Save 37% off PRO during our Black Friday Sale! »

Kubernetes Controllers - are they loops or events?

569f10721398d92f5033097ac6d9132c?s=47 Tim Hockin
February 20, 2021
Technology
9
1.8k

Kubernetes Controllers - are they loops or events?

569f10721398d92f5033097ac6d9132c?s=128

Tim Hockin

February 20, 2021
Tweet

More Decks by Tim Hockin

See All by Tim Hockin
569f10721398d92f5033097ac6d9132c?s=48 thockin
9
990
569f10721398d92f5033097ac6d9132c?s=48 thockin
8
870
569f10721398d92f5033097ac6d9132c?s=48 thockin
2
370
569f10721398d92f5033097ac6d9132c?s=48 thockin
43
8.7k
569f10721398d92f5033097ac6d9132c?s=48 thockin
60
48k
569f10721398d92f5033097ac6d9132c?s=48 thockin
25
1.5k
569f10721398d92f5033097ac6d9132c?s=48 thockin
0
170
569f10721398d92f5033097ac6d9132c?s=48 thockin
3
430
569f10721398d92f5033097ac6d9132c?s=48 thockin
1
190

Other Decks in Technology

See All in Technology
5dbaf4015e7f249ab21b195ced8e9e46?s=48 masatoshitada
2
650
D4380e6758ea5901e2612d9e81eb01bc?s=48 ambrinc
3
600
3282faa17a370dd254382f4bf2c7ba3a?s=48 yukiiiiikuma
6
2k
64e95d2d8051ee58501f21987f46b9e7?s=48 chck
0
130
4852f047f15c6ef357eb08c62d1c31bf?s=48 shimasan
0
250
380bcd2ab751f5838abd8219df53e5fe?s=48 tomoki10
0
130
50bc42471d197d0dbef7171f2ef85bb6?s=48 comucal
PRO
0
1.5k
D8d463da5ab4a99265ffc1d12e76cbc9?s=48 sagara
0
120
1f8d8d2c58b7c356497af9942ca26a4f?s=48 ot0m1
0
130
D65ac1a4aacb7a449bb61cef10fb7143?s=48 yamanoku
3
2.7k
09796cb754b7d31f1a4f31da436177ab?s=48 sankichi92
0
300
69f5ab96892df4d8cbe32189f2ed2d9d?s=48 heyinc
18
200k

Featured

See All Featured
5f2da528927a2ec9ba4fec2069cbc958?s=48 kneath
298
39k
Ba530e786553390f3fb271848485681c?s=48 3n
169
23k
B3d6434763caa0ef5dc4b792662c49f7?s=48 smashingmag
289
47k
C51b39fa3c79ccb99dcb8a076bc98287?s=48 brianwarren
88
5.4k
2f5463832ccb768ccb4a1ca3607c27ef?s=48 jacobian
263
20k
9cde37f47e4a800ea081ea42de8d749a?s=48 dougneiner
123
8.3k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
780
240k
3d4519fd34b76fb265fc0237f3792bd4?s=48 danielanewman
208
20k
1f74b13f1e5c6c69cb5d7fbaabb1e2cb?s=48 sferik
612
56k
20bfe76b3d6105641f879fe45cfc9272?s=48 bkeepers
PRO
416
58k
8ec1383b240b5ba15ffb9743fceb3c0e?s=48 philnash
23
1.2k
Fde6c3a50ca518a909ef35c22c0ee0e4?s=48 destraynor
224
48k

Transcript

  1. Kubernetes Controllers Are they loops or events? Tim Hockin @thockin

    v1

  2. Background on “reconciliation”: https://speakerdeck.com/thockin/kubernetes-what-is-reconciliation

  3. Background on “edge vs. level”: https://speakerdeck.com/thockin/edge-vs-level-triggered-logic

  4. Usually when we talk about controllers we refer to them

    as a “loop”

