20 000 upgrades later
play

20,000 Upgrades Later Lessons From a Year of Managed Kubernetes - PowerPoint PPT Presentation

Sep 30, 2023 β€’211 likes β€’660 views

20,000 Upgrades Later Lessons From a Year of Managed Kubernetes Upgrades Adam Wolfe Gordon DigitalOcean do.co/doks 1 @maybeawg This Talk Started One(ish) Year Ago... Me, in Barcelona DO, in Barcelona do.co/doks 2 @maybeawg

  1. 20,000 Upgrades Later Lessons From a Year of Managed Kubernetes Upgrades Adam Wolfe Gordon DigitalOcean πŸ–¦ do.co/doks 1 @maybeawg

  2. This Talk Started One(ish) Year Ago... Me, in Barcelona DO, in Barcelona πŸ–¦ do.co/doks 2 @maybeawg

  3. Generally Available? UPGRADES! πŸ–¦ do.co/doks 3 @maybeawg

  4. 20,000 Upgrades Later Lessons From a Year of Managed Kubernetes Upgrades Adam Wolfe Gordon DigitalOcean πŸ–¦ do.co/doks 5 @maybeawg

  5. Disclaimers! ● Lessons from our upgrade process. You might upgrade differently! β—‹ ● Upgrades of our customers’ clusters. β—‹ Your workloads might be different! πŸ–¦ do.co/doks 6 @maybeawg

  6. How to Upgrade Kubernetes 1. Upgrade the control plane. 2. Upgrade the worker nodes. ??? 3. 4. Profit! πŸ–¦ do.co/doks 7 @maybeawg

  7. How to Upgrade Kubernetes 1. Upgrade the control plane. a. Update any resources that aren’t supported in the target version. b. Upgrade etcd (if needed). c. Upgrade kube-apiserver. d. Upgrade kube-controller-manager. e. Upgrade kube-scheduler. f. Upgrade your CNI plugin (if needed). g. Upgrade provider-specific components (e.g. cloud-controller-manager, CSI controller). h. Upgrade kubelet and kubectl. 2. Upgrade the worker nodes. a. Cordon and drain a worker node. b. Update kubelet configuration (if needed). c. Upgrade the kubelet. d. Uncordon the node. e. Repeat for each node in the cluster. πŸ–¦ do.co/doks 8 @maybeawg

  8. Shortcut: Upgrade via Node Replacement 1. Upgrade the control plane. a. Update any resources that aren’t supported in the target version. b. Upgrade etcd (if needed). b. Destroy the original control plane node. c. Upgrade kube-apiserver. c. Provision a new control plane node. d. Upgrade kube-controller-manager. e. Upgrade kube-scheduler. f. Upgrade your CNI plugin (if needed). g. Upgrade provider-specific components (e.g. cloud-controller-manager, CSI controller). h. Upgrade kubelet and kubectl. 2. Upgrade the worker nodes. a. Cordon and drain a worker node. b. Update kubelet configuration (if needed). b. Destroy the node. c. Upgrade the kubelet. c. Provision a new node. d. Uncordon the node. e. Repeat for each node in the cluster. πŸ–¦ do.co/doks 9 @maybeawg

  9. Advantages of Node Replacement ● Clean slate - no chance for configuration drift. ● Fewer steps to manage - good for automation. Same process works for all release types. ● β—‹ (Mostly) πŸ–¦ do.co/doks 10 @maybeawg

  10. Things We Got Right Upgrades via Node Replacement πŸ–¦ do.co/doks 11 @maybeawg

  11. Problems Ch-ch-changes ● Custom node configuration is reset. ● Node names change. Node IPs change. ● ● Node labels and taints lost. πŸ–¦ do.co/doks 12 @maybeawg

  12. Lessons for Operators Managing Change ● Re-use node names and IPs if possible. ● Retain labels or provide a good alternative. Retain taints or provide a good alternative. ● ● Provide simple ingress/load balancing. πŸ–¦ do.co/doks 13 @maybeawg

  13. Lessons for Developers Tolerating Change ● Use Kubernetes to do node customization. DaemonSets β—‹ β—‹ Init containers ● Don’t use node names for scheduling. Use provider-supported label/taint settings. ● ● Use provider-supported load balancing. πŸ–¦ do.co/doks 14 @maybeawg

  14. Things We Got Wrong Break Before Make πŸ–¦ do.co/doks 15 @maybeawg

  15. Problems Drain to Nowhere ● Insufficient capacity to drain nodes. ● Downtime in single-node clusters. Extra churn for workloads. ● β—‹ Might be drained to a node that’s about to be deleted. πŸ–¦ do.co/doks 16 @maybeawg

