katalog sync
play

Katalog-Sync Reliable Integration of Consul and Kubernetes Me: - PowerPoint PPT Presentation

Sep 12, 2023 •547 likes •1.01k views

Katalog-Sync Reliable Integration of Consul and Kubernetes Me: Thomas Jackson Head of Core Infrastructure @ Wish Work experience: Network Engineer Corporate IT Small Startups Freelance Work LinkedIn

  1. Katalog-Sync Reliable Integration of Consul and Kubernetes

  2. Me: Thomas Jackson ● Head of Core Infrastructure @ Wish ● Work experience: Network Engineer ○ ○ Corporate IT Small Startups ○ ○ Freelance Work LinkedIn (professional social network) ○ ○ Wish (mobile-first ecommerce platform)

  3. About Us Who We Are Leading mobile commerce platform in US and EU. Our Mission To offer the most affordable, convenient, and effective mobile shopping mall in the world.

  4. Global Reach 300M+ Registered Users 10M+ Daily Active Users 250K+ Active Shoppers per Day

  5. How this talk will go ● Context ○ There will be memes! ○ Feel free to laugh ○ Please don’t fall asleep (if you do… just don’t snore) Agenda ● ○ K8s: what is it, why do you want it, how do you get it Iterations using consul on k8s: process, design, ○ testing, and results

  6. Why Kubernetes (k8s)? ● First, we should talk a bit about how it was done before

  7. Pre-k8s: The Dark Ages ● What ○ High-level, we want to run apps ○ To accomplish this we manage fleets of servers ● How Configuration management for app deployments (e.g. Chef, salt, ansible, etc.) ○ ○ Tar.gz or package to deploy/revert app

  8. Pre-k8s: The Dark Ages ● Pain points ○ Managing stateful systems (state def needs to account for everything that could happen to a system) ○ Rollbacks are difficult (if not impossible) ○ Coordination is complicated ○ Limited introspection ○ Limited access control ○ Hard to test and review

  9. With K8s: The future!

  10. With K8s: The future! ● Declarative state, config, automation ● Rollbacks are exact: just a “push” to previous state Great introspection and access control ● Easily tested: containers are “the same” everywhere ● ● Better abstraction: pods vs “instances”

  11. K8s: a crash course (emphasis on crash) ● K8s is a container orchestrator Base unit is a “pod” ● ○ N containers shared network namespace ○ ● Some K8s “pieces” Kube-apiserver ○ ○ Scheduler Controllers ○ ○ Kubelet Kubectl ○

  12. How do I K8s? ● That sounds great, I want it! ● K8s is a platform, you have to decide what to build

  13. Disclaimer ● Lots of trade-offs when building/designing k8s deployment ● No way to cover all items in detail in our time I’m going to cover a subset of these points, and cover what we did ●

  14. K8s: Question 1 -- network ● What? ○ CNI plugins (High-level) Options? ● ○ Overlay: not route-able (usually) from outside of cluster -- depend on service endpoints Non-overlay: pod IPs are routable in the network ○ ● Which? ○ Non-overlay network ■ Avoid “access” issues with service-only ingress ■ Enables “all” services to move into k8s ■ We’re using https://github.com/aws/amazon-vpc-cni-k8s

  15. K8s: Question 1 -- network ● What? ○ CNI plugins (High-level) Options? ● ○ Overlay: not route-able (usually) from outside of cluster -- depend on service endpoints Non-overlay: pod IPs are routable in the network ○ ● Which? ○ Non-overlay network ■ Avoid “access” issues with service-only ingress ■ Enables “all” services to move into k8s ■ We’re using https://github.com/aws/amazon-vpc-cni-k8s

  16. K8s: Question 2 -- cluster layout ● What? ○ How many clusters, where to put them, planned failure domains (High-level) Options? ● ○ Global: Single cluster; enables some controllers Per region: Some separation for failures ○ ○ Per AZ: maximum separation for failures, Which? ● ○ Per AZ: fits with our reliability design and also avoids concerns of cluster-scale issues

  17. K8s: Question 3 -- service discovery

  18. K8s: Question 3 -- service discovery ● What? ○ How do we discover services (1) in-cluster (2) out-of-cluster (3) in-cluster ○ How do external services discover us? ● (High-level) Options? K8s Services: accessible for all 3; requires all services to use this model ○ ○ K8s SD: works in-cluster, can’t register external SD into this Consul: completely external SD mechanism, works for k8s and non-k8s ○ ● Which? ○ Consul: We use consul for our other SD, works for all 3 modes, and less to support!

