Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Inside of Kubernetes Controller

Avatar for go_vargo go_vargo
September 27, 2019
Technology
20
12k

Inside of Kubernetes Controller

Avatar for go_vargo

go_vargo

September 27, 2019
Tweet

More Decks by go_vargo

See All by go_vargo
Kubernetes Internal #9 - Minikube
Avatar for go_vargo govargo
0
290
気をつけたいKubernetesとの付き合い方 / Happy Kubernetes Life
Avatar for go_vargo govargo
6
2.9k
[CNDT2020]Linux Observability with BPF Performance Tools
Avatar for go_vargo govargo
15
3.5k
Admission Webhookで快適なSecret管理 / Berglas Secret Admission Webhook
Avatar for go_vargo govargo
5
3.7k
[CNDK2019]Production Ready Kubernetesに必要な15のこと / Production Ready Kubernetes 15 Rules
Avatar for go_vargo govargo
38
15k
ゼロから始めるKubernetes Controller / Under the Kubernetes Controller
Avatar for go_vargo govargo
37
14k
コロプラが実践しているSpinnakerを用いたデプロイ戦略 / Deploy Strategy with Spinnaker at Colopl
Avatar for go_vargo govargo
6
4.8k
Improve Docker Image by BuildKit
Avatar for go_vargo govargo
4
1.6k
Debugging for MicroService on Kubernetes
Avatar for go_vargo govargo
2
740

Other Decks in Technology

See All in Technology
ネットワーク保護はどう変わるのか?re:Inforce 2025最新アップデート解説
Avatar for Shun Tokuyama tokushun
0
210
マーケットプレイス版Oracle WebCenter Content For OCI
Avatar for oracle4engineer oracle4engineer
PRO
3
960
How Do I Contact HP Printer Support? [Full 2025 Guide for U.S. Businesses]
Avatar for jackkkk harrry1211
0
120
Glacierだからってコストあきらめてない? / JAWS Meet Glacier Cost
Avatar for sasaki taishin
1
160
OPENLOGI Company Profile
Avatar for OPENLOGI hr01
0
67k
PO初心者が考えた ”POらしさ”
Avatar for (Ha)rady nb_rady
0
210
CRE Camp #1 エンジニアリングを民主化するCREチームでありたい話
Avatar for MNTSQ mntsq
1
120
American airlines ®️ USA Contact Numbers: Complete 2025 Support Guide
Avatar for markhor64456 airhelpsupport
0
380
開発生産性を測る前にやるべきこと - 組織改善の実践 / Before Measuring Dev Productivity
Avatar for 株式会社カオナビ kaonavi
9
4.3k
タイミーのデータモデリング事例と今後のチャレンジ
Avatar for Toshiki Tsuchikawa ttccddtoki
6
2.4k
開発生産性を組織全体の「生産性」へ! 部門間連携の壁を越える実践的ステップ
Avatar for ussy / @sudo5in5k sudo5in5k
2
7k
SEQUENCE object comparison - db tech showcase 2025 LT2
Avatar for Noriyoshi Shinoda nori_shinoda
0
140

Featured

See All Featured
Fashionably flexible responsive web design (full day workshop)
Avatar for Andy Clarke malarkey
407
66k
Statistics for Hackers
Avatar for Jake VanderPlas jakevdp
799
220k
Speed Design
Avatar for Sergey Chernyshev sergeychernyshev
32
1k
Fantastic passwords and where to find them - at NoRuKo
Avatar for Phil Nash philnash
51
3.3k
How to train your dragon (web standard)
Avatar for Monica Dinculescu notwaldorf
95
6.1k
Performance Is Good for Brains [We Love Speed 2024]
Avatar for Tammy Everts tammyeverts
10
950
Adopting Sorbet at Scale
Avatar for Ufuk Kayserilioglu ufuk
77
9.5k
Save Time (by Creating Custom Rails Generators)
Avatar for Garrett Dimon garrettdimon
PRO
31
1.3k
For a Future-Friendly Web
Avatar for Brad Frost brad_frost
179
9.8k
Bootstrapping a Software Product
Avatar for Garrett Dimon garrettdimon
PRO
307
110k
Build The Right Thing And Hit Your Dates
Avatar for Maggie C. maggiecrowley
36
2.8k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
Avatar for Tammy Everts tammyeverts
6
300

Transcript

  1. Inside of Kubernetes Controller 2019/09/27 Kubernetes Meetup Tokyo #23 Operator

    Deep Dive

  2. Who am I Name: Kenta Iso(@go_vargo) Job: Infrastructure Engineer Kubernetes

    Lover Mission: Make Kubernetes environment Improve 2 CKA & CKAD

  3. Purpose & Target ɾPeople who know Kubernetes Resources can understand

    Controller mechanism(include Implement). ɾKubernetes Controller Concept ɾKubernetes Controller mechanism, inside Controller Implement ɾComponents support Kubernetes Controller = Controller’s High Level Layer ~ Low Level Layer Target Purpose

  4. Not Targeting ɾKubernetes Custom Controller + CRD Detail ※ However,

    Understanding controller mechanism Helps you to build custom controller. ɾFramework & SDK for Kubernetes Custom Controller e.g. KubebuilderɺOperator SDK controller-runtime, controller-tools Not Target

