a series of unfortunate container events
play

A Series Of Unfortunate Container Events Netflixs container platform - PowerPoint PPT Presentation

Aug 19, 2023 •355 likes •808 views

A Series Of Unfortunate Container Events Netflixs container platform lessons learned About the speakers and team Follow along - @sargun @tomaszbak_ca @fabiokung @aspyker @amit_joshee @anwleung 2 Netflixs container management platform

  1. A Series Of Unfortunate Container Events Netflix’s container platform lessons learned

  2. About the speakers and team Follow along - @sargun @tomaszbak_ca @fabiokung @aspyker @amit_joshee @anwleung 2

  3. Netflix’s container management platform ● Titus Service Batch ● Scheduling Job Management ○ Service & batch jobs ○ Resource management Resource Management & Optimization ● Container Execution ○ Docker/AWS Integration Container Execution ○ Netflix Infra Support Integration 3

  4. Containers In Production 4

  5. Current Titus scale ● Deployed across multiple AWS accounts & three regions ● Over 5,000 instances (Mostly M4.4xls & R3.8xls) ● Over a week period launched over 1,000,000 containers ● Over 10,000 containers running concurrently 5

  6. Single cloud platform for VMs and containers ● CI/CD (Spinnaker) ● Telemetry systems ● Discovery and RPC load balancing ● Healthcheck, Edda and system metrics ● Chaos monkey ● Traffic control (Flow & Kong) ● Netflix secure secret management ● Interactive access (ala ssh) 6

  7. Integrate containers with AWS EC2 ● VPC Connectivity (IP per container) ● Security Groups ● EC2 Metadata service ● IAM Roles ● Multi-tenant isolation (cpu, memory, disk quota, network) ● Live and S3 persisted logs rotation & mgmt ● Environmental context to similar to user data ● Autoscaling service jobs (coming) 7

  8. Container users on Titus ● Service ○ Stream Processing (Flink) ○ UI Services (NodeJS) ○ Internal dashboards ● Batch ○ Personalization ML model training (GPUs) ○ Content value analysis ○ Digital watermarking ○ Ad hoc reporting ○ Continuous integration builds Archer ○ Media encoding experimentation 8

  9. Titus high level overview Cassandra Mesos Docker Registry Titus Agents User Containers Titus Scheduler container container ● Job Lifecycle Control container Rhea container Titus API ● Resource Management Rhea Docker container Fenzo Mesos agent docker Workflow Titus System Agents Systems EC2 Autoscaling AWS Virtual Machines 9 9 9

  10. Lessons learned from a year in production? Look away, look away, Look away, look away This session will wreck your evening​, your whole life, and your day Every single episode is nothing but dismay So, look away, Look away, look away 10

  11. Expect Bad Actors 11

  12. Run-away submissions Submit a job, check status User If API doesn’t answer assume 404 and re-submit Problem: 12

  13. System perceived as infinite queue Worked for our content processing job of 100 containers Let’s run our “back-fill” -- 100s of thousands of containers User Problems ● Scheduler runs out of memory ● All other jobs get queued behind Solutions ● Scheduler capacity groups ● Absolute caps on number of concurrent live jobs ● Upstream systems doing ingest control 13

  14. Invalid Jobs Uses REST/JSON poorly { env: { “PATH” : null } } User Problems ● Scheduler crashes, fails over, crashes, repeat Solutions ● Input validation, input fuzz testing, exception handling 14

  15. Failing jobs that repeat Image: “org/imagename:lateest” Command: /bin/besh -c ... User Problems ● Containers can launch FAST! Can be restarted FAST! ● Scheduler works really hard ● Cloud resources allocated/deallocated FAST Solutions ● Rate limiting of failing jobs 15

  16. Testing for “bad” job data Problems ● Scheduler fails, can’t recover due to “bad” jobs Solutions STAGING PROD PROD 2. Restore job data 3. Test recovery 1. Export job data 4. Deploy new code Manual removal of bad job state? ✖ Test production data sets in staging ✔ 16

  17. Identifying bad actors V2 API ● user (optional) V2 Auditing ● Added collection of user performing action V3 API ● Owner -> teamEmail (required) 17

