Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Real-World Kubernetes Deployments @ OSCON 2016
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Brandon Philips
May 16, 2016
Programming
700
1
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Real-World Kubernetes Deployments @ OSCON 2016
Brandon Philips
May 16, 2016
More Decks by Brandon Philips
See All by Brandon Philips
Node.js Workflow with Minikube and Skaffold
philips
0
300
Manage the App on Kubernetes
philips
0
370
Production Backbone Monitoring Containerized Apps
philips
0
230
KubeCon EU 2017: Dancing on the Edge of a Volcano
philips
1
860
rkt - KubeCon EU keynote - 2017
philips
1
310
FOSDEM_Keynote_2017-_.pdf
philips
0
170
Tectonic Summit Day 2 Keynote
philips
0
410
Kubernetes: Simple to Manage Anywhere (self-hosted, Tectonic upgrade demo)
philips
0
440
KubeCon Keynote 2016- Distributed Systems Simplified on Kubernetes
philips
2
590
Other Decks in Programming
See All in Programming
どこまでゆるくて許されるのか
tk3fftk
0
270
Skillsは効率化、Agentsは"自分の拡張"——Builder時代のエージェント編成(CC Night 2026)
wemra
1
180
Honoでのサプライチェーン侵害対策 〜 3つのライブラリに学ぶ
yusukebe
7
1.5k
さぁV100、メモリをお食べ・・・
nilpe
0
160
ECSアプリログをFireLensでコスト削減しようとしたけど諦めた話 in Fargate×Node.js
akihisaikeda
2
4.2k
その問い、本当に正しいですか?AI時代のエンジニアに必要な哲学と認知科学 / ai-philosophy-cognitive-science
minodriven
14
6.5k
SREは、MCPとSRE Agentをこう使え!
kazumax55
0
130
技術的負債解消で開発者の未来を開く- AIの力でコード刷新
kmd2kmd
0
120
肥大化するレガシーコードに立ち向かうためのインターフェース分離と依存の逆転 / JJUG CCC 2026 Spring
hirokunimaeta
0
640
トークンをケチるな、設計しろ:GitHub Copilotを賢く使うコンテキスト戦略
ochtum
0
240
エンジニア向け会社紹介/Findy Company Profile
findyinc
6
350k
Signal Forms: Details & Live Coding @enterJS 2026 in Mannheim
manfredsteyer
PRO
0
200
Featured
See All Featured
B2B Lead Gen: Tactics, Traps & Triumph
marketingsoph
0
160
Context Engineering - Making Every Token Count
addyosmani
9
990
The Art of Programming - Codeland 2020
erikaheidi
57
14k
Producing Creativity
orderedlist
PRO
348
40k
Navigating Weather and Climate Data
rabernat
0
250
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
128
56k
Building Better People: How to give real-time feedback that sticks.
wjessup
370
20k
Hiding What from Whom? A Critical Review of the History of Programming languages for Music
tomoyanonymous
2
870
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
620
VelocityConf: Rendering Performance Case Studies
addyosmani
333
25k
The State of eCommerce SEO: How to Win in Today's Products SERPs - #SEOweek
aleyda
2
11k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.8k
Transcript
Real World Kubernetes Deployments failure domains, upgrades, high-availability @coreoslinux @brandonphilips
Follow Along Instructions http://bit.ly/1XeUbMW Stickers Upfront Decorate your laptop, dog,
kid, phone.
