Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Real-World Kubernetes Deployments @ OSCON 2016

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for Brandon Philips Brandon Philips
May 16, 2016
Programming
1
680

Real-World Kubernetes Deployments @ OSCON 2016

Avatar for Brandon Philips

Brandon Philips

May 16, 2016
Tweet

More Decks by Brandon Philips

See All by Brandon Philips
Node.js Workflow with Minikube and Skaffold
Avatar for Brandon Philips philips
0
280
Manage the App on Kubernetes
Avatar for Brandon Philips philips
0
360
Production Backbone Monitoring Containerized Apps
Avatar for Brandon Philips philips
0
210
KubeCon EU 2017: Dancing on the Edge of a Volcano
Avatar for Brandon Philips philips
1
810
rkt - KubeCon EU keynote - 2017
Avatar for Brandon Philips philips
1
290
FOSDEM_Keynote_2017-_.pdf
Avatar for Brandon Philips philips
0
150
Tectonic Summit Day 2 Keynote
Avatar for Brandon Philips philips
0
380
Kubernetes: Simple to Manage Anywhere (self-hosted, Tectonic upgrade demo)
Avatar for Brandon Philips philips
0
420
KubeCon Keynote 2016- Distributed Systems Simplified on Kubernetes
Avatar for Brandon Philips philips
2
570

Other Decks in Programming

See All in Programming
GISエンジニアから見たLINKSデータ
Avatar for nokonoko1203 nokonoko1203
0
200
メルカリのリーダビリティチームが取り組む、AI時代のスケーラブルな品質文化
Avatar for osari.k cloverrose
2
510
【卒業研究】会話ログ分析によるユーザーごとの関心に応じた話題提案手法
Avatar for MomokoShirakawa momok47
0
190
Fragmented Architectures
Avatar for Denys Poltorak denyspoltorak
0
140
humanlayerのブログから学ぶ、良いCLAUDE.mdの書き方
Avatar for Yuto tsukamoto1783
0
180
AI 駆動開発ライフサイクル(AI-DLC):ソフトウェアエンジニアリングの再構築 / AI-DLC Introduction
Avatar for kanamsasa kanamasa
11
6.3k
2年のAppleウォレットパス開発の振り返り
Avatar for muno92 muno92
PRO
0
200
[KNOTS 2026登壇資料]AIで拡張‧交差する プロダクト開発のプロセス および携わるメンバーの役割
Avatar for hisatake hisatake
0
230
CSC307 Lecture 08
Avatar for Javier Gonzalez-Sanchez javiergs
PRO
0
660
AIで開発はどれくらい加速したのか?AIエージェントによるコード生成を、現場の評価と研究開発の評価の両面からdeep diveしてみる
Avatar for どすこい daisuketakeda
1
960
コントリビューターによるDenoのすゝめ / Deno Recommendations by a Contributor
Avatar for petamoriken / 森建 petamoriken
0
200
疑似コードによるプロンプト記述、どのくらい正確に実行される?
Avatar for kokuyouwind kokuyouwind
0
380

Featured

See All Featured
How Software Deployment tools have changed in the past 20 years
Avatar for Geshan Manandhar geshan
0
32k
Navigating Team Friction
Avatar for Lara Hogan lara
192
16k
Getting science done with accelerated Python computing platforms
Avatar for Jacob Tomlinson jacobtomlinson
2
110
Automating Front-end Workflow
Avatar for Addy Osmani addyosmani
1371
200k
Primal Persuasion: How to Engage the Brain for Learning That Lasts
Avatar for Mike Taylor tmiket
0
240
Measuring Dark Social's Impact On Conversion and Attribution
Avatar for Stephen Akadiri stephenakadiri
1
120
What the history of the web can teach us about the future of AI
Avatar for Ines Montani inesmontani
PRO
1
420
Principles of Awesome APIs and How to Build Them.
Avatar for Keavy McMinn keavy
128
17k
How to train your dragon (web standard)
Avatar for Monica Dinculescu notwaldorf
97
6.5k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
Avatar for Kevin Liebholz kevinliebholz
37
6.3k
Code Review Best Practice
Avatar for Trisha Gee trishagee
74
20k
Redefining SEO in the New Era of Traffic Generation
Avatar for Szymon szymonslowik
1
210

Transcript

  1. Real World Kubernetes Deployments failure domains, upgrades, high-availability @coreoslinux @brandonphilips

  2. Follow Along Instructions http://bit.ly/1XeUbMW Stickers Upfront Decorate your laptop, dog,

    kid, phone.

  3. Brandon Philips CTO, CoreOS github.com/philips

  4. None

  5. Build, Store and Distribute your Containers quay.io

  6. Linux

  7. Secure the Internet MISSION

  8. Separate Apps from OS STRATEGY

  9. Make Servers Consistent STRATEGY

  10. Tolerate Machine Failures STRATEGY

  11. Make Servers Easy to Upgrade STRATEGY

  12. Simplify Application Upgrades STRATEGY

  13. None
  14. None
  15. None
  16. None
  17. None

  18. Application Packaging 1

  19. Abstract away app from the OS OS App

  20. None
  21. None

  22. Linux at Scale 2

  23. Patches to the OS and kernel are hard Retest after

    updates No automation SECURITY Dependency breakage Uptime risk APPLICATION
  24. None

