Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Kubernetes Cluster Upgrade / Mercari Meetup for Microservices Platform

92ce4587cc8465736433e698b1e50aaa?s=47 Daisuke Fujita
July 19, 2018
Technology
3
3.7k

Kubernetes Cluster Upgrade / Mercari Meetup for Microservices Platform

https://mercari.connpass.com/event/92168/

92ce4587cc8465736433e698b1e50aaa?s=128

Daisuke Fujita

July 19, 2018
Tweet

More Decks by Daisuke Fujita

See All by Daisuke Fujita
SREcon19 Asia/Pacific Recap
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
0
110
Our Practices of Delegating Ownership in Microservices World
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
4
7.8k
KubeCon EU 2018 Recap: Multi-Tenancy in Kubernetes: 
Best Practices Today, and Future Directions / Kubernetes Meetup Tokyo 11 #k8sjp
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
1
1.6k
Wantedly から Chef を一掃した話 / #chibadan
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
24
11k
さようなら Chef こんにちは Dockerfile / Web Tech Tokyo #1
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
6
6.6k
Docker をフル活用したインフラの紹介と成長し続けるためのインフラ戦略 / #abejameetup
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
19
3.6k
Docker Compose PaaS の作り方、そして社内に導入した話 / #yapc8oji
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
1
7.2k
Writing Kubenetes tools in Go
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
1
2.9k
最近の wercker 便利って話 #tqrk10
92ce4587cc8465736433e698b1e50aaa?s=48 dtan4
2
830

Other Decks in Technology

See All in Technology
アルプの 認証/認可分離戦略と手法
C6a8cb5e13aa716521d522471ec4e4cd?s=48 ma2k8
PRO
1
290
Graph API について
C0c0e8e4d7f83912cb1b1a0699df82a5?s=48 miyakemito
0
230
Poolにおける足を止めないシステム基盤構築
F811665799e1139b63140b72f3e8631f?s=48 winebarrel
3
730
Learning from AWS Customer Security Incidents [2022]
A431674e1b362e40786876211b77455e?s=48 ramimac
0
730
0->1 フェーズで E2E 自動テストを導入した私たちの、これまでとこれから
Cf37e498a7fc8d3c589c91f56fb98e1c?s=48 yoyakoba
0
250
失敗を経験したあなたへ〜建設的なインシデントの振り返りを行うために実践するべきこと〜
8989dfee7c4a1360817fccb657d695bc?s=48 nobuakikikuchi
0
140
エンタープライズにおけるSRE立ち上げとNew Relic選定に至った背景とは / SRE Startup and New Relic in the Enterprise
Aa0d25b0254ef311ed8177b5275577f4?s=48 tomoyakitaura
2
160
新規ゲームのリリース(開発)前からのSRE活動
B276b9088550bc522536ab9d471aeebe?s=48 tmkoikee
1
150
OSINT/GEOINT ワークショップ 20220514 古橋資料
5314ec2302336bf68c95bdb5b1476227?s=48 furuhashilab
2
300
testing journey / Increase sensitivity to minor changes
055e63a40190884fdc17b918c6f6aa7e?s=48 aki_moon
1
190
tfcon-2022-cpp
Dcc589548f0372645aaeb95bda8e22c2?s=48 cpp
5
5k
AWS Control TowerとAWS Organizationsを活用した組織におけるセキュリティ設定
F2ccc400e285972d80feab0e4e57b5f7?s=48 fu3ak1
2
630

Featured

See All Featured
The Invisible Customer
4262b9cfacfb6b2c77f23e1d0310cd3e?s=48 myddelton
110
11k
Web development in the modern age
465724d73fe3a92c0879fdfb43a3a6f3?s=48 philhawksworth
197
9.3k
Navigating Team Friction
245cee81a9c424266e5e401d844ea881?s=48 lara
175
11k
Testing 201, or: Great Expectations
A9704266587836f7e784235e5073b93e?s=48 jmmastey
21
5.4k
How to Ace a Technical Interview
2f5463832ccb768ccb4a1ca3607c27ef?s=48 jacobian
265
21k
Writing Fast Ruby
1f74b13f1e5c6c69cb5d7fbaabb1e2cb?s=48 sferik
612
57k
Done Done
282d599b414022eba5096510f675b6e2?s=48 chrislema
174
14k
It's Worth the Effort
Ba530e786553390f3fb271848485681c?s=48 3n
172
25k
A Modern Web Designer's Workflow
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
689
180k
ReactJS: Keep Simple. Everything can be a component!
Af6a12710770ad9a7cfd08c97efd40d3?s=48 pedronauck
655
120k
What's new in Ruby 2.0
7edec06b5435e0dac07a353b2cc26253?s=48 geeforr
336
30k
Docker and Python
Ecdea9b9714877b86cee08458f085481?s=48 trallard
27
1.5k

Transcript

  1. 2018/07/19 Mercari Meetup for Microservices Platform @dtan4 Kubernetes Cluster Upgrade

  2. 2 About me @dtan4 (Daisuke Fujita) SRE @ Mercari, Inc.