  5. Note Book Review Blog(Japanese): https://go-vargo.hatenablog.com/entry/2019/08/05/201546 This slide is impressed by

    Programming Kubernetes. Programming Kubernetes 
 Published by O’Reilly Media, Inc. ʮProgramming KubernetesʯAuthor: Stefan Schimanski, Michael Hausenblas Chap1~2: Kubernetes Concept, API Object Chap3: client-go Chap4: CRD Chap5: code-generator Chap6~7: Custom Controller Chap8~9: Custom API Server, CRD Advanced https://programming-kubernetes.info/

  6. Agenda ɾ What is Kubernetes Controllerʁ ɾ Control Loop(Reconciliation Loop)

    ɾController Library & Components ɾClient-Go - Informer - WorkQueue ɾController’s Cycle, Main Logic ɾController Summary - Reference

  7. What is Kubernetes Controllerʁ ʙ High Level Architecture ʙ

  8. .BTUFS 8PSLFS 8PSLFS 8PSLFS Kubernetes Architecture Master Node Worker Node

  9. Kubernetes High Level Architecture .BTUFS 8PSLFS FUDE DMPVEDPOUSPMMFS NBOBHFS /PEF

    $POUBJOFS 3VOUJNF LVCFMFU LVCF QSPYZ DPOUSPMMFS NBOBHFS BQJTFSWFS TDIFEVMFS /PEF $POUBJOFS 3VOUJNF LVCFMFU /PEF $POUBJOFS 3VOUJNF LVCFMFU DMPVE LVCF QSPYZ LVCF QSPYZ

  10. Kubernetes Architecture Kubernetes is Distributed Architecture & Distributed Components Master:

    AuthɾAuthz, Resource(API Object) Management, Container Scheduling: General management Worker: Container Execution

  11. .BTUFS 8PSLFS FUDE DMPVEDPOUSPMMFS NBOBHFS /PEF $POUBJOFS 3VOUJNF LVCFMFU LVCF

    QSPYZ DPOUSPMMFS NBOBHFS BQJTFSWFS TDIFEVMFS /PEF $POUBJOFS 3VOUJNF LVCFMFU /PEF $POUBJOFS 3VOUJNF LVCFMFU DMPVE LVCF QSPYZ LVCF QSPYZ Kubernetes High Level Architecture

  12. api-server / controller-manager api-server: api-server receives API Object’s CREATEɾUPDATEɾDELTE (CRUD)requests

    and execute requests. Executed Object data is persisted to etcd(DataStore). ※ component which accesses to etcd is only api-server controller-manager: Controller manages Resource(like Deployment, Service…). controller-manager is a group of multiple controllers.

  13. controller-manager controller-manager: multiple controllers in one binary %FQMPZNFOU 3FQMJDB4FU %BFNPO4FU

    4FSWJDF +PC $SPO+PC &OEQPJOU 4UBUFGVM4FU ʜ

  14. 3FQMJDB4FU $POUSPMMFS LJOE3FQMJDB4FU NFUBEBUB OBNFYYYYYY TQFD ʜ 3FTPVSDF  3FTPVSDF

     3FTPVSDF ʜ 3FTPVSDF / .BOBHFT $POUSPM-PPQ .BOJGFTU ControllerͱResource Controller manages Resource FH3FQMJDB4FU$POUSPMMFS

  15. 3FQMJDB4FU $POUSPMMFS Controller and Resource One Controller manages one Resource

    3FQMJDB4FU 1PE %FQMPZNFOU $POUSPMMFS %FQMPZNFOU NBOBHF DSFBUF NBOBHF DSFBUF Reference: OwnerReference https://kubernetes.io/docs/concepts/workloads/controllers/garbage-collection/ There is mechanism called byʮownerReferenceʯwhich parent resource tags child resource. When parent resource is deleted, child resource is deleted by Garbage Collection(GC).

  16. Control Loop (Reconciliation Loop)

  17. "DUVBM4UBUF $POUSPM-PPQ %FTJSFE4UBUF 3FBESFBMSFTPVSDFT $IBOHFJOUFSOBMFYUFSOBMSFTPVSDFT PCTFSWF BOBMZ[F "DU Controller’s Concept

    Concept: Control Loop(Reconciliation Loop)

  18. Control Loop(Reconciliation Loop) Controller Loop is Controller’s Concept. ※This is

    called by Reconciliation Loop Controller Loop Flow: 1. Read Resource Actual State 2. Change Resource State to Desired State 3. Update Resource Status Declarative API realize immutable Infrastructure by Control Loop. Loop

  19. 3FQMJDBT ReplicaSet Control Loop Example 3FQMJDBT 3FQMJDB4FU $POUSPMMFS 3FQMJDB4FU $POUSPMMFS

    0CTFSWF %FTJSFE4UBUF "DUVBM4UBUF "DU

  20. ReplicaSet Apply ʙ Container Execution LJOE3FQMJDB4FU NFUBEBUB OBNFYYYYYY TQFD ʜ

    .BOJGFTU 6TFS .BTUFS 8PSLFS FUDE /PEF $POUBJOFS 3VOUJNF LVCFMFU LVCF QSPYZ BQJTFSWFS TDIFEVMFS ,VCFDUMBQQMZGNBOJGFTUZBNM †"QQMZ3FQMJDB4FU3FTPVSDF 3FQMJDB4FU $POUSPMMFS ᶃ3FQMJDB4FUJT$SFBUFE

