SlideShare ist ein Scribd-Unternehmen logo
1 von 39
Downloaden Sie, um offline zu lesen
in Kubernetes
Alban Crequy
Using Traffic Control
to Test Apps
KubeCon EU 2016 - Londonhttps://goo.gl/Zh2CMQ
Alban Crequy
∘ Worked on rkt the last 14 months
∘ Currently tech lead on rkt
∘ In 2014, worked on traffic control for multimedia
applications in cars (tcmmd)
https://github.com/alban
∘ What is traffic control and how does it work on Linux
∘ Using TC in containers for tests
∘ Demo
∘ In Kubernetes
∘ Demo with pings
∘ Demo with guestbook
∘ Integration in a testing framework
∘ Demo with guestbook
Plan
What is traffic control?
How does it work on Linux?
Traffic control, why?
web server client
client
client
THE
INTERNET
∘ fair distribution
of bandwidth
∘ reserve
bandwidth to
specific
applications
∘ avoid
bufferbloat
∘ Network scheduling algorithm
∘ which packet to emit next?
∘ when?
∘ Configurable at run-time:
∘ /sbin/tc
∘ Netlink
∘ Default on new network interfaces: sysctl net.core.default_qdisc
Queuing disciplines (qdisc)
eth0 THE INTERNETqdisc
∘ First In, First Out
∘ But with 3 bands, based on IP header’s ToS field (type of service)
Linux’ default qdisc: pfifo_fast
eth0 THE INTERNETFIFO 1
FIFO 2
FIFO 0
Stochastic Fairness Queueing (sfq)
eth0
THE INTERNET
FIFO n
FIFO 1
FIFO 0
...
round robin
∘ drop packets to avoid buffer bloat
∘ similar to Random Early Detection (red) but based on delays rather than
the size of the buffer
∘ set as default by systemd since 2014
Fair Queuing Controlled Delay
(fq_codel)
eth0 THE INTERNET
X
Traffic control for testing?
Network emulator (netem)
eth0 THE INTERNETnetem
bandwidth
latency packet loss
corrupt
...
Testing with containers
container 1 container 2
eth0eth0
Testing framework
configure “netem” qdiscs:
bandwidth, latency, packet drop...
ingress / egress
server THE INTERNET
egress
ingress
ingress / egress
eth0 THE INTERNET
egress
ingress
ifb0
Testing a media server
rkt pod host
veth1eth0
RTP server
egress
qdisc
media player
Demo
Try it yourself: https://github.com/kinvolk/demo
How it worked
rkt pod host
veth1eth0
RTP server
egress
qdisc
media player
In Kubernetes
Testing with traffic control in
Kubernetes
Kubernetes
minion 1
pod
pod
Kubernetes
minion 2
pod
pod
Testing framework
∘ configure network
simulator
∘ play scenarios
Testing with traffic control in
Kubernetes
Kubernetes
minion 1
pod
pod
Kubernetes
minion 2
pod
pod
tcd tcd
gRPC or D-Bus methods:
∘ Install()
∘ ConfigureEgress()
https://github.com/kinvolk/tcd
Testing Weave Scope
Kubernetes
minion 1
tcd
Scope
Probe
pod pod
pod pod
Kubernetes
minion 2
tcd
Scope
Probe
pod pod
pod pod
Scope
App
Demo
Try it yourself: https://github.com/kinvolk/demo
Demo
Try it yourself: https://github.com/kinvolk/demo
Testing framework for web apps
Selenium
Demo
Testing more complex
scenarios
(my wishlist)
How to define classes of traffic
eth0
netem
interface
latency=100ms, drop=2%
http/80
ip=10.0.4.*
http/80
ip=10.0.5.*
other,
dns/53, ...
u32: filter on content
eth0
HTB
HTB
HTBHTB HTB
netemnetem netem
interface
root qdisc (type = HTB)
root class (type = HTB)
leaf qdiscs (type = netem)
leaf classes (type = HTB)
filters (type=u32)
dport=80
dport=53ip=10.*
latency=10ms drop=2%
Using filters in Kubernetes
Kubernetes
minion 1
pod
pod
Kubernetes
minion 2
pod
pod
Testing framework
drop
100%
latency
100ms
latency
100ms
configuring tc filter
based on IPs
(type=u32)
Testing Raft Consensus Algorithm
etcd
etcd
etcd
etcd
latency
1ms
latency
80ms
latency
5000ms
etcd parameters:
∘ heartbeat interval: 100ms
∘ election timeout: 1000ms
∘ 1 network namespace per pod
∘ rktnetes: apps started as
systemd units
∘ How to filter by app?
systemd.resource-control(5):
NetClass=auto
∘ added in v227, 2015-10-07
∘ removed in v229 :(
Filtering by app
Kubernetes
minion 1
pod
app app
pod
app app
cgroup “net_cls”: filter by app
∘ Classifying based on cgroups with “net_cls”
∘ Previously exposed by systemd
∘ Then, tc filter “cgroup”
∘ But not available in cgroup unified hierarchy, to ensure delegation
∘ netfilter/iptables being replaced by nftables
∘ New xt_cgroup just added to match on cgroup full path, then could
mark it and use net_cls
Filtering with cBPF/eBPF
eth0
BPF
netemnetem
kernel
userspace
BPF_JMP...
BPF_LD...
BPF_RET...
if (skb->protocol…)
return TC_H_MAKE(TC_H_ROOT,
mark); compilation
clang... -march=bpf
upload
in the kernel:
- bpf()
- Netlink
x86_64 code
JIT compilation
eBPF maps
eth0
BPF
netemnetem
kernel
userspace
x86_64 code
eBPF
map
Testing framework
∘ Build statistics
∘ Make them available to
the testing framework
The End
Try the demos yourself: https://github.com/kinvolk/demo
Source: https://github.com/kinvolk/tcd
The slides: https://goo.gl/Zh2CMQ
2 things before questions
We’re Hiring
https://kinvolk.io/careers/
in Berlin
coreos.com/fest - @coreosfest
May 9 & 10, 2016 - Berlin, Germany
Questions?

