Kubernetes 1.6 introduced Cluster Federation, which enables users to span clusters across on-premise datacenters, multiple cloud providers and regions. It also allows proximity to the users with geolocation based routing. Spanning multiple clusters dramatically reduces the risk of downtime, which is essential for business-critical applications. Additionally, Federation enables hybrid cloud, which many customers want, allows businesses take advantage of elastic scaling whilst obeying any regulatory restrictions associated with user data.
4. container-solutions.com info@container-solutions.com Kubernetes Federation @ ContainerConf @michmueller_
Amazon Web
Services
Feb 28, 2017
S3 outage in
us-east-1
4 hours -
estimated cost:
$310 million
https://techcrunch.com/2017/02/28/amazon-aws-s3-outage-is-breaking-things-for-a-lot-of-websites-and-apps/
5. container-solutions.com info@container-solutions.com Kubernetes Federation @ ContainerConf @michmueller_
Why such wide-spread impact?
■ Most users had all-eggs-in-one-basket design
■ Applications running from a single location
■ Stand-by just not working
6. container-solutions.com info@container-solutions.com Kubernetes Federation @ ContainerConf @michmueller_
Hybrid Cloud!
“Everything fails, all the time”.1
■ Eliminate risks associated with business continuity of a single
provider/region/failure domain
■ Achieve the needed/required uptime with operating redundantly in
multiple failure domains
1
Werner Vogels, Amazon CTO
7. container-solutions.com info@container-solutions.com Kubernetes Federation @ ContainerConf @michmueller_
“Hybrid” means...
It’s hybrid if…
■ private cloud and public cloud services are combined or multiple clouds
■ it feels like one single environment
It’s not hybrid if…
■ a few developers at a company use some public cloud services
■ you use a SaaS application with no connection to the private cloud
8. container-solutions.com info@container-solutions.com Kubernetes Federation @ ContainerConf @michmueller_
Why Kubernetes Federation ?
■ Kubernetes is vendor independent (Project under the CNCF)
■ Can run anywhere
■ Underlying infrastructure can be changed at any point in time
■ Bridges the gap between on-prem and cloud
■ Single control plane
■ Can schedule workload automatically across DC/clouds/regions/…
■ Can deal with outages of DC/clouds/regions/…
15. container-solutions.com info@container-solutions.com Kubernetes Federation @ ContainerConf @michmueller_
Kubernetes Federation
■ Application
orchestrated
across individual
clusters
■ Simple
maintenance of
clusters
■ Single federated
management
App
On PremLondon (AWS)
St. Ghislain (GCE)
App App
Global VIP
Client
16. container-solutions.com info@container-solutions.com Kubernetes Federation @ ContainerConf @michmueller_
Application Failover
■ Application is
already
distributed
(Active/Active)
■ DC is marked as
down and traffic
is routed to the
others
■ Transparent
App
London (AWS) St. Ghislain (GCE)
App App
Global VIP
Client
St. Ghislain (GCE)
18. container-solutions.com info@container-solutions.com Kubernetes Federation @ ContainerConf @michmueller_
Obeying regulatory
restrictions
App
On PremLondon (AWS) St. Ghislain (GCE)
App App
Global VIP
Client
■ Data needs to
reside in e.g. UK
■ Clusters in UK get
labeled
■ App is only
scheduled on
clusters labeled
accordingly
20. container-solutions.com info@container-solutions.com Kubernetes Federation @ ContainerConf @michmueller_
Situation
■ Operating in both the People’s Republic of China and the rest of the world
(AWS Beijing and Singapore)
■ Deal with a combination of technologies and legislative actions
■ Mitigate the potential risk of outages caused by having data centres, and
customers, on both sides of the GFW
■ Adopted containers and microservices already
■ Involved running microservices in a somewhat manual fashion across
each AWS region leveraging various scripts and tools
■ Wanted a scheduler to manage their workloads
■ Challanges: Mostly specific to the GFW
■ E.g.: Default container registries (Google) are blocked
23. container-solutions.com info@container-solutions.com Kubernetes Federation @ ContainerConf @michmueller_
Benefits
■ Run applications at global scale with a single federated view
■ Cope with failures from machine to cluster/region/provider/DC level
■ Schedule capacity based on location
■ Escape provider lock-in
28. container-solutions.com info@container-solutions.com Kubernetes Federation @ ContainerConf @michmueller_
■ Google’s Global Load Balancer
■ Ideal solution with multiple clusters on Google Cloud
■ No solution for “Hybrid Cloud” (yet)
■ Backplane.io
■ Developer focused, very very new...
■ Working Kubernetes and Docker Swarm integration
■ DNS based (e.g. AWS Route53)
■ Usual “DNS Problems”, e.g. misbehaving clients ignoring TTLs
■ Failover times dependent on DNS TTLs and intermediate caching
■ “Classic” Content Delivery Networks
■ Currently, manual configuration needed
■ Best option for Hybrid installations now
Options for global loadbalancing
29. container-solutions.com info@container-solutions.com Kubernetes Federation @ ContainerConf @michmueller_
Good practices
■ Consider eventual consistency in your architecture
■ Asynchronous writes via message queues (e.g. Event Sourcing)
■ or globally distributed databases like Google Cloud Spanner
■ Replicate blob stores over multiple regions
■ prevents problems like the S3 outage in February
31. container-solutions.com info@container-solutions.com Kubernetes Federation @ ContainerConf @michmueller_
Caveats & Limitations
■ Still under heavy development
■ Not all functionality is currently available in Federation
■ Single federated control plane
■ Increased network bandwidth and cost
■ A bug in the federation control plane could potentially impact all clusters