20 000 upgrades later
play

20,000 Upgrades Later Lessons From a Year of Managed Kubernetes - PowerPoint PPT Presentation

Sep 30, 2023 β€’211 likes β€’660 views

20,000 Upgrades Later Lessons From a Year of Managed Kubernetes Upgrades Adam Wolfe Gordon DigitalOcean do.co/doks 1 @maybeawg This Talk Started One(ish) Year Ago... Me, in Barcelona DO, in Barcelona do.co/doks 2 @maybeawg

  1. 20,000 Upgrades Later Lessons From a Year of Managed Kubernetes Upgrades Adam Wolfe Gordon DigitalOcean πŸ–¦ do.co/doks 1 @maybeawg

  2. This Talk Started One(ish) Year Ago... Me, in Barcelona DO, in Barcelona πŸ–¦ do.co/doks 2 @maybeawg

  3. Generally Available? UPGRADES! πŸ–¦ do.co/doks 3 @maybeawg

  4. 20,000 Upgrades Later Lessons From a Year of Managed Kubernetes Upgrades Adam Wolfe Gordon DigitalOcean πŸ–¦ do.co/doks 5 @maybeawg

  5. Disclaimers! ● Lessons from our upgrade process. You might upgrade differently! β—‹ ● Upgrades of our customers’ clusters. β—‹ Your workloads might be different! πŸ–¦ do.co/doks 6 @maybeawg

  6. How to Upgrade Kubernetes 1. Upgrade the control plane. 2. Upgrade the worker nodes. ??? 3. 4. Profit! πŸ–¦ do.co/doks 7 @maybeawg

  7. How to Upgrade Kubernetes 1. Upgrade the control plane. a. Update any resources that aren’t supported in the target version. b. Upgrade etcd (if needed). c. Upgrade kube-apiserver. d. Upgrade kube-controller-manager. e. Upgrade kube-scheduler. f. Upgrade your CNI plugin (if needed). g. Upgrade provider-specific components (e.g. cloud-controller-manager, CSI controller). h. Upgrade kubelet and kubectl. 2. Upgrade the worker nodes. a. Cordon and drain a worker node. b. Update kubelet configuration (if needed). c. Upgrade the kubelet. d. Uncordon the node. e. Repeat for each node in the cluster. πŸ–¦ do.co/doks 8 @maybeawg

  8. Shortcut: Upgrade via Node Replacement 1. Upgrade the control plane. a. Update any resources that aren’t supported in the target version. b. Upgrade etcd (if needed). b. Destroy the original control plane node. c. Upgrade kube-apiserver. c. Provision a new control plane node. d. Upgrade kube-controller-manager. e. Upgrade kube-scheduler. f. Upgrade your CNI plugin (if needed). g. Upgrade provider-specific components (e.g. cloud-controller-manager, CSI controller). h. Upgrade kubelet and kubectl. 2. Upgrade the worker nodes. a. Cordon and drain a worker node. b. Update kubelet configuration (if needed). b. Destroy the node. c. Upgrade the kubelet. c. Provision a new node. d. Uncordon the node. e. Repeat for each node in the cluster. πŸ–¦ do.co/doks 9 @maybeawg

  9. Advantages of Node Replacement ● Clean slate - no chance for configuration drift. ● Fewer steps to manage - good for automation. Same process works for all release types. ● β—‹ (Mostly) πŸ–¦ do.co/doks 10 @maybeawg

  10. Things We Got Right Upgrades via Node Replacement πŸ–¦ do.co/doks 11 @maybeawg

  11. Problems Ch-ch-changes ● Custom node configuration is reset. ● Node names change. Node IPs change. ● ● Node labels and taints lost. πŸ–¦ do.co/doks 12 @maybeawg

  12. Lessons for Operators Managing Change ● Re-use node names and IPs if possible. ● Retain labels or provide a good alternative. Retain taints or provide a good alternative. ● ● Provide simple ingress/load balancing. πŸ–¦ do.co/doks 13 @maybeawg

  13. Lessons for Developers Tolerating Change ● Use Kubernetes to do node customization. DaemonSets β—‹ β—‹ Init containers ● Don’t use node names for scheduling. Use provider-supported label/taint settings. ● ● Use provider-supported load balancing. πŸ–¦ do.co/doks 14 @maybeawg

  14. Things We Got Wrong Break Before Make πŸ–¦ do.co/doks 15 @maybeawg

  15. Problems Drain to Nowhere ● Insufficient capacity to drain nodes. ● Downtime in single-node clusters. Extra churn for workloads. ● β—‹ Might be drained to a node that’s about to be deleted. πŸ–¦ do.co/doks 16 @maybeawg