  16. Lessons for Operators Drainage Capacity ● Add nodes before deleting nodes if possible. ● Consider reserving capacity. πŸ–¦ do.co/doks 17 @maybeawg

  17. Lessons for Developers Expect to be Drained ● Leave capacity for a node to be drained. πŸ–¦ do.co/doks 18 @maybeawg

  18. Things We Got Wrong Replacing Nodes One by One πŸ–¦ do.co/doks 19 @maybeawg

  19. Problems Ants Go Marching ● Replacing nodes one-by-one is slow. ● Workloads can get stuck draining β—‹ Making replacement even slower. ● Upgrades need to be expedient. πŸ–¦ do.co/doks 20 @maybeawg

  20. Lessons for Operators Rapid Replacement ● Drain and replace multiple nodes at once. This usually requires make-before-break. β—‹ ● Set reasonable drain timeouts. πŸ–¦ do.co/doks 21 @maybeawg

  21. Lessons for Developers Unclog Your Drains ● Make sure your workloads can be evicted. Safely: Use PodDisruptionBudgets. β—‹ β—‹ Quickly: Respond to signals. ● Test this! πŸ–¦ do.co/doks 22 @maybeawg

  22. Things We Got Wrong (but felt so right) Minor Version Upgrades are Easy πŸ–¦ do.co/doks 23 @maybeawg

  23. Lessons for Operators Don’t Worry, Be Happy ● Minor version upgrades aren’t that scary. ● Try to use the same process for all upgrades. πŸ–¦ do.co/doks 24 @maybeawg

  24. Things We Got Right Disabling Alpha Features πŸ–¦ do.co/doks 25 @maybeawg

  25. Lessons for Operators Wait for Beta ● Alpha features are disabled by default. ● Alpha features are likely to change/break. Beta features are less likely to change. ● ● Consider the upgrade tradeoff. πŸ–¦ do.co/doks 26 @maybeawg

  26. Lessons for Developers Alpha as a Last Resort ● Avoid using alpha features if possible. ● Read release notes before upgrading. πŸ–¦ do.co/doks 27 @maybeawg

  27. Common Problems Container Storage Interface (CSI) πŸ–¦ do.co/doks 28 @maybeawg

  28. CSI Problems Beta ● CSI was promoted to beta in Kubernetes 1.10. ● Supporting components were relatively new. CSI drivers were relatively new. ● ● Out-of-sync state. ● Far fewer problems in recent releases. πŸ–¦ do.co/doks 29 @maybeawg

  29. CSI Problems Driver Names ● In early CSI specs, com.example.csi. ● In later CSI specs, csi.example.com. The name is immutable in Kubernetes! ● ● Solution: detect and persist old naming. πŸ–¦ do.co/doks 30 @maybeawg

  30. Lessons Beware the CSI ● If you’re using CSI, carefully test upgrades. ● Watch for workloads that get stuck. Use Kubernetes 1.14+ if possible. ● πŸ–¦ do.co/doks 31 @maybeawg

  31. Common Problems Admission Control Webhooks πŸ–¦ do.co/doks 32 @maybeawg

  32. Admission Control Webhooks Overview πŸ–¦ do.co/doks 33 @maybeawg

  33. Admission Control Webhooks Overview πŸ–¦ do.co/doks 34 @maybeawg

  34. Admission Control Webhooks Overview apiVersion: admissionregistration.k8s.io/v1 apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration kind: ValidatingWebhookConfiguration metadata: metadata: name: webhook.example.com name: webhook.example.com webhooks: webhooks: - name: webhook.example.com - name: webhook.example.com rules: rules: - apiGroups: [""] - apiGroups: [""] apiVersions: ["v1"] apiVersions: ["v1"] operations: ["CREATE"] operations: ["CREATE"] resources: ["pods"] resources: ["pods"] scope: "Namespaced" scope: "Namespaced" clientConfig: clientConfig: service: service: namespace: "webhook-namespace" namespace: "webhook-namespace" name: "webhook-service" name: "webhook-service" admissionReviewVersions: ["v1", "v1beta1"] admissionReviewVersions: ["v1", "v1beta1"] sideEffects: None sideEffects: None timeoutSeconds: 30 timeoutSeconds: 30 failurePolicy: Fail failurePolicy: Ignore πŸ–¦ do.co/doks 35 @maybeawg

  35. Admission Control Webhooks Trouble for Upgrades ● Upgrades update system components. ● Some of these components run as workloads. β—‹ Usually in the kube-system namespace. ● Webhooks can prevent these updates. ● Webhooks can also affect their own services! πŸ–¦ do.co/doks 36 @maybeawg