  21. .BTUFS 8PSLFS FUDE /PEF $POUBJOFS 3VOUJNF LVCFMFU LVCF QSPYZ BQJTFSWFS

    TDIFEVMFS 3FQMJDB4FU $POUSPMMFS $POUSPM-PPQ ᶄ3FQMJDB4FU$POUSPMMFSEFUFDUT3FQMJDB4FUDSFBUJPO ᶄ`&NQUZ1PEJTDSFBUFEXIJDIEPFTO`U IBWF4QFDOPEF/BNFCZ$POUSPMMFS DSFBUF ˞/PUZFUEFMJWFSFEUP8PSLFS/PEF ReplicaSet Apply ʙ Container Execution

  22. .BTUFS 8PSLFS FUDE /PEF $POUBJOFS 3VOUJNF LVCFMFU LVCF QSPYZ BQJTFSWFS

    TDIFEVMFS 3FQMJDB4FU $POUSPMMFS ᶅ4DIFEVMFSEFUFDUT1PEDSFBUJPO queue ᶅ`4DIFEVMFSFORVFVFTUPTDIFEVMJOH RVFVFCFDBVTFQPE4QFDOPEF/BNF JTFNQUZ ReplicaSet Apply ʙ Container Execution

  23. .BTUFS 8PSLFS FUDE /PEF $POUBJOFS 3VOUJNF LVCFMFU LVCF QSPYZ BQJTFSWFS

    TDIFEVMFS 3FQMJDB4FU $POUSPMMFS ᶆLVCFMFUBMTPEFUFDUT1PEDSFBUJPO queue ᶆ`LVCFMFUTLJQTCFDBVTF QPE4QFDOPEF/BNFJTFNQUZ skip ReplicaSet Apply ʙ Container Execution

  24. .BTUFS 8PSLFS FUDE /PEF $POUBJOFS 3VOUJNF LVCFMFU LVCF QSPYZ BQJTFSWFS

    TDIFEVMFS 3FQMJDB4FU $POUSPMMFS ᶇ4DIFEVMFSQPQT1PEGSPNRVFVF queue ᶇ`4DIFEVMFTQPEUPOPEFXIJDI DBOCFUPBTTJHOUP schedule ᶇ`6QEBUFTQPE4QFDOPEF/BNF 6QEBUF TQFDOPEF/BNF ReplicaSet Apply ʙ Container Execution

  25. .BTUFS 8PSLFS FUDE /PEF $POUBJOFS 3VOUJNF LVCFMFU LVCF QSPYZ BQJTFSWFS

    TDIFEVMFS 3FQMJDB4FU $POUSPMMFS queue ᶈLVCFMFUEFUFDUT1PEVQEBUF ᶈ`LVCFMFUTUBSUTVQDPOUBJOFS ReplicaSet Apply ʙ Container Execution

  26. .BTUFS 8PSLFS FUDE /PEF $POUBJOFS 3VOUJNF LVCFMFU LVCF QSPYZ BQJTFSWFS

    TDIFEVMFS 3FQMJDB4FU $POUSPMMFS queue ᶉLVCFMFUTFOETSFRVFTUUPBQJTFSWFS  BOEBQJTFSWFSVQEBUFTQPE4UBUVT TUBUVTDPOEJUJPOT ReplicaSet Apply ʙ Container Execution

  27. .BTUFS 8PSLFS FUDE /PEF $POUBJOFS 3VOUJNF LVCFMFU LVCF QSPYZ BQJTFSWFS

    TDIFEVMFS 3FQMJDB4FU $POUSPMMFS queue /PXTVQQPTFUIFDPOUBJOFSEJFEGPSTPNFSFBTPO ReplicaSet Apply ʙ Container Execution

  28. .BTUFS 8PSLFS FUDE /PEF $POUBJOFS 3VOUJNF LVCFMFU LVCF QSPYZ BQJTFSWFS

    TDIFEVMFS 3FQMJDB4FU $POUSPMMFS queue 1PE`T5FSNJOBUJOH TUBUVTDPOEJUJPOT ReplicaSet Apply ʙ Container Execution ᶊLVCFMFUTFOETSFRVFTUUPBQJTFSWFS  BOEBQJTFSWFSVQEBUFTQPE4UBUVT

  29. .BTUFS 8PSLFS FUDE /PEF $POUBJOFS 3VOUJNF LVCFMFU LVCF QSPYZ BQJTFSWFS

    TDIFEVMFS 3FQMJDB4FU $POUSPMMFS queue 1PE`T5FSNJOBUJOH ᶋ3FQMJDB4FU$POUSPMMFSEFUFDUT 1PEVQEBUF EFMFUF ᶋ`3FQMJDB4FU$POUSPMMFSEFMFUFT1PE ReplicaSet Apply ʙ Container Execution

  30. .BTUFS 8PSLFS FUDE /PEF $POUBJOFS 3VOUJNF LVCFMFU LVCF QSPYZ BQJTFSWFS

    TDIFEVMFS 3FQMJDB4FU $POUSPMMFS queue 3FDPODJMF ᶌ3FQMJDB4FU$POUSPMMFS3FDPODJMF JOPSEFSUPCFDPNF%FTJSFE4UBUF $POUSPMMFSSFDSFBUF1PE EFMFUF "OETP -PPQUIJTʜ ᶄʙᶌSFQFBU ReplicaSet Apply ʙ Container Execution