  16. Lessons for Operators Drainage Capacity ● Add nodes before deleting nodes if possible. ● Consider reserving capacity. πŸ–¦ do.co/doks 17 @maybeawg

  17. Lessons for Developers Expect to be Drained ● Leave capacity for a node to be drained. πŸ–¦ do.co/doks 18 @maybeawg

  18. Things We Got Wrong Replacing Nodes One by One πŸ–¦ do.co/doks 19 @maybeawg

  19. Problems Ants Go Marching ● Replacing nodes one-by-one is slow. ● Workloads can get stuck draining β—‹ Making replacement even slower. ● Upgrades need to be expedient. πŸ–¦ do.co/doks 20 @maybeawg

  20. Lessons for Operators Rapid Replacement ● Drain and replace multiple nodes at once. This usually requires make-before-break. β—‹ ● Set reasonable drain timeouts. πŸ–¦ do.co/doks 21 @maybeawg

  21. Lessons for Developers Unclog Your Drains ● Make sure your workloads can be evicted. Safely: Use PodDisruptionBudgets. β—‹ β—‹ Quickly: Respond to signals. ● Test this! πŸ–¦ do.co/doks 22 @maybeawg

  22. Things We Got Wrong (but felt so right) Minor Version Upgrades are Easy πŸ–¦ do.co/doks 23 @maybeawg

  23. Lessons for Operators Don’t Worry, Be Happy ● Minor version upgrades aren’t that scary. ● Try to use the same process for all upgrades. πŸ–¦ do.co/doks 24 @maybeawg

  24. Things We Got Right Disabling Alpha Features πŸ–¦ do.co/doks 25 @maybeawg

  25. Lessons for Operators Wait for Beta ● Alpha features are disabled by default. ● Alpha features are likely to change/break. Beta features are less likely to change. ● ● Consider the upgrade tradeoff. πŸ–¦ do.co/doks 26 @maybeawg

  26. Lessons for Developers Alpha as a Last Resort ● Avoid using alpha features if possible. ● Read release notes before upgrading. πŸ–¦ do.co/doks 27 @maybeawg

  27. Common Problems Container Storage Interface (CSI) πŸ–¦ do.co/doks 28 @maybeawg

  28. CSI Problems Beta ● CSI was promoted to beta in Kubernetes 1.10. ● Supporting components were relatively new. CSI drivers were relatively new. ● ● Out-of-sync state. ● Far fewer problems in recent releases. πŸ–¦ do.co/doks 29 @maybeawg

  29. CSI Problems Driver Names ● In early CSI specs, com.example.csi. ● In later CSI specs, csi.example.com. The name is immutable in Kubernetes! ● ● Solution: detect and persist old naming. πŸ–¦ do.co/doks 30 @maybeawg

  30. Lessons Beware the CSI ● If you’re using CSI, carefully test upgrades. ● Watch for workloads that get stuck. Use Kubernetes 1.14+ if possible. ● πŸ–¦ do.co/doks 31 @maybeawg

  31. Common Problems Admission Control Webhooks πŸ–¦ do.co/doks 32 @maybeawg

  32. Admission Control Webhooks Overview πŸ–¦ do.co/doks 33 @maybeawg

  33. Admission Control Webhooks Overview πŸ–¦ do.co/doks 34 @maybeawg

  34. Admission Control Webhooks Overview apiVersion: admissionregistration.k8s.io/v1 apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration kind: ValidatingWebhookConfiguration metadata: metadata: name: webhook.example.com name: webhook.example.com webhooks: webhooks: - name: webhook.example.com - name: webhook.example.com rules: rules: - apiGroups: [""] - apiGroups: [""] apiVersions: ["v1"] apiVersions: ["v1"] operations: ["CREATE"] operations: ["CREATE"] resources: ["pods"] resources: ["pods"] scope: "Namespaced" scope: "Namespaced" clientConfig: clientConfig: service: service: namespace: "webhook-namespace" namespace: "webhook-namespace" name: "webhook-service" name: "webhook-service" admissionReviewVersions: ["v1", "v1beta1"] admissionReviewVersions: ["v1", "v1beta1"] sideEffects: None sideEffects: None timeoutSeconds: 30 timeoutSeconds: 30 failurePolicy: Fail failurePolicy: Ignore πŸ–¦ do.co/doks 35 @maybeawg

