Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Kubernetes Controllers - are they loops or events?

569f10721398d92f5033097ac6d9132c?s=47 Tim Hockin
February 20, 2021
Technology
5
1.2k

Kubernetes Controllers - are they loops or events?

569f10721398d92f5033097ac6d9132c?s=128

Tim Hockin

February 20, 2021
Tweet

More Decks by Tim Hockin

See All by Tim Hockin
569f10721398d92f5033097ac6d9132c?s=48 thockin
8
730
569f10721398d92f5033097ac6d9132c?s=48 thockin
7
740
569f10721398d92f5033097ac6d9132c?s=48 thockin
2
300
569f10721398d92f5033097ac6d9132c?s=48 thockin
41
7.6k
569f10721398d92f5033097ac6d9132c?s=48 thockin
57
37k
569f10721398d92f5033097ac6d9132c?s=48 thockin
24
1.5k
569f10721398d92f5033097ac6d9132c?s=48 thockin
0
150
569f10721398d92f5033097ac6d9132c?s=48 thockin
3
390
569f10721398d92f5033097ac6d9132c?s=48 thockin
0
180

Other Decks in Technology

See All in Technology
53850955f15249a1a9dc49df6113e400?s=48 line_developers
PRO
6
940
71c9ebde850996d2533c5df4df2c93c6?s=48 opdavies
0
2.5k
Dc35998459997f1063eab4194fcb4531?s=48 mars_eu
0
180
19fc8f6113c5c3d86e6176362ff29479?s=48 kanaugust
PRO
0
180
E8aaf6f975dda96c47412cf311089243?s=48 tadashi0713
6
1.7k
5e25aec60358948cd53cfcdfd3714c6b?s=48 weblyzard
1
2.2k
Acdecb7b4baebb0d4c521626d21adc6a?s=48 motikoma
1
210
966e29b84ae7dbde170f66b0bc75b7a6?s=48 ishiayaya
PRO
0
160
384e4d8bab8ac2a5e6f64dab1300c491?s=48 nagano
0
1.4k
Ca6281fff64797dc419b78f51f25c0a5?s=48 fujiwara3
PRO
0
240
9b2600a82821673d9d0f03cc6f7bc56e?s=48 kloudleinc
0
120
88dae28e3d082236f37db2f5c2db339d?s=48 keropiyo
0
260

Featured

See All Featured
E43f8dfd01057f8304f5f8fb9a294d7d?s=48 jeffersonlam
330
16k
F68cb25ae3e5c2106997454b13b7737d?s=48 brad_frost
158
6.5k
1177e050db6bafe62885362edf6e3537?s=48 lauravandoore
12
1.8k
1519587b1a0febb658c36c94f6272b0d?s=48 roundedbygravity
242
21k
6804f1775cb4babfcc3851298566fbce?s=48 tanoku
86
8.7k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
146
20k
016edace78ffe826f2348d1e0c504afd?s=48 maggiecrowley
10
590
Fde6c3a50ca518a909ef35c22c0ee0e4?s=48 destraynor
146
19k
C9b18d9dff88a9dd2393364c2b3b21bd?s=48 colly
188
14k
E76911cbe088e5b850d966de3fc7435b?s=48 robhawkes
53
2.9k
Eb8975af8e49e19e3dd6b6b84a542e26?s=48 qrush
285
19k
465724d73fe3a92c0879fdfb43a3a6f3?s=48 philhawksworth
193
8.9k

Transcript

  1. Kubernetes Controllers Are they loops or events? Tim Hockin @thockin

    v1

  2. Background on “reconciliation”: https://speakerdeck.com/thockin/kubernetes-what-is-reconciliation

  3. Background on “edge vs. level”: https://speakerdeck.com/thockin/edge-vs-level-triggered-logic

  4. Usually when we talk about controllers we refer to them

    as a “loop”

