Kubernetes* Resource Management Alexander Kanevskiy Krisztian Litkey Intel, Finland * Other names and brands may be claimed as the property of others. 

Agenda • The “Noisy neighbor” problem in Kubernetes* • Small detour into the history of hardware • Resources in Kubernetes*: what do we have now • What we can tweak on different levels • CRI Resource Manager • Demo * Other names and brands may be claimed as the property of others. 

The “Noisy neighbor” problem 

System devices topology Socket 0 Core 0 Core 1 Core 6 Core 7 Core 2 Core 3 Core 8 Core 9 Core 4 Core 5 Core 10 Core 11 PCIe UPI Socket 1 Core 0 Core 1 Core 6 Core 7 Core 2 Core 3 Core 8 Core 9 Core 4 Core 5 Core 10 Core 11 UPI PCIe Memory Controller Memory Controller Memory Controller Memory Controller $ $ $ $ $ $ $ 

Caches, RDT, MBM Thread 0 Thread 1 Core 0 L1d L1i L2 Thread 0 Thread 1 Core 1 L1d L1i L2 Thread 0 Thread 1 Core 2 L1d L1i L2 Thread 0 Thread 1 Core N L1d L1i L2 L3 Package 0 

Memory CPU BUS CPU CPU CPU CPU CPU CPU CPU UMA (aka SMP) Uniform Memory Access NUMA Non-uniform Memory access 

System topology in real world Node 0 Node 2 Node 1 Node 3 Package 0 Core 0 Core 1 Core 5 Core 6 Memory Controller Core 2 Core 7 Memory Controller Core 3 Core 4 Core 8 Core 9 PCIe UPI Package 1 Core 0 Core 1 Core 5 Core 6 Core 2 Core 7 Core 3 Core 4 Core 8 Core 9 UPI PCIe UPI UPI Memory Controller Memory Controller PCIe PCIe UPI UPI DMI DMI Chipset QAT x16 QAT x16 QAT x16 I/O Hub 4x10G NIC 

Resources in Kubernetes*: Native • Per container – spec.containers[].resources • requests – cpu – memory • limits – cpu – memory • QoS – Best Effort – Burstable – Guaranteed * Other names and brands may be claimed as the property of others. 

Resources in Kubernetes*: Extended • Extended resources – Fully-qualified names – Outside of “kubernetes.io” domain – Node level • Device Plugin managed resources • Arbitrary advertised by node capacity * Other names and brands may be claimed as the property of others. 

Resources in Kubernetes*: Metadata • Pod’s Metadata – spec.metadata.labels – spec.metadata.annotations apiVersion: v1 kind: Pod metadata: annotations: kubernetes.io/ingress-bandwidth: 1M kubernetes.io/egress-bandwidth: 1M ... * Other names and brands may be claimed as the property of others. 

Resources in Kubernetes* • CPU Manager (1.10+) & Topology Manager (1.16+) Kubelet Topology Manager CPU Manager Device Manager Hints Can Admit Pod ? Device Plugins Hints * Other names and brands may be claimed as the property of others. 

What we can do: CRI • CPU – CFS: Completely Fair Scheduler: • period, quota, shares • Memory – Limit, OOM Score • cpuset – cpus, mems 

What we can do: OCI • runc – blkio: weight – CPU realtime period – Kernel memory – Memory reservation – L3 cache schema – Memory Bandwidth schema • OCI spec – blkio: IOPS / bps throttling – HugePage limits – Intel® RDT class – Hooks 

Hooking into Kubernetes* CRI OCI Kata Kubelet Container Runtime cri-o, containerd, … ... runc + OCI Hooks Kernel * Other names and brands may be claimed as the property of others. 

CRI Resource Manager • A new Intel project – Container Runtime Interface proxy, sits between CRI Clients and the CRI Runtime – Applies (hardware) resource policies to containers by • modifying proxied container requests, or • generating container update requests, or • triggering extra policy-specific actions during request processing • Benefits – Enable easy prototyping of resource allocation policies – Instrumentation of CRI interface – Drive resource management improvements in upstream Kubernetes • http://github.com/intel/cri-resource-manager 

CRI Resource Manager Daemon Set CRI-Resource-Manager Kubelet Actual CRI dockershim, containerd, cri-o CRI server CRI client Relay Logs Policy Engine Policy N Policy 1 Kernel cgroups, resctrl libcontainer Dynamic Configuration and Policy API Dynamic Configuration and Policy Agent Kubernetes* API Server Resource File Resource File mounted to container Dynamic Configuration Custom Metrics Tracing Metrics Cache * Other names and brands may be claimed as the property of others. 

CRI Resource Manager • What do we have now: – Policies: • Static • Static+ • Topology-aware • Work in progress – Intel® RDT: Cache and Memory allocation and monitoring – Block I/O classification and tuning – Better monitoring of resources usage and dynamic rebalancing – Dynamic Configuration and Policy APIs 

CRI Resource Manager DEMO http://bit.ly/cri-r-m-demo-sp http://bit.ly/cri-r-m-demo-ta 

Q&A 

Thank you! [email protected] [email protected] 

Legal notices and disclaimers • Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at www.intel.com. • Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries. • *Other names and brands may be claimed as the property of others. • © Intel Corporation 

No content