  35. Admission Control Webhooks Trouble for Upgrades ● Upgrades update system components. ● Some of these components run as workloads. β—‹ Usually in the kube-system namespace. ● Webhooks can prevent these updates. ● Webhooks can also affect their own services! πŸ–¦ do.co/doks 36 @maybeawg

  36. Admission Control Webhooks: Problems apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: webhook.example.com webhooks: - name: webhook.example.com rules: - apiGroups: [""] apiVersions: ["v1"] operations: ["CREATE"] resources: ["pods"] webhook-service kube-proxy cilium scope: "Namespaced" clientConfig: service: namespace: "webhook-namespace" name: "webhook-service" admissionReviewVersions: ["v1", "v1beta1"] sideEffects: None timeoutSeconds: 30 failurePolicy: Fail πŸ–¦ do.co/doks 37 @maybeawg

  37. Admission Control Webhooks: Solutions apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: webhook.example.com webhooks: - name: webhook.example.com rules: - apiGroups: [""] apiVersions: ["v1"] operations: ["CREATE"] resources: ["pods"] scope: "Namespaced" clientConfig: service: namespace: "webhook-namespace" name: "webhook-service" admissionReviewVersions: ["v1", "v1beta1"] sideEffects: None timeoutSeconds: 30 failurePolicy: Ignore πŸ–¦ do.co/doks @maybeawg

Recommend

CMS Upgrades CMS Plans up to 2020/ 2030? Dan Green Fermilab 06/05/13 U of D0 CMS Upgrades

CMS Upgrades CMS Plans up to 2020/ 2030? Dan Green Fermilab 06/05/13 U of D0 CMS Upgrades

CMS Upgrades CMS Plans up to 2020/ 2030? Dan Green Fermilab 06/05/13 U of D0 CMS Upgrades 1 Why Upgrade? The LHC will be the only factory in HEP for W, Z, t and H production for a long time To further the energy frontier we

986 views β€’ 45 slides
KGL Code Upgrades Town Hall Meeting August 5, 2020 Project Scope Life Safety Systems Upgrades

KGL Code Upgrades Town Hall Meeting August 5, 2020 Project Scope Life Safety Systems Upgrades

KGL Code Upgrades Town Hall Meeting August 5, 2020 Project Scope Life Safety Systems Upgrades Fire Protection System Installed Throughout Emergency Power and Lighting Upgrades Guardrail and Handrail Modifications Fire

467 views β€’ 23 slides
Victorian Energy Upgrades Public Forum Friday 13 October 2017 Victorian Energy Upgrades Public

Victorian Energy Upgrades Public Forum Friday 13 October 2017 Victorian Energy Upgrades Public

Victorian Energy Upgrades Public Forum Friday 13 October 2017 Victorian Energy Upgrades Public Forum Welcome John Hamill CEO, Essential Services Commission Victorian Energy Upgrades Public Forum Introduction Jeff Cefai Director VEET,

1.83k views β€’ 156 slides
The CMS HL-LHC Upgrades and Proposed U.S. CMS Contributions Vivian ODell, U. S. CMS HL-LHC

The CMS HL-LHC Upgrades and Proposed U.S. CMS Contributions Vivian ODell, U. S. CMS HL-LHC

The CMS HL-LHC Upgrades and Proposed U.S. CMS Contributions Vivian ODell, U. S. CMS HL-LHC USCMS Project Manager February 2, 2016 Outline Quick outline of the physics The LHC and CMS CMS Upgrades Funding and Costs

620 views β€’ 50 slides
P01 Overview of CMS HL-LHC Upgrades Anders Ryd, Deputy Project Manager September 17, 2015

P01 Overview of CMS HL-LHC Upgrades Anders Ryd, Deputy Project Manager September 17, 2015

P01 Overview of CMS HL-LHC Upgrades Anders Ryd, Deputy Project Manager September 17, 2015 A. Ryd, 2015 September 17 Director's Progress Review Overview of CMS HL-LHC Upgrades 1 Outline Overview of CMS HL-LHC Upgrades P5 report

473 views β€’ 20 slides
Accommodation New Builds Upgrades Room-in-a-box Introduction New Builds

Accommodation New Builds Upgrades Room-in-a-box Introduction New Builds

Accommodation New Builds Upgrades Room-in-a-box Introduction New Builds Upgrades Room-in-a-box Contact The Aiken Group Aiken Group was founded in 1987 as a multi-disciplinary engineering services company specialising in

828 views β€’ 26 slides
Managing the U. S. CMS HL-LHC Upgrades Vivian ODell, U. S. CMS HL-LHC USCMS Project Manager

