1. Building the Layers of the Scalable
Cluster for Containers
by Barak Michener

2. About Me
distributed systems
engineer
@barakmich
github.com/barakmich
EpicHack.com

3. https://twitter.com/gabrtv/status/539805332432637952
Good artists copy…. (or fork?)

4. the OSI Model

6. reduced API contracts
OS

7. kernel
systemd
lvm
ssh
python
java
nginx
mysql
openssl
app
distrodistrodistrodistrodistrodistrodistr

8. python
java
nginx
mysql
openssl
app
distrodistrodistrodistrodistrodistrodistr
kernel
systemd
lvm
ssh

9. python
openssl-A
app1
distrodistrodistrodistrodistrodistrodistr java
openssl-B
app2
java
openssl-B
app3
kernel
systemd
lvm
ssh

10. super-powers
OS

11. Opportunity for automatic updates.
Consistent set of software across hosts.
Base OS independent from app.

13. design for host failure
clustering

14. etcd

15. /etc
distributed
(or daemon?)

16. open source software
sequentially consistent
exposed via HTTP
runtime reconfigurable

17. Available

18. Available

19. Available

20. Unavailable

21. Available
Leader
Follower

22. Leader
Follower
Available

23. Leader
Follower
Temporarily Unavailable

24. Leader
Follower
Available

25. 1 2 3 4
{Log

26. 1 2 3 4
Entries

27. 1 2 3 4
Indexes

28. Sequential Consistency
Operations* are atomically executed in the
same sequential order on all machines.

29. 1
1
1
2
Pet=dog
Pet=cat
Pet=cat
1
2
PUT Pet = cat
PUT Pet = dog

30. 1
1
1
2
2
1
2
PUT Pet = cat
PUT Pet = dog
Pet=dog
Pet=dog
Pet=cat

31. 1
1
1
2
2
2
1
2
PUT Pet = cat
PUT Pet = dog
Pet=dog
Pet=dog
Pet=dog

32. Sequential Consistency
Real-time

33. 1
1
1
2
GET Pet @ 10:00.0 -> 1[cat]!?
GET Pet @ 10:00.0 -> 2[dog]
2

34. 1
1
1
2
2
2
GET Pet @ 10:00.1 -> 1[dog]

35. Sequential Consistency
Index Time

36. 1
1
1
2
GET Pet @ 2 -> blocking
GET Pet @ 2 -> 2[dog]
2

37. 1
1
1
2
GET Pet @ 2 -> 2[dog]
2
2

38. etcd guarantees that a get at
index X will always return the
same result.
Avoid thinking in terms of real time because with network
latency the result is always out-of-date.

39. Quorum GETs
GET via Raft

40. 1
1
1
2
2

41. 1
1
1
2
QGET A
2

42. 1
1
1
2
QGET A -> 2[dog]
2
2

43. 1
1
1
2
QGET A -> 2[dog]
2
2
3
3

44. https://aphyr.com/posts/313-strong-
consistency-models

45. super-powers
etcd

46. Share configuration data across hosts.
Resilient to host failures.
Designed for consistency across hosts.

48. what can we build
together?
cluster
resources

49. We have some important primitives
now
What cluster-wide services can we
provide?
Network, Disk, Compute (kublets)
Personal opinion: ls /dev

51. super-powers
flannel

52. Partition a IP range -- hand out an IP to
each container (consistently)
Speed! (Avoiding userspace is good)

54. getting work to servers
orchestration

55. You
Orchestrator API
Scheduler, Network, NS
Machine(s)

56. while true {
todo = diff(desState, curState)
schedule(todo)
}

57. while true {
todo = diff(desState, curState)
schedule(todo)
}

58. while true {
todo = diff(desState, curState)
schedule(todo)
}

59. while true {
todo = diff(desState, curState)
schedule(todo)
}

61. fleet
mesos
kubernetes
swarm
job scheduling

62. super-powers
orchestration

63. Think about app capacity first.
Take advantage of
compute/memory/disk/network
resources.
Build on etcd resilience to host failure.

65. run and isolate apps
containers

66. what is it exactly?
containers

67. Containers
Userspace Tarballs

68. libc
python
django
app.py
example.com/myapp
"Lifts" myapp from the OS into Layer 6

69. $ container fetch example.com/myapp
$ container run example.com/myapp
Pull from layer 6
Invoke in layer 2

70. pid ns
isolated pid 1

71. user ns
isolated uid 0

72. network ns
isolated netdev

73. mount ns
isolated /

74. cgroups
manage resources

75. cgroups
count resources

76. cgroups
limit resources

77. how are they created?
containers

80. Application (you, MySQL, ElasticSearch)Layer 3
Linux Distro (Ubuntu, Red Hat, CentOS)Layer 2
Physical (Bare Metal, OpenStack, AWS, DO)Layer 1
revisiting today’s Model

81. App MySQL
ElasticSearch

82. App MySQL
ElasticSearch

83. a Cluster

84. a Cluster

85. a Cluster

86. a Cluster

87. @coreoslinux