Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Meetup Camptocamp: Exoscale SKS

Pierre-Yves Ritschard
April 14, 2021
Technology
0
220

Meetup Camptocamp: Exoscale SKS

Pierre-Yves Ritschard

April 14, 2021
Tweet

More Decks by Pierre-Yves Ritschard

See All by Pierre-Yves Ritschard
The (long) road to Kubernetes
pyr
0
240
From vertical to horizontal: The challenges of scalability in the cloud
pyr
0
46
Change Management at Scale
pyr
0
73
5 years of Clojure
pyr
2
930
Taming Jenkins
pyr
0
19
Init: then and now
pyr
1
150
Billing the Cloud
pyr
0
260
From Vertical to Horizontal
pyr
2
120
Billing the Cloud
pyr
7
1.9k

Other Decks in Technology

See All in Technology
Spotify API を使ったアイマス楽曲の楽しみ方
takemikami
0
110
Riverpodに機能追加したときの話
k9i
3
240
今後の開発規模拡大、QA人材を爆速で立ち上げる
ymty
1
1.2k
Modern Testing Tools for Java Developers
eliasnogueira
1
110
組織の立ち上げと体制変更の1年
tarappo
2
820
NestJS をかじってみた / MIERUNE BBQ #01 / #mierune
tacck
0
240
株式会社オプティム_採用会社紹介資料 / optim-recruit
optim
0
9.6k
[DevDojo] 成功するスクラムチームとは
mercari
PRO
0
110
net/http/httptest.Server のアプローチをテスト戦略に活用する / Go Conference 2023
k1low
7
1k
Turbinando Microsserviços com Distributed Cache
jordihofc
1
350
フィンテックとは何か / What is FinTech?
ks91
PRO
0
120
MagicPod開発における テスト自動化とCI
nozomiito
0
140

Featured

See All Featured
From Idea to $5000 a Month in 5 Months
shpigford
374
45k
The Straight Up "How To Draw Better" Workshop
denniskardys
226
130k
Happy Clients
brianwarren
90
6k
Fontdeck: Realign not Redesign
paulrobertlloyd
74
4.5k
Robots, Beer and Maslow
schacon
154
7.5k
Designing Experiences People Love
moore
131
22k
Scaling GitHub
holman
453
140k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
9
780
JazzCon 2018 Closing Keynote - Leadership for the Reluctant Leader
reverentgeek
176
9.4k
jQuery: Nuts, Bolts and Bling
dougneiner
57
6.7k
Reflections from 52 weeks, 52 projects
jeffersonlam
341
18k
Imperfection Machines: The Place of Print at Facebook
scottboms
255
12k

Transcript

  1. Scalable
    Kubernetes Service
    03-2021

    View Slide

  2. Outline
    ● Intro
    ● Software at Exoscale
    ● Kubernetes at Exoscale
    ● Challenges met
    ● SKS: Scalable Kubernetes Service

    View Slide

  3. Intro and context

    View Slide

  4. Exoscale in a nutshell
    ● Infrastructure as a Service, 6 zones throughout
    Europe
    ● Now part of A1 group
    ● Public cloud in Geneva since 2013

    View Slide

  5. The product

    View Slide

  6. Software at
    Exoscale

    View Slide

  7. What’s in a cloud provider?
    ● Datacenter & Network Operations
    ● Security
    ● Automation
    ● DBA
    ● Software development

    View Slide

  8. The software we write
    ● Object Storage controller
    ● Internal SDN
    ● Compute orchestrator
    ● Load-balancer orchestrator
    ● Kubernetes orchestrator
    ● Web portal
    ● Customer Management
    ● Usage Metering
    ● Billing
    ● Integration tooling (CLI, terraform provider, …)
    ● Command and control, automation support

    View Slide

  9. Things that didn’t exist in 2012
    ● Ansible
    ● Terraform
    ● Docker
    ● Kubernetes
    ● Wifi
    ● Television

    View Slide

  10. Initial stack
    ● Puppet for configuration management, in-house
    command and control
    ● 5 large external facing services, databases, a
    number of batch processing tools
    ● VM profiles per role, horizontal scaling where
    possible

    View Slide

  11. Why container orchestration then?
    ● Puppet becomes a hot spot of activity
    ○ Hard to convey the entire infrastructure
    need of an application in one place
    ○ Configuration scattered across different
    places (load-balancing, firewalling,
    software, monitoring)
    ● Always making allocation decisions “on what class
    of machines should this run?”
    ● Overall low utilization, but contention during peaks!
    ● Large MTTR for failed nodes