Brandon Philips CTO, CoreOS github.com/philips
None
Build, Store and Distribute your Containers quay.io
Linux
Secure the Internet MISSION
Separate Apps from OS STRATEGY
Make Servers Consistent STRATEGY
Tolerate Machine Failures STRATEGY
Make Servers Easy to Upgrade STRATEGY
Simplify Application Upgrades STRATEGY
None
None
None
None
None
Application Packaging 1
Abstract away app from the OS OS App
None
None
Linux at Scale 2
Patches to the OS and kernel are hard Retest after
updates No automation SECURITY Dependency breakage Uptime risk APPLICATION
None
Auto-updating browsers fixed security We got HTML5 at the same
time
Clustering 3
Operations Paradise Easy scale out Painless app upgrades Tolerant of
machine failure
App Req/sec: 6,000 App Healthy: True
App Req/sec: 6,000 App Healthy: True
App Req/sec: 7,000 App Healthy: True
App Req/sec: 8,000 App Healthy: True
App Req/sec: 7,000 App Healthy: True
App Req/sec: 6,000 App Healthy: True
App Req/sec: 8,000 App Healthy: True
App Req/sec: 7,000 App Healthy: True
App Req/sec: 8,000 App Healthy: True
App Req/sec: 8,000 App Healthy: True
3 Application packaging Clustering Linux at scale
3 Application packaging Clustering Linux at scale
Follow Along Instructions https://github.com/philips/repositories 2016-OSCON-containers-at-scale
CoreOS+Kubernetes vagrant, aws, bare metal, etc coreos.com/kubernetes/docs/latest/
kubernetes architecture in practice
worker kubelet worker kubelet worker kubelet scheduler & API worker
kubelet w ku t worker kubelet
worker kubelet worker kubelet scheduler & API
worker & API works on 1 node too
kube-aws Initial Cluster Setup
worker kubelet worker kubelet controller scheduler, etcd & API
Demo Boot up a Cluster
Demo Run an App
Demo Understand the Network
Domains Let's Talk About Failure
Failure domains are regions or components of the infrastructure which
contain a potential for failure.
These regions can be physical or logical boundaries, and each
has its own risks and challenges to architect for.
Failure Feud - Machine Failure - Network/Disks/RAM/Processor/Power Supply - Rack
Failure - Network/Power - Data Center Failure - Network/Power/Fire/Semi-trucks - Internet Failure - Network/Political/Natural
Failure Analysis Kid Celebrating
None
Kid Hitting His Eye Failure Analysis - Failure is caused
by human error - Celebration continues; eye unnecessary - Kid has two eyes can continue seeing - Brain elects new eye automatically
Primary Datastore etcd operations
/etc distributed hence, the name...
a clustered key-value store GET and SET operations
a building block for higher order systems primitives for building
reliable distributed systems
Demo play.etcd.io
None
None
None
None
None
None
None
Failure Analysis etcd
worker kubelet worker kubelet scheduler & API
kube-aws high availability in cloud
scheduler & API EBS { ASG
etcd protects against - Machine Failure - Replication, automatic leader
election - Flakey Disk Failure - CRC checksums on WAL files - Network Failure - Timeouts and linearized state machine
etcd does not protect against - Denial of Service -
Future work on proxies - Lying etcd Peers - We do a ton of functional testing a hedge - Buggy or Broken Clients - Client deleting all keys requires restore from backup
Demo etcd restore backup
1 2 3 4 { Log
1 2 3 4 Entries
1 2 3 4 Indexes
Kubernetes Control API Service, Scheduler, Controller Manager
Failure Analysis Kubernetes
Demo etcd down for API server
worker kubelet worker kubelet scheduler & API
scheduler & API
Demo etcd restore for API server
scheduler & API
Demo node partition from API
worker kubelet worker kubelet scheduler & API
Demo node scaling up
worker kubelet worker kubelet scheduler & API worker kubelet
Demo node scheduled outage API
worker kubelet worker kubelet scheduler & API
Demo node unplanned outage
worker kubelet worker kubelet scheduler & API
Demo node downgrade/upgrade outage
worker kubelet worker kubelet scheduler & API
Future Work Upstream Kubernetes and Elsewhere
Upstream rktnetes Auth/OIDC Node self-signed TLS
Scaling 15x scheduler performance 30k pods on 1k nodes SIG-scale
Automatic Node Drain Locksmith Design Doc
None
Performance etcd3 /ZooKeeper snapshot disabled
Performance etcd3 /ZooKeeper snapshot disabled
Memory 10GB 2.4GB 0.8GB 512MB data - 2M 256B keys
Sounds good, but... Is anyone successful with all this in
prod?
Publically traded options exchange
Containers on CoreOS are powering ISE's high- throughput, low-latency financial
exchange Running in production Bare metal & AWS Billions of transactions a day 150 million req/sec
None
Secure the Internet MISSION
Separate Apps from OS STRATEGY
Make Servers Consistent STRATEGY
Tolerate Machine Failures STRATEGY
Make Servers Easy to Upgrade STRATEGY
Simplify Application Upgrades STRATEGY
None
Thank you! Brandon Philips @brandonphilips |
[email protected]
| coreos.com We’re
hiring in all departments! Email:
[email protected]
Positions: coreos.com/ careers