Managing the U. S. CMS HL-LHC Upgrades Vivian ODell, U. S. CMS HL-LHC USCMS Project Manager

Managing the U. S. CMS HL-LHC Upgrades Vivian ODell, U. S. CMS HL-LHC USCMS Project Manager February 2, 2016 Director's Review - Managing the U. S. CMS HL-LHC Upgrades V. O'Dell, 2

597 views β€’ 11 slides
Water Treatment Plant Phase 1 Upgrades CMAR Selection Pre-Submittal Meeting October 12, 2017

Water Treatment Plant Phase 1 Upgrades CMAR Selection Pre-Submittal Meeting October 12, 2017

Water Treatment Plant Phase 1 Upgrades CMAR Selection Pre-Submittal Meeting October 12, 2017 Water Treatment Plant Phase 1 Upgrades 22 mgd WTP Expand capacity to 32 mgd Upgrades to most processes Only minor improvements to

469 views β€’ 29 slides
ATLAS/CMS Upgrades Yasuyuki Horii Nagoya University on Behalf of the ATLAS and CMS

ATLAS/CMS Upgrades Yasuyuki Horii Nagoya University on Behalf of the ATLAS and CMS

ATLAS/CMS Upgrades Yasuyuki Horii Nagoya University on Behalf of the ATLAS and CMS Collaborations Outline 2 /26 LHC/HL-LHC plan ATLAS/CMS upgrades Physics prospects LHC/HL-LHC Plan Overview 4 /26 SM precision studies and BSM searches

543 views β€’ 35 slides
UPGRADES Synthetic Turf & Lighting Park Board Committee Meeting April 15, 2019 PRESENTATION

UPGRADES Synthetic Turf & Lighting Park Board Committee Meeting April 15, 2019 PRESENTATION

PLAYING FIELD UPGRADES Synthetic Turf & Lighting Park Board Committee Meeting April 15, 2019 PRESENTATION OUTLINE 1. Purpose 2. Previous Board Decisions 3. Background 4. Public Engagement 5. Proposed Upgrades 6. Next Steps 7.

459 views β€’ 31 slides
Telescope Array: Status and Upgrades John Belz University of Utah Snowmass on the Mississippi

Telescope Array: Status and Upgrades John Belz University of Utah Snowmass on the Mississippi

Telescope Array: Status and Upgrades John Belz University of Utah Snowmass on the Mississippi Minneapolis, 30 July 2013 Outline Telescope Array Overview Detector Physics TA Upgrades TALE TA x 4 NICHE TA

400 views β€’ 22 slides
2019 BETTER PLANTS SUMMIT AGROPUR AMMONIA SYSTEM UPGRADES M ark M int er CEM 2

2019 BETTER PLANTS SUMMIT AGROPUR AMMONIA SYSTEM UPGRADES M ark M int er CEM 2

2019 BETTER PLANTS SUMMIT AGROPUR AMMONIA SYSTEM UPGRADES M ark M int er CEM 2 INTRODUCTION Better Dairy. Better World. www.agropur.com 3 AGROPUR - AMMONIA SYSTEM UPGRADES Background Historically ran at 20.4 PSI suction

114 views β€’ 10 slides
Global Spectrum Contract Agenda Current Contract Structure Kitchen Upgrades Audio

Global Spectrum Contract Agenda Current Contract Structure Kitchen Upgrades Audio

Global Spectrum Contract Agenda Current Contract Structure Kitchen Upgrades Audio Visual Upgrades IT Interface ADA Compliance Financial Proforma (First 3 Years) Expected Attendance Global Spectrum Contract as proposed

499 views β€’ 18 slides
development upgrades Michael Brown NGM Firmware Lead Technologist Dell EMC Embedded Linux

development upgrades Michael Brown NGM Firmware Lead Technologist Dell EMC Embedded Linux

Reducing the pain of Yocto development upgrades Michael Brown NGM Firmware Lead Technologist Dell EMC Embedded Linux Conference 2017 Outline Easier Yocto upgrades in development - Introduction - Problem Statement - Dell EMC

167 views β€’ 15 slides
LBNF/NuMI-Style target, for Horn A, revision 2, & other upgrades. Paul Lebrun ND/Fermilab.

LBNF/NuMI-Style target, for Horn A, revision 2, & other upgrades. Paul Lebrun ND/Fermilab.

