Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Kubernetes Controllers - are they loops or events?

569f10721398d92f5033097ac6d9132c?s=47 Tim Hockin
February 20, 2021
Technology
3
960

Kubernetes Controllers - are they loops or events?

569f10721398d92f5033097ac6d9132c?s=128

Tim Hockin

February 20, 2021
Tweet

More Decks by Tim Hockin

See All by Tim Hockin
569f10721398d92f5033097ac6d9132c?s=48 thockin
8
580
569f10721398d92f5033097ac6d9132c?s=48 thockin
7
680
569f10721398d92f5033097ac6d9132c?s=48 thockin
2
260
569f10721398d92f5033097ac6d9132c?s=48 thockin
40
7k
569f10721398d92f5033097ac6d9132c?s=48 thockin
57
35k
569f10721398d92f5033097ac6d9132c?s=48 thockin
24
1.5k
569f10721398d92f5033097ac6d9132c?s=48 thockin
0
140
569f10721398d92f5033097ac6d9132c?s=48 thockin
3
360
569f10721398d92f5033097ac6d9132c?s=48 thockin
0
160

Other Decks in Technology

See All in Technology
6b6fab5155ec52293778ed7b64ab377f?s=48 kkosukeee
0
160
70357f859596e494c8373be7a87966b1?s=48 1027kg
0
210
A2cac4b3dcb2bc0b87917ddc034ef708?s=48 sansandsoc
0
340
2cf373725ded741824c50fd571eda6e1?s=48 udzura
2
260
56ae61a2631362f985e4c1fa4548a7ac?s=48 yuzutas0
8
3.1k
4b2f3a64637b51e81813accbe8a98083?s=48 miura55
0
360
Abaa70cc6ac599bb503184eb2ae03ab4?s=48 tenjuu99
1
300
Cd823abda454a7a2065fe6fe273ae84b?s=48 viva_tweet_x
1
430
8a84268593355816432ceaf78777d585?s=48 dena_tech
15
3.4k
8a84268593355816432ceaf78777d585?s=48 dena_tech
1
680
8a84268593355816432ceaf78777d585?s=48 dena_tech
3
590
Cd823abda454a7a2065fe6fe273ae84b?s=48 viva_tweet_x
3
3k

Featured

See All Featured
06f8b41980eb4c577fa40c41d5030c19?s=48 keathley
20
710
D8fc2580cfaca035f666d9e4ee79a7f7?s=48 mongodb
23
3.9k
B6a8f005f39d23ffc930508ac9da68b9?s=48 vanstee
117
4.9k
3d4519fd34b76fb265fc0237f3792bd4?s=48 danielanewman
1
520
24fc194843a71f10949be18d5a692682?s=48 gr2m
83
11k
A60068bce2e73de3a37ca9d2dbe36092?s=48 bryan
100
11k
A415db3ac9e9668acbc1fb36eead84ac?s=48 mthomps
38
2.3k
Af6a12710770ad9a7cfd08c97efd40d3?s=48 pedronauck
652
110k
Fde6c3a50ca518a909ef35c22c0ee0e4?s=48 destraynor
222
47k
6804f1775cb4babfcc3851298566fbce?s=48 tanoku
86
8.6k
F29327647a9cff5c69618bae420792ea?s=48 tenderlove
53
3.5k
1177e050db6bafe62885362edf6e3537?s=48 lauravandoore
10
1.6k

Transcript

  1. Kubernetes Controllers Are they loops or events? Tim Hockin @thockin

    v1

  2. Background on “reconciliation”: https://speakerdeck.com/thockin/kubernetes-what-is-reconciliation

  3. Background on “edge vs. level”: https://speakerdeck.com/thockin/edge-vs-level-triggered-logic

  4. Usually when we talk about controllers we refer to them

    as a “loop”