    Microservices Platform Team

  3. 3 Topics • Why we have to upgrade Kubernetes cluster?

    • How to upgrade Kubernetes cluster safely? • Case: Upgrade GKE clusters in Mercari

  4. Why we have to upgrade Kubernetes cluster?

  5. 5 Kubernetes Release Versioning • Minor releases happens approximately every

    3 months v1.11.0 2018-06-28 05:06:28 +0900 JST v1.10.0 2018-03-27 01:41:58 +0900 JST v1.9.0 2017-12-16 05:53:13 +0900 JST v1.8.0 2017-09-29 07:13:57 +0900 JST v1.7.0 2017-06-30 07:53:16 +0900 JST https://github.com/kubernetes/community/blob/6e31a546a50f6f57f3e9e1422ade0599f5e3e77d/contributors/design-proposals/release/versioning.md#supported-releases-and-component-skew

  6. 6 Kubernetes Release Versioning • 3 minor versions are supported

    v1.11.0 2018-06-28 05:06:28 +0900 JST v1.10.0 2018-03-27 01:41:58 +0900 JST v1.9.0 2017-12-16 05:53:13 +0900 JST v1.8.0 2017-09-29 07:13:57 +0900 JST v1.7.0 2017-06-30 07:53:16 +0900 JST https://github.com/kubernetes/community/blob/6e31a546a50f6f57f3e9e1422ade0599f5e3e77d/contributors/design-proposals/release/versioning.md#supported-releases-and-component-skew

  7. 7 Security fixes

  8. 8 Kubernetes new features • Pod priority and preemption •

    CRD versioning • HPA with custom metrics • ...

  9. 9 3rd party integrations

  10. How to upgrade Kubernetes cluster safely?

  11. 11 kubectl cordon <NODE> • Mark node as Pod-unschedulable ◦

    e.g., kubectl cordon node-02 node-01 Pod Pod Pod node-02 Pod Pod new Pod ❌ node-03 Pod Pod SchedulingDisabled

  12. 12 kubectl drain <NODE> • kubectl cordon + Evict Pods

    on the node gracefully ◦ e.g., kubectl drain node-02 node-01 Pod Pod Pod node-02 Pod Pod new Pod ❌ node-03 Pod Pod Pod Pod SchedulingDisabled

  13. 13 Availability? • All ‘C’ Pods are running on the

    same node node-01 A A B node-02 node-03 B A C C C

  14. 14 Availability? • kubectl drain node-02 ◦ All ‘C’ Pods

    will be terminated simultaneously node-01 A A B node-02 C C node-03 B A C C SchedulingDisabled C C

  15. 15 PodDisruptionBudget • PodDisruptionBudget (PDB) limits the number of Pods

    of a replicated application that are down simultaneously from voluntary disruptions (e.g., drain, autoscaling) • work well with Deployment or Replicaset • Specify minAvailable or maxAvailable by the number of Pods or percentage • Application must be running on multiple Pods https://kubernetes.io/docs/concepts/workloads/pods/disruptions/

  16. 16 PodDisruptionBudget example apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: name: app-c

    namespace: app-c-dev spec: minAvailable: 50% selector: matchLabels: app: c

  17. 17 PDB + kubectl drain • PDB for C: minAvailable:

    50% (ALLOWED DISRUPTIONS: 1) node-01 A A B node-02 node-03 B A C C C

  18. 18 PDB + kubectl drain • PDB for C: minAvailable:

    50% (ALLOWED DISRUPTIONS: 1) • kubectl drain node-02 keeps at least two ‘C’ Pods available node-01 A A B node-02 C node-03 B A C SchedulingDisabled C C

  19. 19 PDB + kubectl drain node-01 A A B node-02

    C node-03 B A C C SchedulingDisabled C • PDB for C: minAvailable: 50% (ALLOWED DISRUPTIONS: 1) • kubectl drain node-02 keeps at least two ‘C’ Pods available

  20. 20 PDB + kubectl drain node-01 A A B node-02

    node-03 B A C C SchedulingDisabled C C • PDB for C: minAvailable: 50% (ALLOWED DISRUPTIONS: 1) • kubectl drain node-02 keeps at least two ‘C’ Pods available

  21. 21 GKE cluster upgrade 1. Upgrade GKE master 2. Upgrade

    GKE nodes ◦ Rolling update existing nodes ◦ Node pools migration

  22. 22 Upgrade GKE master • Zonal (single master) cluster causes

    control plane downtime ◦ ~ 2 minutes ◦ kubectl stops working ◦ CronJob will not be kicked • Regional (HA masters) cluster can be upgrade with zero-downtime ◦ Existing zonal -> regional migration is not supported...

