Kubernetes* advanced platform features 2018-04-03 Alexander Kanevskiy Cloud Software Architect, Intel *Other names and brands may be claimed as the property of others. 

§ Memory management § CPU management § Node features § Multiple network interfaces § CRIs 2 Agenda 

Memory management 

Huge Pages § Native Huge page support § Alpha in 1.8 § Beta in 1.10 § Multiple architectures support § i386: 4K, 2M § x86_64: 4k, 2M, 1G § aarch64: 4k, 2M, 1G § First class resources § hugepages-2Mi § hugepages-1Gi § Application usages § Java* § -XX:+UseLargePages § Memcached* § memcached -L § MySQL* § [mysqld] large-pages 4 *Other names and brands may be claimed as the property of others. 

Huge Pages § Usage § Volume mount § Request resource § Limitations § Pod level resources § NUMA locality § Links § https://kubernetes.io/docs/tasks/manage- hugepages/scheduling-hugepages/ § https://wiki.debian.org/Hugepages 5 containers: ... volumeMounts: - mountPath: /hugepages name: hugepage resources: limits: hugepages-2Mi: 100Mi volumes: - name: hugepage emptyDir: medium: HugePages 

CPU Management 

§ CPU Manager feature § Alpha in 1.8 § Beta in 1.10, enabled by default § Kubelet configuration § --cpu-manager-policy=static § --cpu-manager-reconcile-period=5s § --kube-reserved=cpu=X § --system-reserved=cpu=X CPU Manager § CPU Pools § Reserved § Shared § Exclusive § Types of workload § Best Effort § Burstable § Guaranteed 7 

CPU Manager § Best Effort § Resources in Requests and Limits are not specified § Burstable § Limits > Requests § Guaranteed § Requests == Limits § Requests not specified, only Limits § CPU Pools § Exclusive § Guaranteed with integer CPU requests § Shared § Best Effort § Burstable § Guaranteed 8 

§ CPU Manager for Kubernetes § CPU manager for NFV workloads § More features, off-tree § https://github.com/Intel-Corp/CPU-Manager-for-Kubernetes § Links § https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/ § NUMA https://github.com/kubernetes/community/pull/1680 § RDT https://github.com/kubernetes/community/pull/1733 9 CPU Manager 

Node features 

Node feature discovery for Kubernetes § node.alpha.kubernetes-incubator.io § CPUID for x86 CPU details § AESNI, AVX, BMI, SSE, SGX, … § Intel Resource Director Technology § RDTMON, RDTL3CA, RDTL2CA § Intel P-State driver § Network § SR-IOV § Storage § Links § https://github.com/kubernetes- incubator/node-feature-discovery § https://github.com/redhat- performance/openshift-psap 6 

Multiple network interfaces 

Multus: multiple network interface for Pods § Compatible with reference (flannel, DHCP,…) and 3rd party plugins (Calico, Weave, …) § Utilizes CRDs for network plugin configurations § Utilizes Pod Annotations to specify requested networks § Links § https://github.com/Intel-Corp/multus-cni § https://github.com/hustcat/sriov-cni § https://github.com/Intel-Corp/sriov-cni § https://github.com/intel/vhost-user-net-plugin 6 

CRIs 

Containers in the cloud § VMs on top of server hardware § VM kernel shared for all containers § One VM to one Kubernetes* control plane 6 *Other names and brands may be claimed as the property of others. 

Kata Containers § The speed of containers, the security of VMs § Small as a container § Minimal rootfs and kernel § VM template § nvdimm § De-duplicate memory across VMs § Links § https://katacontainers.io § https://github.com/kata-containers/ 6 

Kata Containers Multi Architecture Multi Hypervisor Full Hotplug Kubernetes Multi Tenancy VM templating Frakti native support Traffic Controller net Direct Device Assignment SR-IOV NVDIMM Multi-OS KSM throttling CRI-O native support MacVTap, multi-queue net 17 Intel® Clear Containers May 2015 Dec 2017 

§ Code and documentation hosted on https://github.com/kata-containers/ § Major releases managed through Github* Projects § Intel (Intel® Clear Containers) & Hyper (runV) contributing initial IP § Apache 2 license § Slack: katacontainers.slack.com § IRC: #kata-dev@freenode § Mailing-list: [email protected] 18 Kata Containers - Contribute *Other names and brands may be claimed as the property of others. 

Questions ? 

Thank you! Email: [email protected] GitHub*: https://github.com/kad Kubernetes* Slack*: @akanevskiy *Other names and brands may be claimed as the property of others. 

No content

§ Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at www.intel.com. § Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries. § *Other names and brands may be claimed as the property of others. § © Intel Corporation 22 Legal notices and disclaimers