SlideShare a Scribd company logo

kubernetes_largescale_system_design_optimization

RaviShankar KS
RaviShankar KS

The document discusses optimizations and design considerations for running Kubernetes clusters at large scale. It outlines Kubernetes system components like the API server, etcd, and controller manager and discusses tuning parameters for high availability and performance. It also covers capacity allocation, auto-scaling, monitoring, lessons learned, and answers to questions.

Engineering
1 of 21
Download to read offline
Optimizations and design considerations for Kubernetes cluster for Large Scale RaviShankar KS Aug, 2019 1
Outline 2 • Expectations • Deep Dive • K8s components overview • SLAs and tuning • Dynamic Autoscaling • Monitoring • Few more Lessons Learnt trivia of interesting use-cases and solution • Q&A
Expectations 3 Container Management Spawn pods with varied container runtimes Scale on demand Resource scheduling and prioritization Run multiple instances of deployments Hybrid cloud presence Heterogeneous workloads
4 https://docs.google.com/presentation/d/1H4ywDb4vAJeg8KEjpYfhNqFSig0Q8e_X5I36kM9S6q0/pub?start=false&loop=false&delayms=3000&slide=id.gb2c433030_2_62
Kubernetes system components 5 apiserver Security • Admission Control – RBAC • Authentication Objects • Caching • Validation • CRUD operations Docker containers • Logging • Exec etcd • Persistent Key value store • Needs Quorum/Lead er to operate Controller manager • Watch/List k8s resources • Uses Apiserver • Moves resources from current state to desired state Scheduler • Watch Pending pods • Eliminate nodes which are not fit for request to be fulfilled • Rank Nodes Kubelet + kube- proxy • Node Level admission control • Communicate with container through CRI • Node metrics • Report readiness / liveness kube-proxy • Update iptables with service endpoints
• Keep K8s production grade and always running – Parameter tuning and trade-offs – Process panic – Node issues opportunities for optimization 6
7 apiserver # of k8s master nodes 3-4 Multi-zonal Rate limit --max-requests-inflight [400] Choosing the correct Storage backend [etcd3] Feature gates cpumanager debugcontainer Caching --target-ram-mb --event-ttl --audit-log-maxage Auditing --auditing* # requests to etcd --etcd-count-metric-poll-period duration etcd --etcd-compaction-interval Expose Kubernetes service --kubernetes-service-node-port Parameter tuning
8 Node Level • Docker daemon hangs • Kernel crashes • Kubelet crash Cron jobs Monitoring read-only-port [10250] Docker fs issues use overlay2 Port conflicts net.ipv4.ip_local_port_ran ge = [32768 61000] net.ipv4.ip_local_reserved _ports = [30000 – 32000] general Networking choices Calico / Flannel controller manager Node monitoring --node-monitor-period --node-monitor-grace-period Parallelism – number of workers --concurrent* Caching *cache-size* Rate limit --kube-api-qps --kube-api—burst GC --terminated-pod-gc- threshold etcd Quorum size 3,5,7 Multi-zonal etcd sync ETCD_ELECTION_TIMEOU T ETCD_HEARTBEAT_INTERV AL Parameter tuning
• Capacity Allocation – granularize minions into flavors to avoid node wastage, reduce cost • Auto-scaling for public cloud (Azure / GCP) – Modify kubernetes cluster-autoscaler for node autoscaling – Observe Pitfalls of API usage and rate limiting • Logging / monitoring – Every metric matters opportunities for optimization 9
Capacity Allocation and autoscaling 10
Walmart Labs – Privileged and Confidential11 Monitoring Application Monitoring 1. API calls 2. DB conn 3. Health Node/VM Monitoring 1. Disk Space 2. Disk Mounts Device Monitoring 1. GPU 2. CPU/Memory 3. Disk IO Cluster Monitoring 1. ApiServer 2. Controller 3. Scheduler 4. Kubelet 5. Etcd 6. DB Health
Search for patterns .... 12
Search for patterns .... 13
More lessons learnt.... 14 • Using managed platforms – know limits • IP space restrictions over vpc • Image prepulls – not supported with coreos (GCE) • Limits for # pods, # node-groups not documented • For persistent external storage • Using mount propagation technique • Kubernetes Volume Types • Multi-zonal or multi-regional cluster setup for HA • IP CIDR Allocation • Avoid conflicts • Keep room for long term increase in pods/services • Using ingress endpoints – avoid more number of NodePorts/ClusterIP service types
Q&A 15
References Walmart Labs – Privileged and Confidential16 • https://www.slideshare.net/harryzhang735/kubernetes-beyond-a-black-box-part-1 • https://www.slideshare.net/harryzhang735/kubernetes-beyond-a-black-box-part-2 • https://www.slideshare.net/applatix/webcast-making-kubernetes-production-ready-78130374 • https://www.slideshare.net/LCChina/scale-kubernetes-to-support-50000-services • https://unix.stackexchange.com/questions/111858/randomizing-the-source-port-for-new- connections/111869#111869
Addendum slides 17
Why kubernetes .... Design considerations / Features Kubernetes Docker Swarm Open Source Highly modularized with tons of plugins Less modularized Stable setup in hybrid clouds Highly stable, if configured with correct settings for individual components Limited Fault Tolerance. X Scale On-demand Cluster-autoscaler module Not natively supported X Resource scheduling and prioritization Native support Native support Heterogeneous workloads NVIDIA plugins available Lot of scripting Effort X Run multiple replicas with HA Available as deployments Native support Access Control Native RBAC support Only available in EE X Other features – privileged mode, mount propagation, NFS support, cpu pinning Natively supported or plugins available Complex to setup X Support base Large active community Not much traction , though still pursued. X Learning curve Steep learning curve during setup/maintenance phase Fully Integrated to docker Engine/CLI Upgrade to higher versions Not Easy Easy to upgrade Post setup maintenance phase Various choices for logging and monitoring 3rd party only
Logging 19 Notify • Log from: • Application logs • microservice logs • Nodes • /var/log/messages • /var/log/cron • /var/log/secure • Kube system logs • Apiserver • Controller • Kubelet etc
More Lessons Learnt 20 • Why not use GKE ?? • IP space restrictions • Image prepulls – not supported with coreos • GCS mounts on GPU • Use mount propagation • Multi-zonal or multi-regional cluster setup for HA • IP CIDR Allocation • Avoid conflicts • Keep room for long term increase in pods/services
Kubernetes Internals 21

