the highs and lows of stateful containers
play

The Highs and Lows of Stateful Containers Presented by Alex - PowerPoint PPT Presentation

May 15, 2023 •16 likes •756 views

The Highs and Lows of Stateful Containers Presented by Alex Robinson / Member of the Technical Staff @alexwritescode Almost all real applications rely on state When storage systems go down, so do the applications that use them Containers are

  1. The Highs and Lows of Stateful Containers Presented by Alex Robinson / Member of the Technical Staff @alexwritescode

  3. Almost all real applications rely on state When storage systems go down, so do the applications that use them

  4. Containers are new and different Change is risky

  5. Great care is warranted when moving stateful applications into containers

  6. To succeed, you must:

  7. To succeed, you must: 1. Understand your stateful application

  8. To succeed, you must: 1. Understand your stateful application 2. Understand your orchestration system

  9. To succeed, you must: 1. Understand your stateful application 2. Understand your orchestration system 3. Plan for the worst

  10. Let’s talk about stateful containers • Why would you even want to run stateful applications in containers? • What do stateful systems need to run reliably? • What should you know about your orchestration system? • What’s likely to go wrong and what can you do about it?

  11. My experience with stateful containers • Worked directly on Kubernetes and GKE from 2014-2016 ○ Part of the original team that launched GKE • Lead all container-related efforts for CockroachDB ○ Configurations for Kubernetes, DC/OS, Docker Swarm, even Cloud Foundry ○ AWS, GCP, Azure, On-Prem ○ From single availability zone deployments to multi-region ○ Help users deploy and troubleshoot their custom setups

  12. Why even bother? We’ve been running stateful services for decades

  13. Traditional management of stateful services 1. Provision one or more beefy machines with large/fast disks 2. Copy binaries and configuration onto machines 3. Run binaries with provided configuration 4. Never change anything unless absolutely necessary

  14. Traditional management of stateful services • Pros ○ Stable, predictable, understandable Cons • ○ Most management is manual, especially to scale or recover from hardware failures ■ And that manual intervention may not be very well practiced

  15. Moving to containers • Can you do the same thing with containers? ○ Sure! ○ ...But that’s not what you’ll get by default if you’re using any of the common orchestration systems

  16. So why move state into orchestrated containers? • The same reasons you’d move stateless applications to containers ○ Automated deployment, placement, security, scalability, availability, failure recovery, rolling upgrades ■ Less manual toil, less room for operator error ○ Resource isolation • Avoid separate workflows for stateless vs stateful applications

  17. Challenges of managing state “Understand your stateful application”

  18. What do stateful systems need?

  19. What do stateful systems need? • Process management • Persistent storage

  20. What do stateful systems need? • Process management • Persistent storage • If distributed, also: ○ Network connectivity ○ Consistent name/address ○ Peer discovery

  21. What do stateful systems need? • Process management • Persistent storage • If distributed, also: ○ Network connectivity ○ Consistent name/address ○ Peer discovery

  22. What do stateful systems need? • Process management • Persistent storage • If distributed, also: ○ Network connectivity ○ Consistent name/address ○ Peer discovery

  23. Managing state in plain Docker containers “Understand your orchestration system”

  24. Stateful applications in Docker • Not much to worry about here other than storage ○ Never store important data to a container’s filesystem

  25. Stateful applications in Docker 1. Data in container 2. Data on host filesystem 3. Data in network storage

  26. Stateful applications in Docker • Don’t: docker run cockroachdb/cockroach start ○ • Do: docker run -v /mnt/data1:/data cockroachdb/cockroach start --store=/data ○

  27. Stateful applications in Docker • Don’t: docker run cockroachdb/cockroach start ○ • Do: docker run -v /mnt/data1:/data cockroachdb/cockroach start --store=/data ○ • And in most cases, you’ll actually want: docker run -p 26257:26257 -p 8080:8080 -v /mnt/data1:/data ○ cockroachdb/cockroach start --store=/data

  28. Stateful applications in Docker • Hardly any different from running things the traditional way • Automated - binary packaging/distribution, resource isolation • Manual - everything else

  29. Managing State on Kubernetes “Understand your orchestration system”

  30. Let’s skip over the basics • Unless you want to manually pin pods to nodes (see previous section), you should use either: ○ StatefulSet: ■ decouples replicas from nodes ■ persistent address for each replica, DNS-based peer discovery ■ network-attached storage instance associated with each replica ○ DaemonSet: ■ pin one replica to each node ■ use node’s disk(s)