  36. Admission Control Webhooks: Problems apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: webhook.example.com webhooks: - name: webhook.example.com rules: - apiGroups: [""] apiVersions: ["v1"] operations: ["CREATE"] resources: ["pods"] webhook-service kube-proxy cilium scope: "Namespaced" clientConfig: service: namespace: "webhook-namespace" name: "webhook-service" admissionReviewVersions: ["v1", "v1beta1"] sideEffects: None timeoutSeconds: 30 failurePolicy: Fail πŸ–¦ do.co/doks 37 @maybeawg

  37. Admission Control Webhooks: Solutions apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: webhook.example.com webhooks: - name: webhook.example.com rules: - apiGroups: [""] apiVersions: ["v1"] operations: ["CREATE"] resources: ["pods"] scope: "Namespaced" clientConfig: service: namespace: "webhook-namespace" name: "webhook-service" admissionReviewVersions: ["v1", "v1beta1"] sideEffects: None timeoutSeconds: 30 failurePolicy: Ignore πŸ–¦ do.co/doks @maybeawg

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CMS Upgrades CMS Plans up to 2020/ 2030? Dan Green Fermilab 06/05/13 U of D0 CMS Upgrades

CMS Upgrades CMS Plans up to 2020/ 2030? Dan Green Fermilab 06/05/13 U of D0 CMS Upgrades

CMS Upgrades CMS Plans up to 2020/ 2030? Dan Green Fermilab 06/05/13 U of D0 CMS Upgrades 1 Why Upgrade? The LHC will be the only factory in HEP for W, Z, t and H production for a long time To further the energy frontier we

986 views β€’ 45 slides
KGL Code Upgrades Town Hall Meeting August 5, 2020 Project Scope Life Safety Systems Upgrades

KGL Code Upgrades Town Hall Meeting August 5, 2020 Project Scope Life Safety Systems Upgrades

KGL Code Upgrades Town Hall Meeting August 5, 2020 Project Scope Life Safety Systems Upgrades Fire Protection System Installed Throughout Emergency Power and Lighting Upgrades Guardrail and Handrail Modifications Fire

467 views β€’ 23 slides
Victorian Energy Upgrades Public Forum Friday 13 October 2017 Victorian Energy Upgrades Public

Victorian Energy Upgrades Public Forum Friday 13 October 2017 Victorian Energy Upgrades Public

Victorian Energy Upgrades Public Forum Friday 13 October 2017 Victorian Energy Upgrades Public Forum Welcome John Hamill CEO, Essential Services Commission Victorian Energy Upgrades Public Forum Introduction Jeff Cefai Director VEET,

1.83k views β€’ 156 slides
The CMS HL-LHC Upgrades and Proposed U.S. CMS Contributions Vivian ODell, U. S. CMS HL-LHC

The CMS HL-LHC Upgrades and Proposed U.S. CMS Contributions Vivian ODell, U. S. CMS HL-LHC

The CMS HL-LHC Upgrades and Proposed U.S. CMS Contributions Vivian ODell, U. S. CMS HL-LHC USCMS Project Manager February 2, 2016 Outline Quick outline of the physics The LHC and CMS CMS Upgrades Funding and Costs

620 views β€’ 50 slides
P01 Overview of CMS HL-LHC Upgrades Anders Ryd, Deputy Project Manager September 17, 2015

P01 Overview of CMS HL-LHC Upgrades Anders Ryd, Deputy Project Manager September 17, 2015

P01 Overview of CMS HL-LHC Upgrades Anders Ryd, Deputy Project Manager September 17, 2015 A. Ryd, 2015 September 17 Director's Progress Review Overview of CMS HL-LHC Upgrades 1 Outline Overview of CMS HL-LHC Upgrades P5 report

473 views β€’ 20 slides
Accommodation New Builds Upgrades Room-in-a-box Introduction New Builds

Accommodation New Builds Upgrades Room-in-a-box Introduction New Builds

Accommodation New Builds Upgrades Room-in-a-box Introduction New Builds Upgrades Room-in-a-box Contact The Aiken Group Aiken Group was founded in 1987 as a multi-disciplinary engineering services company specialising in

828 views β€’ 26 slides
Managing the U. S. CMS HL-LHC Upgrades Vivian ODell, U. S. CMS HL-LHC USCMS Project Manager

Managing the U. S. CMS HL-LHC Upgrades Vivian ODell, U. S. CMS HL-LHC USCMS Project Manager

