Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Kubernetes Controllers - are they loops or events?

569f10721398d92f5033097ac6d9132c?s=47 Tim Hockin
February 20, 2021
Technology
9
1.5k

Kubernetes Controllers - are they loops or events?

569f10721398d92f5033097ac6d9132c?s=128

Tim Hockin

February 20, 2021
Tweet

More Decks by Tim Hockin

See All by Tim Hockin
569f10721398d92f5033097ac6d9132c?s=48 thockin
9
900
569f10721398d92f5033097ac6d9132c?s=48 thockin
8
820
569f10721398d92f5033097ac6d9132c?s=48 thockin
2
340
569f10721398d92f5033097ac6d9132c?s=48 thockin
43
8.2k
569f10721398d92f5033097ac6d9132c?s=48 thockin
58
46k
569f10721398d92f5033097ac6d9132c?s=48 thockin
25
1.5k
569f10721398d92f5033097ac6d9132c?s=48 thockin
0
160
569f10721398d92f5033097ac6d9132c?s=48 thockin
3
410
569f10721398d92f5033097ac6d9132c?s=48 thockin
1
190

Other Decks in Technology

See All in Technology
F73cb07af91c5fe5e1e5abf0f05019bf?s=48 takanorig
0
240
1f745ff900e1be51aedae18cae76593c?s=48 kurochan
0
120
C60bcac530f3b3b4d33b653ad03fbacb?s=48 aomathwift
1
130
F400611942a8b7a695f741f9a720fcf8?s=48 koooootake
3
120
609308e6510e41133d30460eef1ccd36?s=48 no24oka
0
120
195f71c8183f8d27da66aa0618f293b6?s=48 task4233
17
12k
5d9c07f0c2044b1407a84d88362bc84d?s=48 estie
0
140
01c581e230dd588a5c9b7a8c243c4f43?s=48 u1nakayama
0
340
Ecad9d801d79f6c6e5df93094690685e?s=48 sinsoku
8
630
13d936e697fe0f4fa96f926d0a712f6c?s=48 sansanbuildersbox
PRO
0
200
842515eaf8fbb2dfcc75197e7797dc15?s=48 sat
2
240
2d1ae5ea9354a50d87b46f4503d11f4e?s=48 tuhin1729
0
130

Featured

See All Featured
E6c6e133e74c3b83f04d2861deaa1c20?s=48 searls
207
38k
651dcfe41723207fbb0aa044a4f7c07f?s=48 dotmariusz
99
5.7k
Aff5641764408271f7bc398f2097edd0?s=48 denniskardys
222
120k
3d4519fd34b76fb265fc0237f3792bd4?s=48 danielanewman
208
20k
465724d73fe3a92c0879fdfb43a3a6f3?s=48 philhawksworth
196
17k
D67fff74178013024d833b3eec6cf27f?s=48 lynnandtonic
277
17k
64827b31aef81498662e8af4bd6d5157?s=48 jonrohan
1021
400k
016edace78ffe826f2348d1e0c504afd?s=48 maggiecrowley
16
870
282d599b414022eba5096510f675b6e2?s=48 chrislema
174
14k
B3ace07412a5178ea778e7eec161fc0a?s=48 jcasabona
10
730
812e1705ff0f8bc1bcf18587bde687d5?s=48 62gerente
593
210k
5f50f94346fbcb23706f0707169317a4?s=48 aarron
261
36k

Transcript

  1. Kubernetes Controllers Are they loops or events? Tim Hockin @thockin

    v1

  2. Background on “reconciliation”: https://speakerdeck.com/thockin/kubernetes-what-is-reconciliation

  3. Background on “edge vs. level”: https://speakerdeck.com/thockin/edge-vs-level-triggered-logic

  4. Usually when we talk about controllers we refer to them

    as a “loop”

