Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Real-World Kubernetes Deployments @ OSCON 2016

Brandon Philips
May 16, 2016
Programming
1
630

Real-World Kubernetes Deployments @ OSCON 2016

Brandon Philips

May 16, 2016
Tweet

More Decks by Brandon Philips

See All by Brandon Philips
Node.js Workflow with Minikube and Skaffold
philips
0
230
Manage the App on Kubernetes
philips
0
310
Production Backbone Monitoring Containerized Apps
philips
0
120
KubeCon EU 2017: Dancing on the Edge of a Volcano
philips
1
630
rkt - KubeCon EU keynote - 2017
philips
1
240
FOSDEM_Keynote_2017-_.pdf
philips
0
91
Tectonic Summit Day 2 Keynote
philips
0
310
Kubernetes: Simple to Manage Anywhere (self-hosted, Tectonic upgrade demo)
philips
0
300
KubeCon Keynote 2016- Distributed Systems Simplified on Kubernetes
philips
2
530

Other Decks in Programming

See All in Programming
Асинхронность неизбежна: как мы проектировали сервис уведомлений
lamodatech
0
1.3k
週次リリースを実現するための グローバルアプリ開発
tera_ny
1
1.2k
chibiccをCILに移植した結果 (NGK2025S版)
kekyo
PRO
0
120
見えないメモリを観測する: PHP 8.4 `pg_result_memory_size()` とSQL結果のメモリ管理
kentaroutakeda
0
930
ErdMap: Thinking about a map for Rails applications
makicamel
1
580
各クラウドサービスにおける.NETの対応と見解
ymd65536
0
250
DevinとCursorから学ぶAIエージェントメモリーの設計とMoatの考え方
itarutomy
0
120
毎日13時間もかかるバッチ処理をたった3日で60%短縮するためにやったこと
sho_ssk_
1
540
PHPカンファレンス 2024|共創を加速するための若手の技術挑戦
weddingpark
0
140
快速入門可觀測性
blueswen
0
500
情報漏洩させないための設計
kubotak
5
1.3k
サーバーゆる勉強会 DBMS の仕組み編
kj455
1
300

Featured

See All Featured
Producing Creativity
orderedlist
PRO
343
39k
Side Projects
sachag
452
42k
A Philosophy of Restraint
colly
203
16k
A Tale of Four Properties
chriscoyier
157
23k
RailsConf 2023
tenderlove
29
970
Making the Leap to Tech Lead
cromwellryan
133
9k
The Power of CSS Pseudo Elements
geoffreycrofte
74
5.4k
Rails Girls Zürich Keynote
gr2m
94
13k
Designing on Purpose - Digital PM Summit 2013
jponch
116
7.1k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
173
51k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.9k
StorybookのUI Testing Handbookを読んだ
zakiyama
28
5.4k

Transcript

  1. Real World Kubernetes Deployments failure domains, upgrades, high-availability @coreoslinux @brandonphilips

  2. Follow Along Instructions http://bit.ly/1XeUbMW Stickers Upfront Decorate your laptop, dog,

    kid, phone.

  3. Brandon Philips CTO, CoreOS github.com/philips

  4. None

  5. Build, Store and Distribute your Containers quay.io

  6. Linux

  7. Secure the Internet MISSION

  8. Separate Apps from OS STRATEGY

  9. Make Servers Consistent STRATEGY

  10. Tolerate Machine Failures STRATEGY

  11. Make Servers Easy to Upgrade STRATEGY

  12. Simplify Application Upgrades STRATEGY

  13. None
  14. None
  15. None
  16. None
  17. None

  18. Application Packaging 1

  19. Abstract away app from the OS OS App

  20. None
  21. None

  22. Linux at Scale 2

  23. Patches to the OS and kernel are hard Retest after

    updates No automation SECURITY Dependency breakage Uptime risk APPLICATION
  24. None