Recommended

Managing Infrastructure for Machine Learning Platform at Walmart scale - Usin...
Managing Infrastructure for Machine Learning Platform at Walmart scale - Usin...Managing Infrastructure for Machine Learning Platform at Walmart scale - Usin...
Managing Infrastructure for Machine Learning Platform at Walmart scale - Usin...
RaviShankar KS
 
Using next gen storage in Cloudstack
Using next gen storage in CloudstackUsing next gen storage in Cloudstack
Using next gen storage in Cloudstack
ShapeBlue
 
Introduction to CloudStack Storage Subsystem
Introduction to CloudStack Storage SubsystemIntroduction to CloudStack Storage Subsystem
Introduction to CloudStack Storage Subsystem
buildacloud
 
Highly scalable caching service on cloud - Redis
Highly scalable caching service on cloud - RedisHighly scalable caching service on cloud - Redis
Highly scalable caching service on cloud - Redis
Krishna-Kumar
 
Persistent Storage for Containerized Applications
Persistent Storage for Containerized ApplicationsPersistent Storage for Containerized Applications
Persistent Storage for Containerized Applications
Colleen Corrice
 
K8S in prod
K8S in prodK8S in prod
K8S in prod
Mageshwaran Rajendran
 
Kubernetes – An open platform for container orchestration
Kubernetes – An open platform for container orchestrationKubernetes – An open platform for container orchestration
Kubernetes – An open platform for container orchestration
inovex GmbH
 
Introduction to container mangement
Introduction to container mangementIntroduction to container mangement
Introduction to container mangement
Martin Marcher
 

Recommended

Managing Infrastructure for Machine Learning Platform at Walmart scale - Usin...
Managing Infrastructure for Machine Learning Platform at Walmart scale - Usin...Managing Infrastructure for Machine Learning Platform at Walmart scale - Usin...
Managing Infrastructure for Machine Learning Platform at Walmart scale - Usin...
RaviShankar KS
 
Using next gen storage in Cloudstack
Using next gen storage in CloudstackUsing next gen storage in Cloudstack
Using next gen storage in Cloudstack
ShapeBlue
 
Introduction to CloudStack Storage Subsystem
Introduction to CloudStack Storage SubsystemIntroduction to CloudStack Storage Subsystem
Introduction to CloudStack Storage Subsystem
buildacloud
 
Highly scalable caching service on cloud - Redis
Highly scalable caching service on cloud - RedisHighly scalable caching service on cloud - Redis
Highly scalable caching service on cloud - Redis
Krishna-Kumar
 
Persistent Storage for Containerized Applications
Persistent Storage for Containerized ApplicationsPersistent Storage for Containerized Applications
Persistent Storage for Containerized Applications
Colleen Corrice
 
K8S in prod
K8S in prodK8S in prod
K8S in prod
Mageshwaran Rajendran
 
Kubernetes – An open platform for container orchestration
Kubernetes – An open platform for container orchestrationKubernetes – An open platform for container orchestration
Kubernetes – An open platform for container orchestration
inovex GmbH
 
Introduction to container mangement
Introduction to container mangementIntroduction to container mangement
Introduction to container mangement
Martin Marcher
 
Gocd – Kubernetes/Nomad Continuous Deployment
Gocd – Kubernetes/Nomad Continuous DeploymentGocd – Kubernetes/Nomad Continuous Deployment
Gocd – Kubernetes/Nomad Continuous Deployment
Leandro Totino Pereira
 
Cloud - High Availability @ Low Cost - Workshop - Gurpreet ahuja
Cloud - High Availability @ Low Cost - Workshop - Gurpreet ahujaCloud - High Availability @ Low Cost - Workshop - Gurpreet ahuja
Cloud - High Availability @ Low Cost - Workshop - Gurpreet ahuja
ResellerClub
 
Java scalability considerations yogesh deshpande
Java scalability considerations yogesh deshpandeJava scalability considerations yogesh deshpande
Java scalability considerations yogesh deshpande
IndicThreads
 
Road to cloud-iaas
Road to cloud-iaasRoad to cloud-iaas
Road to cloud-iaas
Hatem Al Sum
 
Kubernetes and Nested Containers: Enhanced 3 Ps (Performance, Price and Provi...
Kubernetes and Nested Containers: Enhanced 3 Ps (Performance, Price and Provi...Kubernetes and Nested Containers: Enhanced 3 Ps (Performance, Price and Provi...
Kubernetes and Nested Containers: Enhanced 3 Ps (Performance, Price and Provi...
Jelastic Multi-Cloud PaaS
 
Introduction to Container Storage Interface (CSI)
Introduction to Container Storage Interface (CSI)Introduction to Container Storage Interface (CSI)
Introduction to Container Storage Interface (CSI)
Idan Atias
 
