Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Managing Thousands of Edge k8s Clusters with Gi...

Avatar for Jakub Pavlik Jakub Pavlik
November 17, 2019
Technology
1
990

Managing Thousands of Edge k8s Clusters with GitOps

Cloud Native Rejekts 2019 - stream including demo is available at https://youtu.be/tw6O2nigVTk?t=5880

Demo itself starts at https://youtu.be/tw6O2nigVTk?t=6744

We will provide a comprehensive overview of how we’ve built a large scale, fully open sourced edge cloud platform. It maps the technology to real use cases and grows the community collaboration around realistic deployments. It will show real operational data at scale from one of the largest retailers in the world. The audience will see not only the k8s deployment but app orchestration across thousands of k8s clusters.
Avatar for Jakub Pavlik

Jakub Pavlik

November 17, 2019
Tweet

Other Decks in Technology

See All in Technology
グループ ポリシー再確認 (2)
Avatar for Murachi Akira murachiakira
0
210
読んで学ぶ Amplify Gen2 / Amplify と CDK の関係を紐解く #jawsug_tokyo
Avatar for Kihara, Takuya tacck
PRO
1
290
LT Slide 2025-04-22
Avatar for Shigeki Shoji takesection
0
110
PostgreSQL Log File Mastery: Optimizing Database Performance Through Advanced Log Analysis
Avatar for Shiv Iyer shiviyer007
PRO
1
150
クラウド開発環境Cloud Workstationsの紹介
Avatar for Yunosuke Yamada yunosukey
0
220
Gateway H2 モジュールで
スマートホーム入門
Avatar for MinoruInachi minoruinachi
0
120
ここはMCPの夜明けまえ
Avatar for nwiizo nwiizo
32
13k
SnowflakeとDatabricks両方でRAGを構築してみた
Avatar for camay kameitomohiro
1
560
Conquering PDFs: document understanding beyond plain text
Avatar for Ines Montani inesmontani
PRO
2
440
より良い開発者体験を実現するために~開発初心者が感じた生成AIの可能性~
Avatar for モブエンジニア masakiokuda
0
230
持続可能なドキュメント運用のリアル: 1年間の成果とこれから
Avatar for akitok akitok_
1
270
Databricksで完全履修!オールインワンレイクハウスは実在した!
Avatar for Akihiro Kuwano akuwano
0
140

Featured

See All Featured
Easily Structure & Communicate Ideas using Wireframe
Avatar for Afnizar Nur Ghifari afnizarnur
194
16k
Keith and Marios Guide to Fast Websites
Avatar for Keith Pitt keithpitt
411
22k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
Avatar for Vitaly Friedman smashingmag
251
21k
Making Projects Easy
Avatar for Brett Harned brettharned
116
6.2k
The Psychology of Web Performance [Beyond Tellerrand 2023]
Avatar for Tammy Everts tammyeverts
47
2.7k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
Avatar for Addy Osmani addyosmani
5
590
Code Review Best Practice
Avatar for Trisha Gee trishagee
67
18k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
Avatar for Tammy Everts tammyeverts
52
2.4k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
Avatar for Rebecca Miller-Webster rmw
34
2.9k
KATA
Avatar for Megan Lloyd mclloyd
29
14k
Building Flexible Design Systems
Avatar for Yesenia Perez-Cruz yeseniaperezcruz
329
39k
Designing Experiences People Love
Avatar for Jonathan Moore moore
142
24k

Transcript

  1. © 2019 Volterra Inc. All Rights Reserved. Liberate your Infrastructure,

    Applications, and Data Managing Thousands of Edge k8s Clusters with GitOps Jakub Pavlik @JakubPav

  2. © 2019 Volterra Inc. All Rights Reserved. Agenda • Challenges

    in Edge management • SRE Design Principles • Lesson learned from scale of 3k Edges • Demo of fleet management 2

  3. © 2019 Volterra Inc. All Rights Reserved. Volterra Backbone &

    CLoud Volterra SaaS Service VES Global Controller (SaaS) VES Global Controller (SaaS) Volterra Global Controller (GC) Volterra Regional Edge(RE) Volterra Regional Edge (RE) Volterra Regional Edge (RE) Volterra Regional Edge (RE) Customer Site (CE) Customer Site (CE) Customer Site (CE) Customer Site (CE) Customer Site (CE) Customer Site (CE) Customer Site (CE) Customer Site (CE) Customer Site (CE) Operations & SRE Portal, CRM, Billing Customer Portal IPSec/SSL IPSec/SSL IPSec/SSL IPSec/SSL IPSec/SSL Optional Site to Site Industrial-grade Volterra HW

  4. © 2019 Volterra Inc. All Rights Reserved. What is meant

    by k8s Edge or CE site? 4 Industrial-grade Volterra HW • Intel NUC • Industrial-grade Volterra HW • AWS, Azure, VMWare, GKE Virtual Machine

  5. © 2019 Volterra Inc. All Rights Reserved. Challenges and Goals

    in Edge management • Scale for thousands of sites • Fleet management (Installation, Upgrades) ◦ Simple management of thousands of sites ◦ Sites can be offline or unavailable at time of requested change • Zero Touch installation (anybody can bring site) • All must be managed remotely • Fault tolerant - system is operating even after failure of any component (factory reset, rebuild site in case of failure) 5