  18. Really bad actors - container escapes protections ● User Namespaces ○ Docker 1.10 - User Namespaces (Feb 2016) ○ Docker 1.11 - Fixed shared networking NSs ■ User id mapping is per daemon (not per container) ○ Deployed user namespaces recently ■ Problems - shared NFS, OSX LDAP uid/gid’s ● Locked Down hosts ○ Users only have access to containers, not hosts ○ Required “power user” ssh access for perf/debugging 18

  19. The Cloud Isn’t Perfect 19

  20. Cloud rate limiting and overall limits Let’s do a red/black deploy of 2000 containers instantly User Problems ● Scheduler and distributed host fleet ... no problem! ● Cloud provider … problem! Solutions ● Exponential backoff with jitter on hosts ● Setting expectations of maximum concurrent launches ● Rate limiting of container scheduling and overall number of containers 20

  21. Hosts start or go bad Problems ● Hosts come up with flakey networks ● Host disks come up and are slow ● Hosts go bad over time Solutions ● Scheduler must be aware of host health checks ● Linux, storage, etc warming ● Auto-termination if hosts take too long to become healthy 21

  22. Upgrades - In place upgrades Batch Container #1 Batch Container #1 Service Container #2 Service Container #2 ✖ Docker V1 Docker V2 ✖ Titus Agents V1 Titus Agents V2 ✖ Mesos V1 Mesos V2 Agent Agent with updates ● Simpler for container users ● Infrastructure becomes mutable ● Doesn’t leverage elastic cloud ● How to handle rollback? 22

  23. Upgrades - Whole cluster red/black ✖ ● Full red/black takes hours ● Costly (duplicate clusters) ● Insufficient Capacity Exception (ICE) ● Rollback requires ALL containers to move twice 23

  24. Upgrades - Partitioned cluster updates Let “drain” Batch Container #1 ✖ Service Container #2 CI/CD Task Docker V1 Migration ✖ Titus Agents V1 Mesos V1 ✖ old Service Container #2 ● Requires complex scheduler knowledge Docker V2 ○ Batch jobs to have runtime limits Titus Agents V2 Mesos V2 ○ Service jobs with Spinnaker migration tasks new ● Starting point for fleet cluster management 24

  25. Our Code Isn’t Perfect 25

  26. Disconnected containers You shouldn’t be! Problem ● Host agent controllers lock up Stop Container Scheduler ● Control plane can’t kill replaced containers User ● Why is my old code still running? Agent I’m running Locked Solutions × Up ● Monitor and alert on differences × ● Reconcile to this system as aggressively as possible Container 26

  27. Scheduler failover speed is important Scheduler failover time increased with scale ✖ Active StandBy Active Active ● Loss of API availability ● Reconciliation bugs caused task crashes save restore C* C* Solutions: ● Data sharding (current vs old tasks) ● Do as little as possible during startup 27

  28. Know your dependencies Problems ● Container creation errors ● Logs upload failure Zookeeper S3 DNS ● Task crashes Solutions Agent ● Retries ● Rate limiting ● Isolation 28

  29. Containers require kernel knowledge ● Containers start with Docker .. end with the kernel ● Best container runtimes deeply leverage kernel primitives ○ Resource Isolation ○ Security ○ Networking etc ● Debugging tools (tracepoints, perf events) not container aware ○ Need for BPF, Kprobe 29

  30. Strategy: Embrace chaos Problems ● Our instances fail ● Our code fails ● Our dependencies fail Solutions ● Learn to love the Chaos Monkey ● Enabled for prod and all services (even our scheduler) 30

  31. Alerting and dashboards key Telemetry system Number Metrics 100’s Dashboard Graphs 70+ Alerts 50+ Elastic Search Indexes 4 Very complex system == very complex telemetry and alerting Continuously evolving ● Based on real incidents and resulting deep analysis 31

  32. Temporary ad hoc remediation ● Manual babysitting of scheduler state ● Pin high when auto-scaling and capacity management isn’t work ● Automated for each ssh across all nodes ○ Detecting and remediating problems 32