  19. What is consul? Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure - https://github.com/hashicorp/consul

  20. Great, lets integrate k8s with consul!

  21. K8s+consul v1: Sidecar consul-agent ● Why ○ Closest match to what we were doing outside of k8s What ● ○ Sidecar of consul-agent added to each pod

  22. K8s+consul v1: Sidecar consul-agent - command: - "/bin/consul" - agent image: consul:latest name: consul volumeMounts: - mountPath: "/etc/consul/secrets" name: consul-key - mountPath: "/etc/consul.d/" name: consul-config

  23. Sidecar consul-agent problems ● Configuration ○ Consul secret in each namespace ○ Services/Tags need to be defined in a volume mounted to the sidecar ○ Even when templating manifests (e.g. jsonnet) this is a lot Consul vs k8s Checks ● ○ K8s itself has concepts of liveliness and readiness, keeping these in-sync with consul is operationally painful (different capabilities, options, and config)

  24. Sidecar consul-agent problems ● Complexity ○ Enormous amounts of “nodes” in consul ■ 1 for the “node” + 1 per pod on the box ■ Consul nodes scale with non-host-network pod count; N+1 ● 10 pods per box means 11 consul nodes! ● Failure Modes Thundering herd issues in consul failure ○

  25. Sidecar consul-agent problems ● Noisy alerts ○ We use prometheus to monitor systems, prometheus uses consul’s service discovery ○ Consul’s deregistration defaults to 72h ○ The node still shows up in consul’s service discovery until after the deregistration timeout

  26. K8s+consul: Our requirements

  27. K8s+consul: Our requirements ● Configuration through k8s annotations ● Readiness sync Highly Available with no Single Point of Failure (SPOF) ●

  28. K8s+consul v2: consul-k8s ● Why ○ “First-class” option from hashicorp What ● ○ Configuration through k8s annotations Syncs “readiness” of pod as health of consul entry ○

  29. K8s+consul v2: consul-k8s kind: Service apiVersion: v1 metadata: name: my-service annotations: consul.hashicorp.com/service-name: my-consul-service

  30. K8s+consul v2: consul-k8s ● Problems ○ Multi cluster support: https://github.com/hashicorp/consul-k8s/issues/42 (fixed) ○ Failure modes ■ No liveliness/readiness checks of the sync process (fixed): https://github.com/hashicorp/consul-k8s/issues/57 ■ No mechanism to mitigate outage impact of consul-k8s: https://github.com/hashicorp/consul-k8s/issues/58 ○ Not tied into readiness/deployment of pods/deployments ■ A requirement we didn’t know we had!

  32. Consul-k8s sync process 1. Kubelet starts container on Node 2. Kubelet updates k8s API 3. Consul-k8s notices change in k8s-api 4. Consul-k8s pushes change to consul

  34. K8s+consul Our requirements v2 ● Configuration through k8s annotations ● Readiness sync HA with no SPOF ● Ability to stop deploys from completing if not able to sync to consul ●

  35. K8s+consul v3 ● Implementation Process ○ Poc -> testing -> failure testing ○ Local -> stage -> prod

  36. K8s+consul v3: katalog-sync ● Design ○ Node-local sync daemonset ■ Sync services to consuls’ Agent Services API ● Agent-local services, health tied to consul-agent ● All local syncing; No need for cluster-wide locking/coordination! ○ (optional) sidecar within pod to control deployment rollouts ○ Configuration through annotations

  37. katalog-sync 1. Kubelet starts container on Node 2. (optional) katalog-sync-sidecar calls to katalog-sync-daemonset waiting until registration with consul is complete 3. Daemonset syncs changes from kubelet through the local kubelet API 4. Daemonset syncs changes to consul

  38. K8s+consul v3: katalog-sync apiVersion: v1 kind: Pod metadata: annotations: katalog-sync.wish.com/service-names: my-service katalog-sync.wish.com/sidecar: katalog-sync-sidecar