Cloud Native Patterns
Cloud Native PatternsCloud Native Patterns
Cloud Native Patterns
Bilgin Ibryam
 
Jelastic Overview
Jelastic OverviewJelastic Overview
Jelastic Overview
Jelastic Multi-Cloud PaaS
 
Introducing Kubestr - A New Way to Explore Your Kubernetes Storage Options
Introducing Kubestr - A New Way to Explore Your Kubernetes Storage OptionsIntroducing Kubestr - A New Way to Explore Your Kubernetes Storage Options
Introducing Kubestr - A New Way to Explore Your Kubernetes Storage Options
LibbySchulze
 
A curtain-raiser to the container world Docker & Kubernetes
A curtain-raiser to the container world Docker & KubernetesA curtain-raiser to the container world Docker & Kubernetes
A curtain-raiser to the container world Docker & Kubernetes
zekeLabs Technologies
 
Machine learning at scale - Webinar By zekeLabs
Machine learning at scale - Webinar By zekeLabsMachine learning at scale - Webinar By zekeLabs
Machine learning at scale - Webinar By zekeLabs
zekeLabs Technologies
 
Top aos services v 2.0.1
Top aos services v 2.0.1Top aos services v 2.0.1
Top aos services v 2.0.1
DhirendraKumar944320
 
OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...
OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...
OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...
NETWAYS
 
Cloud Native PostgreSQL
Cloud Native PostgreSQLCloud Native PostgreSQL
Cloud Native PostgreSQL
EDB
 
Storage os kubernetes clusters need persistent data
Storage os kubernetes clusters need persistent dataStorage os kubernetes clusters need persistent data
Storage os kubernetes clusters need persistent data
LibbySchulze
 
Persist your data in an ephemeral k8 ecosystem
Persist your data in an ephemeral k8 ecosystemPersist your data in an ephemeral k8 ecosystem
Persist your data in an ephemeral k8 ecosystem
LibbySchulze
 
WSO2Con USA 2017: Scalable Real-time Complex Event Processing at Uber
WSO2Con USA 2017: Scalable Real-time Complex Event Processing at UberWSO2Con USA 2017: Scalable Real-time Complex Event Processing at Uber
WSO2Con USA 2017: Scalable Real-time Complex Event Processing at Uber
WSO2
 
Design Choices for Cloud Data Platforms
Design Choices for Cloud Data PlatformsDesign Choices for Cloud Data Platforms
Design Choices for Cloud Data Platforms
Ashish Mrig
 
Jelastic Features 2.x
Jelastic Features 2.xJelastic Features 2.x
Jelastic Features 2.x
Ruslan Synytsky
 
The Analytic Platform behind IBM’s Watson Data Platform - Big Data Spain 2017
The Analytic Platform behind IBM’s Watson Data Platform - Big Data Spain 2017The Analytic Platform behind IBM’s Watson Data Platform - Big Data Spain 2017
The Analytic Platform behind IBM’s Watson Data Platform - Big Data Spain 2017
Luciano Resende
 
Centralizing Kubernetes and Container Operations
Centralizing Kubernetes and Container OperationsCentralizing Kubernetes and Container Operations
Centralizing Kubernetes and Container Operations
Kublr
 
Best practices in Deploying SUSE CaaS Platform v3
Best practices in Deploying SUSE CaaS Platform v3Best practices in Deploying SUSE CaaS Platform v3
Best practices in Deploying SUSE CaaS Platform v3
Juan Herrera Utande
 

More Related Content

What's hot

Gocd – Kubernetes/Nomad Continuous Deployment
Gocd – Kubernetes/Nomad Continuous DeploymentGocd – Kubernetes/Nomad Continuous Deployment
Gocd – Kubernetes/Nomad Continuous Deployment
Leandro Totino Pereira
 
Cloud - High Availability @ Low Cost - Workshop - Gurpreet ahuja
Cloud - High Availability @ Low Cost - Workshop - Gurpreet ahujaCloud - High Availability @ Low Cost - Workshop - Gurpreet ahuja
Cloud - High Availability @ Low Cost - Workshop - Gurpreet ahuja
ResellerClub
 
Java scalability considerations yogesh deshpande
Java scalability considerations yogesh deshpandeJava scalability considerations yogesh deshpande
Java scalability considerations yogesh deshpande
IndicThreads
 
Road to cloud-iaas
Road to cloud-iaasRoad to cloud-iaas
Road to cloud-iaas
Hatem Al Sum
 
Kubernetes and Nested Containers: Enhanced 3 Ps (Performance, Price and Provi...
Kubernetes and Nested Containers: Enhanced 3 Ps (Performance, Price and Provi...Kubernetes and Nested Containers: Enhanced 3 Ps (Performance, Price and Provi...
Kubernetes and Nested Containers: Enhanced 3 Ps (Performance, Price and Provi...
Jelastic Multi-Cloud PaaS
 
Introduction to Container Storage Interface (CSI)
Introduction to Container Storage Interface (CSI)Introduction to Container Storage Interface (CSI)
Introduction to Container Storage Interface (CSI)
Idan Atias
 
Cloud Native Patterns
Cloud Native PatternsCloud Native Patterns
Cloud Native Patterns
Bilgin Ibryam
 
Jelastic Overview
Jelastic OverviewJelastic Overview
Jelastic Overview
Jelastic Multi-Cloud PaaS
 
Introducing Kubestr - A New Way to Explore Your Kubernetes Storage Options
Introducing Kubestr - A New Way to Explore Your Kubernetes Storage OptionsIntroducing Kubestr - A New Way to Explore Your Kubernetes Storage Options
Introducing Kubestr - A New Way to Explore Your Kubernetes Storage Options
LibbySchulze
 