  31. Appendix) Source Code ᶄ https://github.com/kubernetes/kubernetes/blob/release-1.16/pkg/controller/replicaset/replica_set.go#L487 ᶅ https://github.com/kubernetes/kubernetes/blob/v1.16.0/pkg/scheduler/eventhandlers.go#L436 ᶆ https://github.com/kubernetes/kubernetes/blob/v1.16.0/pkg/kubelet/config/apiserver.go#L33 ᶇ

    https://github.com/kubernetes/kubernetes/blob/v1.16.0/pkg/scheduler/scheduler.go#L535 ᶈ https://github.com/kubernetes/kubernetes/blob/release-1.16/pkg/kubelet/kuberuntime/kuberuntime_manager.go#L803 ᶉ https://github.com/kubernetes/kubernetes/blob/release-1.16/pkg/kubelet/kubelet.go#L1527 ᶊ https://github.com/kubernetes/kubernetes/blob/release-1.16/pkg/kubelet/kubelet.go#L2006 ᶋ https://github.com/kubernetes/kubernetes/blob/v1.16.0/pkg/controller/replicaset/replica_set.go#L535 ᶌ https://github.com/kubernetes/kubernetes/blob/release-1.16/pkg/controller/replicaset/replica_set.go#L487

  32. Controller and Components Each Component’s Responsibility ɾapi-server: Resource CRUD ɾscheduler:

    Resource Scheduling ɾkubelet: Container starts up ɾcontroller: Reconcile Resource Each component concentrates on its responsibilities. = There is no Orchestra conductor who controls the whole and gives instructions.

  33. Controller and Harmony In Kubernetes, each component works cooperatively… Do

    not mean Even if component is not commanded, the whole consistency is maintained. So… Let’s think of each component as a Single Controller. Each Controller concentrates on running each Control Loop. As a result, Strangely, you can see that Kubernetes is in harmony as a whole.

  34. Kubernetes is jazz improv Kubernetes is not an Orchestration. As

    jazz improv, by players(Controllers) concentrating on each plays(Control Loop), the whole is consisted of. Kubernetes is more jazz improv than orchestration. Joe Beda https://blog.heptio.com/core-kubernetes-jazz-improv-over-orchestration-a7903ea92ca Co-founder Core Kubernetes: Jazz Improv over Orchestration

  35. Why Controller executes Control Loop? When we think why Controller

    executes Control Loop, ʮEventʯis key factor. ※ e.g. Added, Modified, Deleted, Error… For Kubernetes, which consists of distributed components, Event is very important. It flows between each component. Reference: Events, the DNA of Kubernetes There are two way of how we think event triggers ɾEdge-driven Triggers ɾLevel-driven Triggers https://www.mgasch.com/post/k8sevents/

  36. Appendix) Edge vs. Level https://hackernoon.com/level-triggering-and-reconciliation-in-kubernetes-1f17fe30333d Reference: Level Triggering and Reconciliation

    in Kubernetes Edge-driven Triggers Level-driven Triggers Trigger when event occurs Trigger when in a specific state up down low high low

  37. In order to think that why controller executes control loop,

    we suppose Kubernetes takes Procedure process, not Reconcile. LJOEYYYYYYYYY NFUBEBUB OBNFYYYYYY TQFD ʜ Actual Kubernetes Assumption Reconcile Procedure Why Controller executes Control Loop?

  38. If Controller is Procedure $VSSFOUOVNCFS PG3FQMJDBT   ˢ 4DBMF6Q

     ˢ 4DBMFEPXO Controller takes Procedure process, the events are triggered as Edge-driven-trigger. This seems like no problem, but there are weaknesses. &WFOU

  39. If there is no Reconcile   When there is

    temporary network outage or bug, Event information is lost. 0VUBHF &WFOU $VSSFOUOVNCFS PG3FQMJDBT ˢ 4DBMF6Q ˢ 4DBMFEPXO

  40. Resync Interval and Reconcile    Controller Reconcile every

    time Resync Interval. So that Controller can bring the state closer to desired state. SFTZODJOUFSWBM &WFOU Kubernetes = Edge-driven Trigger + Level-driven Trigger 0VUBHF $VSSFOUOVNCFS PG3FQMJDBT ˢ 4DBMF6Q ˢ 4DBMFEPXO

  41. Components which support Controller ʙ Middle Level Architecture ʙ

  42. Terminology Kind: Kind is the kind of API Object(e.g. Deployment,

    Service) 
 Resource: Resource is used in the same meaning as Kind. This is used as HTTP Endpoint. Resource is expressed in lower case and plural form (e.g. pods, services) Object: An entity of created API Object. This is persisted in etcd.

  43. Library under the Controller client-go Informer Lister WorkQueue api-machinery runtime.Object

    Scheme code-generator Library Component Out of range to explain

  44. Appendix) Custom Controller SDK Kubebuilder Informer Framework Component Lister Operator

    SDK Library (High Level) controller-runtime controller-tools Library (Low Level) client-go api-machinery etc… Scheme runtime.Object WorkQueue etc…

  45. client-go: Kubernetes official client Library This is used to Kubernetes

    development api-machinery: Kubernetes API Object & Kubernetes API like Object Library e.g. conversion, decode, encode, etc… Controller manages API Object, so this is needed. code-generator: Informer, Lister, clientset, DeepCopy source code generator This is used to Custom Controller development mainly. Library under the Controller

  46. Component under Controller Detail of each component will be described

    later. Informer: Watch an Object Event and stores data to in-memory-cache Lister: Getter object data from in-memory-cache WorkQueue: Queue which store Control Loop item runtime.Object: API Object Interface Scheme: Associate Go Type with Kubernetes API Out of range to explain