Managing the U. S. CMS HL-LHC Upgrades Vivian ODell, U. S. CMS HL-LHC USCMS Project Manager February 2, 2016 Director's Review - Managing the U. S. CMS HL-LHC Upgrades V. O'Dell, 2

597 views β€’ 11 slides
Water Treatment Plant Phase 1 Upgrades CMAR Selection Pre-Submittal Meeting October 12, 2017

Water Treatment Plant Phase 1 Upgrades CMAR Selection Pre-Submittal Meeting October 12, 2017

Water Treatment Plant Phase 1 Upgrades CMAR Selection Pre-Submittal Meeting October 12, 2017 Water Treatment Plant Phase 1 Upgrades 22 mgd WTP Expand capacity to 32 mgd Upgrades to most processes Only minor improvements to

469 views β€’ 29 slides
ATLAS/CMS Upgrades Yasuyuki Horii Nagoya University on Behalf of the ATLAS and CMS

ATLAS/CMS Upgrades Yasuyuki Horii Nagoya University on Behalf of the ATLAS and CMS

ATLAS/CMS Upgrades Yasuyuki Horii Nagoya University on Behalf of the ATLAS and CMS Collaborations Outline 2 /26 LHC/HL-LHC plan ATLAS/CMS upgrades Physics prospects LHC/HL-LHC Plan Overview 4 /26 SM precision studies and BSM searches

543 views β€’ 35 slides
UPGRADES Synthetic Turf & Lighting Park Board Committee Meeting April 15, 2019 PRESENTATION

UPGRADES Synthetic Turf & Lighting Park Board Committee Meeting April 15, 2019 PRESENTATION

PLAYING FIELD UPGRADES Synthetic Turf & Lighting Park Board Committee Meeting April 15, 2019 PRESENTATION OUTLINE 1. Purpose 2. Previous Board Decisions 3. Background 4. Public Engagement 5. Proposed Upgrades 6. Next Steps 7.

459 views β€’ 31 slides
Telescope Array: Status and Upgrades John Belz University of Utah Snowmass on the Mississippi

Telescope Array: Status and Upgrades John Belz University of Utah Snowmass on the Mississippi

Telescope Array: Status and Upgrades John Belz University of Utah Snowmass on the Mississippi Minneapolis, 30 July 2013 Outline Telescope Array Overview Detector Physics TA Upgrades TALE TA x 4 NICHE TA

400 views β€’ 22 slides
2019 BETTER PLANTS SUMMIT AGROPUR AMMONIA SYSTEM UPGRADES M ark M int er CEM 2

2019 BETTER PLANTS SUMMIT AGROPUR AMMONIA SYSTEM UPGRADES M ark M int er CEM 2

2019 BETTER PLANTS SUMMIT AGROPUR AMMONIA SYSTEM UPGRADES M ark M int er CEM 2 INTRODUCTION Better Dairy. Better World. www.agropur.com 3 AGROPUR - AMMONIA SYSTEM UPGRADES Background Historically ran at 20.4 PSI suction

114 views β€’ 10 slides
Global Spectrum Contract Agenda Current Contract Structure Kitchen Upgrades Audio

Global Spectrum Contract Agenda Current Contract Structure Kitchen Upgrades Audio

Global Spectrum Contract Agenda Current Contract Structure Kitchen Upgrades Audio Visual Upgrades IT Interface ADA Compliance Financial Proforma (First 3 Years) Expected Attendance Global Spectrum Contract as proposed

499 views β€’ 18 slides
development upgrades Michael Brown NGM Firmware Lead Technologist Dell EMC Embedded Linux

development upgrades Michael Brown NGM Firmware Lead Technologist Dell EMC Embedded Linux

Reducing the pain of Yocto development upgrades Michael Brown NGM Firmware Lead Technologist Dell EMC Embedded Linux Conference 2017 Outline Easier Yocto upgrades in development - Introduction - Problem Statement - Dell EMC

167 views β€’ 15 slides
LBNF/NuMI-Style target, for Horn A, revision 2, & other upgrades. Paul Lebrun ND/Fermilab.

LBNF/NuMI-Style target, for Horn A, revision 2, & other upgrades. Paul Lebrun ND/Fermilab.