A curtain-raiser to the container world Docker & Kubernetes
A curtain-raiser to the container world Docker & KubernetesA curtain-raiser to the container world Docker & Kubernetes
A curtain-raiser to the container world Docker & Kubernetes
zekeLabs Technologies
 
Machine learning at scale - Webinar By zekeLabs
Machine learning at scale - Webinar By zekeLabsMachine learning at scale - Webinar By zekeLabs
Machine learning at scale - Webinar By zekeLabs
zekeLabs Technologies
 
Top aos services v 2.0.1
Top aos services v 2.0.1Top aos services v 2.0.1
Top aos services v 2.0.1
DhirendraKumar944320
 
OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...
OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...
OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...
NETWAYS
 
Cloud Native PostgreSQL
Cloud Native PostgreSQLCloud Native PostgreSQL
Cloud Native PostgreSQL
EDB
 
Storage os kubernetes clusters need persistent data
Storage os kubernetes clusters need persistent dataStorage os kubernetes clusters need persistent data
Storage os kubernetes clusters need persistent data
LibbySchulze
 
Persist your data in an ephemeral k8 ecosystem
Persist your data in an ephemeral k8 ecosystemPersist your data in an ephemeral k8 ecosystem
Persist your data in an ephemeral k8 ecosystem
LibbySchulze
 
WSO2Con USA 2017: Scalable Real-time Complex Event Processing at Uber
WSO2Con USA 2017: Scalable Real-time Complex Event Processing at UberWSO2Con USA 2017: Scalable Real-time Complex Event Processing at Uber
WSO2Con USA 2017: Scalable Real-time Complex Event Processing at Uber
WSO2
 
Design Choices for Cloud Data Platforms
Design Choices for Cloud Data PlatformsDesign Choices for Cloud Data Platforms
Design Choices for Cloud Data Platforms
Ashish Mrig
 
Jelastic Features 2.x
Jelastic Features 2.xJelastic Features 2.x
Jelastic Features 2.x
Ruslan Synytsky
 
The Analytic Platform behind IBM’s Watson Data Platform - Big Data Spain 2017
The Analytic Platform behind IBM’s Watson Data Platform - Big Data Spain 2017The Analytic Platform behind IBM’s Watson Data Platform - Big Data Spain 2017
The Analytic Platform behind IBM’s Watson Data Platform - Big Data Spain 2017
Luciano Resende
 

What's hot (20)

Gocd – Kubernetes/Nomad Continuous Deployment
Gocd – Kubernetes/Nomad Continuous DeploymentGocd – Kubernetes/Nomad Continuous Deployment
Gocd – Kubernetes/Nomad Continuous Deployment
 
Cloud - High Availability @ Low Cost - Workshop - Gurpreet ahuja
Cloud - High Availability @ Low Cost - Workshop - Gurpreet ahujaCloud - High Availability @ Low Cost - Workshop - Gurpreet ahuja
Cloud - High Availability @ Low Cost - Workshop - Gurpreet ahuja
 
Java scalability considerations yogesh deshpande
Java scalability considerations yogesh deshpandeJava scalability considerations yogesh deshpande
Java scalability considerations yogesh deshpande
 
Road to cloud-iaas
Road to cloud-iaasRoad to cloud-iaas
Road to cloud-iaas
 
Kubernetes and Nested Containers: Enhanced 3 Ps (Performance, Price and Provi...
Kubernetes and Nested Containers: Enhanced 3 Ps (Performance, Price and Provi...Kubernetes and Nested Containers: Enhanced 3 Ps (Performance, Price and Provi...
Kubernetes and Nested Containers: Enhanced 3 Ps (Performance, Price and Provi...
 
Introduction to Container Storage Interface (CSI)
Introduction to Container Storage Interface (CSI)Introduction to Container Storage Interface (CSI)
Introduction to Container Storage Interface (CSI)
 
Cloud Native Patterns
Cloud Native PatternsCloud Native Patterns
Cloud Native Patterns
 
Jelastic Overview
Jelastic OverviewJelastic Overview
Jelastic Overview
 
Introducing Kubestr - A New Way to Explore Your Kubernetes Storage Options
Introducing Kubestr - A New Way to Explore Your Kubernetes Storage OptionsIntroducing Kubestr - A New Way to Explore Your Kubernetes Storage Options
Introducing Kubestr - A New Way to Explore Your Kubernetes Storage Options
 
A curtain-raiser to the container world Docker & Kubernetes
A curtain-raiser to the container world Docker & KubernetesA curtain-raiser to the container world Docker & Kubernetes
A curtain-raiser to the container world Docker & Kubernetes
 
Machine learning at scale - Webinar By zekeLabs
Machine learning at scale - Webinar By zekeLabsMachine learning at scale - Webinar By zekeLabs
Machine learning at scale - Webinar By zekeLabs
 
Top aos services v 2.0.1
Top aos services v 2.0.1Top aos services v 2.0.1
Top aos services v 2.0.1
 
OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...
OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...
OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...
 