  47. client-go Informer ʙ Low Level Architecture ʙ

  48. client-goͱInformer client-go Informer Library Component Reflector DeltaFIFO Indexer Store Lister

  49. Informer Informer watches Object Event(Added, Updated, Deleted…) When controller inquiries

    object status to api-server every time to monitor Object changes, api-server is high loaded. ὎ Informer stores object data to in-memory-cache. By Controller referring to cache, this problem is solved. $POUSPMMFS $POUSPMMFS *OGPSNFS in-memory-cache watch watch

  50. Appendix) Informer Sample Code func main() { ... clientset, err

    := kubernetes.NewForConfig(config) // Create InformerFactory informerFactory := informers.NewSharedInformerFactory(clientset, time.Second*30) // Create pod informer by informerFactory podInformer := informerFactory.Core().V1().Pods() // Add EventHandler to informer podInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ AddFunc: func(new interface{}) { log.Println("Added") }, UpdateFunc: func(old, new interface{}) { log.Println("Updated") }, DeleteFunc: func(old interface{}) { log.Println("Deleted") }, }) // Start Go routines informerFactory.Start(wait.NeverStop) // Wait until finish caching with List API informerFactory.WaitForCacheSync(wait.NeverStop) // Create Pod Lister podLister := podInformer.Lister() // Get List of pods _, err = podLister.List(labels.Nothing()) … } https://github.com/govargo/kubecontorller-book-sample-snippet/blob/master/02/podinformer/podinformer.go

  51. Appendix) Shared Informer When we use Informer, we don’t use

    Informer itself. Instead we use Shared Informer. Shared Informer shares same Resource in single binary. %FQMPZNFOU 3FQMJDB4FU %BFNPO4FU 4FSWJDF +PC ʜ 4IBSFE*OGPSNFSTIBSFEDBDIFGPSTBNFSFTPVSDF kube-controller-manager

  52. https://github.com/kubernetes/sample-controller/blob/master/docs/controller-client-go.md Reference: Informer and WorkQueue Overview

  53. 3FqFDUPS %FMUB'*'0 RVFVF -JTU8BUDI JONFNPSZDBDIF 4UPSF *OEFYFS -JTUFS (FUPS-JTU FH

    DPSFW1PE (FUPS-JTU 3FRVFTU *OGPSNFS )BOEMF%FMUBT Detail of Informer

  54. 3FqFDUPS %FMUB'*'0 RVFVF ᶃ-JTU"OE8BUDI JONFNPSZDBDIF 4UPSF *OEFYFS *OGPSNFS )BOEMF%FMUBT Detail

    of Informer ~Cache Flow~

  55. 3FqFDUPS %FMUB'*'0 RVFVF ᶄ1PQ JONFNPSZDBDIF 4UPSF *OEFYFS *OGPSNFS )BOEMF%FMUBT 8BUDI

    Detail of Informer ~Cache Flow~

  56. 3FqFDUPS %FMUB'*'0 RVFVF ᶅ)BOEMF%FMUB JONFNPSZDBDIF 4UPSF *OEFYFS *OGPSNFS )BOEMF%FMUBT 8BUDI

    Detail of Informer ~Cache Flow~

  57. 3FqFDUPS %FMUB'*'0 RVFVF ᶆJOEFYFS"EE JONFNPSZDBDIF 4UPSF *OEFYFS *OGPSNFS )BOEMF%FMUBT 8BUDI

    Detail of Informer ~Cache Flow~

  58. 3FqFDUPS %FMUB'*'0 RVFVF JONFNPSZDBDIF 4UPSF *OEFYFS *OGPSNFS )BOEMF%FMUBT 8BUDI ᶅ)BOEMF%FMUB

    ᶄ1PQ Detail of Informer ~Cache Flow~

  59. 3FqFDUPS %FMUB'*'0 RVFVF JONFNPSZDBDIF 4UPSF *OEFYFS *OGPSNFS )BOEMF%FMUBT 8BUDI ᶆJOEFYFS"EE

    Detail of Informer ~Cache Flow~

  60. 3FqFDUPS %FMUB'*'0 RVFVF JONFNPSZDBDIF 4UPSF *OEFYFS *OGPSNFS )BOEMF%FMUBT 8BUDI -JTUFS

    (FUPS-JTU 3FRVFTU Detail of Informer ~Cache Flow~

  61. 3FqFDUPS %FMUB'*'0 RVFVF JONFNPSZDBDIF 4UPSF *OEFYFS *OGPSNFS )BOEMF%FMUBT 8BUDI JOEFYFS(FU#Z,FZ

    PS JOEFYFS-JTU -JTUFS (FUPS-JTU 3FRVFTU Detail of Informer ~Cache Flow~

  62. Appendix) Informer cache Source Code ᶃ https://github.com/kubernetes/client-go/blob/release-13.0/tools/cache/reflector.go#L188 ᶄ https://github.com/kubernetes/client-go/blob/release-13.0/tools/cache/controller.go#L153 ᶅ

    https://github.com/kubernetes/client-go/blob/release-13.0/tools/cache/shared_informer.go#L455 ᶆ https://github.com/kubernetes/client-go/blob/release-13.0/tools/cache/shared_informer.go#L464

  63. Informer and Component Informer: Watch an Object Event and stores

    data to in-memory-cache Reflector: ListAndWatch api-server DeltaFIFO: FIFO Queue which enqueue object data temporarily Indexer: Getter / Setter for in-memory-cache Store: in-memory-cache Lister: Getter object data from in-memory-cache via Indexer