  5. Imagine a controller for Pods (aka kubelet). It has 2

    jobs: 1) Actuate the pod API 2) Report status on pods

  6. What you’d expect looks something like:

  7. Node Kubernetes API a kubelet b c Get all pods

  8. Node Kubernetes API a kubelet b c { name: a,

    ... } { name: b, ... } { name: c, ... }

  9. Node Kubernetes API a kubelet b c for each pod

    p { if p is running { verify p config } else { start p } gather status }

  10. Node Kubernetes API a kubelet b c Set status c

    a b

  11. ...then repeat (aka “a poll loop”)

  12. Here’s where it matters

  13. Node Kubernetes API a kubelet b c c a b

    kubectl delete pod b

  14. Node Kubernetes API a kubelet c c a b kubectl

    delete pod b

  15. Node Kubernetes API a kubelet c Get all pods c

    a b

  16. Node Kubernetes API a kubelet c { name: a, ...

    } { name: c, ... } c a b

  17. Node Kubernetes API a kubelet c I have “b” but

    API doesn’t - delete it! c a b

  18. Node Kubernetes API a kubelet c Set status c a

  19. This is correct level-triggered reconciliation Read desired state, make it

    so

  20. Some controllers are implemented this way, but it’s inefficient at

    scale

  21. Imagine thousands of controllers (kubelet, kube-proxy, dns, ingress, storage...) polling

    continuously

  22. We need to achieve the same behavior more efficiently

  23. We could poll less often, but then it takes a

    long (and variable) time to react - not a great UX

  24. Enter the “list-watch” model

  25. Node Kubernetes API a kubelet b c Get all pods

  26. Node Kubernetes API a kubelet b c { name: a,

    ... } { name: b, ... } { name: c, ... }

  27. Node Kubernetes API a kubelet b c Cache: { name:

    a, ... } { name: b, ... } { name: c, ... }

  28. Node Kubernetes API a kubelet b c Watch all pods

    Cache: { name: a, ... } { name: b, ... } { name: c, ... }

  29. Node Kubernetes API a kubelet b c Cache: { name:

    a, ... } { name: b, ... } { name: c, ... } for each pod p { if p is running { verify p config } else { start p } gather status }

  30. Node Kubernetes API a kubelet b c Set status c

    a b Cache: { name: a, ... } { name: b, ... } { name: c, ... }

  31. We trade memory (the cache) for other resources (API server

    CPU in particular)

  32. There’s no point in polling my own cache, so what

    happens next?

  33. Remember that watch we did earlier? That’s an open stream

    for events.

  34. Node Kubernetes API a kubelet b c c a b

    kubectl delete pod b Cache: { name: a, ... } { name: b, ... } { name: c, ... }

  35. Node Kubernetes API a kubelet c c a b kubectl

    delete pod b Cache: { name: a, ... } { name: b, ... } { name: c, ... }

  36. Node Kubernetes API a kubelet c Delete: { name: b,

    ... } c a b Cache: { name: a, ... } { name: b, ... } { name: c, ... }

  37. Node Kubernetes API a kubelet c Delete: { name: b,

    ... } c a b Cache: { name: a, ... } { name: c, ... }

  38. Node Kubernetes API a kubelet c Cache: { name: a,

    ... } { name: c, ... } c a b API said to delete pod “b”.

  39. Node Kubernetes API a kubelet c Cache: { name: a,

    ... } { name: c, ... } c a API said to delete pod “b”.

  40. “But you said edge-triggered is bad!”

  41. It is! But this isn’t edge-triggered.

  42. The cache is updated by events (edges) but we are

    still reconciling state

  43. “???”

  44. The controller can be restarted at any time and the

    cache will be reconstructed - we can’t “miss an edge*” * modulo bugs, read on

  45. Even if you miss an event, you can still recover

    the state

  46. Ultimately it’s all just software, and software has bugs. Controllers

    should re-list periodically to get full state...

  47. ...but we’ve put a lot of energy into making sure

    that our list-watch is reliable.