  39. Failure testing results ● Found during failure testing on pilot services in stage ○ Not all pods marked “ready” by the sidecars were in consul Saw errors in the consul-agent such as: ● * Failed to join <IP>: Member ‘<US>’ has conflicting node ID ‘be688838-ca86–86e5-c906–89bf2ab585ce’ with member ‘<OTHER_MEMBER>’

  40. Failure testing results ● Cause ○ Issue caused by an upgrade of consul-agent (fixed upstream now) Impact ● ○ Shows us that the local agent services API doesn’t consider syncing to the cluster Fix ● ○ Added a check for sidecar to ensure service is synced to the catalog API

  42. Katalog-sync End-State ● Configuration ● Complexity Failure modes ● Noisy Alerts ● ● Consul checks vs k8s checks

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Rethink the Sync! Rethink the Sync! Edmund B. Nightingale Kaushik Veeraraghavan Peter M. Chen

Rethink the Sync! Rethink the Sync! Edmund B. Nightingale Kaushik Veeraraghavan Peter M. Chen

Rethink the Sync! Rethink the Sync! Edmund B. Nightingale Kaushik Veeraraghavan Peter M. Chen Jason Flinn University of Michigan Sync or Async Async? ? Sync or Desktop file systems typically use asynchronous I/O Advantages of

217 views • 8 slides
Introduction to the Microsoft Sync Framework Michael Clark Development Manager Microsoft Agenda

Introduction to the Microsoft Sync Framework Michael Clark Development Manager Microsoft Agenda

Introduction to the Microsoft Sync Framework Michael Clark Development Manager Microsoft Agenda Why Is Sync both Interesting and Hard Sync Framework Overview Using the Sync Framework Future Directions Summary m Microsoft

772 views • 36 slides
? sync ref chosen as sync source by Listener Stream B: Presentation Stream C: timestamps

? sync ref chosen as sync source by Listener Stream B: Presentation Stream C: timestamps

Nominal Media Clock: Ts (implicit, not distributed) Stream A: ? sync ref chosen as sync source by Listener Stream B: Presentation Stream C: timestamps Stream D: from different Talkers A-F Stream E: Listener must Stream F: align

57 views • 3 slides
Sync Cylinder &amp; Room Cylinder Replacement and Purge Instructions for Dual Cylinder Slides

Sync Cylinder &amp; Room Cylinder Replacement and Purge Instructions for Dual Cylinder Slides

Sync Cylinder &amp; Room Cylinder Replacement and Purge Instructions for Dual Cylinder Slides Replacing the Sync Cylinder 1. Room should be in the extended state when sync cylinder is replaced. 2. Remove all hose connections at the cylinder and

386 views • 3 slides
1. Asynchronous and Synchronous Transmission Synchronization: Sender &amp; receiver

1. Asynchronous and Synchronous Transmission Synchronization: Sender &amp; receiver

1 Chap. 5 Data Communication Interface 1. Asynchronous and Synchronous Transmission Synchronization: Sender &amp; receiver need to synchronize Different levels of sync Clock sync: bit level Block sync: block or message

363 views • 11 slides
Storage task force Shibboleth-features and challenges in PowerFolder Sync &amp; Share 11 FEB

Storage task force Shibboleth-features and challenges in PowerFolder Sync &amp; Share 11 FEB

Storage task force Shibboleth-features and challenges in PowerFolder Sync &amp; Share 11 FEB 2014 Roadmap for today Introduction Use cases / Installations The challenges of Sync &amp; Share Federated AAI Large scale

763 views • 38 slides
COLLECTIONS WITH ALMA PUBLISHING April 27, 2020 Nicole Swanson, CARLI OCLC DATA SYNC COLLECTIONS

COLLECTIONS WITH ALMA PUBLISHING April 27, 2020 Nicole Swanson, CARLI OCLC DATA SYNC COLLECTIONS

UTILIZING OUR OCLC DATA SYNC COLLECTIONS WITH ALMA PUBLISHING April 27, 2020 Nicole Swanson, CARLI OCLC DATA SYNC COLLECTIONS AND VOYAGER 1. Bibliographic Data Sync Collections

