Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Managing Thousands of Edge k8s Clusters with Gi...

Jakub Pavlik
November 17, 2019
Technology
1
950

Managing Thousands of Edge k8s Clusters with GitOps

Cloud Native Rejekts 2019 - stream including demo is available at https://youtu.be/tw6O2nigVTk?t=5880

Demo itself starts at https://youtu.be/tw6O2nigVTk?t=6744

We will provide a comprehensive overview of how we’ve built a large scale, fully open sourced edge cloud platform. It maps the technology to real use cases and grows the community collaboration around realistic deployments. It will show real operational data at scale from one of the largest retailers in the world. The audience will see not only the k8s deployment but app orchestration across thousands of k8s clusters.

Jakub Pavlik

November 17, 2019
Tweet

Other Decks in Technology

See All in Technology
生成AIのガバナンスの全体像と現実解
fnifni
1
180
統計データで2024年の クラウド・インフラ動向を眺める
ysknsid25
2
830
OpenAIの蒸留機能(Model Distillation)を使用して運用中のLLMのコストを削減する取り組み
pharma_x_tech
4
540
AI時代のデータセンターネットワーク
lycorptech_jp
PRO
1
280
CustomCopを使ってMongoidのコーディングルールを整えてみた
jinoketani
0
220
小学3年生夏休みの自由研究「夏休みに Copilot で遊んでみた」
taichinakamura
0
140
Storage Browser for Amazon S3
miu_crescent
1
110
AIのコンプラは何故しんどい?
shujisado
1
190
How to be an AWS Community Builder | 君もAWS Community Builderになろう!〜2024 冬 CB募集直前対策編?!〜
coosuke
PRO
2
2.8k
5分でわかるDuckDB
chanyou0311
10
3.2k
社内イベント管理システムを1週間でAKSからACAに移行した話し
shingo_kawahara
0
170
LINEヤフーのフロントエンド組織・体制の紹介【24年12月】
lycorp_recruit_jp
0
530

Featured

See All Featured
The Pragmatic Product Professional
lauravandoore
32
6.3k
Writing Fast Ruby
sferik
628
61k
The Cost Of JavaScript in 2023
addyosmani
45
7k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.9k
Put a Button on it: Removing Barriers to Going Fast.
kastner
59
3.6k
Into the Great Unknown - MozCon
thekraken
33
1.5k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
45
2.2k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
665
120k
We Have a Design System, Now What?
morganepeng
51
7.3k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.2k
Adopting Sorbet at Scale
ufuk
73
9.1k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
29
2k

Transcript

  1. © 2019 Volterra Inc. All Rights Reserved. Liberate your Infrastructure,

    Applications, and Data Managing Thousands of Edge k8s Clusters with GitOps Jakub Pavlik @JakubPav

  2. © 2019 Volterra Inc. All Rights Reserved. Agenda • Challenges

    in Edge management • SRE Design Principles • Lesson learned from scale of 3k Edges • Demo of fleet management 2

  3. © 2019 Volterra Inc. All Rights Reserved. Volterra Backbone &

    CLoud Volterra SaaS Service VES Global Controller (SaaS) VES Global Controller (SaaS) Volterra Global Controller (GC) Volterra Regional Edge(RE) Volterra Regional Edge (RE) Volterra Regional Edge (RE) Volterra Regional Edge (RE) Customer Site (CE) Customer Site (CE) Customer Site (CE) Customer Site (CE) Customer Site (CE) Customer Site (CE) Customer Site (CE) Customer Site (CE) Customer Site (CE) Operations & SRE Portal, CRM, Billing Customer Portal IPSec/SSL IPSec/SSL IPSec/SSL IPSec/SSL IPSec/SSL Optional Site to Site Industrial-grade Volterra HW

  4. © 2019 Volterra Inc. All Rights Reserved. What is meant

    by k8s Edge or CE site? 4 Industrial-grade Volterra HW • Intel NUC • Industrial-grade Volterra HW • AWS, Azure, VMWare, GKE Virtual Machine

  5. © 2019 Volterra Inc. All Rights Reserved. Challenges and Goals

    in Edge management • Scale for thousands of sites • Fleet management (Installation, Upgrades) ◦ Simple management of thousands of sites ◦ Sites can be offline or unavailable at time of requested change • Zero Touch installation (anybody can bring site) • All must be managed remotely • Fault tolerant - system is operating even after failure of any component (factory reset, rebuild site in case of failure) 5

  6. © 2019 Volterra Inc. All Rights Reserved. SRE Design Principles

    6 • The Entire system is described declaratively • Immutable LCM - Everything is container (no packages or Mutable LCM such as Ansible or puppet) • GitOps - Approvals, audit and workflows of changes must go over git • No kubectl, no scripts run from central place • Use what make sense (not only tools in hype)