  5. Imagine a controller for Pods (aka kubelet). It has 2

    jobs: 1) Actuate the pod API 2) Report status on pods

  6. What you’d expect looks something like:

  7. Node Kubernetes API a kubelet b c Get all pods

  8. Node Kubernetes API a kubelet b c { name: a,

    ... } { name: b, ... } { name: c, ... }

  9. Node Kubernetes API a kubelet b c for each pod

    p { if p is running { verify p config } else { start p } gather status }

  10. Node Kubernetes API a kubelet b c Set status c

    a b

  11. ...then repeat (aka “a poll loop”)

  12. Here’s where it matters

  13. Node Kubernetes API a kubelet b c c a b

    kubectl delete pod b

  14. Node Kubernetes API a kubelet c c a b kubectl

    delete pod b

  15. Node Kubernetes API a kubelet c Get all pods c

    a b

  16. Node Kubernetes API a kubelet c { name: a, ...

    } { name: c, ... } c a b

  17. Node Kubernetes API a kubelet c I have “b” but

    API doesn’t - delete it! c a b

  18. Node Kubernetes API a kubelet c Set status c a

  19. This is correct level-triggered reconciliation Read desired state, make it

    so

  20. Some controllers are implemented this way, but it’s inefficient at

    scale

  21. Imagine thousands of controllers (kubelet, kube-proxy, dns, ingress, storage...) polling

    continuously

  22. We need to achieve the same behavior more efficiently

  23. We could poll less often, but then it takes a

    long (and variable) time to react - not a great UX

  24. Enter the “list-watch” model

  25. Node Kubernetes API a kubelet b c Get all pods

  26. Node Kubernetes API a kubelet b c { name: a,

    ... } { name: b, ... } { name: c, ... }

  27. Node Kubernetes API a kubelet b c Cache: { name:

    a, ... } { name: b, ... } { name: c, ... }

  28. Node Kubernetes API a kubelet b c Watch all pods

    Cache: { name: a, ... } { name: b, ... } { name: c, ... }

  29. Node Kubernetes API a kubelet b c Cache: { name:

    a, ... } { name: b, ... } { name: c, ... } for each pod p { if p is running { verify p config } else { start p } gather status }

  30. Node Kubernetes API a kubelet b c Set status c

    a b Cache: { name: a, ... } { name: b, ... } { name: c, ... }

  31. We trade memory (the cache) for other resources (API server

    CPU in particular)

  32. There’s no point in polling my own cache, so what

    happens next?

  33. Remember that watch we did earlier? That’s an open stream

    for events.

  34. Node Kubernetes API a kubelet b c c a b

    kubectl delete pod b Cache: { name: a, ... } { name: b, ... } { name: c, ... }

  35. Node Kubernetes API a kubelet c c a b kubectl

    delete pod b Cache: { name: a, ... } { name: b, ... } { name: c, ... }

  36. Node Kubernetes API a kubelet c Delete: { name: b,

    ... } c a b Cache: { name: a, ... } { name: b, ... } { name: c, ... }

  37. Node Kubernetes API a kubelet c Delete: { name: b,

    ... } c a b Cache: { name: a, ... } { name: c, ... }

  38. Node Kubernetes API a kubelet c Cache: { name: a,

    ... } { name: c, ... } c a b API said to delete pod “b”.

  39. Node Kubernetes API a kubelet c Cache: { name: a,

    ... } { name: c, ... } c a API said to delete pod “b”.

  40. “But you said edge-triggered is bad!”

  41. It is! But this isn’t edge-triggered.

  42. The cache is updated by events (edges) but we are

    still reconciling state

  43. “???”

  44. The controller can be restarted at any time and the

    cache will be reconstructed - we can’t “miss an edge*” * modulo bugs, read on

  45. Even if you miss an event, you can still recover

    the state

  46. Ultimately it’s all just software, and software has bugs. Controllers

    should re-list periodically to get full state...

  47. ...but we’ve put a lot of energy into making sure

    that our list-watch is reliable.