Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Keeping up with Kubernetes cluster upgrades

Tasdik Rahman
September 24, 2022
Technology
0
390

Keeping up with Kubernetes cluster upgrades

Was given as part of the talk lineup in Bangalore k8s meetup September 2022

https://www.meetup.com/kubernetes-openshift-india-meetup/events/288277755/

Tasdik Rahman

September 24, 2022
Tweet

More Decks by Tasdik Rahman

See All by Tasdik Rahman
TDD: An experience report
tasdikrahman
0
1.1k
Achieving repeatable, extensible and self serve infrastructure
tasdikrahman
0
1.7k
Ways of enabling Canary deployments in kubernetes
tasdikrahman
0
4.2k
Kingsly - The Cert Manager
tasdikrahman
0
1.9k
kuberception: Self Hosting kubernetes
tasdikrahman
0
7.7k
Diving deep on how imports work in Python
tasdikrahman
0
3k
Introduction to Ansible
tasdikrahman
1
16k
Demystifying how imports work in Python
tasdikrahman
1
3.2k

Other Decks in Technology

See All in Technology
よく聞くけど使ったことないソフトウェアNo.1 KafkaとSnowflake
foursue
4
320
どうするコスト最適化のトレードオフ
tetsuyaooooo
1
470
GraphQL 成熟度モデルの紹介と、プロダクトに当てはめた事例 / GraphQL maturity model
mh4gf
7
1.3k
検証を通して見えてきたTiDBの性能特性
lycorptech_jp
PRO
6
3.7k
SREとその組織類型
tatsuo48
9
1.6k
推しは推せるときに推せ! プロダクトにフィードバックしていこう
nakasho
0
260
オーナーシップを持つ領域を明確にする
konifar
13
3k
Oracle Cloud Infrastructure:2024年4月度サービス・アップデート
oracle4engineer
PRO
1
180
アクセシビリティを考慮したUI/CSSフレームワーク・ライブラリ選定
yajihum
2
990
「手動オペレーションに定評がある」と言われた私が心がけていること / phpcon_odawara2024
blue_goheimochi
2
370
MLOpsの「壁」を乗り越える、LINEヤフーの Data Quality as Code
lycorptech_jp
PRO
4
210
Java EE/Jakarta EEの現状と将来 ―クラウドネイティブ時代にJava EEは対応できるのか?―
takakiyo
1
130

Featured

See All Featured
A Philosophy of Restraint
colly
196
16k
Embracing the Ebb and Flow
colly
79
4.1k
The Cult of Friendly URLs
andyhume
74
5.7k
A designer walks into a library…
pauljervisheath
199
23k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
60
14k
Debugging Ruby Performance
tmm1
70
11k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
243
20k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
124
32k
[RailsConf 2023] Rails as a piece of cake
palkan
22
3.9k
Code Review Best Practice
trishagee
54
15k
Building Flexible Design Systems
yeseniaperezcruz
318
37k
Happy Clients
brianwarren
91
6.4k

Transcript

  1. Keeping up with k8s cluster upgrades @tasdikrahman | www.tasdikrahman.com Kubernetes

    Bangalore Meetup September 2022

  2. Keeping up with k8s cluster upgrades

  3. Keeping up with k8s cluster upgrades Trying to keep up

  4. Why should you upgrade, anyway?

  5. Why should you upgrade, any way API deprecations

  6. Why should you upgrade, any way API deprecations New API’s

    serve you better

  7. Why should you upgrade, any way API deprecations New API’s

    serve you better Security patches for CVEs

  8. Why should you upgrade, any way API deprecations New API’s

    serve you better Security patches for CVEs Version deprecations by the provider

  9. Why should you upgrade, any way API deprecations New API’s

    serve you better Security patches for CVEs Version deprecations by the provider Incremental changes introduced

  10. Why should you upgrade, any way API deprecations New API’s

    serve you better Security patches for CVEs Version deprecations by the provider Incremental changes introduced Bottomline: Upgrade to prevent infrastructure rot

  11. Is this specific to k8s?

  12. Is this specific to k8s? • Compute layer upgrades are

    not new

  13. Is this specific to k8s? • Compute layer upgrades are

    not new • Inventory of what version of OS/language stack is running on compute instances.

  14. Is this specific to k8s? • Compute layer upgrades are

    not new • Inventory of what version of OS/language stack is running on compute instances. • Handling of deprecation of support of OS versions and language stacks

  15. Is this specific to k8s? • Compute layer upgrades are

    not new • Inventory of what version of OS/language stack is running on compute instances. • Handling of deprecation of support of OS versions and language stacks • Fixing CVE fix patches on these machines.

  16. Is this specific to k8s? • Compute layer upgrades are

    not new • Inventory of what version of OS/language stack is running on compute instances. • Handling of deprecation of support of OS versions and language stacks • Fixing CVE fix patches on these machines. • Manage via golden AMI’s, blue green replacements, upgrade in place.

  17. Release pace for some managed providers so far

  18. Release pace for providers - eks Source: https://endoflife.date/amazon-eks

  19. Release pace for providers - gke Source: https://endoflife.date/google-kubernetes-engine

  20. Release pace for other providers may follow a similar cadence

  21. Reason for such a release velocity

  22. Upstream has roughly 4 releases/year

  23. A new version every 3 months

  24. KEP 2572 sig-release https://github.com/kubernetes/enhancements/blob/master/keps/sig-release/2572-release-cadence/README.md#summary

  25. KEP 2572 sig-release https://github.com/kubernetes/enhancements/blob/master/keps/sig-release/2572-release-cadence/README.md#summary

  26. K8s release cadence - discussion https://github.com/kubernetes/sig-release/discussions/1290

  27. What happens when you don’t upgrade?

  28. Force upgradation of your control plane

  29. Outcome? Possible Outage

  30. Security incidents

  31. Optimising for high velocity k8s upgrades

  32. Managing state via terraform/cloudformation or something which helps you manage

    the state

  33. self hosting your own k8s cluster

  34. self hosting your own k8s cluster Of course not! avoid

    unless having a very special case

  35. Having a staging setup

  36. Having a staging setup Having staging as close to prod

  37. Have staging run x version for y time before upgrading

    prod to x version

  38. Offload to managed compute nodes

  39. Smaller clusters as a tradeoff

  40. offloading components as add-ons

  41. Removing human bottlenecks

  42. Automation

  43. https://github.com/aws/containers-roadmap/issues/600

  44. Helps you scale upgrades once cluster numbers increase

  45. Helps you scale upgrades once cluster numbers increase Is necessary

    to

  46. Reduces toil, offloading repetition

  47. Pre upgrade checks

  48. Pods running fine, api-deprecations for next version, Affected workloads

  49. Post upgrade checks

  50. Node maintenance operations

  51. Opinionated take: Avoid shell scripts, use one of the k8s

    clients if writing something from scratch

  52. Leverage existing automation

  53. GKE EKS • Stable and rapid release channels for standard

    deployments • Avoid static channels if you can • If you can, evaluate autopilot mode • Managed node groups • Cluster addons ◦ Coredns ◦ Kube-proxy etc

  54. Documentation

  55. Document everything

  56. Have versions compatibility matrix mapped for components

  57. Upgrades shouldn’t be an afterthought

  58. References • https://github.com/kubernetes/enhancements/blob/master/keps/sig-release/2572-rel ease-cadence/README.md • https://github.com/kubernetes/sig-release/discussions/1290 • https://github.com/deliveryhero/k8s-cluster-upgrade-tool • https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-upgrades

    • https://github.com/aws/containers-roadmap/issues/600

  59. @tasdikrahman | www.tasdikrahman.com