  64. client-go WorkQueue ʙ Low Level Architecture ʙ

  65. client-goͱWorkQueue client-go WorkQueue Library Component RateLimitingQueue DelayedQueue …

  66. WorkQueue WorkQueue is another queue different from DeltaFIFO. WorkQueue is

    used in order to store item of Contrl Loop. Reconcile will be executed as many times as the number stored in WorkQueue. Pure Controller enqueues item to WorkQueue when Event occurs. Event $POUSPMMFS Added Updated Deleted WorkQueue

  67. Appendix) WorkQueue Sample Code func main() { ... clientset, err

    := kubernetes.NewForConfig(config) // Create InformerFactory informerFactory := informers.NewSharedInformerFactory(clientset, time.Second*30) // Create pod informer by informerFactory podInformer := informerFactory.Core().V1().Pods() // Create RateLimitQueue queue := workqueue.NewRateLimitingQueue(workqueue.DefaultControllerRateLimiter()) // shutdown when process ends defer queue.ShutDown() // Add EventHandler to informer podInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ AddFunc: func(old interface{}) { var key string var err error if key, err = cache.MetaNamespaceKeyFunc(old); err != nil { runtime.HandleError(err) return } queue.Add(key) log.Println("Added: " + key) }, UpdateFunc: func(old, new interface{}) { … }, DeleteFunc: func(old interface{}) { … }, }) … } https://github.com/govargo/kubecontorller-book-sample-snippet/blob/master/02/workqueue/enqueuePod.go

  68. 3FqFDUPS %FMUB'*'0 RVFVF -JTU8BUDI 3FTPVSDF &WFOU )BOEMFS JONFNPSZDBDIF TUPSF *OEFYFS

    8PSL2VFVF 1SPDFTT *UFN $POUSPMMFS-PHJD *OGPSNFS &WFOU)BOEMFS Detail of WorkQueue

  69. 3FqFDUPS %FMUB'*'0 RVFVF 3FTPVSDF &WFOU )BOEMFS JONFNPSZDBDIF TUPSF *OEFYFS 8PSL2VFVF

    1SPDFTT *UFN *OGPSNFS &WFOU)BOEMFS &WFOU -JTU8BUDI $POUSPMMFS-PHJD Detail of WorkQueue ~Enqueue~

  70. 3FqFDUPS %FMUB'*'0 RVFVF 3FTPVSDF &WFOU )BOEMFS JONFNPSZDBDIF TUPSF *OEFYFS 8PSL2VFVF

    1SPDFTT *UFN *OGPSNFS &WFOU)BOEMFS ᶃ8BUDI $POUSPMMFS-PHJD Detail of WorkQueue ~Enqueue~

  71. 3FqFDUPS %FMUB'*'0 RVFVF 3FTPVSDF &WFOU )BOEMFS JONFNPSZDBDIF TUPSF *OEFYFS 8PSL2VFVF

    1SPDFTT *UFN *OGPSNFS &WFOU)BOEMFS 8BUDI ᶄ1PQ $POUSPMMFS-PHJD Detail of WorkQueue ~Enqueue~

  72. 3FqFDUPS %FMUB'*'0 RVFVF 3FTPVSDF &WFOU )BOEMFS JONFNPSZDBDIF TUPSF *OEFYFS 8PSL2VFVF

    1SPDFTT *UFN *OGPSNFS &WFOU)BOEMFS 8BUDI ᶅ "EE'VOD 6QEBUF'VOD %FMFUF'VOD $POUSPMMFS-PHJD Detail of WorkQueue ~Enqueue~

  73. 3FqFDUPS %FMUB'*'0 RVFVF 3FTPVSDF &WFOU )BOEMFS JONFNPSZDBDIF TUPSF *OEFYFS 8PSL2VFVF

    1SPDFTT *UFN *OGPSNFS &WFOU)BOEMFS 8BUDI namesapce/name e.g. default/nginx ᶆXPSLRVFVF"EE $POUSPMMFS-PHJD Detail of WorkQueue ~Enqueue~

  74. 3FqFDUPS %FMUB'*'0 RVFVF 3FTPVSDF &WFOU )BOEMFS JONFNPSZDBDIF TUPSF *OEFYFS 8PSL2VFVF

    1SPDFTT *UFN *OGPSNFS &WFOU)BOEMFS 8BUDI ᶅ "EE'VOD 6QEBUF'VOD %FMFUF'VOD $POUSPMMFS-PHJD Detail of WorkQueue ~Enqueue~

  75. 3FqFDUPS %FMUB'*'0 RVFVF 3FTPVSDF &WFOU )BOEMFS JONFNPSZDBDIF TUPSF *OEFYFS 8PSL2VFVF

    1SPDFTT *UFN *OGPSNFS &WFOU)BOEMFS 8BUDI ᶆXPSLRVFVF"EE $POUSPMMFS-PHJD Detail of WorkQueue ~Enqueue~

  76. 3FqFDUPS %FMUB'*'0 RVFVF 3FTPVSDF &WFOU )BOEMFS JONFNPSZDBDIF TUPSF *OEFYFS 8PSL2VFVF

    1SPDFTT *UFN *OGPSNFS &WFOU)BOEMFS 8BUDI ᶇXPSLRVFVF(FU $POUSPMMFS-PHJD Detail of WorkQueue ~Dequeue~