  25. Auto-updating browsers fixed security We got HTML5 at the same

    time

  26. Clustering 3

  27. Operations Paradise Easy scale out Painless app upgrades Tolerant of

    machine failure

  28. App Req/sec: 6,000 App Healthy: True

  29. App Req/sec: 6,000 App Healthy: True

  30. App Req/sec: 7,000 App Healthy: True

  31. App Req/sec: 8,000 App Healthy: True

  32. App Req/sec: 7,000 App Healthy: True

  33. App Req/sec: 6,000 App Healthy: True

  34. App Req/sec: 8,000 App Healthy: True

  35. App Req/sec: 7,000 App Healthy: True

  36. App Req/sec: 8,000 App Healthy: True

  37. App Req/sec: 8,000 App Healthy: True

  38. 3 Application packaging Clustering Linux at scale

  39. 3 Application packaging Clustering Linux at scale

  40. Follow Along Instructions https://github.com/philips/repositories 2016-OSCON-containers-at-scale

  41. CoreOS+Kubernetes vagrant, aws, bare metal, etc coreos.com/kubernetes/docs/latest/

  42. kubernetes architecture in practice

  43. worker kubelet worker kubelet worker kubelet scheduler & API worker

    kubelet w ku t worker kubelet

  44. worker kubelet worker kubelet scheduler & API

  45. worker & API works on 1 node too

  46. kube-aws Initial Cluster Setup

  47. worker kubelet worker kubelet controller scheduler, etcd & API

  48. Demo Boot up a Cluster

  49. Demo Run an App

  50. Demo Understand the Network

  51. Domains Let's Talk About Failure

  52. Failure domains are regions or components of the infrastructure which

    contain a potential for failure.

  53. These regions can be physical or logical boundaries, and each

    has its own risks and challenges to architect for.

  54. Failure Feud - Machine Failure - Network/Disks/RAM/Processor/Power Supply - Rack

    Failure - Network/Power - Data Center Failure - Network/Power/Fire/Semi-trucks - Internet Failure - Network/Political/Natural

  55. Failure Analysis Kid Celebrating

  56. None

  57. Kid Hitting His Eye Failure Analysis - Failure is caused

    by human error - Celebration continues; eye unnecessary - Kid has two eyes can continue seeing - Brain elects new eye automatically

  58. Primary Datastore etcd operations

  59. /etc distributed hence, the name...

  60. a clustered key-value store GET and SET operations

  61. a building block for higher order systems primitives for building

    reliable distributed systems

  62. Demo play.etcd.io

  63. None
  64. None
  65. None
  66. None
  67. None
  68. None
  69. None

  70. Failure Analysis etcd

  71. worker kubelet worker kubelet scheduler & API

  72. kube-aws high availability in cloud

  73. scheduler & API EBS { ASG

  74. etcd protects against - Machine Failure - Replication, automatic leader

    election - Flakey Disk Failure - CRC checksums on WAL files - Network Failure - Timeouts and linearized state machine

  75. etcd does not protect against - Denial of Service -

    Future work on proxies - Lying etcd Peers - We do a ton of functional testing a hedge - Buggy or Broken Clients - Client deleting all keys requires restore from backup

  76. Demo etcd restore backup

  77. 1 2 3 4 { Log

  78. 1 2 3 4 Entries

  79. 1 2 3 4 Indexes

  80. Kubernetes Control API Service, Scheduler, Controller Manager

  81. Failure Analysis Kubernetes

  82. Demo etcd down for API server

  83. worker kubelet worker kubelet scheduler & API

  84. scheduler & API

  85. Demo etcd restore for API server

  86. scheduler & API

  87. Demo node partition from API

  88. worker kubelet worker kubelet scheduler & API

  89. Demo node scaling up

  90. worker kubelet worker kubelet scheduler & API worker kubelet

  91. Demo node scheduled outage API

  92. worker kubelet worker kubelet scheduler & API

  93. Demo node unplanned outage

  94. worker kubelet worker kubelet scheduler & API

  95. Demo node downgrade/upgrade outage

  96. worker kubelet worker kubelet scheduler & API

  97. Future Work Upstream Kubernetes and Elsewhere

  98. Upstream rktnetes Auth/OIDC Node self-signed TLS

  99. Scaling 15x scheduler performance 30k pods on 1k nodes SIG-scale

  100. Automatic Node Drain Locksmith Design Doc

  101. None

  102. Performance etcd3 /ZooKeeper snapshot disabled

  103. Performance etcd3 /ZooKeeper snapshot disabled

  104. Memory 10GB 2.4GB 0.8GB 512MB data - 2M 256B keys

  105. Sounds good, but... Is anyone successful with all this in

    prod?

  106. Publically traded options exchange

  107. Containers on CoreOS are powering ISE's high- throughput, low-latency financial

    exchange Running in production Bare metal & AWS Billions of transactions a day 150 million req/sec
  108. None

  109. Secure the Internet MISSION

  110. Separate Apps from OS STRATEGY

  111. Make Servers Consistent STRATEGY

  112. Tolerate Machine Failures STRATEGY

  113. Make Servers Easy to Upgrade STRATEGY

  114. Simplify Application Upgrades STRATEGY

  115. None

  116. Thank you! Brandon Philips @brandonphilips | [email protected] | coreos.com We’re

    hiring in all departments! Email: [email protected] Positions: coreos.com/ careers