Cloud Native PostgreSQL
Cloud Native PostgreSQLCloud Native PostgreSQL
Cloud Native PostgreSQL
 
Storage os kubernetes clusters need persistent data
Storage os kubernetes clusters need persistent dataStorage os kubernetes clusters need persistent data
Storage os kubernetes clusters need persistent data
 
Persist your data in an ephemeral k8 ecosystem
Persist your data in an ephemeral k8 ecosystemPersist your data in an ephemeral k8 ecosystem
Persist your data in an ephemeral k8 ecosystem
 
WSO2Con USA 2017: Scalable Real-time Complex Event Processing at Uber
WSO2Con USA 2017: Scalable Real-time Complex Event Processing at UberWSO2Con USA 2017: Scalable Real-time Complex Event Processing at Uber
WSO2Con USA 2017: Scalable Real-time Complex Event Processing at Uber
 
Design Choices for Cloud Data Platforms
Design Choices for Cloud Data PlatformsDesign Choices for Cloud Data Platforms
Design Choices for Cloud Data Platforms
 
Jelastic Features 2.x
Jelastic Features 2.xJelastic Features 2.x
Jelastic Features 2.x
 
The Analytic Platform behind IBM’s Watson Data Platform - Big Data Spain 2017
The Analytic Platform behind IBM’s Watson Data Platform - Big Data Spain 2017The Analytic Platform behind IBM’s Watson Data Platform - Big Data Spain 2017
The Analytic Platform behind IBM’s Watson Data Platform - Big Data Spain 2017
 

Similar to kubernetes_largescale_system_design_optimization

Centralizing Kubernetes and Container Operations
Centralizing Kubernetes and Container OperationsCentralizing Kubernetes and Container Operations
Centralizing Kubernetes and Container Operations
Kublr
 
Best practices in Deploying SUSE CaaS Platform v3
Best practices in Deploying SUSE CaaS Platform v3Best practices in Deploying SUSE CaaS Platform v3
Best practices in Deploying SUSE CaaS Platform v3
Juan Herrera Utande
 
Google Kubernetes Engine Deep Dive Meetup
Google Kubernetes Engine Deep Dive MeetupGoogle Kubernetes Engine Deep Dive Meetup
Google Kubernetes Engine Deep Dive Meetup
Iftach Schonbaum
 
Private Cloud with Open Stack, Docker
Private Cloud with Open Stack, DockerPrivate Cloud with Open Stack, Docker
Private Cloud with Open Stack, Docker
Davinder Kohli
 
Lc3 beijing-june262018-sahdev zala-guangya
Lc3 beijing-june262018-sahdev zala-guangyaLc3 beijing-june262018-sahdev zala-guangya
Lc3 beijing-june262018-sahdev zala-guangya
Sahdev Zala
 
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&TCloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T
ShapeBlue
 
Production grade edge computing on Kubernetes OSS EU 2018
Production grade edge computing on Kubernetes OSS EU 2018Production grade edge computing on Kubernetes OSS EU 2018
Production grade edge computing on Kubernetes OSS EU 2018
Steve Wong
 
Aliaba Cloud Singapore Meetup- ECS Deep Dive
Aliaba Cloud Singapore Meetup- ECS Deep DiveAliaba Cloud Singapore Meetup- ECS Deep Dive
Aliaba Cloud Singapore Meetup- ECS Deep Dive
Chirag Nayyar
 
Introduction to rook
Introduction to rookIntroduction to rook
Introduction to rook
Rohan Gupta
 
Climb Technical Overview
Climb Technical OverviewClimb Technical Overview
Climb Technical Overview
Arif Ali
 
Kubernetes stack reliability
Kubernetes stack reliabilityKubernetes stack reliability
Kubernetes stack reliability
Oleg Chunikhin
 
How Self-Healing Nodes and Infrastructure Management Impact Reliability
How Self-Healing Nodes and Infrastructure Management Impact ReliabilityHow Self-Healing Nodes and Infrastructure Management Impact Reliability
How Self-Healing Nodes and Infrastructure Management Impact Reliability
Kublr
 
Accelerate Application Innovation Journey with Azure Kubernetes Service
Accelerate Application Innovation Journey with Azure Kubernetes Service Accelerate Application Innovation Journey with Azure Kubernetes Service
Accelerate Application Innovation Journey with Azure Kubernetes Service
WinWire Technologies Inc
 
More Cache for Less Cash (DevLink 2014)
More Cache for Less Cash (DevLink 2014)More Cache for Less Cash (DevLink 2014)
More Cache for Less Cash (DevLink 2014)
Michael Collier
 
Simplify Your Way To Expert Kubernetes Management
Simplify Your Way To Expert Kubernetes ManagementSimplify Your Way To Expert Kubernetes Management
Simplify Your Way To Expert Kubernetes Management
DevOps.com
 
Red Hat Storage Day LA - Persistent Storage for Linux Containers
Red Hat Storage Day LA - Persistent Storage for Linux Containers Red Hat Storage Day LA - Persistent Storage for Linux Containers
Red Hat Storage Day LA - Persistent Storage for Linux Containers
Red_Hat_Storage
 
Red Hat Storage Day Atlanta - Persistent Storage for Linux Containers
Red Hat Storage Day Atlanta - Persistent Storage for Linux Containers Red Hat Storage Day Atlanta - Persistent Storage for Linux Containers
Red Hat Storage Day Atlanta - Persistent Storage for Linux Containers
Red_Hat_Storage
 
From Containerized Application to Secure and Scaling With Kubernetes
From Containerized Application to Secure and Scaling With KubernetesFrom Containerized Application to Secure and Scaling With Kubernetes
From Containerized Application to Secure and Scaling With Kubernetes
Shikha Srivastava
 
Securing and Automating Kubernetes with Kyverno
Securing and Automating Kubernetes with KyvernoSecuring and Automating Kubernetes with Kyverno
Securing and Automating Kubernetes with Kyverno
Saim Safder
 
Red Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShiftRed Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShift
Kangaroot
 

Similar to kubernetes_largescale_system_design_optimization (20)

Centralizing Kubernetes and Container Operations
Centralizing Kubernetes and Container OperationsCentralizing Kubernetes and Container Operations
Centralizing Kubernetes and Container Operations
 