  77. Appendix) Informer enqueue Source Code ᶃ https://github.com/kubernetes/client-go/blob/master/tools/cache/reflector.go#L267 ᶄ https://github.com/kubernetes/client-go/blob/release-13.0/tools/cache/controller.go#L153 ᶅ


    https://github.com/kubernetes/client-go/blob/release-13.0/tools/cache/controller.go#L198 https://github.com/kubernetes/kubernetes/blob/release-1.16/pkg/controller/replicaset/replica_set.go#L153 ※ ReplicaSet Controllerͷ৔߹ ᶆ https://github.com/kubernetes/kubernetes/blob/release-1.16/pkg/controller/replicaset/replica_set.go#L417 ※ ReplicaSet Controllerͷ৔߹ ᶇ https://github.com/kubernetes/kubernetes/blob/release-1.16/pkg/controller/replicaset/replica_set.go#L438 ※ ReplicaSet Controllerͷ৔߹

  78. Appendix) Informer Resync Period Resync Period is option of InformerFactory.

    Informer watches object events to api-server. After Resync Period has passed, no matter what event has occurred, UpdateFunc is called back. As a result, Reconcile is executed again. ※This time, Resync refers in-memory-cache(not api-server). Resync(cache sync) and Relist(list from api-server) is different. informer.Start SFTZODQFSJPE List Watch Event Reflector Added Updated Updated Added AddFunc UpdateFunc AddFunc UpdateFunc Handler

  79. Controller’s Cycle Main Logic

  80. *OGPSNFS 1SPDFTT *UFN 3FTPVSDF &WFOU )BOEMFS 8PSL2VFVF Controller’s Cycle Let’s

    confirm Reconcile flow. Informer + WorkQueue + Controller $POUSPMMFS $POUSPMMFS.BJO-PHJD

  81. *OGPSNFS 1SPDFTT *UFN 3FTPVSDF &WFOU )BOEMFS XBUDI 8PSL2VFVF ʲAssumptionʳ There

    is two pod in etcd. Update Event occurs from here. Controller’s Cycle

  82. *OGPSNFS 1SPDFTT *UFN 3FTPVSDF &WFOU )BOEMFS 6QEBUF XBUDI 8PSL2VFVF Controller’s

    Cycle

  83. *OGPSNFS 1SPDFTT *UFN 3FTPVSDF &WFOU )BOEMFS XBUDI BEE'VOD VQEBUF'VOD EFMFUF'VOD

    ᶄ 8PSL2VFVF Controller’s Cycle

  84. *OGPSNFS 1SPDFTT *UFN 3FTPVSDF &WFOU )BOEMFS XBUDI ᶅXPSL2VFVF"EE 8PSL2VFVF Controller’s

    Cycle

  85. *OGPSNFS 1SPDFTT *UFN 3FTPVSDF &WFOU )BOEMFS XBUDI ᶅXPSL2VFVF"EE 8PSL2VFVF Controller’s

    Cycle

  86. *OGPSNFS 1SPDFTT *UFN 3FTPVSDF &WFOU )BOEMFS XBUDI ᶆXPSL2VFVF(FU 8PSL2VFVF Controller’s

    Cycle

  87. *OGPSNFS 1SPDFTT *UFN 3FTPVSDF &WFOU )BOEMFS XBUDI ᶆXPSL2VFVF(FU 8PSL2VFVF Controller’s

    Cycle

  88. *OGPSNFS 1SPDFTT *UFN 3FTPVSDF &WFOU )BOEMFS XBUDI ᶇ4ZOD)BOEMFS 3FDPODJMF 8PSL2VFVF

    Controller’s Cycle

  89. *OGPSNFS 1SPDFTT *UFN 3FTPVSDF &WFOU )BOEMFS XBUDI ᶈXPSL2VFVF'PSHFU ᶉXPSL2VFVF%POF When

    Reconcile finished successfully 5IF*UFNPG$POUSPM-PPQJTSFNPWFE GSPN8PSL2VFVFDPNQMFUFMZ 8PSL2VFVF Controller’s Cycle

  90. *OGPSNFS 1SPDFTT *UFN 3FTPVSDF &WFOU )BOEMFS XBUDI ᶇ`XPSL2VFVF"EE3BUF-JNJUFE When Reconcile

    ends with Error $POUSPMMFSSFRVFVFJUFNUP8PSL2VFVF "OE3FDPODJMFXJMMCFFYFDVUFEBHBJO 8PSL2VFVF Controller’s Cycle

  91. *OGPSNFS 1SPDFTT *UFN 3FTPVSDF &WFOU )BOEMFS XBUDI ᶇ`XPSL2VFVF"EE3BUF-JNJUFE 8PSL2VFVF Controller’s

    Cycle When Reconcile ends with Error $POUSPMMFSSFRVFVFJUFNUP8PSL2VFVF "OE3FDPODJMFXJMMCFFYFDVUFEBHBJO

  92. *OGPSNFS 1SPDFTT *UFN 3FTPVSDF &WFOU )BOEMFS (Left Side of this

    slide) Every time an event occurs, items continue to store in WorkQueue. (Right Side of this slide) Controller processes items in WorkQueue and executes Reconcile. This loop continues endlessly until the Controller stops. 8PSL2VFVF Controller’s Cycle