  7. © 2019 Volterra Inc. All Rights Reserved. VP-Manager 7 •

    Go based daemon running as systemd docker container • Manages several layers ◦ OS configurations (hugepages allocation, /etc/hosts) ◦ Kubernetes installation and LCM ◦ Workload management ◦ Ongoing API configuration to various components (IPSec) • Workload is based on Kubernetes client-go • Optimistic vs pessimistic deployment • Pre-update actions like pre-pull • Retries and Rollbacks in case of apply failures

  8. © 2019 Volterra Inc. All Rights Reserved. Azure CR &

    QUAY azurecr.io Customer Edge VPM Volterra Platform Manager GC VP-Controller RE1 RE2 Registration-Request with Token Registration-Config-Response x509 Download Containers Images CE Successfully provisioned and IPSec Tunnels are UP After images download start creating: K8s cluster Volterra infra software 1 1 3 3 4 4 5 5 Zero Touch Provisioning 2

  9. © 2019 Volterra Inc. All Rights Reserved. Upgrade delivery -

    Pull Method 9 • OS and Software upgrades ◦ OS follow A/B Upgrades with partitions ◦ Volterra Software is kubernetes workload • Upgrades must be simple (Like cell phone updates) • device can be offline at the time of upgrade • end user can decide when upgrade • avoid centralize CD tool • quick and scales easily

  10. © 2019 Volterra Inc. All Rights Reserved. © 2019 Volterra

    Inc. All Rights Reserved. Liberate your Infrastructure, Applications, and Data 10 Lesson learned from scale of 3k Edges

  11. © 2019 Volterra Inc. All Rights Reserved. Volterra Scale Topology

    with 3k sites 11 VES Global Controller (SaaS) VES Global Controller (SaaS) Volterra SaaS (Global Controller) Volterra Regional Edge Volterra Regional Edge (RE2) Operations & SRE Portal, CRM, Billing Customer Portal Created all sites in locations Volterra Scaling APP IPSec/SSL IPSec/SSL Total Sites: 3000 Total IPSec/SSL Tunnels: 6000 IPSec/SSL 100 Sites 100 Sites 100 Sites 1 2 30 On-Prem

  12. © 2019 Volterra Inc. All Rights Reserved. 3k Customer Edges

    connected to single Regional Edge 12

  13. © 2019 Volterra Inc. All Rights Reserved. Key Findings at

    Scale - Management ` • Optimize CE configuration/certificate creation/delivery ◦ Initially we processed registration serial way and each took around 2 minutes ◦ After optimization it process CE in 20 seconds and with arbitrary number of workers • Optimize delivery of Docker images ◦ Reduce size of docker images and distribute them through REs • Optimize Global Controller database operations ◦ Optimise database operations (CE upgrades Status from 3k sites) ◦ Split Status DB instances 13

  14. © 2019 Volterra Inc. All Rights Reserved. Key Findings at

    Scale - Monitoring • New Prometheus federation filters to drop unused metrics, labels ◦ Initially we had around 50k time series per CE with average of 15 labels. ◦ We optimized it to 2k per CE with average ◦ Simple while-lists for metric names and black-lists for label names • Move from global Prometheus federation to Cortex cluster ◦ Centralized Prometheus scraped all REs and CEs prometheus, ◦ At 1k CE, it becomes unsustainable. ◦ Currently Prometheus per RE (federating connected CEs Promethei) with RW to Cortex • Elasticsearch clusters and logs ◦ Decentralized logging architecture ◦ Fluentbit as collector on each node forwards logs into Fluentd (aggregator) in RE ◦ Elasticsearch deployed in every RE, using remote cluster search to query logs from single Kibana instance 14

  15. © 2019 Volterra Inc. All Rights Reserved. © 2019 Volterra

    Inc. All Rights Reserved. Liberate your Infrastructure, Applications, and Data 15 DEMO - Fleet management of CE upgrade

  16. © 2019 Volterra Inc. All Rights Reserved. Git release new

    version 20191117-000043 Customer Edge SRE Daemons SRE Workflow for Customer Edges 16 Config API Artifact storage VPM VP Controller Executor Poll for Update Upload status of upgrade K8s Deploy Render k8s manifests with version in annotation Load configuration into Config API daemon <site-name>/<version>/<manifest-per-app>.yml ce01-site/20191107-000042/prometheus.yml ce01-site/20191117-000043/prometheus.yml version: 20191117-000043 New version to Upgrade I want upgrade

  17. © 2019 Volterra Inc. All Rights Reserved. Contacts 17 @JakubPav

    @Volterra_ https://medium.com/volterra-io https://gitlab.com/volterra.io