376 views • 12 slides
Alfresco Two-Way Sync with Apache Camel Peter Lesty Technical Director - Parashift The Problem

Alfresco Two-Way Sync with Apache Camel Peter Lesty Technical Director - Parashift The Problem

Alfresco Two-Way Sync with Apache Camel Peter Lesty Technical Director - Parashift The Problem Synchronisation Between Alfresco and External Systems Alfresco Two-Way Synchronisation Sync a selection of Nodes between Instances Not

1.04k views • 32 slides
CLOCK / SYNC Distribution mCBM J.Frhauf 17. August 2018 Needed Clocks 40MHz for AFCK

CLOCK / SYNC Distribution mCBM J.Frhauf 17. August 2018 Needed Clocks 40MHz for AFCK

CLOCK / SYNC Distribution mCBM J.Frhauf 17. August 2018 Needed Clocks 40MHz for AFCK Logic 120MHz for GBTx Logic 160MHz for TOF FEE n x 40MHz CLK for STS/MUCH and TRD recovered from the optical link CLK of the GBTx SYNC

296 views • 10 slides
The RedAwning Portal, App, &amp; New Content Sync 1 The RedAwning App FOR GUESTS Property

The RedAwning Portal, App, &amp; New Content Sync 1 The RedAwning App FOR GUESTS Property

The RedAwning Portal, App, &amp; New Content Sync 1 The RedAwning App FOR GUESTS Property Search &amp; Book Explore all of our properties no login required Filter, sort, select dates, view in list or via map Make reservations

551 views • 18 slides
Proactive Self-Captioning: In Sync with Critical Content &amp; Sound Karen Tinsley-Kim, M.A.

Proactive Self-Captioning: In Sync with Critical Content &amp; Sound Karen Tinsley-Kim, M.A.

Proactive Self-Captioning: In Sync with Critical Content &amp; Sound Karen Tinsley-Kim, M.A. Instructional Development Specialist University of Central Florida Center for Distributed Learning Slides: http://bit.ly/USDLA19ProactiveCC Who Am

478 views • 21 slides
Linux Kernel Crypto API Herbert Xu Red Hat Inc. Current State Async + sync cipher interface.

Linux Kernel Crypto API Herbert Xu Red Hat Inc. Current State Async + sync cipher interface.

Linux Kernel Crypto API Herbert Xu Red Hat Inc. Current State Async + sync cipher interface. Async + sync hash interface. AEAD interface. Compress-as-you-go interface. RNG interface. Current State A handful of async PCI

970 views • 7 slides
Pr Pract ctica cal Web-ba based d Delta Sy Sync fo for Cloud Storage Services He Xiao

Pr Pract ctica cal Web-ba based d Delta Sy Sync fo for Cloud Storage Services He Xiao

Pr Pract ctica cal Web-ba based d Delta Sy Sync fo for Cloud Storage Services He Xiao Zhenhua Li Ennan Zhai Tianyin Xu xiaoh16@gmail.com July 10, 2017 Hotstorage17 Ne Network Traffic is Ov Overwhelming in in Clo loud Storag age

622 views • 26 slides
Keeping in Sync George Neville-Neil gnn@neville-neil.com October 2014 George Neville-Neil

Keeping in Sync George Neville-Neil gnn@neville-neil.com October 2014 George Neville-Neil

Keeping in Sync George Neville-Neil gnn@neville-neil.com October 2014 George Neville-Neil (gnn@neville-neil.com) Keeping in Sync October 2014 1 / 28 Introduction The Need for Accurate Time Coordination Amongst Distributed Systems

655 views • 27 slides
Partial Namespace in NDN Minsheng Zhang, Lan Wang University of Memphis Application Sync

Partial Namespace in NDN Minsheng Zhang, Lan Wang University of Memphis Application Sync

PartialSync: Synchronizing a Partial Namespace in NDN Minsheng Zhang, Lan Wang University of Memphis Application Sync Scenarios AppStore: server has millions of apps, each users phone has a (different) subset of apps Facebook: each

649 views • 15 slides
Slides for Talk D:\Sync WritingEcon Trips Humor\Multi Person Adjustment Theory With

Slides for Talk D:\Sync WritingEcon Trips Humor\Multi Person Adjustment Theory With

