How to build scalable, reliable and stable Kubernetes cluster atop - - PowerPoint PPT Presentation

how to build scalable reliable and stable kubernetes
SMART_READER_LITE
LIVE PREVIEW

How to build scalable, reliable and stable Kubernetes cluster atop - - PowerPoint PPT Presentation

Sep 02, 2022 188 likes •383 views

How to build scalable, reliable and stable Kubernetes cluster atop OpenStack Bo Wang bo.wang@easystack.cn HouMing Wang houming.wang@easystack.cn Cluster resources management Cluster data persistence Contents Integrate

slide-1
SLIDE 1

How to build scalable, reliable and stable Kubernetes cluster atop OpenStack

Bo Wang bo.wang@easystack.cn HouMing Wang houming.wang@easystack.cn

slide-2
SLIDE 2

Contents

Cluster data persistence

Cluster resources management

Integrate kuryr-kubernetes as CNI plugin Integrate manila as storage provisioner

slide-3
SLIDE 3

Architecture of Kubernetes Cluster

master nodes

apiserver etcd flanneld scheduler controller manager kubelet docker

slave nodes

flanneld kubelet docker end-user pods containers system daemons kube-proxy kube-proxy

slide-4
SLIDE 4

Cluster Resource Management – why

Pods can consume all the available capacity on a node by default Resource starvation What ever happened in our environment:

  • kube-proxy, prometheus were evicted
  • dockerd does not response in time
  • etcd cluster crash

System daemons crash and pods evicting Pods and system daemons compete for resources

slide-5
SLIDE 5

Cluster Resource Management – how

[1] Reserve Compute Resources for System Daemons: https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/ [2] Configure Quality of Service for Pods: https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/

categories components solution ref kubernetes system daemons kubelet,docker configure –kube-reserved [1] OS system daemons etcd,flanneld,apiserver configure

  • -system-reserved

[1] eviction thresholds kubelet configure

  • -eviction-hard

[1] kube-system pods kube-scheduler, kube-controller, kube-proxy, prometheus, fluentd configure guaranteed QoS class [2] end-user pods configure needed QoS class [2]

slide-6
SLIDE 6

Cluster Resource Management – example

Node Capacity 32Gi of memory, 16 CPUs and 100Gi of Storage kube-reserved

  • -kube-reserved=cpu=1,memory=2Gi,ephemeral-storage=1Gi

system-reserved

  • -system-reserved=cpu=500m,memory=1Gi,ephemeral-storage=1Gi

eviction-threshold

  • -eviction-hard=memory.available<500Mi,nodefs.available<10%

available for pods 14.5 CPUs, 28.5Gi memory, 98Gi local storage pod eviction occurs in the following order:

  • BestEffort
  • Burstable
  • Guaranteed
slide-7
SLIDE 7

Contents

Cluster data persistence

Cluster resources management Integrate kuryr-kubernetes as CNI plugin Integrate manila as storage provisioner

slide-8
SLIDE 8

Cluster Data Persistence

move essential data into persistent volumes separately as needed. All cluster data stored in local storage of VM instance. VM destroyed, data lost.

etcd data kubernetes object resources, container network configurations

Done in upstream

[1] https://bugs.launchpad.net/magnum/+bug/1697655 [2] https://review.openstack.org/#/c/473789/ monitor data nodes info, pods info configure volumes for prometheus pods logging data kubernetes daemons log, system daemons logs, container logs configure volumes for elasticsearch pods

slide-9
SLIDE 9

Etcd Cluster Independent Deployment

“Fast disks are the most critical factor for etcd deployment performance and stability. etcd is very sensitive to disk write latency.” “Few etcd deployments require a lot of CPU capacity.” [1]

[1] https://github.com/coreos/etcd/blob/master/Documentation/op-guide/hardware.md

etcd nodes master nodes slave nodes

flanneld flanneld apiserver etcd

LB

high performance volumes

slide-10
SLIDE 10

Contents

Cluster data persistence Cluster resources management

Integrate kuryr-kubernetes as CNI plugin

Integrate manila as storage provisioner

slide-11
SLIDE 11

Integrate kuryr-kubernetes as CNI plugin

Neutron Server kuryr controller kuryr bridge

tap-xxx

eth0 Pod1 eth0

tap-yyy

Pod2 eth0 kubelet 10.0.0.5 10.0.0.6 10.0.0.7 10.0.0.8 No IP No IP kube-proxy iptables eth1 eth0 eth1 kuryr bridge

tap-xxx

Pod1 eth0

tap-yyy

Pod2 eth0 10.0.0.9 10.0.0.10 kube-proxy iptables kuryr-cni kuryr-cni kubelet k8s api server

master node slave node

slide-12
SLIDE 12

Integrate kuryr-kubernetes as CNI plugin

difference with upstream reasons ref kuryr only for ip allocation kube-proxy for service --> pod

  • 1. iptables has better performance than neutron lbaasv2
  • 2. kuryr does not support k8s services in following kinds:

LoadBalancer; NodePort; Endpoint-less; Specify cluster ip [1] [2] add implementation of portmapping into kuryr-cni cni plugin should support hostPort [3] network topology of pods and vms with kube-proxy, macvlan do not go through the host system iptables trunk port is not enabled in our product [4] stop watching k8s events kubelet --> kuryr-cni --> kuryr-controller in theory, watching events should have better performance but in our test, kuryr-cni came into time out errors against concurrent pods creating. simplify the process to sequential call

[1] https://bugs.launchpad.net/kuryr-kubernetes/+bug/1684118 [2] https://bugs.launchpad.net/kuryr-kubernetes/+bug/1697942 [3] https://github.com/kubernetes-incubator/bootkube/issues/662 [4] https://github.com/kubernetes/kubernetes/issues/53089

slide-13
SLIDE 13

Contents

Cluster data persistence Cluster resources management Integrate kuryr-kubernetes as CNI plugin

Integrate manila as storage provisioner

slide-14
SLIDE 14

Integrate manila as storage provisioner

Pod1 Pod2 Pod3 NFS persistent volume Deployments/RC with one replica ReadWriteMany

Cinder

Block Storage Shared File System

Manila

Pod Cinder persistent volume Deployments/RC with multi-replicas ReadWriteOnce

slide-15
SLIDE 15

Integrate manila as storage provisioner

Manually leveraging manila to provide NFS PV for k8s pods

Create share network Create share Create PV with share location Create PVC match PV Create Pods mount PVC Multiple pods read/write share Manila k8s get share export location nfs-pv.yaml nfs-pvc.yaml

slide-16
SLIDE 16

Integrate manila as storage provisioner

[1] https://kubernetes.io/docs/concepts/storage/persistent-volumes/ [2] https://github.com/kubernetes-incubator/external-storage/ [3] https://github.com/kubernetes-incubator/external-storage/pull/429

Add manila as an external storage provisioner[1][2] to provide PV dynamically for Pods

k8s apiserver

K8s cluster

easystack manila provisioner pods [3]

watch PVC events

  • penstack

manila

kubeconfig cloudconfig manila storage class: manila pvc:

slide-17
SLIDE 17

Magnum

Q: Cloud these happen in magnum? A: Yes, we did all these work based on internal magnum. Related BP in magnum launchpad:

  • etcd cluster independent deployment: https://blueprints.launchpad.net/magnum/+spec/deploy-etcd-cluster-independently
  • integrate kuryr-kubernetes with magnum: https://blueprints.launchpad.net/magnum/+spec/integrate-kuryr-kubernetes
  • integrate manila with magnum: https://blueprints.launchpad.net/magnum/+spec/magnum-manila-integration
slide-18
SLIDE 18