Best practices in Deploying SUSE CaaS Platform v3
Best practices in Deploying SUSE CaaS Platform v3Best practices in Deploying SUSE CaaS Platform v3
Best practices in Deploying SUSE CaaS Platform v3
 
Google Kubernetes Engine Deep Dive Meetup
Google Kubernetes Engine Deep Dive MeetupGoogle Kubernetes Engine Deep Dive Meetup
Google Kubernetes Engine Deep Dive Meetup
 
Private Cloud with Open Stack, Docker
Private Cloud with Open Stack, DockerPrivate Cloud with Open Stack, Docker
Private Cloud with Open Stack, Docker
 
Lc3 beijing-june262018-sahdev zala-guangya
Lc3 beijing-june262018-sahdev zala-guangyaLc3 beijing-june262018-sahdev zala-guangya
Lc3 beijing-june262018-sahdev zala-guangya
 
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&TCloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T
 
Production grade edge computing on Kubernetes OSS EU 2018
Production grade edge computing on Kubernetes OSS EU 2018Production grade edge computing on Kubernetes OSS EU 2018
Production grade edge computing on Kubernetes OSS EU 2018
 
Aliaba Cloud Singapore Meetup- ECS Deep Dive
Aliaba Cloud Singapore Meetup- ECS Deep DiveAliaba Cloud Singapore Meetup- ECS Deep Dive
Aliaba Cloud Singapore Meetup- ECS Deep Dive
 
Introduction to rook
Introduction to rookIntroduction to rook
Introduction to rook
 
Climb Technical Overview
Climb Technical OverviewClimb Technical Overview
Climb Technical Overview
 
Kubernetes stack reliability
Kubernetes stack reliabilityKubernetes stack reliability
Kubernetes stack reliability
 
How Self-Healing Nodes and Infrastructure Management Impact Reliability
How Self-Healing Nodes and Infrastructure Management Impact ReliabilityHow Self-Healing Nodes and Infrastructure Management Impact Reliability
How Self-Healing Nodes and Infrastructure Management Impact Reliability
 
Accelerate Application Innovation Journey with Azure Kubernetes Service
Accelerate Application Innovation Journey with Azure Kubernetes Service Accelerate Application Innovation Journey with Azure Kubernetes Service
Accelerate Application Innovation Journey with Azure Kubernetes Service
 
More Cache for Less Cash (DevLink 2014)
More Cache for Less Cash (DevLink 2014)More Cache for Less Cash (DevLink 2014)
More Cache for Less Cash (DevLink 2014)
 
Simplify Your Way To Expert Kubernetes Management
Simplify Your Way To Expert Kubernetes ManagementSimplify Your Way To Expert Kubernetes Management
Simplify Your Way To Expert Kubernetes Management
 
Red Hat Storage Day LA - Persistent Storage for Linux Containers
Red Hat Storage Day LA - Persistent Storage for Linux Containers Red Hat Storage Day LA - Persistent Storage for Linux Containers
Red Hat Storage Day LA - Persistent Storage for Linux Containers
 
Red Hat Storage Day Atlanta - Persistent Storage for Linux Containers
Red Hat Storage Day Atlanta - Persistent Storage for Linux Containers Red Hat Storage Day Atlanta - Persistent Storage for Linux Containers
Red Hat Storage Day Atlanta - Persistent Storage for Linux Containers
 
From Containerized Application to Secure and Scaling With Kubernetes
From Containerized Application to Secure and Scaling With KubernetesFrom Containerized Application to Secure and Scaling With Kubernetes
From Containerized Application to Secure and Scaling With Kubernetes
 
Securing and Automating Kubernetes with Kyverno
Securing and Automating Kubernetes with KyvernoSecuring and Automating Kubernetes with Kyverno
Securing and Automating Kubernetes with Kyverno
 
Red Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShiftRed Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShift
 

Recently uploaded

SCALING OF MOS CIRCUITS m .pptx
SCALING OF MOS CIRCUITS m .pptxSCALING OF MOS CIRCUITS m .pptx
SCALING OF MOS CIRCUITS m .pptx
harshapolam10
 
一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理
uqyfuc
 
AI-Based Home Security System : Home security
AI-Based Home Security System : Home securityAI-Based Home Security System : Home security
AI-Based Home Security System : Home security
AIRCC Publishing Corporation
 
SENTIMENT ANALYSIS ON PPT AND Project template_.pptx
SENTIMENT ANALYSIS ON PPT AND Project template_.pptxSENTIMENT ANALYSIS ON PPT AND Project template_.pptx
SENTIMENT ANALYSIS ON PPT AND Project template_.pptx
b0754201
 
一比一原版(uofo毕业证书)美国俄勒冈大学毕业证如何办理
一比一原版(uofo毕业证书)美国俄勒冈大学毕业证如何办理一比一原版(uofo毕业证书)美国俄勒冈大学毕业证如何办理
一比一原版(uofo毕业证书)美国俄勒冈大学毕业证如何办理
upoux
 
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
Gino153088
 
TIME TABLE MANAGEMENT SYSTEM testing.pptx
TIME TABLE MANAGEMENT SYSTEM testing.pptxTIME TABLE MANAGEMENT SYSTEM testing.pptx
TIME TABLE MANAGEMENT SYSTEM testing.pptx
CVCSOfficial
 
Call For Paper -3rd International Conference on Artificial Intelligence Advan...
Call For Paper -3rd International Conference on Artificial Intelligence Advan...Call For Paper -3rd International Conference on Artificial Intelligence Advan...
Call For Paper -3rd International Conference on Artificial Intelligence Advan...
ijseajournal
 