  5. Imagine a controller for Pods (aka kubelet). It has 2

    jobs: 1) Actuate the pod API 2) Report status on pods

  6. What you’d expect looks something like:

  7. Node Kubernetes API a kubelet b c Get all pods

  8. Node Kubernetes API a kubelet b c { name: a,

    ... } { name: b, ... } { name: c, ... }

  9. Node Kubernetes API a kubelet b c for each pod

    p { if p is running { verify p config } else { start p } gather status }

  10. Node Kubernetes API a kubelet b c Set status c

    a b

  11. ...then repeat (aka “a poll loop”)

  12. Here’s where it matters

  13. Node Kubernetes API a kubelet b c c a b

    kubectl delete pod b

  14. Node Kubernetes API a kubelet c c a b kubectl

    delete pod b

  15. Node Kubernetes API a kubelet c Get all pods c

    a b

  16. Node Kubernetes API a kubelet c { name: a, ...

    } { name: c, ... } c a b

  17. Node Kubernetes API a kubelet c I have “b” but

    API doesn’t - delete it! c a b

  18. Node Kubernetes API a kubelet c Set status c a

  19. This is correct level-triggered reconciliation Read desired state, make it

    so

  20. Some controllers are implemented this way, but it’s inefficient at

    scale

  21. Imagine thousands of controllers (kubelet, kube-proxy, dns, ingress, storage...) polling

    continuously

  22. We need to achieve the same behavior more efficiently

  23. We could poll less often, but then it takes a

    long (and variable) time to react - not a great UX

  24. Enter the “list-watch” model

  25. Node Kubernetes API a kubelet b c Get all pods

  26. Node Kubernetes API a kubelet b c { name: a,

    ... } { name: b, ... } { name: c, ... }

  27. Node Kubernetes API a kubelet b c Cache: { name:

    a, ... } { name: b, ... } { name: c, ... }

  28. Node Kubernetes API a kubelet b c Watch all pods

    Cache: { name: a, ... } { name: b, ... } { name: c, ... }

  29. Node Kubernetes API a kubelet b c Cache: { name:

    a, ... } { name: b, ... } { name: c, ... } for each pod p { if p is running { verify p config } else { start p } gather status }

  30. Node Kubernetes API a kubelet b c Set status c

    a b Cache: { name: a, ... } { name: b, ... } { name: c, ... }

  31. We trade memory (the cache) for other resources (API server

    CPU in particular)

  32. There’s no point in polling my own cache, so what

    happens next?

  33. Remember that watch we did earlier? That’s an open stream

    for events.

  34. Node Kubernetes API a kubelet b c c a b

    kubectl delete pod b Cache: { name: a, ... } { name: b, ... } { name: c, ... }

  35. Node Kubernetes API a kubelet c c a b kubectl

    delete pod b Cache: { name: a, ... } { name: b, ... } { name: c, ... }

  36. Node Kubernetes API a kubelet c Delete: { name: b,

    ... } c a b Cache: { name: a, ... } { name: b, ... } { name: c, ... }

  37. Node Kubernetes API a kubelet c Delete: { name: b,

    ... } c a b Cache: { name: a, ... } { name: c, ... }

  38. Node Kubernetes API a kubelet c Cache: { name: a,

    ... } { name: c, ... } c a b API said to delete pod “b”.

  39. Node Kubernetes API a kubelet c Cache: { name: a,

    ... } { name: c, ... } c a API said to delete pod “b”.

  40. “But you said edge-triggered is bad!”

  41. It is! But this isn’t edge-triggered.

  42. The cache is updated by events (edges) but we are

    still reconciling state

  43. “???”

  44. The controller can be restarted at any time and the

    cache will be reconstructed - we can’t “miss an edge*” * modulo bugs, read on

  45. Even if you miss an event, you can still recover

    the state

  46. Ultimately it’s all just software, and software has bugs. Controllers

    should re-list periodically to get full state...

  47. ...but we’ve put a lot of energy into making sure

    that our list-watch is reliable.