  33. What has worked well? 33

  34. Solid software Docker Distribution Zookeeper ● Our Docker registry ● Leader Election ● Simple redirect on top of S3 ● Isolated Apache Mesos Cassandra ● Extensible resource manager ● CDE Internal Service ● Highly reliable replicated log ● Careful of access model 34

  35. Managing the Titus product Focus on core business value ● Container cluster management Features are important ● Deciding what not to do … Just as important! Deliberately chose NOT to do ● Service Discovery / RPC ● Continuous Delivery 35

  36. Ops enablement Phase 1: Manual red/black deploys Phase 2: Runbook for on-call Find Current Terminate Non Terminate Current Deploy New ASG Leader Leader Nodes Leader Phase 3: Automated pipelines 36

  37. Service Level Objectives (SLOs) Problem ● If you aren’t measuring, you don’t know ● If you don’t know, you can’t improve Solutions ● Our SLOs ○ Start Latency ○ % Crashed ○ API Availability ● Once we started watching, we started improving 37

  38. Onboarding slowly 38

  39. Documenting container readiness ● Broken down by type of application and feature set ● Readiness expressed in ○ Alpha (early users), beta (subject to change), GA (mass adoption) 39

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

DISASTER RELIEF CENTER 2x Accommodation Container 2x Sanitary Container 1x

DISASTER RELIEF CENTER 2x Accommodation Container 2x Sanitary Container 1x

DISASTER RELIEF CENTER 2x Accommodation Container 2x Sanitary Container 1x Galley Container 1x Medical Container 1x Feed Water Container 1x Water Treatment Container 2x Generator Container 1x

569 views • 8 slides
Correlating Events with Time Series for Incident Diagnosis Ricardo Reimao Idea: Identifying

Correlating Events with Time Series for Incident Diagnosis Ricardo Reimao Idea: Identifying

Correlating Events with Time Series for Incident Diagnosis Ricardo Reimao Idea: Identifying Pa=erns in Series and Events PPT freezes Memory Usage CPU Usage Open PPT User kills process Problem! How to correlate events with temporal

841 views • 27 slides
Container Library and FUSE Container File System Softwarepraktikum f ur Fortgeschrittene

Container Library and FUSE Container File System Softwarepraktikum f ur Fortgeschrittene

Introduction Container Library Container Tools FUSE Container File System Evaluation Container Library and FUSE Container File System Softwarepraktikum f ur Fortgeschrittene Michael Kuhn Parallele und Verteilte Systeme Institut f ur

353 views • 22 slides
Integrating career services and advising to elevate everyones game NACADA Region I, March 2018

Integrating career services and advising to elevate everyones game NACADA Region I, March 2018

Integrating career services and advising to elevate everyones game NACADA Region I, March 2018 Rich Davino and Dan Chapman Center for Career Education & Advising, Becker College Do you believe in miracles? A series of unfortunate events

321 views • 28 slides
MSS 153, LEMUEL A. GARRISON PAPERS SLIDES AND PHOTOGRAPHS SERIES DESCRIPTION AND CONTAINER LIST

MSS 153, LEMUEL A. GARRISON PAPERS SLIDES AND PHOTOGRAPHS SERIES DESCRIPTION AND CONTAINER LIST

MSS 153, LEMUEL A. GARRISON PAPERS SLIDES AND PHOTOGRAPHS SERIES DESCRIPTION AND CONTAINER LIST Slides and Photographs Series, 1940-1982, 137 Photographs and 1,479 Slides The Slides and Photographs are each arranged differently: photographs are

307 views • 10 slides
Container Deposits The story so far, and why doesn t everyone do this? Container Deposit

Container Deposits The story so far, and why doesn t everyone do this? Container Deposit

Plastic Bags Ban and Container Deposits The story so far, and why doesn t everyone do this? Container Deposit Legislation Remember 1975? Source: Adelaide Now Adelaide Oval Cricket test 1973 Football Grand Final 1973Adelaide Cans

658 views • 18 slides
The Unfortunate Truth Managin ing C Contam taminat ated S Site tes throughout the L Life