  31. Where do things go wrong?

  33. Don’t trust the defaults! • If you don’t specifically ask for persistent storage, you won’t get any ○ Always think about and specify where your data will live

  34. Don’t trust the defaults! • If you don’t specifically ask for persistent storage, you won’t get any ○ Always think about and specify where your data will live 1. Data in container 2. Data on host filesystem 3. Data in network storage

  35. Ask for a dynamically provisioned PersistentVolume

  36. Don’t trust the defaults! • Now your data is persistent • But how’s performance?

  37. Don’t trust the defaults! • If you don’t create and request your own StorageClass , you’re probably getting slow disks ○ Default on GCE is non-SSD (pd-standard) ○ Default on Azure is non-SSD (non-managed blob storage) ○ Default on AWS is gp2, which are backed by SSDs but with fewer IOPs than io2 • This really affects database performance

  38. Use a custom StorageClass

  39. Performance problems • There are a lot of other things you have to do to get performance equivalent to what you’d get outside of Kubernetes • For more detail, see https://cockroachlabs.com/docs/kubernetes-performance.html

  40. What other defaults are bad?

  41. What other defaults are bad? • If you: ○ Create a Kubernetes cluster with 3 nodes ○ Create a 3-replica StatefulSet running CockroachDB • What happens if one of the nodes fails?

  42. Don’t trust the defaults! Node 1 Node 2 Node 3 cockroachdb-0 cockroachdb-2 Range 1 cockroachdb-1 Range 2 Range 3

  43. Don’t trust the defaults! • If you don’t specifically ask for your StatefulSet replicas to be scheduled on different nodes, they may not be (k8s issue #41130) ○ If the node with 2 replicas dies, Cockroach will be unavailable until they come back • This is terrible for fault tolerance ○ What’s the point of running 2 database replicas on the same machine?

  44. Configure pod anti-affinity

  45. What can go wrong other than bad defaults?

  46. What else can go wrong? • In early tests, Cockroach pods would fail to get re-created if all of them were brought down at once • Kubernetes would create the first pod, but not any others

  47. What else can go wrong?

  48. Know your app and your orchestration system • StatefulSets (by default) only create one pod at a time • They also wait for the current pod to pass readiness probes before creating the next

  49. Know your app and your orchestration system • StatefulSets (by default) only create one pod at a time • They also wait for the current pod to pass readiness probes before creating the next • The Cockroach health check used at the time only returned healthy if the node was connected to a majority partition of the cluster

  50. Before the restart healthy? yes

  51. If just one node were to fail healthy? yes

  52. If just one node were to fail healthy? yes Create missing pod

  53. After all nodes fail Wait for first pod to be healthy before adding second Wait for connection to rest of cluster before saying I’m healthy healthy? no

  54. Solution to pod re-creation deadlock • Keep basic liveness probe endpoint ○ Simply checks if process can respond to any HTTP request at all • Create new readiness probe endpoint in Cockroach ○ Returns HTTP 200 if node is accepting SQL connections

  55. Solution to pod re-creation deadlock • Keep basic liveness probe endpoint ○ Simply checks if process can respond to any HTTP request at all • Create new readiness probe endpoint in Cockroach ○ Returns HTTP 200 if node is accepting SQL connections • Now that it’s an option, tell the StatefulSet to create all pods in parallel

  56. Other potential issues to look out for • Set resource requests/limits for proper isolation and to avoid evictions • No PodDisruptionBudgets by default (#35318) • If in the cloud, don’t depend on your nodes to live forever ○ Hosting services (I’m looking you, GKE) tend to just delete and recreate node VMs in order to upgrade node software ○ Be especially careful about using the nodes’ local disks because of this • If on-prem, good luck getting fast, reliable network attached storage

Recommend

Approach To The Highs And Lows Of White Cell Counts The What, Why and How ! Dr Ng Chin Hin

Approach To The Highs And Lows Of White Cell Counts The What, Why and How ! Dr Ng Chin Hin

Approach To The Highs And Lows Of White Cell Counts The What, Why and How ! Dr Ng Chin Hin Consultant Haematologist National University Cancer Institute 11-MAR-2017 Approach to high WBC count My approach Look at the differential count

863 views • 72 slides
Riding the Highs & Lows of Milk Prices Doug & Linda Hodorff Hodorff Enterprises Our

Riding the Highs & Lows of Milk Prices Doug & Linda Hodorff Hodorff Enterprises Our

12/12/2016 Riding the Highs & Lows of Milk Prices Doug & Linda Hodorff Hodorff Enterprises Our Mission ssion: A team am with th a passi sion on for fami mily y and dairy iry, respe pecting ting people ople, comm mmunity