Transformers design and coooling methods
Transformers design and coooling methodsTransformers design and coooling methods
Transformers design and coooling methods
Roger Rozario
 
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...
Transcat
 
Pressure Relief valve used in flow line to release the over pressure at our d...
Pressure Relief valve used in flow line to release the over pressure at our d...Pressure Relief valve used in flow line to release the over pressure at our d...
Pressure Relief valve used in flow line to release the over pressure at our d...
cannyengineerings
 
Applications of artificial Intelligence in Mechanical Engineering.pdf
Applications of artificial Intelligence in Mechanical Engineering.pdfApplications of artificial Intelligence in Mechanical Engineering.pdf
Applications of artificial Intelligence in Mechanical Engineering.pdf
Atif Razi
 
An Introduction to the Compiler Designss
An Introduction to the Compiler DesignssAn Introduction to the Compiler Designss
An Introduction to the Compiler Designss
ElakkiaU
 
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELDEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
ijaia
 
Open Channel Flow: fluid flow with a free surface
Open Channel Flow: fluid flow with a free surfaceOpen Channel Flow: fluid flow with a free surface
Open Channel Flow: fluid flow with a free surface
Indrajeet sahu
 
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
Paris Salesforce Developer Group
 
Height and depth gauge linear metrology.pdf
Height and depth gauge linear metrology.pdfHeight and depth gauge linear metrology.pdf
Height and depth gauge linear metrology.pdf
q30122000
 
smart pill dispenser is designed to improve medication adherence and safety f...
smart pill dispenser is designed to improve medication adherence and safety f...smart pill dispenser is designed to improve medication adherence and safety f...
smart pill dispenser is designed to improve medication adherence and safety f...
um7474492
 
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
ecqow
 
2. protection of river banks and bed erosion protection works.ppt
2. protection of river banks and bed erosion protection works.ppt2. protection of river banks and bed erosion protection works.ppt
2. protection of river banks and bed erosion protection works.ppt
abdatawakjira
 

Recently uploaded (20)

SCALING OF MOS CIRCUITS m .pptx
SCALING OF MOS CIRCUITS m .pptxSCALING OF MOS CIRCUITS m .pptx
SCALING OF MOS CIRCUITS m .pptx
 
一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理
 
AI-Based Home Security System : Home security
AI-Based Home Security System : Home securityAI-Based Home Security System : Home security
AI-Based Home Security System : Home security
 
SENTIMENT ANALYSIS ON PPT AND Project template_.pptx
SENTIMENT ANALYSIS ON PPT AND Project template_.pptxSENTIMENT ANALYSIS ON PPT AND Project template_.pptx
SENTIMENT ANALYSIS ON PPT AND Project template_.pptx
 
一比一原版(uofo毕业证书)美国俄勒冈大学毕业证如何办理
一比一原版(uofo毕业证书)美国俄勒冈大学毕业证如何办理一比一原版(uofo毕业证书)美国俄勒冈大学毕业证如何办理
一比一原版(uofo毕业证书)美国俄勒冈大学毕业证如何办理
 
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
4. Mosca vol I -Fisica-Tipler-5ta-Edicion-Vol-1.pdf
 
TIME TABLE MANAGEMENT SYSTEM testing.pptx
TIME TABLE MANAGEMENT SYSTEM testing.pptxTIME TABLE MANAGEMENT SYSTEM testing.pptx
TIME TABLE MANAGEMENT SYSTEM testing.pptx
 
Call For Paper -3rd International Conference on Artificial Intelligence Advan...
Call For Paper -3rd International Conference on Artificial Intelligence Advan...Call For Paper -3rd International Conference on Artificial Intelligence Advan...
Call For Paper -3rd International Conference on Artificial Intelligence Advan...
 
Transformers design and coooling methods
Transformers design and coooling methodsTransformers design and coooling methods
Transformers design and coooling methods
 
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...
 
Pressure Relief valve used in flow line to release the over pressure at our d...
Pressure Relief valve used in flow line to release the over pressure at our d...Pressure Relief valve used in flow line to release the over pressure at our d...
Pressure Relief valve used in flow line to release the over pressure at our d...
 
Applications of artificial Intelligence in Mechanical Engineering.pdf
Applications of artificial Intelligence in Mechanical Engineering.pdfApplications of artificial Intelligence in Mechanical Engineering.pdf
Applications of artificial Intelligence in Mechanical Engineering.pdf
 
An Introduction to the Compiler Designss
An Introduction to the Compiler DesignssAn Introduction to the Compiler Designss
An Introduction to the Compiler Designss
 
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELDEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
 
Open Channel Flow: fluid flow with a free surface
Open Channel Flow: fluid flow with a free surfaceOpen Channel Flow: fluid flow with a free surface
Open Channel Flow: fluid flow with a free surface
 
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
 
Height and depth gauge linear metrology.pdf
Height and depth gauge linear metrology.pdfHeight and depth gauge linear metrology.pdf
Height and depth gauge linear metrology.pdf
 
smart pill dispenser is designed to improve medication adherence and safety f...
smart pill dispenser is designed to improve medication adherence and safety f...smart pill dispenser is designed to improve medication adherence and safety f...
smart pill dispenser is designed to improve medication adherence and safety f...
 