  5. Imagine a controller for Pods (aka kubelet). It has 2

    jobs: 1) Actuate the pod API 2) Report status on pods

  6. What you’d expect looks something like:

  7. Node Kubernetes API a kubelet b c Get all pods

  8. Node Kubernetes API a kubelet b c { name: a,

    ... } { name: b, ... } { name: c, ... }

  9. Node Kubernetes API a kubelet b c for each pod

    p { if p is running { verify p config } else { start p } gather status }

  10. Node Kubernetes API a kubelet b c Set status c

    a b

  11. ...then repeat (aka “a poll loop”)

  12. Here’s where it matters

  13. Node Kubernetes API a kubelet b c c a b

    kubectl delete pod b

  14. Node Kubernetes API a kubelet c c a b kubectl

    delete pod b

  15. Node Kubernetes API a kubelet c Get all pods c

    a b

  16. Node Kubernetes API a kubelet c { name: a, ...

    } { name: c, ... } c a b

  17. Node Kubernetes API a kubelet c I have “b” but

    API doesn’t - delete it! c a b

  18. Node Kubernetes API a kubelet c Set status c a

  19. This is correct level-triggered reconciliation Read desired state, make it

    so

  20. Some controllers are implemented this way, but it’s inefficient at

    scale

  21. Imagine thousands of controllers (kubelet, kube-proxy, dns, ingress, storage...) polling

    continuously

  22. We need to achieve the same behavior more efficiently

  23. We could poll less often, but then it takes a

    long (and variable) time to react - not a great UX

  24. Enter the “list-watch” model

  25. Node Kubernetes API a kubelet b c Get all pods

  26. Node Kubernetes API a kubelet b c { name: a,

    ... } { name: b, ... } { name: c, ... }

  27. Node Kubernetes API a kubelet b c Cache: { name:

    a, ... } { name: b, ... } { name: c, ... }

  28. Node Kubernetes API a kubelet b c Watch all pods

    Cache: { name: a, ... } { name: b, ... } { name: c, ... }

  29. Node Kubernetes API a kubelet b c Cache: { name:

    a, ... } { name: b, ... } { name: c, ... } for each pod p { if p is running { verify p config } else { start p } gather status }

  30. Node Kubernetes API a kubelet b c Set status c

    a b Cache: { name: a, ... } { name: b, ... } { name: c, ... }

  31. We trade memory (the cache) for other resources (API server

    CPU in particular)

  32. There’s no point in polling my own cache, so what

    happens next?

  33. Remember that watch we did earlier? That’s an open stream

    for events.

  34. Node Kubernetes API a kubelet b c c a b

    kubectl delete pod b Cache: { name: a, ... } { name: b, ... } { name: c, ... }

  35. Node Kubernetes API a kubelet c c a b kubectl

    delete pod b Cache: { name: a, ... } { name: b, ... } { name: c, ... }

  36. Node Kubernetes API a kubelet c Delete: { name: b,

    ... } c a b Cache: { name: a, ... } { name: b, ... } { name: c, ... }

  37. Node Kubernetes API a kubelet c Delete: { name: b,

    ... } c a b Cache: { name: a, ... } { name: c, ... }

  38. Node Kubernetes API a kubelet c Cache: { name: a,

    ... } { name: c, ... } c a b API said to delete pod “b”.

  39. Node Kubernetes API a kubelet c Cache: { name: a,

    ... } { name: c, ... } c a API said to delete pod “b”.

  40. “But you said edge-triggered is bad!”

  41. It is! But this isn’t edge-triggered.

  42. The cache is updated by events (edges) but we are

    still reconciling state

  43. “???”

  44. The controller can be restarted at any time and the

    cache will be reconstructed - we can’t “miss an edge*” * modulo bugs, read on

  45. Even if you miss an event, you can still recover

    the state

  46. Ultimately it’s all just software, and software has bugs. Controllers

    should re-list periodically to get full state...

  47. ...but we’ve put a lot of energy into making sure

    that our list-watch is reliable.