测试的时候,通常需要将 Pod 中的 container 频繁地杀死,重启。在这个过程中,Pod 的状态经常会出现 CrashLoopBackOff,而且 container 重启的时间越来越长。

为了避免 container 频繁地 restart,k8s 对 container restart 过程做了限制,使用 back-off 的方法,官方文档中的说法是:
Failed containers that are restarted by Kubelet, are restarted with an exponential back-off delay, the delay is in multiples of sync-frequency 0, 1x, 2x, 4x, 8x … capped at 5 minutes and is reset after 10 minutes of successful execution.
这里先直接给出结论:
kubernetes/pkg/kubelet/kubelet.go
通过源码发现,kubernetes/pkg/kubelet/kubelet.go 文件中有两个常量:
MaxContainerBackOff = 300 * time.Second
backOffPeriod = time.Second * 10使用这两个变量构造了一个 BackOff 对象,这个是 kubelet 的属性,对该 node 上所有 pod 都适用
    klet.backOff = flowcontrol.NewBackOff(backOffPeriod, MaxContainerBackOff)BackOff 结构如下
type Backoff struct {
        sync.Mutex
        Clock           clock.Clock
        defaultDuration time.Duration
        maxDuration     time.Duration
        perItemBackoff  map[string]*backoffEntry
}然后在 SyncPod 方法中使用这个对象
// Call the container runtime's SyncPod callback
result := kl.containerRuntime.SyncPod(pod, apiPodStatus, podStatus, pullSecrets, kl.backOff)SyncPod 具体做的事有:
// SyncPod syncs the running pod into the desired pod by executing following steps:
//
//  1. Compute sandbox and container changes.
//  2. Kill pod sandbox if necessary.
//  3. Kill any containers that should not be running.
//  4. Create sandbox if necessary.
//  5. Create init containers.
//  6. Create normal containers.
func (m *kubeGenericRuntimeManager) SyncPod(pod *v1.Pod, _ v1.PodStatus, podStatus *kubecontainer.PodStatus, pullSecrets []v1.Secret, backOff *flowcontrol.Backoff) (result kubecontainer.PodSyncResult) {同样在这个文件中,有一个关键的函数
// If a container is still in backoff, the function will return a brief backoff error and
// a detailed error message.
    func (m *kubeGenericRuntimeManager) doBackOff(pod *v1.Pod, container *v1.Container, podStatus *kubecontainer.PodStatus, backOff *flowcontrol.Backoff) (bool, string, error) {
        var cStatus *kubecontainer.ContainerStatus
        for _, c := range podStatus.ContainerStatuses {
                if c.Name == container.Name && c.State == kubecontainer.ContainerStateExited {
                        cStatus = c
                        break
                }
        }
        if cStatus == nil {
                return false, "", nil
        }
        glog.Infof("checking backoff for container %q in pod %q", container.Name, format.Pod(pod))
        // Use the finished time of the latest exited container as the start point to calculate whether to do back-off.
        ts := cStatus.FinishedAt
        // backOff requires a unique key to identify the container.
        key := getStableKey(pod, container)
        if backOff.IsInBackOffSince(key, ts) {
                if ref, err := kubecontainer.GenerateContainerRef(pod, container); err == nil {
                        m.recorder.Eventf(ref, v1.EventTypeWarning, events.BackOffStartContainer, "Back-off restarting failed container")
                }
                err := fmt.Errorf("Back-off %s restarting failed container=%s pod=%s", backOff.Get(key), container.Name, format.Pod(pod))
                glog.Infof("%s", err.Error())
                return true, err.Error(), kubecontainer.ErrCrashLoopBackOff
        }
        backOff.Next(key, ts)
        return false, "", nil
}其中 backOff.Next 函数定义如下
// move backoff to the next mark, capping at maxDuration
func (p *Backoff) Next(id string, eventTime time.Time) {
        p.Lock()
        defer p.Unlock()
        entry, ok := p.perItemBackoff[id]
        if !ok || hasExpired(eventTime, entry.lastUpdate, p.maxDuration) {
                entry = p.initEntryUnsafe(id)
        } else {
                delay := entry.backoff * 2 // exponential
                entry.backoff = time.Duration(integer.Int64Min(int64(delay), int64(p.maxDuration)))
        }
        entry.lastUpdate = p.Clock.Now()
}