  93. Controller’s Basic Strategy Read from In-memory-cache. Write to api-server. ※

    However if we update object in cache directly, it is very difficult to guarantee its consistency. So, we use DeepCopy(get clone data), when we update object. e.g. kubernetes/pkg/controller/replicaset/replica_set.go rs = rs.DeepCopy() newStatus := calculateStatus(rs, filteredPods, manageReplicasErr) // Always updates status as pods come up or die. updatedRS, err := updateReplicaSetStatus(rsc.kubeClient.AppsV1(). ὎ ReplicaSets(rs.Namespace), rs, newStatus) https://github.com/kubernetes/kubernetes/blob/release-1.15/pkg/controller/replicaset/replica_set.go#L611

  94. XPSLFS XPSLFS QSPDFTT/FYU8PSL*UFN TZOD)BOEMFS Controller’s Main Logic worker: Endless Loop

    of processNextWorkItem processNextWorkItem: Operate WorkQueue(Get, Add) and Call Reconcile Logic syncHandler: This is equal to Reconcile Logic Add TZOD)BOEMFS Update Delete Event Reconcile Reconcile regardless of Event Type

  95. Appendix) ReplicaSet Controller Soure Code worker: processNextWorkItem: syncReplicaSet: XPSLFS XPSLFS

    QSPDFTT/FYU8PSL*UFN TZOD3FQMJDB4FU https://github.com/kubernetes/kubernetes/blob/release-1.16/pkg/controller/replicaset/replica_set.go#L432 https://github.com/kubernetes/kubernetes/blob/release-1.16/pkg/controller/replicaset/replica_set.go#L437 https://github.com/kubernetes/kubernetes/blob/release-1.16/pkg/controller/replicaset/replica_set.go#L562 ReplicaSet Controller Kubernetes v1.16

  96. Appendix) Sync of in-memory-cache and etcd Informer synchronizes object data

    from etcd to in-memory-cache. You may think whether in-memory-cache data is different from data of etcd. It’s no problem. Object has resourceVersion.
 If resourceVersion of etcd and in-memory-cache is different, Error occurs when Controller updates object state. Controller requeue and Reconcile until Reconcile finishes successfully. Rv2 Rv1 Update Rv2 version too old Requeue Reconcile (retry)

  97. Terminology(review) Informer: Watch Object Event, and store object data to

    in-memory-cache Add items of Control Loop to WorkQueue via EventHandler Lister: Getter object data from in-memory-cache via Indexer WorkQueue: Queue which store items of Control Loop This items is target of Reconcile Logic. If error has occurs when Reconcile ends, Controller requeue item to WorkQueue. And Controller executes Reconcile again.

  98. Controller Summary

  99. Controller Summary ɾController realizes declarative API by Control Loop (Reconciliation

    Loop) ɾKubernetes has distributed component. Event associates each component. ɾclient-go, apimachinery, code-generator are Library for Controller. ɾInformer has two important role. ᶃ Store object data to in-memory-cache ᶄ Add items to WorkQueue via EventHandler ɾItems which are stored in WorkQueue is processed by Reconcile.

  100. Step up to Deep Dive ɾSample Controller ɾKubernetes/Kubernetes - Deployment

    Controller - ReplicaSet Controller ɾMake Custom Controller(+ CRD) Kubebuilder: https://book.kubebuilder.io/ Operator SDK: https://github.com/operator-framework/operator-sdk Link: https://github.com/kubernetes/sample-controller mkdir -p $GOPATH/src/k8s.io && cd $GOPATH/src/k8s.io && git clone https://github.com/kubernetes/sample-controller.git export GO111MODULE=on go build -o sample-controller . ./sample-controller -kubeconfig $HOME/.kube/config https://github.com/kubernetes/kubernetes/blob/release-1.16/pkg/controller/deployment/deployment_controller.go https://github.com/kubernetes/kubernetes/blob/release-1.16/pkg/controller/replicaset/replica_set.go

  101. Thank you

  102. Reference

  103. Reference ɾWeb Article - https://kubernetes.io/docs/concepts/architecture/nodes/ - https://kubernetes.io/docs/concepts/workloads/controllers/garbage-collection/ - https://github.com/kubernetes/community/blob/master/contributors/devel/sig-api-machinery/controllers.md -

    A deep dive into Kubernetes controllers (https://engineering.bitnami.com/articles/a-deep-dive-into-kubernetes-controllers.html) - Core Kubernetes: Jazz Improv over Orchestration (https://blog.heptio.com/core-kubernetes-jazz-improv-over-orchestration-a7903ea92ca) - Events, the DNA of Kubernetes(https://www.mgasch.com/post/k8sevents/) ɾPresentation(Japanes) - Kubernete Meetup Tokyo #18 - Kubebuilder/controller-runtime ೖ໳ (https://www.slideshare.net/pfi/kubernete-meetup-tokyo-18-kubebuildercontrollerruntime) - KubernetesͷιʔείʔυϦʔσΟϯάೖ໳ (https://speakerdeck.com/smatsuzaki/kubernetesfalsesosukodorideinguru-men) ɾBook - Programming Kubernetes (https://programming-kubernetes.info/)

  104. Reference ɾRepository - Kubernetes(https://github.com/kubernetes/kubernetes) - Sample Controller(https://github.com/kubernetes/sample-controller) - client-go(https://github.com/kubernetes/client-go) -

    apimachinery(https://github.com/kubernetes/apimachinery) - codegenerator(https://github.com/kubernetes/code-generator) - what-happens-when-k8s(https://github.com/jamiehannaford/what-happens-when-k8s)