The Unfortunate Truth Managin ing C Contam taminat ated S Site tes throughout the L Life

The Unfortunate Truth Managin ing C Contam taminat ated S Site tes throughout the L Life fe-Of Of-Mine t e to Reduce e Ris isks an and L Liab iabilities Overview Notable issues associated with application of requirements under

761 views • 16 slides
Nitrosamines in sartans: A scandal or an unfortunate incident? Thurloch OCriodain QP Forum 23

Nitrosamines in sartans: A scandal or an unfortunate incident? Thurloch OCriodain QP Forum 23

Nitrosamines in sartans: A scandal or an unfortunate incident? Thurloch OCriodain QP Forum 23 rd April 2020 TOC Consulting 23/04/2020 1 Disclaimer The issues and actions presented here are specific to the company and manufacturing

341 views • 33 slides
On Hopefully Intelligible Contributions to Seminar Series and Related Events (aka. This Talk on

On Hopefully Intelligible Contributions to Seminar Series and Related Events (aka. This Talk on

On Hopefully Intelligible Contributions to Seminar Series and Related Events (aka. This Talk on Kurt Gdel is not a Pearl of Computation) lvaro Garca-Prez Reykjavik University April 8th, 2016 1 / 29 Overture (Variations on LOGICOMIX )

883 views • 66 slides
A series of workshops and events to explore the key drivers and enablers that should drive

A series of workshops and events to explore the key drivers and enablers that should drive

A series of workshops and events to explore the key drivers and enablers that should drive continued innovation in Lambeth Supported by: Collaborative 21 st Century Digital Leadership Demand Thinking leading with communities Management and

415 views • 28 slides
FHA HEN Webinar Series Chasing Zero Infections Topic: Ventilator-associated Events (VAE)

FHA HEN Webinar Series Chasing Zero Infections Topic: Ventilator-associated Events (VAE)

FHA HEN Webinar Series Chasing Zero Infections Topic: Ventilator-associated Events (VAE) Coaching Call June 15, 2016 Agenda Welcome and HEN Update Sally Forsberg, RN, Director of Quality & Patient Safety, Florida Hospital Association

552 views • 33 slides
our container journey @beshippable shippable.com our container journey containers can

our container journey @beshippable shippable.com our container journey containers can

our container journey @beshippable shippable.com our container journey containers can make us way more efficient containers can save us money on hosting containers sound interesting company founded in 2013

848 views • 30 slides
Mini-Bulk/IBC Pesticide Container Collection Program EPA Sponsored California San Joaquin Valley

Mini-Bulk/IBC Pesticide Container Collection Program EPA Sponsored California San Joaquin Valley

Mini-Bulk/IBC Pesticide Container Collection Program EPA Sponsored California San Joaquin Valley Jim Bise Director of Sales Myers Container/CMS jbise@myerscontainer.com 1 Myers Container Myers Container Myers Container, LLC has been

635 views • 8 slides
The unfortunate paradox of retail energy prices Dr Ron Ben-David Chairperson Essential Services

The unfortunate paradox of retail energy prices Dr Ron Ben-David Chairperson Essential Services

The unfortunate paradox of retail energy prices Dr Ron Ben-David Chairperson Essential Services Commission (Vic) Some recent observations Retail contribution to growing bills (ESC 2013, Grattan 2017, Thwaites et al 2017, ACCC 2017)

541 views • 29 slides
Lead Screw Motors LSM08 Series LSM11 Series LSM14 Series LSM17 Series

Lead Screw Motors LSM08 Series LSM11 Series LSM14 Series LSM17 Series

Lead Screw Motors LSM08 Series LSM11 Series LSM14 Series LSM17 Series LSM23 Series Linear Slides MS28 Series MS35 Series MS42 Series CS35 Series CS42 Series Stepper Drives SR Series ST

719 views • 52 slides
Infection Prevention and NHSN Webinar Series NHSN: Ventilator-Associated Events (VAE)

Infection Prevention and NHSN Webinar Series NHSN: Ventilator-Associated Events (VAE)