LBNF/NuMI-Style target, for Horn A, revision 2, & other upgrades. Paul Lebrun ND/Fermilab. Nov 17 2016 NuMI Target upgrade, + others 1 A confusing sequence of code upgrades.. I HornA, revision 2 => Coded up. Target: revised:

197 views β€’ 19 slides
CMS Upgrades for the HL-LHC P . McBride for the CMS SP team USCMS HL-LHC Upgrade Directors

CMS Upgrades for the HL-LHC P . McBride for the CMS SP team USCMS HL-LHC Upgrade Directors

CMS Upgrades for the HL-LHC P . McBride for the CMS SP team USCMS HL-LHC Upgrade Directors Review Fermilab 19.03.2019 about me CMS Deputy Spokesperson (DSP) with Roberto Carlin SP and Luca Malgeri DSP Distinguished Scientist at

618 views β€’ 41 slides
CLIMATE JUSTICE: CAN WE AGREE TO DISAGREE? Operationalising competing equity principles to

CLIMATE JUSTICE: CAN WE AGREE TO DISAGREE? Operationalising competing equity principles to

Completion seminar 28 July 2017 CLIMATE JUSTICE: CAN WE AGREE TO DISAGREE? Operationalising competing equity principles to mitigate global warming Ph.D. Student Yann Robiou du Pont, Australian-German College of Climate & Energy

703 views β€’ 58 slides
Advances in Optoelectronic Technologies for ROADM Subsystem s Louay Eldada Chief Technology

Advances in Optoelectronic Technologies for ROADM Subsystem s Louay Eldada Chief Technology

Advances in Optoelectronic Technologies for ROADM Subsystem s Louay Eldada Chief Technology Officer DuPont Photonics Technologies louay.eldada@usa.dupont.com http://www.photonics.dupont.com Use of ROADM in Optical Networks Long Haul Metro

567 views β€’ 34 slides
C4ISR Architectures and Software Architectures Rich Hilliard rh@mitre.org IEEE Architecture

C4ISR Architectures and Software Architectures Rich Hilliard rh@mitre.org IEEE Architecture

C4ISR Architectures and Software Architectures Rich Hilliard rh@mitre.org IEEE Architecture Working Group http://www.pithecanthropus.com/~awg/ Circa 1996? updated info: r.hilliard@computer.org http://www.iso-architecture.org/42010 Contents

407 views β€’ 21 slides
EECS 192: Mechatronics Design Lab Discussion 3: Motor Driver and Servo Control GSI: Justin Yim 1

EECS 192: Mechatronics Design Lab Discussion 3: Motor Driver and Servo Control GSI: Justin Yim 1

EECS 192: Mechatronics Design Lab Discussion 3: Motor Driver and Servo Control GSI: Justin Yim 1 & 2 Feb 2017 (Week 3) 1 Motor Driver Circuits 2 Wiring 3 Servomotors 4 Summary Ducky (UCB EECS) Mechatronics Design Lab 1 & 2 Feb 2017

887 views β€’ 56 slides
Performance and Insights on File Formats 2.0 Luca Menichetti, Vag Motesnitsalis Design and

Performance and Insights on File Formats 2.0 Luca Menichetti, Vag Motesnitsalis Design and

Performance and Insights on File Formats 2.0 Luca Menichetti, Vag Motesnitsalis Design and Expectations 2 Use Cases: Exhaustive (operation using all values of a record) Selective (operation using limited values of a record) 5

331 views β€’ 16 slides
Power supply for the BELLE II PXD 5th International Workshop on DEPFET Detectors and

Power supply for the BELLE II PXD 5th International Workshop on DEPFET Detectors and

LMU Cluster Universe Stefan Rummel Power supply for the BELLE II PXD 5th International Workshop on DEPFET Detectors and Applications 29.09-30.09. Valencia Overview News from LMU PS project schedule Requirement analysis

695 views β€’ 32 slides
SUPPORT SERVICES BUILDING PENN STATE MILTON S. HERSHEY MEDICAL CENTER PENN STATE AE SENIOR THESIS

SUPPORT SERVICES BUILDING PENN STATE MILTON S. HERSHEY MEDICAL CENTER PENN STATE AE SENIOR THESIS

SUPPORT SERVICES BUILDING PENN STATE MILTON S. HERSHEY MEDICAL CENTER PENN STATE AE SENIOR THESIS FINAL PRESENTATION WILL LAZRATION CONSTRUCTION MANAGEMENT - DR. RILEY SUPPORT SERVICES BUILDING WILL LAZRATION PRESENTATION OUTLINE

201 views β€’ 5 slides
Waveform Generation Fundamental part of signal processing is the signal. Within the

Waveform Generation Fundamental part of signal processing is the signal. Within the

Waveform Generation Fundamental part of signal processing is the signal. Within the context of hardware implementations of signal processing this signal may arise from: A local waverform/signal generator. Continuous stream from a

492 views β€’ 26 slides

More recommend