Weitere ähnliche Inhalte

Was ist angesagt?

KubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes
KubeCon EU 2016: "rktnetes": what's new with container runtimes and KubernetesKubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes
KubeCon EU 2016: "rktnetes": what's new with container runtimes and KubernetesKubeAcademy
 
Introduction to CircleCI
Introduction to CircleCIIntroduction to CircleCI
Introduction to CircleCIHungWei Chiu
 
Monitoring Kubernetes with Prometheus
Monitoring Kubernetes with PrometheusMonitoring Kubernetes with Prometheus
Monitoring Kubernetes with PrometheusGrafana Labs
 
Kubernetes service with ha
Kubernetes service with haKubernetes service with ha
Kubernetes service with haSam Zheng
 
Load Balancing 101
Load Balancing 101Load Balancing 101
Load Balancing 101HungWei Chiu
 
Deep dive into Kubernetes Networking
Deep dive into Kubernetes NetworkingDeep dive into Kubernetes Networking
Deep dive into Kubernetes NetworkingSreenivas Makam
 
A Kong retrospective: from 0.10 to 0.13
A Kong retrospective: from 0.10 to 0.13A Kong retrospective: from 0.10 to 0.13
A Kong retrospective: from 0.10 to 0.13Thibault Charbonnier
 
[OpenInfra Days Korea 2018] Day 2 - E3-2: "핸즈온 워크샵: Kubespray, Helm, Armada를 ...
[OpenInfra Days Korea 2018] Day 2 - E3-2: "핸즈온 워크샵: Kubespray, Helm, Armada를 ...[OpenInfra Days Korea 2018] Day 2 - E3-2: "핸즈온 워크샵: Kubespray, Helm, Armada를 ...
[OpenInfra Days Korea 2018] Day 2 - E3-2: "핸즈온 워크샵: Kubespray, Helm, Armada를 ...OpenStack Korea Community
 
Build Your Own CaaS (Container as a Service)
Build Your Own CaaS (Container as a Service)Build Your Own CaaS (Container as a Service)
Build Your Own CaaS (Container as a Service)HungWei Chiu
 