LBNF/NuMI-Style target, for Horn A, revision 2, & other upgrades. Paul Lebrun ND/Fermilab. Nov 17 2016 NuMI Target upgrade, + others 1 A confusing sequence of code upgrades.. I HornA, revision 2 => Coded up. Target: revised:

197 views β€’ 19 slides
CMS Upgrades for the HL-LHC P . McBride for the CMS SP team USCMS HL-LHC Upgrade Directors

CMS Upgrades for the HL-LHC P . McBride for the CMS SP team USCMS HL-LHC Upgrade Directors

CMS Upgrades for the HL-LHC P . McBride for the CMS SP team USCMS HL-LHC Upgrade Directors Review Fermilab 19.03.2019 about me CMS Deputy Spokesperson (DSP) with Roberto Carlin SP and Luca Malgeri DSP Distinguished Scientist at

618 views β€’ 41 slides
Server Upgrades 6/25/19 Agenda Existing Server Infrastructure Reasons for upgrading

Server Upgrades 6/25/19 Agenda Existing Server Infrastructure Reasons for upgrading

Revised 6/25/2019 Server Upgrades 6/25/19 Agenda Existing Server Infrastructure Reasons for upgrading Options & Budget Best Solution Server Upgrades 1 1 6/25/2019 Existing Server Infrastructure Server 1: Purchased

277 views β€’ 10 slides
Predicting Problems Caused by Component Upgrades Stephen McCamant and Michael D. Ernst Program

Predicting Problems Caused by Component Upgrades Stephen McCamant and Michael D. Ernst Program

. 1.05 2.0 2.3.36 0.9 1.1 ? ? 1.0 1.2 Predicting Problems Caused by Component Upgrades Stephen McCamant and Michael D. Ernst Program Analysis Group {smcc,mernst}@CSAIL.MIT.EDU Predicting Problems Caused by Component Upgrades p. 1

708 views β€’ 48 slides
City of Coral Gables Pump Stations D and Cocoplum 3 Upgrades Community Outreach City of Coral

City of Coral Gables Pump Stations D and Cocoplum 3 Upgrades Community Outreach City of Coral

City of Coral Gables Pump Stations D and Cocoplum 3 Upgrades Community Outreach City of Coral Gables Pump Stations D and Cocoplum 3 Upgrades Efficient. Responsive. Innovative. March, 2020 Pump Station D Project Overview Compact and

515 views β€’ 12 slides
Phase 1 and Phase 2 Upgrades Phase 1 and Phase 2 Upgrades and prospects for Higgs and EWK and

Phase 1 and Phase 2 Upgrades Phase 1 and Phase 2 Upgrades and prospects for Higgs and EWK and

Phase 1 and Phase 2 Upgrades Phase 1 and Phase 2 Upgrades and prospects for Higgs and EWK and prospects for Higgs and EWK measurements at CMS measurements at CMS Petar Maksimovic Petar Maksimovic Johns Hopkins Johns Hopkins WIN 2017 WIN

553 views β€’ 27 slides
Victorian Energy Upgrades - Target Setting Process for 2021 to 2025 Information session 15

Victorian Energy Upgrades - Target Setting Process for 2021 to 2025 Information session 15

Victorian Energy Upgrades - Target Setting Process for 2021 to 2025 Information session 15 October 2018 Session outline Setting future targets for Victorian Energy Upgrades Process for target-setting: initial invitation for feedback

143 views β€’ 13 slides
Environmental Upgrade Agreements The easy way to finance building upgrades A new way to finance

Environmental Upgrade Agreements The easy way to finance building upgrades A new way to finance

Environmental Upgrade Agreements The easy way to finance building upgrades A new way to finance environmental building upgrades Environmental Upgrade Agreements An opportunity to grow capital value & returns and unlock the value of

402 views β€’ 12 slides
Pre-implementa,on T&E of proposed upgrades for 2013 HWRF

Pre-implementa,on T&E of proposed upgrades for 2013 HWRF

Pre-implementa,on T&E of proposed upgrades for 2013 HWRF Young C. Kwon, Vijay Tallapragada and HWRF team HFIP telecon 04/10/2013 1 Features of

838 views β€’ 25 slides
( WRF ) Airport W RF Phase 1 Expansion Process Upgrades and Capacity Increase to 3.75 MGD

( WRF ) Airport W RF Phase 1 Expansion Process Upgrades and Capacity Increase to 3.75 MGD

Presentation No. 3 1 October 23, 2012 City Council ( WRF ) Airport W RF Phase 1 Expansion Process Upgrades and Capacity Increase to 3.75 MGD Design Milestones Remaining Tasks Major Project Components Construction

419 views β€’ 16 slides

More recommend