Kubernetes advanced platform features

Transcript

1. Kubernetes* advanced platform features 2018-04-03 Alexander Kanevskiy Cloud Software Architect,

   Intel *Other names and brands may be claimed as the property of others.

2. § Memory management § CPU management § Node features §

   Multiple network interfaces § CRIs 2 Agenda

3. Memory management

4. Huge Pages § Native Huge page support § Alpha in

   1.8 § Beta in 1.10 § Multiple architectures support § i386: 4K, 2M § x86_64: 4k, 2M, 1G § aarch64: 4k, 2M, 1G § First class resources § hugepages-2Mi § hugepages-1Gi § Application usages § Java* § -XX:+UseLargePages § Memcached* § memcached -L § MySQL* § [mysqld] large-pages 4 *Other names and brands may be claimed as the property of others.

5. Huge Pages § Usage § Volume mount § Request resource

   § Limitations § Pod level resources § NUMA locality § Links § https://kubernetes.io/docs/tasks/manage- hugepages/scheduling-hugepages/ § https://wiki.debian.org/Hugepages 5 containers: ... volumeMounts: - mountPath: /hugepages name: hugepage resources: limits: hugepages-2Mi: 100Mi volumes: - name: hugepage emptyDir: medium: HugePages

6. CPU Management

7. § CPU Manager feature § Alpha in 1.8 § Beta

   in 1.10, enabled by default § Kubelet configuration § --cpu-manager-policy=static § --cpu-manager-reconcile-period=5s § --kube-reserved=cpu=X § --system-reserved=cpu=X CPU Manager § CPU Pools § Reserved § Shared § Exclusive § Types of workload § Best Effort § Burstable § Guaranteed 7

8. CPU Manager § Best Effort § Resources in Requests and

   Limits are not specified § Burstable § Limits > Requests § Guaranteed § Requests == Limits § Requests not specified, only Limits § CPU Pools § Exclusive § Guaranteed with integer CPU requests § Shared § Best Effort § Burstable § Guaranteed 8

9. § CPU Manager for Kubernetes § CPU manager for NFV

   workloads § More features, off-tree § https://github.com/Intel-Corp/CPU-Manager-for-Kubernetes § Links § https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/ § NUMA https://github.com/kubernetes/community/pull/1680 § RDT https://github.com/kubernetes/community/pull/1733 9 CPU Manager

10. Node features

11. Node feature discovery for Kubernetes § node.alpha.kubernetes-incubator.io § CPUID for

    x86 CPU details § AESNI, AVX, BMI, SSE, SGX, … § Intel Resource Director Technology § RDTMON, RDTL3CA, RDTL2CA § Intel P-State driver § Network § SR-IOV § Storage § Links § https://github.com/kubernetes- incubator/node-feature-discovery § https://github.com/redhat- performance/openshift-psap 6

12. Multiple network interfaces

13. Multus: multiple network interface for Pods § Compatible with reference

    (flannel, DHCP,…) and 3rd party plugins (Calico, Weave, …) § Utilizes CRDs for network plugin configurations § Utilizes Pod Annotations to specify requested networks § Links § https://github.com/Intel-Corp/multus-cni § https://github.com/hustcat/sriov-cni § https://github.com/Intel-Corp/sriov-cni § https://github.com/intel/vhost-user-net-plugin 6

14. CRIs

15. Containers in the cloud § VMs on top of server

    hardware § VM kernel shared for all containers § One VM to one Kubernetes* control plane 6 *Other names and brands may be claimed as the property of others.

16. Kata Containers § The speed of containers, the security of

    VMs § Small as a container § Minimal rootfs and kernel § VM template § nvdimm § De-duplicate memory across VMs § Links § https://katacontainers.io § https://github.com/kata-containers/ 6

17. Kata Containers Multi Architecture Multi Hypervisor Full Hotplug Kubernetes Multi

    Tenancy VM templating Frakti native support Traffic Controller net Direct Device Assignment SR-IOV NVDIMM Multi-OS KSM throttling CRI-O native support MacVTap, multi-queue net 17 Intel® Clear Containers May 2015 Dec 2017

18. § Code and documentation hosted on https://github.com/kata-containers/ § Major releases

    managed through Github* Projects § Intel (Intel® Clear Containers) & Hyper (runV) contributing initial IP § Apache 2 license § Slack: katacontainers.slack.com § IRC: #kata-dev@freenode § Mailing-list: [email protected] 18 Kata Containers - Contribute *Other names and brands may be claimed as the property of others.

19. Questions ?

20. Thank you! Email: [email protected] GitHub*: https://github.com/kad Kubernetes* Slack*: @akanevskiy *Other

    names and brands may be claimed as the property of others.
21. None

22. § Intel technologies’ features and benefits depend on system configuration

    and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at www.intel.com. § Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries. § *Other names and brands may be claimed as the property of others. § © Intel Corporation 22 Legal notices and disclaimers