05.10.2017 AWS User Group Meetup - FALLACIES OF DISTRIBUTED COMPUTING WITH KU...
05.10.2017 AWS User Group Meetup - FALLACIES OF DISTRIBUTED COMPUTING WITH KU...05.10.2017 AWS User Group Meetup - FALLACIES OF DISTRIBUTED COMPUTING WITH KU...
05.10.2017 AWS User Group Meetup - FALLACIES OF DISTRIBUTED COMPUTING WITH KU...Zalando adtech lab
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes NetworkingCJ Cullen
 
iptables and Kubernetes
iptables and Kubernetesiptables and Kubernetes
iptables and KubernetesHungWei Chiu
 
TensorFlow, Docker & GoLang - All for Image Rekognition Sangam Biradar(Engine...
TensorFlow, Docker & GoLang - All for Image Rekognition Sangam Biradar(Engine...TensorFlow, Docker & GoLang - All for Image Rekognition Sangam Biradar(Engine...
TensorFlow, Docker & GoLang - All for Image Rekognition Sangam Biradar(Engine...sangam biradar
 
Chaos Engineering for Docker
Chaos Engineering for DockerChaos Engineering for Docker
Chaos Engineering for DockerAlexei Ledenev
 

Was ist angesagt? (17)

KubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes
KubeCon EU 2016: "rktnetes": what's new with container runtimes and KubernetesKubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes
KubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes
 
Introduction to CircleCI
Introduction to CircleCIIntroduction to CircleCI
Introduction to CircleCI
 
Monitoring Kubernetes with Prometheus
Monitoring Kubernetes with PrometheusMonitoring Kubernetes with Prometheus
Monitoring Kubernetes with Prometheus
 
Kubernetes service with ha
Kubernetes service with haKubernetes service with ha
Kubernetes service with ha
 
Load Balancing 101
Load Balancing 101Load Balancing 101
Load Balancing 101
 
K8s
K8sK8s
K8s
 
GitLab on OpenShift
GitLab on OpenShiftGitLab on OpenShift
GitLab on OpenShift
 
Deep dive into Kubernetes Networking
Deep dive into Kubernetes NetworkingDeep dive into Kubernetes Networking
Deep dive into Kubernetes Networking
 
A Kong retrospective: from 0.10 to 0.13
A Kong retrospective: from 0.10 to 0.13A Kong retrospective: from 0.10 to 0.13
A Kong retrospective: from 0.10 to 0.13
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
 
[OpenInfra Days Korea 2018] Day 2 - E3-2: "핸즈온 워크샵: Kubespray, Helm, Armada를 ...
[OpenInfra Days Korea 2018] Day 2 - E3-2: "핸즈온 워크샵: Kubespray, Helm, Armada를 ...[OpenInfra Days Korea 2018] Day 2 - E3-2: "핸즈온 워크샵: Kubespray, Helm, Armada를 ...
[OpenInfra Days Korea 2018] Day 2 - E3-2: "핸즈온 워크샵: Kubespray, Helm, Armada를 ...
 
Build Your Own CaaS (Container as a Service)
Build Your Own CaaS (Container as a Service)Build Your Own CaaS (Container as a Service)
Build Your Own CaaS (Container as a Service)
 
05.10.2017 AWS User Group Meetup - FALLACIES OF DISTRIBUTED COMPUTING WITH KU...
05.10.2017 AWS User Group Meetup - FALLACIES OF DISTRIBUTED COMPUTING WITH KU...05.10.2017 AWS User Group Meetup - FALLACIES OF DISTRIBUTED COMPUTING WITH KU...
05.10.2017 AWS User Group Meetup - FALLACIES OF DISTRIBUTED COMPUTING WITH KU...
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
 
iptables and Kubernetes
iptables and Kubernetesiptables and Kubernetes
iptables and Kubernetes
 
TensorFlow, Docker & GoLang - All for Image Rekognition Sangam Biradar(Engine...
TensorFlow, Docker & GoLang - All for Image Rekognition Sangam Biradar(Engine...TensorFlow, Docker & GoLang - All for Image Rekognition Sangam Biradar(Engine...
TensorFlow, Docker & GoLang - All for Image Rekognition Sangam Biradar(Engine...
 