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
 
2. protection of river banks and bed erosion protection works.ppt
2. protection of river banks and bed erosion protection works.ppt2. protection of river banks and bed erosion protection works.ppt
2. protection of river banks and bed erosion protection works.ppt
 

kubernetes_largescale_system_design_optimization

  • 1. Optimizations and design considerations for Kubernetes cluster for Large Scale RaviShankar KS Aug, 2019 1
  • 2. Outline 2 • Expectations • Deep Dive • K8s components overview • SLAs and tuning • Dynamic Autoscaling • Monitoring • Few more Lessons Learnt trivia of interesting use-cases and solution • Q&A
  • 3. Expectations 3 Container Management Spawn pods with varied container runtimes Scale on demand Resource scheduling and prioritization Run multiple instances of deployments Hybrid cloud presence Heterogeneous workloads
  • 5. Kubernetes system components 5 apiserver Security • Admission Control – RBAC • Authentication Objects • Caching • Validation • CRUD operations Docker containers • Logging • Exec etcd • Persistent Key value store • Needs Quorum/Lead er to operate Controller manager • Watch/List k8s resources • Uses Apiserver • Moves resources from current state to desired state Scheduler • Watch Pending pods • Eliminate nodes which are not fit for request to be fulfilled • Rank Nodes Kubelet + kube- proxy • Node Level admission control • Communicate with container through CRI • Node metrics • Report readiness / liveness kube-proxy • Update iptables with service endpoints
  • 6. • Keep K8s production grade and always running – Parameter tuning and trade-offs – Process panic – Node issues opportunities for optimization 6
  • 7. 7 apiserver # of k8s master nodes 3-4 Multi-zonal Rate limit --max-requests-inflight [400] Choosing the correct Storage backend [etcd3] Feature gates cpumanager debugcontainer Caching --target-ram-mb --event-ttl --audit-log-maxage Auditing --auditing* # requests to etcd --etcd-count-metric-poll-period duration etcd --etcd-compaction-interval Expose Kubernetes service --kubernetes-service-node-port Parameter tuning
  • 8. 8 Node Level • Docker daemon hangs • Kernel crashes • Kubelet crash Cron jobs Monitoring read-only-port [10250] Docker fs issues use overlay2 Port conflicts net.ipv4.ip_local_port_ran ge = [32768 61000] net.ipv4.ip_local_reserved _ports = [30000 – 32000] general Networking choices Calico / Flannel controller manager Node monitoring --node-monitor-period --node-monitor-grace-period Parallelism – number of workers --concurrent* Caching *cache-size* Rate limit --kube-api-qps --kube-api—burst GC --terminated-pod-gc- threshold etcd Quorum size 3,5,7 Multi-zonal etcd sync ETCD_ELECTION_TIMEOU T ETCD_HEARTBEAT_INTERV AL Parameter tuning
  • 9. • Capacity Allocation – granularize minions into flavors to avoid node wastage, reduce cost • Auto-scaling for public cloud (Azure / GCP) – Modify kubernetes cluster-autoscaler for node autoscaling – Observe Pitfalls of API usage and rate limiting • Logging / monitoring – Every metric matters opportunities for optimization 9
  • 10. Capacity Allocation and autoscaling 10
  • 11. Walmart Labs – Privileged and Confidential11 Monitoring Application Monitoring 1. API calls 2. DB conn 3. Health Node/VM Monitoring 1. Disk Space 2. Disk Mounts Device Monitoring 1. GPU 2. CPU/Memory 3. Disk IO Cluster Monitoring 1. ApiServer 2. Controller 3. Scheduler 4. Kubelet 5. Etcd 6. DB Health
  • 14. More lessons learnt.... 14 • Using managed platforms – know limits • IP space restrictions over vpc • Image prepulls – not supported with coreos (GCE) • Limits for # pods, # node-groups not documented • For persistent external storage • Using mount propagation technique • Kubernetes Volume Types • Multi-zonal or multi-regional cluster setup for HA • IP CIDR Allocation • Avoid conflicts • Keep room for long term increase in pods/services • Using ingress endpoints – avoid more number of NodePorts/ClusterIP service types
  • 16. References Walmart Labs – Privileged and Confidential16 • https://www.slideshare.net/harryzhang735/kubernetes-beyond-a-black-box-part-1 • https://www.slideshare.net/harryzhang735/kubernetes-beyond-a-black-box-part-2 • https://www.slideshare.net/applatix/webcast-making-kubernetes-production-ready-78130374 • https://www.slideshare.net/LCChina/scale-kubernetes-to-support-50000-services • https://unix.stackexchange.com/questions/111858/randomizing-the-source-port-for-new- connections/111869#111869
  • 18. Why kubernetes .... Design considerations / Features Kubernetes Docker Swarm Open Source Highly modularized with tons of plugins Less modularized Stable setup in hybrid clouds Highly stable, if configured with correct settings for individual components Limited Fault Tolerance. X Scale On-demand Cluster-autoscaler module Not natively supported X Resource scheduling and prioritization Native support Native support Heterogeneous workloads NVIDIA plugins available Lot of scripting Effort X Run multiple replicas with HA Available as deployments Native support Access Control Native RBAC support Only available in EE X Other features – privileged mode, mount propagation, NFS support, cpu pinning Natively supported or plugins available Complex to setup X Support base Large active community Not much traction , though still pursued. X Learning curve Steep learning curve during setup/maintenance phase Fully Integrated to docker Engine/CLI Upgrade to higher versions Not Easy Easy to upgrade Post setup maintenance phase Various choices for logging and monitoring 3rd party only
  • 19. Logging 19 Notify • Log from: • Application logs • microservice logs • Nodes • /var/log/messages • /var/log/cron • /var/log/secure • Kube system logs • Apiserver • Controller • Kubelet etc
  • 20. More Lessons Learnt 20 • Why not use GKE ?? • IP space restrictions • Image prepulls – not supported with coreos • GCS mounts on GPU • Use mount propagation • Multi-zonal or multi-regional cluster setup for HA • IP CIDR Allocation • Avoid conflicts • Keep room for long term increase in pods/services