307 views • 9 slides
Highs, lows, and overreaction in intraday price movements Martin Becker Ralph Friedmann

Highs, lows, and overreaction in intraday price movements Martin Becker Ralph Friedmann

Highs, lows, and overreaction in intraday price movements Martin Becker Ralph Friedmann oner Stefan Kl ohle Walter Sanddorf-K Saarland University, Saarbr ucken, Germany Abstract We propose measures of upside and

327 views • 32 slides
The Highs and Lows of Macros in a Modern Language Laurence Tratt Software Development Team

The Highs and Lows of Macros in a Modern Language Laurence Tratt Software Development Team

The Highs and Lows of Macros in a Modern Language Laurence Tratt Software Development Team 2016-08-09 1 / 59 http://soft-dev.org/ Background Background ABCgjy 2 / 59 http://soft-dev.org/ Background Background A perfect programming

1.76k views • 153 slides
100% Containers Powered Carpooling Maxime Fouilleul Database Reliability Engineer BlaBlaCar -

100% Containers Powered Carpooling Maxime Fouilleul Database Reliability Engineer BlaBlaCar -

100% Containers Powered Carpooling Maxime Fouilleul Database Reliability Engineer BlaBlaCar - Facts & Figures Infrastructure Ecosystem - 100% containers powered carpooling Todays agenda Stateful Services into containers - MariaDB as

463 views • 45 slides
HiGHS High-performance open-source software for linear optimization Julian Hall School of

HiGHS High-performance open-source software for linear optimization Julian Hall School of

HiGHS High-performance open-source software for linear optimization Julian Hall School of Mathematics University of Edinburgh jajhall@ed.ac.uk CO@Work 2020 21 September 2020 HiGHS : The team Whats in a name? HiGHS : H all, i vet G

257 views • 10 slides
Unprivileged Containers Jess Frazelle, @jessfraz How do containers help security? Containers are

Unprivileged Containers Jess Frazelle, @jessfraz How do containers help security? Containers are

Unprivileged Containers Jess Frazelle, @jessfraz How do containers help security? Containers are not going to be the answer to preventing your application from being compromised, but they can limit the damage from a compromise. How do

823 views • 25 slides
Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com

Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com

Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com Containers are great Containers are resource efficient Containers make deployment easy Containers can be monitored easily Containers are secure But are

508 views • 38 slides
Everything you need to know about Containers Security Track Containers Jos Manuel Ortega

Everything you need to know about Containers Security Track Containers Jos Manuel Ortega

Everything you need to know about Containers Security Track Containers Jos Manuel Ortega @jmortegac Agenda Introduction to containers security Linux Containers(LXC) Docker Security Security pipeline && Container

807 views • 57 slides
1 THE VALLEY OF GRACE LUKE 9:37-51 Mountains and valleys exist in all of our lives; for most of

1 THE VALLEY OF GRACE LUKE 9:37-51 Mountains and valleys exist in all of our lives; for most of

1 THE VALLEY OF GRACE LUKE 9:37-51 Mountains and valleys exist in all of our lives; for most of us, they always will. Coexisting in our reality we have the highest highs and lowest lows. Living in grace is the answer in both locations!

272 views • 6 slides
Mesos Go Stateful An Abstraction for frameworks running stateful workload Dhilip & Amit -

Mesos Go Stateful An Abstraction for frameworks running stateful workload Dhilip & Amit -

Mesos Go Stateful An Abstraction for frameworks running stateful workload Dhilip & Amit - PaaS Team, Huawei Contents Why Abstraction Available solution in Kubernetes Available solution in Mesos Mesos Go Stateful Design

492 views • 25 slides
SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54

SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54

SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54 What are Containers? A package/image that can be deployed anywhere (thats running a Linux Kernel) Developers create a layered image of their

996 views • 53 slides
Herd of Containers Sad DIF Database Engineer Herd of Containers: PostgreSQL in containers at

Herd of Containers Sad DIF Database Engineer Herd of Containers: PostgreSQL in containers at

Herd of Containers Sad DIF Database Engineer Herd of Containers: PostgreSQL in containers at BlaBlaCar pgDay Paris, Mar 15, 2018 BlaBlaCar Overview Todays agenda PostgreSQL usage at BlaBlaCar Switching to a new implementation

844 views • 40 slides
Stateful access control using LSM CS547 Thomas Uphill Stateful access cont rol using LSM 11

Stateful access control using LSM CS547 Thomas Uphill Stateful access cont rol using LSM 11