Chaos Engineering for Docker
Chaos Engineering for DockerChaos Engineering for Docker
Chaos Engineering for Docker
 

Ähnlich wie KubeCon EU 2016: Using Traffic Control to Test Apps in Kubernetes

Testing applications with traffic control in containers / Alban Crequy (Kinvolk)
Testing applications with traffic control in containers / Alban Crequy (Kinvolk)Testing applications with traffic control in containers / Alban Crequy (Kinvolk)
Testing applications with traffic control in containers / Alban Crequy (Kinvolk)Ontico
 
Nynog-K8s-networking-101.pptx
Nynog-K8s-networking-101.pptxNynog-K8s-networking-101.pptx
Nynog-K8s-networking-101.pptxDanielHertzberg4
 
Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...
Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...
Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...Ajeet Singh Raina
 
Tungsten Fabric Overview
Tungsten Fabric OverviewTungsten Fabric Overview
Tungsten Fabric OverviewMichelle Holley
 
DCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDocker, Inc.
 
Load Balancing in the Cloud using Nginx & Kubernetes
Load Balancing in the Cloud using Nginx & KubernetesLoad Balancing in the Cloud using Nginx & Kubernetes
Load Balancing in the Cloud using Nginx & KubernetesLee Calcote
 
Kubernetes extensibility
Kubernetes extensibilityKubernetes extensibility
Kubernetes extensibilityDocker, Inc.
 
Scaling docker with kubernetes
Scaling docker with kubernetesScaling docker with kubernetes
Scaling docker with kubernetesLiran Cohen
 
Tomcat from a cluster to the cloud on RP3
Tomcat from a cluster to the cloud on RP3Tomcat from a cluster to the cloud on RP3
Tomcat from a cluster to the cloud on RP3Jean-Frederic Clere
 
Kubernetes for java developers - Tutorial at Oracle Code One 2018
Kubernetes for java developers - Tutorial at Oracle Code One 2018Kubernetes for java developers - Tutorial at Oracle Code One 2018
Kubernetes for java developers - Tutorial at Oracle Code One 2018Anthony Dahanne
 
Kubernetes Navigation Stories – DevOpsStage 2019, Kyiv
Kubernetes Navigation Stories – DevOpsStage 2019, KyivKubernetes Navigation Stories – DevOpsStage 2019, Kyiv
Kubernetes Navigation Stories – DevOpsStage 2019, KyivAleksey Asiutin
 
Making kubernetes simple for developers
Making kubernetes simple for developersMaking kubernetes simple for developers
Making kubernetes simple for developersSuraj Deshmukh
 
Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy
Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy
Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy Jeffrey Holden
 
Evolution of kube-proxy (Brussels, Fosdem 2020)
Evolution of kube-proxy (Brussels, Fosdem 2020)Evolution of kube-proxy (Brussels, Fosdem 2020)
Evolution of kube-proxy (Brussels, Fosdem 2020)Laurent Bernaille
 
Get you Java application ready for Kubernetes !
Get you Java application ready for Kubernetes !Get you Java application ready for Kubernetes !
Get you Java application ready for Kubernetes !Anthony Dahanne
 
Osnug meetup-tungsten fabric - overview.pptx
Osnug meetup-tungsten fabric - overview.pptxOsnug meetup-tungsten fabric - overview.pptx
Osnug meetup-tungsten fabric - overview.pptxM.Qasim Arham
 
OpenFest 2016 - Open Microservice Architecture
OpenFest 2016 - Open Microservice ArchitectureOpenFest 2016 - Open Microservice Architecture
OpenFest 2016 - Open Microservice ArchitectureNikolay Stoitsev
 
Kubecon seattle 2018 workshop slides
Kubecon seattle 2018 workshop slidesKubecon seattle 2018 workshop slides
Kubecon seattle 2018 workshop slidesWeaveworks
 
Shifter singularity - june 7, 2018 - bw symposium
Shifter  singularity - june 7, 2018 - bw symposiumShifter  singularity - june 7, 2018 - bw symposium
Shifter singularity - june 7, 2018 - bw symposiuminside-BigData.com
 