    View Slide

  12. Kubernetes at
    Exoscale

    View Slide

  13. Initial exploration
    ● Strong interest in Apache Mesos (not tied to
    docker, distributed systems building toolbox)
    ● Witnessed Kubernetes fast adoption
    ● Swarm and nomad didn’t fit the bill for a number of
    reasons

    View Slide

  14. Going for Kubernetes
    ● Traction
    ● The kicker were the open-ended abstractions:
    Service, Ingress, CRI, CNI, CSI
    ○ These allow providers to step in and provide a best in
    class implementation of the abstraction
    ○ The abstraction allows for a much better shot at
    expressing infrastructure independent from the
    location
    ● We decided to start with our API gateway
    ○ One of the most active projects at the time
    ○ Extremely sensitive to disruption

    View Slide

  15. Challenges met

    View Slide

  16. Keeping our promises in a containerized world
    ● Config management
    ○ Now next to the application: huge progress
    ○ Added internal tooling to generate manifests
    ● Deployments
    ○ Registries vs. Debian repositories
    ○ ArgoCD for managing deployments
    ● Security
    ○ Network and security policies
    ○ OPA (wip)

    View Slide

  17. Container networking
    ● Network used to be boring
    ○ A public IP per VM
    ○ Security groups to provide isolation
    ● Exoscale private networks not ready for CNI
    ● Performance analysis led to the use of Calico

    View Slide

  18. SKS: Scalable
    Kubernetes Service

    View Slide

  19. Redux of what we learnt
    ● Network
    ○ Calico
    ● Security
    ○ Several certificate authorities per cluster
    ○ Encryption key for secrets, per cluster
    ○ Wireguard available on the template
    ○ Cluster access using certificates (support
    for users, groups, TTL)
    ● Exoscale Cloud Controller Manager
    ○ To validate worker nodes
    ○ Network Load Balancer integration

    View Slide

  20. Full integration in the Exoscale stack
    ● Network Load Balancer
    ○ “LoadBalancer” Kubernetes services
    ○ Configuration using annotations
    ● Instance Pools
    ○ We rely on instance pools for the nodepools
    ○ Same properties (nodes cycling…)
    ● Security groups (per nodepool)
    ● Anti affinity groups (per nodepool)
    ● API and tooling
    ○ CLI, Terraform

    View Slide

  21. Product objectives
    ● Speed
    ○ Create clusters in ~100 seconds
    ○ New nodes in the cluster in ~120 seconds
    (available in “kubectl get nodes”)
    ○ Should be faster in the future
    ● Seamless start
    ● CNCF compliance
    ● Reliability: two offerings
    ○ starter: no SLA, non-HA control plane, free
    ○ pro: SLA, HA control plane

    View Slide

  22. Demo!

    View Slide

  23. Kubernete
    dashboard
    Kubernetes
    “LoadBalancer”
    Service
    Exoscale
    Load Balancer
    Kubernetes Cluster
    Outside world

    View Slide

  24. Kubernete
    dashboard
    Kubernetes
    “LoadBalancer”
    Service
    Exoscale
    Load Balancer
    Kubernetes Cluster
    Outside world
    Kubernetes
    “LoadBalancer”
    Service
    Nginx ingress
    controller
    App App
    Exoscale
    Load Balancer

    View Slide

  25. Additional notes and
    future work

    View Slide

  26. Advanced use cases
    ● Cluster lifecycle management
    ○ Cluster upgrades (next patchs, next minor)
    ● Certificate management
    ○ You can retrieve various CA certificates in
    order to configure some components
    ● Multiple nodepools
    ○ Each nodepool is independant
    ○ Can have different disk sizes, offerings, anti
    affinity groups, networking rules…
    ○ Can be scaled independently

    View Slide

  27. Ongoing work
    ● Cluster autoscaler (short-term)
    ○ Automatically scale nodepools based on
    Kubernetes metrics
    ● Web portal (short-term)
    ● Blueprints (short-term)
    ○ Manifests examples for common things
    ● GPU nodepools
    ● More add-ons: dashboard, ingress, metrics-server
    ○ metrics-server should arrive soon
    ● Persistent volumes: specific add-on
    ● Automatic security group management
    ● Managed container registry
    ● Advanced IAM integration

    View Slide