  23. 23 GKE node upgrade: rolling update • Upgrade existing nodes

    one by one • Behavior of “Automatic node upgrades” • Make sure that cluster capacity is enough even 1 node is down node-01 v1.10 node-02 v1.10 node-03 v1.10 node-01 v1.11 node-02 v1.10 node-03 v1.10

  24. 24 GKE node upgrade: node pools migration • Create new

    node pools with new Kubernetes version • Migrate all Pods on old nodes to new nodes ◦ kubectl cordon ◦ kubectl drain • Delete old node pools • Make sure that enough GCP resource capacity is prepared https://cloudplatform.googleblog.com/2018/06/Kubernetes-best-practices-upgrading-your-clusters-with-zero-downtime.html

  25. 25 nodepool-1-10 v1.10 GKE node upgrade: node pools migration node-1-10-a

    v1.10 node-1-10-b v1.10 node-1-10-c v1.10

  26. 26 nodepool-1-10 v1.10 GKE node upgrade: node pools migration node-1-10-a

    v1.10 node-1-10-b v1.10 node-1-10-c v1.10 nodepool-1-11 v1.11 node-1-11-a v1.11 node-1-11-b v1.11 node-1-11-c v1.11

  27. 27 nodepool-1-10 v1.10 GKE node upgrade: node pools migration node-1-10-a

    v1.10 node-1-10-b v1.10 node-1-10-c v1.10 nodepool-1-11 v1.11 node-1-11-a v1.11 node-1-11-b v1.11 node-1-11-c v1.11 SchedulingDisabled SchedulingDisabled SchedulingDisabled

  28. 28 nodepool-1-10 v1.10 GKE node upgrade: node pools migration node-1-10-a

    v1.10 node-1-10-b v1.10 node-1-10-c v1.10 nodepool-1-11 v1.11 node-1-11-a v1.11 node-1-11-b v1.11 node-1-11-c v1.11 SchedulingDisabled SchedulingDisabled SchedulingDisabled

  29. 29 nodepool-1-10 v1.10 GKE node upgrade: node pools migration node-1-10-a

    v1.10 node-1-10-b v1.10 node-1-10-c v1.10 nodepool-1-11 v1.11 node-1-11-a v1.11 node-1-11-b v1.11 node-1-11-c v1.11 SchedulingDisabled SchedulingDisabled SchedulingDisabled

  30. 30 GKE node upgrade: node pools migration nodepool-1-11 v1.11 node-1-11-a

    v1.11 node-1-11-b v1.11 node-1-11-c v1.11

  31. Case: GKE cluster upgrade in Mercari

  32. 32 Case: GKE cluster upgrade in Mercari 1. Codenize GKE

    resources 2. Create PDBs for all microservices 3. Upgrade! a. Upgrade GKE master (Terraform) b. Create GKE node pools (Terraform) c. Migrate all Pods (script) d. Delete old GKE node pools (Terraform)

  33. 33 Codenize GKE resources • Existing GKE clusters were created

    by gcloud command • We want to manage GKE (and all other cloud) resources on GitHub! ◦ git log as operation history ◦ review changes by other team members ◦ modify resources from CI without manual operation

  34. 34 Codenize GKE resources • Codenize GKE resources by dtan4/terraforming-gke

  35. 35 Create PDBs for all microservices • Most of our

    microservices didn’t have PDBs • Define default minAvailable by SREs • Confirm microservices’ availability with developers

  36. 36 Upgrade GKE master • Modify Terraform code • Review

    by team members • Apply on CircleCI

  37. 37 Upgrade GKE master

  38. 38 Create & Delete GKE node pools • Copy-and-paste &

    modify Terraform code • Review by team members • Apply on CircleCI

  39. 39 Future work • Enable “Automatic node upgrades” ◦ ensure

    all microservices are resilient towards disruptions ◦ reduce upgrade steps • Create PDB by microservice developers themselves
  40. None