Ähnlich wie KubeCon EU 2016: Using Traffic Control to Test Apps in Kubernetes (20)

Testing applications with traffic control in containers / Alban Crequy (Kinvolk)
Testing applications with traffic control in containers / Alban Crequy (Kinvolk)Testing applications with traffic control in containers / Alban Crequy (Kinvolk)
Testing applications with traffic control in containers / Alban Crequy (Kinvolk)
 
Nynog-K8s-networking-101.pptx
Nynog-K8s-networking-101.pptxNynog-K8s-networking-101.pptx
Nynog-K8s-networking-101.pptx
 
Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...
Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...
Collabnix Online Webinar - Demystifying Docker & Kubernetes Networking by Bal...
 
Tungsten Fabric Overview
Tungsten Fabric OverviewTungsten Fabric Overview
Tungsten Fabric Overview
 
Demystfying container-networking
Demystfying container-networkingDemystfying container-networking
Demystfying container-networking
 
DCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDCEU 18: Docker Container Networking
DCEU 18: Docker Container Networking
 
Load Balancing in the Cloud using Nginx & Kubernetes
Load Balancing in the Cloud using Nginx & KubernetesLoad Balancing in the Cloud using Nginx & Kubernetes
Load Balancing in the Cloud using Nginx & Kubernetes
 
Kubernetes extensibility
Kubernetes extensibilityKubernetes extensibility
Kubernetes extensibility
 
Scaling docker with kubernetes
Scaling docker with kubernetesScaling docker with kubernetes
Scaling docker with kubernetes
 
Tomcat from a cluster to the cloud on RP3
Tomcat from a cluster to the cloud on RP3Tomcat from a cluster to the cloud on RP3
Tomcat from a cluster to the cloud on RP3
 
Kubernetes for java developers - Tutorial at Oracle Code One 2018
Kubernetes for java developers - Tutorial at Oracle Code One 2018Kubernetes for java developers - Tutorial at Oracle Code One 2018
Kubernetes for java developers - Tutorial at Oracle Code One 2018
 
Kubernetes Navigation Stories – DevOpsStage 2019, Kyiv
Kubernetes Navigation Stories – DevOpsStage 2019, KyivKubernetes Navigation Stories – DevOpsStage 2019, Kyiv
Kubernetes Navigation Stories – DevOpsStage 2019, Kyiv
 
Making kubernetes simple for developers
Making kubernetes simple for developersMaking kubernetes simple for developers
Making kubernetes simple for developers
 
Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy
Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy
Deploying Cloud Native Red Team Infrastructure with Kubernetes, Istio and Envoy
 
Evolution of kube-proxy (Brussels, Fosdem 2020)
Evolution of kube-proxy (Brussels, Fosdem 2020)Evolution of kube-proxy (Brussels, Fosdem 2020)
Evolution of kube-proxy (Brussels, Fosdem 2020)
 
Get you Java application ready for Kubernetes !
Get you Java application ready for Kubernetes !Get you Java application ready for Kubernetes !
Get you Java application ready for Kubernetes !
 
Osnug meetup-tungsten fabric - overview.pptx
Osnug meetup-tungsten fabric - overview.pptxOsnug meetup-tungsten fabric - overview.pptx
Osnug meetup-tungsten fabric - overview.pptx
 
OpenFest 2016 - Open Microservice Architecture
OpenFest 2016 - Open Microservice ArchitectureOpenFest 2016 - Open Microservice Architecture
OpenFest 2016 - Open Microservice Architecture
 
Kubecon seattle 2018 workshop slides
Kubecon seattle 2018 workshop slidesKubecon seattle 2018 workshop slides
Kubecon seattle 2018 workshop slides
 
Shifter singularity - june 7, 2018 - bw symposium
Shifter  singularity - june 7, 2018 - bw symposiumShifter  singularity - june 7, 2018 - bw symposium
Shifter singularity - june 7, 2018 - bw symposium
 

Mehr von KubeAcademy

KubeCon EU 2016: Distributed containers in the physical world
KubeCon EU 2016: Distributed containers in the physical worldKubeCon EU 2016: Distributed containers in the physical world
KubeCon EU 2016: Distributed containers in the physical worldKubeAcademy
 