An Initiative of the Florida Hospital Association Hospital Improvement Innovation Network Infection Prevention and NHSN Webinar Series NHSN: Ventilator-Associated Events (VAE) Surveillance Identification and Analysis December 18, 2018 Agenda

771 views • 62 slides
SERVING NEW YORK A WEALTH OF EXPERIENCE SERVING NEW YORK A WEALTH OF EXPERIENCE SERVING NEW

SERVING NEW YORK A WEALTH OF EXPERIENCE SERVING NEW YORK A WEALTH OF EXPERIENCE SERVING NEW

A WEALTH OF EXPERIENCE SERVING NEW YORK A WEALTH OF EXPERIENCE SERVING NEW YORK A WEALTH OF EXPERIENCE SERVING NEW YORK A WEALTH OF EXPERIENCE THE PROMISE OF PARTNERSHIPS A WEALTH OF EXPERIENCE CHALLENGES TO NEW SUPPORTIVE HOUSING A WEALTH

259 views • 11 slides
U.S. Department of the I nterior Office of Policy Analysis Structure Secretary Salazar

U.S. Department of the I nterior Office of Policy Analysis Structure Secretary Salazar

U.S. Department of the I nterior Office of Policy Analysis Structure Secretary Salazar Assistant Secretary Rhea Su, Policy, Management and Budget Deputy Assistant Secretary, Lori Faeth Office of Policy Analysis Director, Joel Clement TECHNI

195 views • 7 slides
GEICO: The Growth Company that made the Value Investing careers of both Benjamin

GEICO: The Growth Company that made the Value Investing careers of both Benjamin

GEICO: The Growth Company that made the Value Investing careers of both Benjamin Graham and Warren Buffett In 1948, we made our GEICO investment and from then on, we seemed to be very brilliant people. Benjamin Graham, 1976 Becky

525 views • 30 slides
Management at CCO FEBRUARY 15, 2017 Presented by CCO Tia Nitsopoulos, Patty Bauza and Rhea

Management at CCO FEBRUARY 15, 2017 Presented by CCO Tia Nitsopoulos, Patty Bauza and Rhea

Advancing Strategy Management at CCO FEBRUARY 15, 2017 Presented by CCO Tia Nitsopoulos, Patty Bauza and Rhea Tubigan Outline 01 Introduction CCOs Strategy Journey 02 Enhance our strategic capabilities Enrich organizational

251 views • 21 slides
Reopening Guidance 2020-21 Please note that these plans evolve with the times. As we get new

Reopening Guidance 2020-21 Please note that these plans evolve with the times. As we get new

Reopening Guidance 2020-21 Please note that these plans evolve with the times. As we get new guidance from the CDC and our local Health Departments, and as we see what works and what does not work, we will update the plans. We want to hear

483 views • 47 slides
1 3/2017 May 3, 2017 Interim President and CEO Andrei Pantioukhov Strong start of the year

1 3/2017 May 3, 2017 Interim President and CEO Andrei Pantioukhov Strong start of the year

Interim Report 1 3/2017 May 3, 2017 Interim President and CEO Andrei Pantioukhov Strong start of the year and good prospects for steady growth 1. General overview 2. Nokian Tyres financial performance 3. Business units 4. Nokian

634 views • 45 slides
Direct Tension Test The Direct Tension Test provides a information on facture and strain

Direct Tension Test The Direct Tension Test provides a information on facture and strain

Direct Tension Test The Direct Tension Test provides a information on facture and strain tolerance of the binder. New low temperature binder Spec. Thermal stress compared to strength Strain at Failure vs Temperature 20 10/20 19 18

196 views • 7 slides
Collaboration leads to improved situation awareness Presentation to Slovak EU Presidency Seminar

Collaboration leads to improved situation awareness Presentation to Slovak EU Presidency Seminar

Collaboration leads to improved situation awareness Presentation to Slovak EU Presidency Seminar Douglas Wiemer, Director CSS, RHEA Group 07/07/2016 Modern Threat Environment Radicalization, Terrorism, Hacktivism Advanced nation state

463 views • 10 slides

More recommend