Stateful access control using LSM CS547 Thomas Uphill Stateful access cont rol using LSM 11 December 2007 1 Why? Maintaining state allows for decisions to be made based on runtime conditions. State based policy can be more concise

576 views • 18 slides
Persistent storage for Containers Anil Degwekar What are we talking about? Containers have

Persistent storage for Containers Anil Degwekar What are we talking about? Containers have

Persistent storage for Containers Anil Degwekar What are we talking about? Containers have become popular replacing many Physical / Virtual Machine use cases But: The persistent storage problem for containers is still not fully solved

1.01k views • 17 slides
Containers in the Enterprise Avoiding the Kobayashi Maru Agenda Containers Bring Change

Containers in the Enterprise Avoiding the Kobayashi Maru Agenda Containers Bring Change

Containers in the Enterprise Avoiding the Kobayashi Maru Agenda Containers Bring Change An Approach Required Software Processes Cultural Changes Additional Concerns Lessons Learned Why This Talk? Containers are

678 views • 49 slides
Scalable Verification of Stateful Networks Aurojit Panda, Ori Lahav, Katerina Argyraki, Mooly

Scalable Verification of Stateful Networks Aurojit Panda, Ori Lahav, Katerina Argyraki, Mooly

Scalable Verification of Stateful Networks Aurojit Panda, Ori Lahav, Katerina Argyraki, Mooly Sagiv, Scott Shenker UC Berkeley, TAU, ICSI Roadmap Why consider stateful networks? The current state of stateful network verification?

1.31k views • 80 slides
Bipolar Disorder By: Cassie Schroer Bipolar disorder, formerly called manic depression,

Bipolar Disorder By: Cassie Schroer Bipolar disorder, formerly called manic depression,

Bipolar Disorder By: Cassie Schroer Bipolar disorder, formerly called manic depression, causes extreme mood swings What is it? that include emotional highs (mania or hypomania) and lows (depression). Symptoms Bipolar I disorder.

579 views • 11 slides
Probably the worlds best stateful traffic generation and analysis platform 2 1 2 4 5 3

Probably the worlds best stateful traffic generation and analysis platform 2 1 2 4 5 3

1 Probably the worlds best stateful traffic generation and analysis platform 2 1 2 4 5 3 OVERVIEW TYPES OF TESTS HARDWARE SOFTWARE KEY FEATURES LEARN MORE 3 OVERVIEW Vulcan generates stateful Ethernet traffic to analyze how

349 views • 34 slides
Exploding the Linux Container Host Presenter: Ben Corrie (@bensdoings) Containers vs VMs

Exploding the Linux Container Host Presenter: Ben Corrie (@bensdoings) Containers vs VMs

Exploding the Linux Container Host Presenter: Ben Corrie (@bensdoings) Containers vs VMs Google Wisdom: VMs and Containers are similar but different Try running containers in VMs for security Containers are best for scale-out

314 views • 17 slides
Accessing and using weather data in OCaml Hez Carty - OCaml 2013 MDA Information Systems LLC

Accessing and using weather data in OCaml Hez Carty - OCaml 2013 MDA Information Systems LLC

Accessing and using weather data in OCaml Hez Carty - OCaml 2013 MDA Information Systems LLC Weather and OCaml OCaml - why and where? Library bindings Highs and lows Why OCaml The usual reasons Functional (when you want

503 views • 13 slides
our container journey @beshippable shippable.com our container journey containers can

our container journey @beshippable shippable.com our container journey containers can

our container journey @beshippable shippable.com our container journey containers can make us way more efficient containers can save us money on hosting containers sound interesting company founded in 2013

848 views • 30 slides
Stateful Services on DC/OS Santa Clara, California | April 23th 25th, 2018 Who Am I?

Stateful Services on DC/OS Santa Clara, California | April 23th 25th, 2018 Who Am I?

Stateful Services on DC/OS Santa Clara, California | April 23th 25th, 2018 Who Am I? Shafique Hassan Solutions Architect @ Mesosphere Operator 2 Agenda DC/OS Introduction and Recap Why Stateful Services on

583 views • 29 slides
Things I Wish Id Known Rod Johnson My Journey An Unexpected Career Memorable Highs

Things I Wish Id Known Rod Johnson My Journey An Unexpected Career Memorable Highs

Things I Wish Id Known Rod Johnson My Journey An Unexpected Career Memorable Highs SpringOne 2010 Spring community: 1000 attendees Realization that my cofounders had also become good friends Changing the world

938 views • 47 slides

More recommend