CNI execution and so the sandbox exists but doesn't yet have an IP address.

[dchen1107]

/lgtm

[k8s-github-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: caseydavenport, dcbw, dchen1107

Associated issue: 48510

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

• pkg/kubelet/OWNERS [dchen1107]

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

[k8s-github-robot]

/test all [submit-queue is verifying that this PR is safe to merge]

[fejta-bot]

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to @fejta).

Review the full test history for this PR.

[k8s-github-robot]

/test all [submit-queue is verifying that this PR is safe to merge]

[k8s-github-robot]

Automatic merge from submit-queue (batch tested with PRs 48970, 52497, 51367, 52549, 52541). If you want to cherry-pick this change to another branch, please follow the instructions here..