  25. Auto-updating browsers fixed security We got HTML5 at the same

    time

  26. Clustering 3

  27. Operations Paradise Easy scale out Painless app upgrades Tolerant of

    machine failure

  28. App Req/sec: 6,000 App Healthy: True

  29. App Req/sec: 6,000 App Healthy: True

  30. App Req/sec: 7,000 App Healthy: True

  31. App Req/sec: 8,000 App Healthy: True

  32. App Req/sec: 7,000 App Healthy: True

  33. App Req/sec: 6,000 App Healthy: True

  34. App Req/sec: 8,000 App Healthy: True

  35. App Req/sec: 7,000 App Healthy: True

  36. App Req/sec: 8,000 App Healthy: True

  37. App Req/sec: 8,000 App Healthy: True

  38. 3 Application packaging Clustering Linux at scale

  39. 3 Application packaging Clustering Linux at scale

  40. Follow Along Instructions https://github.com/philips/repositories 2016-OSCON-containers-at-scale

  41. CoreOS+Kubernetes vagrant, aws, bare metal, etc coreos.com/kubernetes/docs/latest/

  42. kubernetes architecture in practice

  43. worker kubelet worker kubelet worker kubelet scheduler & API worker

    kubelet w ku t worker kubelet

  44. worker kubelet worker kubelet scheduler & API

  45. worker & API works on 1 node too

  46. kube-aws Initial Cluster Setup

  47. worker kubelet worker kubelet controller scheduler, etcd & API

  48. Demo Boot up a Cluster

  49. Demo Run an App

  50. Demo Understand the Network

  51. Domains Let's Talk About Failure

  52. Failure domains are regions or components of the infrastructure which

    contain a potential for failure.

  53. These regions can be physical or logical boundaries, and each

    has its own risks and challenges to architect for.

  54. Failure Feud - Machine Failure - Network/Disks/RAM/Processor/Power Supply - Rack

    Failure - Network/Power - Data Center Failure - Network/Power/Fire/Semi-trucks - Internet Failure - Network/Political/Natural

  55. Failure Analysis Kid Celebrating

  56. None

  57. Kid Hitting His Eye Failure Analysis - Failure is caused

    by human error - Celebration continues; eye unnecessary - Kid has two eyes can continue seeing - Brain elects new eye automatically

  58. Primary Datastore etcd operations

  59. /etc distributed hence, the name...

  60. a clustered key-value store GET and SET operations

  61. a building block for higher order systems primitives for building

    reliable distributed systems

  62. Demo play.etcd.io

  63. None
  64. None
  65. None
  66. None
  67. None
  68. None
  69. None

  70. Failure Analysis etcd

  71. worker kubelet worker kubelet scheduler & API

  72. kube-aws high availability in cloud

  73. scheduler & API EBS { ASG

  74. etcd protects against - Machine Failure - Replication, automatic leader

    election - Flakey Disk Failure - CRC checksums on WAL files - Network Failure - Timeouts and linearized state machine

  75. etcd does not protect against - Denial of Service -

    Future work on proxies - Lying etcd Peers - We do a ton of functional testing a hedge - Buggy or Broken Clients - Client deleting all keys requires restore from backup

  76. Demo etcd restore backup

  77. 1 2 3 4 { Log

  78. 1 2 3 4 Entries

  79. 1 2 3 4 Indexes

  80. Kubernetes Control API Service, Scheduler, Controller Manager

  81. Failure Analysis Kubernetes

  82. Demo etcd down for API server

  83. worker kubelet worker kubelet scheduler & API

  84. scheduler & API

  85. Demo etcd restore for API server

  86. scheduler & API

  87. Demo node partition from API

  88. worker kubelet worker kubelet scheduler & API

  89. Demo node scaling up

  90. worker kubelet worker kubelet scheduler & API worker kubelet

  91. Demo node scheduled outage API

  92. worker kubelet worker kubelet scheduler & API

  93. Demo node unplanned outage

  94. worker kubelet worker kubelet scheduler & API

  95. Demo node downgrade/upgrade outage

  96. worker kubelet worker kubelet scheduler & API

  97. Future Work Upstream Kubernetes and Elsewhere

  98. Upstream rktnetes Auth/OIDC Node self-signed TLS

  99. Scaling 15x scheduler performance 30k pods on 1k nodes SIG-scale

  100. Automatic Node Drain Locksmith Design Doc

  101. None

  102. Performance etcd3 /ZooKeeper snapshot disabled

  103. Performance etcd3 /ZooKeeper snapshot disabled

  104. Memory 10GB 2.4GB 0.8GB 512MB data - 2M 256B keys

  105. Sounds good, but... Is anyone successful with all this in

    prod?

  106. Publically traded options exchange

  107. Containers on CoreOS are powering ISE's high- throughput, low-latency financial

    exchange Running in production Bare metal & AWS Billions of transactions a day 150 million req/sec
  108. None

  109. Secure the Internet MISSION

  110. Separate Apps from OS STRATEGY

  111. Make Servers Consistent STRATEGY

  112. Tolerate Machine Failures STRATEGY

  113. Make Servers Easy to Upgrade STRATEGY

  114. Simplify Application Upgrades STRATEGY

  115. None

  116. Thank you! Brandon Philips @brandonphilips | [email protected] | coreos.com We’re

    hiring in all departments! Email: [email protected] Positions: coreos.com/ careers