  6. © 2019 Volterra Inc. All Rights Reserved. SRE Design Principles

    6 • The Entire system is described declaratively • Immutable LCM - Everything is container (no packages or Mutable LCM such as Ansible or puppet) • GitOps - Approvals, audit and workflows of changes must go over git • No kubectl, no scripts run from central place • Use what make sense (not only tools in hype)

  7. © 2019 Volterra Inc. All Rights Reserved. VP-Manager 7 •

    Go based daemon running as systemd docker container • Manages several layers ◦ OS configurations (hugepages allocation, /etc/hosts) ◦ Kubernetes installation and LCM ◦ Workload management ◦ Ongoing API configuration to various components (IPSec) • Workload is based on Kubernetes client-go • Optimistic vs pessimistic deployment • Pre-update actions like pre-pull • Retries and Rollbacks in case of apply failures

  8. © 2019 Volterra Inc. All Rights Reserved. Azure CR &

    QUAY azurecr.io Customer Edge VPM Volterra Platform Manager GC VP-Controller RE1 RE2 Registration-Request with Token Registration-Config-Response x509 Download Containers Images CE Successfully provisioned and IPSec Tunnels are UP After images download start creating: K8s cluster Volterra infra software 1 1 3 3 4 4 5 5 Zero Touch Provisioning 2

  9. © 2019 Volterra Inc. All Rights Reserved. Upgrade delivery -

    Pull Method 9 • OS and Software upgrades ◦ OS follow A/B Upgrades with partitions ◦ Volterra Software is kubernetes workload • Upgrades must be simple (Like cell phone updates) • device can be offline at the time of upgrade • end user can decide when upgrade • avoid centralize CD tool • quick and scales easily

  10. © 2019 Volterra Inc. All Rights Reserved. © 2019 Volterra

    Inc. All Rights Reserved. Liberate your Infrastructure, Applications, and Data 10 Lesson learned from scale of 3k Edges

  11. © 2019 Volterra Inc. All Rights Reserved. Volterra Scale Topology

    with 3k sites 11 VES Global Controller (SaaS) VES Global Controller (SaaS) Volterra SaaS (Global Controller) Volterra Regional Edge Volterra Regional Edge (RE2) Operations & SRE Portal, CRM, Billing Customer Portal Created all sites in locations Volterra Scaling APP IPSec/SSL IPSec/SSL Total Sites: 3000 Total IPSec/SSL Tunnels: 6000 IPSec/SSL 100 Sites 100 Sites 100 Sites 1 2 30 On-Prem

  12. © 2019 Volterra Inc. All Rights Reserved. 3k Customer Edges

    connected to single Regional Edge 12

  13. © 2019 Volterra Inc. All Rights Reserved. Key Findings at

    Scale - Management ` • Optimize CE configuration/certificate creation/delivery ◦ Initially we processed registration serial way and each took around 2 minutes ◦ After optimization it process CE in 20 seconds and with arbitrary number of workers • Optimize delivery of Docker images ◦ Reduce size of docker images and distribute them through REs • Optimize Global Controller database operations ◦ Optimise database operations (CE upgrades Status from 3k sites) ◦ Split Status DB instances 13

  14. © 2019 Volterra Inc. All Rights Reserved. Key Findings at

    Scale - Monitoring • New Prometheus federation filters to drop unused metrics, labels ◦ Initially we had around 50k time series per CE with average of 15 labels. ◦ We optimized it to 2k per CE with average ◦ Simple while-lists for metric names and black-lists for label names • Move from global Prometheus federation to Cortex cluster ◦ Centralized Prometheus scraped all REs and CEs prometheus, ◦ At 1k CE, it becomes unsustainable. ◦ Currently Prometheus per RE (federating connected CEs Promethei) with RW to Cortex • Elasticsearch clusters and logs ◦ Decentralized logging architecture ◦ Fluentbit as collector on each node forwards logs into Fluentd (aggregator) in RE ◦ Elasticsearch deployed in every RE, using remote cluster search to query logs from single Kibana instance 14

  15. © 2019 Volterra Inc. All Rights Reserved. © 2019 Volterra

    Inc. All Rights Reserved. Liberate your Infrastructure, Applications, and Data 15 DEMO - Fleet management of CE upgrade

  16. © 2019 Volterra Inc. All Rights Reserved. Git release new

    version 20191117-000043 Customer Edge SRE Daemons SRE Workflow for Customer Edges 16 Config API Artifact storage VPM VP Controller Executor Poll for Update Upload status of upgrade K8s Deploy Render k8s manifests with version in annotation Load configuration into Config API daemon <site-name>/<version>/<manifest-per-app>.yml ce01-site/20191107-000042/prometheus.yml ce01-site/20191117-000043/prometheus.yml version: 20191117-000043 New version to Upgrade I want upgrade

  17. © 2019 Volterra Inc. All Rights Reserved. Contacts 17 @JakubPav

    @Volterra_ https://medium.com/volterra-io https://gitlab.com/volterra.io