Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Real-World Kubernetes Deployments @ OSCON 2016
Search
Brandon Philips
May 16, 2016
Programming
1
610
Real-World Kubernetes Deployments @ OSCON 2016
Brandon Philips
May 16, 2016
Tweet
Share
More Decks by Brandon Philips
See All by Brandon Philips
Node.js Workflow with Minikube and Skaffold
philips
0
210
Manage the App on Kubernetes
philips
0
300
Production Backbone Monitoring Containerized Apps
philips
0
100
KubeCon EU 2017: Dancing on the Edge of a Volcano
philips
1
530
rkt - KubeCon EU keynote - 2017
philips
1
230
FOSDEM_Keynote_2017-_.pdf
philips
0
75
Tectonic Summit Day 2 Keynote
philips
0
290
Kubernetes: Simple to Manage Anywhere (self-hosted, Tectonic upgrade demo)
philips
0
220
KubeCon Keynote 2016- Distributed Systems Simplified on Kubernetes
philips
2
510
Other Decks in Programming
See All in Programming
App Router への移行は「改善」となり得るのか?/ Can migration to App Router be an improvement
takefumiyoshii
8
2.1k
本格ローグライク制作にEbitengineを選んでみた
nagainaganawa
0
280
入門 AWS Amplify Gen2 / Introduction to AWS Amplify Gen2
genkiogasawara
1
300
Build with AI 2024 Seoul - 제로부터 시작하는 Flutter with Gemini 생활 - 박제창
itsmedreamwalker
0
200
#phpcon_odawara オープン・クローズドなテストフィクスチャを求めて / open closed test fixtures
77web
3
210
What We Can Learn From OSS
inouehi
0
380
Prepare for Jakarta EE 11 - Performance and Developer Productivity
ivargrimstad
0
350
DMMプラットフォームがTiDB Cloudを採用した背景
pospome
5
2.4k
OpenTelemetry のサービスという概念について
azukiazusa1
2
1k
[技育CAMPアカデミア]アイディアを形に!【超入門】スマホアプリ開発〜リリースまでの流れをご紹介
teamlab
PRO
0
330
甘い香りに誘われてVanilla Extractを1年間運用してみた
miyahkun
1
110
Rails と人魚の話/rails-and-mermaid
sanfrecce_osaka
0
100
Featured
See All Featured
Keith and Marios Guide to Fast Websites
keithpitt
408
22k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
243
20k
The Cost Of JavaScript in 2023
addyosmani
13
3.8k
Fashionably flexible responsive web design (full day workshop)
malarkey
397
65k
Designing for humans not robots
tammielis
247
25k
Ruby is Unlike a Banana
tanoku
95
10k
Done Done
chrislema
178
15k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
15
1.4k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
355
22k
How STYLIGHT went responsive
nonsquared
92
4.8k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
39
4.4k
The Illustrated Children's Guide to Kubernetes
chrisshort
28
46k
Transcript
Real World Kubernetes Deployments failure domains, upgrades, high-availability @coreoslinux @brandonphilips
Follow Along Instructions http://bit.ly/1XeUbMW Stickers Upfront Decorate your laptop, dog,
kid, phone.
Brandon Philips CTO, CoreOS github.com/philips
None
Build, Store and Distribute your Containers quay.io
Linux
Secure the Internet MISSION
Separate Apps from OS STRATEGY
Make Servers Consistent STRATEGY
Tolerate Machine Failures STRATEGY
Make Servers Easy to Upgrade STRATEGY
Simplify Application Upgrades STRATEGY
None
None
None
None
None
Application Packaging 1
Abstract away app from the OS OS App
None
None
Linux at Scale 2
Patches to the OS and kernel are hard Retest after
updates No automation SECURITY Dependency breakage Uptime risk APPLICATION
None
Auto-updating browsers fixed security We got HTML5 at the same
time
Clustering 3
Operations Paradise Easy scale out Painless app upgrades Tolerant of
machine failure
App Req/sec: 6,000 App Healthy: True
App Req/sec: 6,000 App Healthy: True
App Req/sec: 7,000 App Healthy: True
App Req/sec: 8,000 App Healthy: True
App Req/sec: 7,000 App Healthy: True
App Req/sec: 6,000 App Healthy: True
App Req/sec: 8,000 App Healthy: True
App Req/sec: 7,000 App Healthy: True
App Req/sec: 8,000 App Healthy: True
App Req/sec: 8,000 App Healthy: True
3 Application packaging Clustering Linux at scale
3 Application packaging Clustering Linux at scale
Follow Along Instructions https://github.com/philips/repositories 2016-OSCON-containers-at-scale
CoreOS+Kubernetes vagrant, aws, bare metal, etc coreos.com/kubernetes/docs/latest/
kubernetes architecture in practice
worker kubelet worker kubelet worker kubelet scheduler & API worker
kubelet w ku t worker kubelet
worker kubelet worker kubelet scheduler & API
worker & API works on 1 node too
kube-aws Initial Cluster Setup
worker kubelet worker kubelet controller scheduler, etcd & API
Demo Boot up a Cluster
Demo Run an App
Demo Understand the Network
Domains Let's Talk About Failure
Failure domains are regions or components of the infrastructure which
contain a potential for failure.