Slides for Talk D:\Sync WritingEcon Trips Humor\Multi Person Adjustment Theory With Externatilities 12x09\Materials for Talk started 3x11x10\ 03/11/10 08:04 AM 1 Slides for Talk D:\Sync WritingEcon Trips Humor\Multi Person Adjustment Theory

279 views • 8 slides
adv advanc anced insta ed instance nce sc schedu heduling by ling by integr int egrate

adv advanc anced insta ed instance nce sc schedu heduling by ling by integr int egrate

Nov ovembe mber r 2018 18 Berlin Be in How can p How c an plac lacement hel ement help you p you ach achiev ieve e adv advanc anced insta ed instance nce sc schedu heduling by ling by integr int egrate with diffe ate with

574 views • 30 slides
Out- -of of- -Order Order Out Superscalar CPU Superscalar CPU Cliff Frey and Vicky Liu May

Out- -of of- -Order Order Out Superscalar CPU Superscalar CPU Cliff Frey and Vicky Liu May

Out- -of of- -Order Order Out Superscalar CPU Superscalar CPU Cliff Frey and Vicky Liu May 6 th , 2005 May 6 th , 2005 6.884 Final Project Presentation The Basis of Our Design Tomasulos Algorithm - Allows out-of-order execution -

651 views • 25 slides
Regional Operations Forum How to Organize for Operations Organization What are we talking about?

Regional Operations Forum How to Organize for Operations Organization What are we talking about?

Accelerating solutions for highway safety, renewal, reliability, and capacity Regional Operations Forum How to Organize for Operations Organization What are we talking about? Organize internally for effective conduct of TSM&amp;O mission

393 views • 18 slides
V ISUALIZING HDF5 DATA WITH O PEN DX Ireneusz Szcze sniak John Cary Center for Integrated

V ISUALIZING HDF5 DATA WITH O PEN DX Ireneusz Szcze sniak John Cary Center for Integrated

V ISUALIZING HDF5 DATA WITH O PEN DX Ireneusz Szcze sniak John Cary Center for Integrated Plasma Studies University of Colorado at Boulder September 25, 2002 P RESENTATION S PLAN 2 P LAN OF PRESENTATION Introduction to HDF5 and

437 views • 22 slides
PROVIDER Lou Rivera, MPA, CHES Director of Community Engagement and Response UPDATE Office of

PROVIDER Lou Rivera, MPA, CHES Director of Community Engagement and Response UPDATE Office of

Madhury (Didi) Ray, MD, MPH Critical Care Planning Lead Healthcare Systems Support, Clinical Planning Unit NYC Department of Health and Mental Hygiene Aaron Belisle, Esq. COVID-19 19 Director, Emergency Planning Unit Office of Emergency

751 views • 46 slides
OpenStack Atlanta Summit, May 2014 Who and why? Debo/Yathi - Cisco Cloud CTO office Ramki -

OpenStack Atlanta Summit, May 2014 Who and why? Debo/Yathi - Cisco Cloud CTO office Ramki -

Increasing Infrastructure Efficiency via Optimized NFV Placement in OpenStack Clouds Yathiraj Udupi, Debo Dutta Cisco Ram (Ramki) Krishnan - Brocade OpenStack Atlanta Summit, May 2014 Who and why? Debo/Yathi - Cisco Cloud CTO office Ramki

334 views • 17 slides
Solving Hybrid Cloud for High Performance Compute TUT1195 Brian Farrell Director Eoghan Cotter

Solving Hybrid Cloud for High Performance Compute TUT1195 Brian Farrell Director Eoghan Cotter

Solving Hybrid Cloud for High Performance Compute TUT1195 Brian Farrell Director Eoghan Cotter Systems Specialist Securelinx Based in Dublin &amp; founded 2002 Highly technically skilled in Linux 10 full-time engineers Very

467 views • 22 slides
third level: requirements in a global world Professor Vera Regan School of Languages, Cultures

third level: requirements in a global world Professor Vera Regan School of Languages, Cultures

Language learning in Ireland at third level: requirements in a global world Professor Vera Regan School of Languages, Cultures and Linguistics National Employer Survey Employers Views on Irish Further and Higher Education Outcomes

420 views • 29 slides

More recommend