These regions can be physical or logical boundaries, and each
has its own risks and challenges to architect for.
Failure Feud - Machine Failure - Network/Disks/RAM/Processor/Power Supply - Rack
Failure - Network/Power - Data Center Failure - Network/Power/Fire/Semi-trucks - Internet Failure - Network/Political/Natural
Failure Analysis Kid Celebrating
None
Kid Hitting His Eye Failure Analysis - Failure is caused
by human error - Celebration continues; eye unnecessary - Kid has two eyes can continue seeing - Brain elects new eye automatically
Primary Datastore etcd operations
/etc distributed hence, the name...
a clustered key-value store GET and SET operations
a building block for higher order systems primitives for building
reliable distributed systems
Demo play.etcd.io
None
None
None
None
None
None
None
Failure Analysis etcd
worker kubelet worker kubelet scheduler & API
kube-aws high availability in cloud
scheduler & API EBS { ASG
etcd protects against - Machine Failure - Replication, automatic leader
election - Flakey Disk Failure - CRC checksums on WAL files - Network Failure - Timeouts and linearized state machine
etcd does not protect against - Denial of Service -
Future work on proxies - Lying etcd Peers - We do a ton of functional testing a hedge - Buggy or Broken Clients - Client deleting all keys requires restore from backup
Demo etcd restore backup
1 2 3 4 { Log
1 2 3 4 Entries
1 2 3 4 Indexes
Kubernetes Control API Service, Scheduler, Controller Manager
Failure Analysis Kubernetes
Demo etcd down for API server
worker kubelet worker kubelet scheduler & API
scheduler & API
Demo etcd restore for API server
scheduler & API
Demo node partition from API
worker kubelet worker kubelet scheduler & API
Demo node scaling up
worker kubelet worker kubelet scheduler & API worker kubelet
Demo node scheduled outage API
worker kubelet worker kubelet scheduler & API
Demo node unplanned outage
worker kubelet worker kubelet scheduler & API
Demo node downgrade/upgrade outage
worker kubelet worker kubelet scheduler & API
Future Work Upstream Kubernetes and Elsewhere
Upstream rktnetes Auth/OIDC Node self-signed TLS
Scaling 15x scheduler performance 30k pods on 1k nodes SIG-scale
Automatic Node Drain Locksmith Design Doc
None
Performance etcd3 /ZooKeeper snapshot disabled
Performance etcd3 /ZooKeeper snapshot disabled
Memory 10GB 2.4GB 0.8GB 512MB data - 2M 256B keys
Sounds good, but... Is anyone successful with all this in
prod?
Publically traded options exchange
Containers on CoreOS are powering ISE's high- throughput, low-latency financial
exchange Running in production Bare metal & AWS Billions of transactions a day 150 million req/sec
None
Secure the Internet MISSION
Separate Apps from OS STRATEGY
Make Servers Consistent STRATEGY
Tolerate Machine Failures STRATEGY
Make Servers Easy to Upgrade STRATEGY
Simplify Application Upgrades STRATEGY
None
Thank you! Brandon Philips @brandonphilips |
[email protected]
| coreos.com We’re
hiring in all departments! Email:
[email protected]
Positions: coreos.com/ careers