KubeCon EU 2016:
KubeCon EU 2016: KubeCon EU 2016:
KubeCon EU 2016: KubeAcademy
 
KubeCon EU 2016: ChatOps and Automatic Deployment on Kubernetes
KubeCon EU 2016: ChatOps and Automatic Deployment on KubernetesKubeCon EU 2016: ChatOps and Automatic Deployment on Kubernetes
KubeCon EU 2016: ChatOps and Automatic Deployment on KubernetesKubeAcademy
 
KubeCon EU 2016: A Practical Guide to Container Scheduling
KubeCon EU 2016: A Practical Guide to Container SchedulingKubeCon EU 2016: A Practical Guide to Container Scheduling
KubeCon EU 2016: A Practical Guide to Container SchedulingKubeAcademy
 
KubeCon EU 2016: Trading in the Kube
KubeCon EU 2016: Trading in the KubeKubeCon EU 2016: Trading in the Kube
KubeCon EU 2016: Trading in the KubeKubeAcademy
 
KubeCon EU 2016: Integrated trusted computing in Kubernetes
KubeCon EU 2016: Integrated trusted computing in KubernetesKubeCon EU 2016: Integrated trusted computing in Kubernetes
KubeCon EU 2016: Integrated trusted computing in KubernetesKubeAcademy
 
KubeCon EU 2016: Secure, Cloud-Native Networking with Project Calico
KubeCon EU 2016: Secure, Cloud-Native Networking with Project CalicoKubeCon EU 2016: Secure, Cloud-Native Networking with Project Calico
KubeCon EU 2016: Secure, Cloud-Native Networking with Project CalicoKubeAcademy
 
KubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to KubernetesKubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to KubernetesKubeAcademy
 
KubeCon EU 2016: Kubernetes Storage 101
KubeCon EU 2016: Kubernetes Storage 101KubeCon EU 2016: Kubernetes Storage 101
KubeCon EU 2016: Kubernetes Storage 101KubeAcademy
 
KubeCon EU 2016: Kubernetes in Production in The New York Times newsroom
KubeCon EU 2016: Kubernetes in Production in The New York Times newsroomKubeCon EU 2016: Kubernetes in Production in The New York Times newsroom
KubeCon EU 2016: Kubernetes in Production in The New York Times newsroomKubeAcademy
 
KubeCon EU 2016: ITNW (If This Now What): Orchestrating an Enterprise
KubeCon EU 2016: ITNW (If This Now What): Orchestrating an EnterpriseKubeCon EU 2016: ITNW (If This Now What): Orchestrating an Enterprise
KubeCon EU 2016: ITNW (If This Now What): Orchestrating an EnterpriseKubeAcademy
 
KubeCon EU 2016: SmartCity IoT on Kubernetes
KubeCon EU 2016: SmartCity IoT on KubernetesKubeCon EU 2016: SmartCity IoT on Kubernetes
KubeCon EU 2016: SmartCity IoT on KubernetesKubeAcademy
 
KubeCon EU 2016: Templatized Application Configuration on OpenShift and Kuber...
KubeCon EU 2016: Templatized Application Configuration on OpenShift and Kuber...KubeCon EU 2016: Templatized Application Configuration on OpenShift and Kuber...
KubeCon EU 2016: Templatized Application Configuration on OpenShift and Kuber...KubeAcademy
 
KubeCon EU 2016 Keynote: Pushing Kubernetes Forward
KubeCon EU 2016 Keynote: Pushing Kubernetes ForwardKubeCon EU 2016 Keynote: Pushing Kubernetes Forward
KubeCon EU 2016 Keynote: Pushing Kubernetes ForwardKubeAcademy
 
KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...
KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...
KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...KubeAcademy
 
KubeCon EU 2016: Killing containers to make weather beautiful
KubeCon EU 2016: Killing containers to make weather beautifulKubeCon EU 2016: Killing containers to make weather beautiful
KubeCon EU 2016: Killing containers to make weather beautifulKubeAcademy
 
KubeCon EU 2016: Multi-Tenant Kubernetes
KubeCon EU 2016: Multi-Tenant KubernetesKubeCon EU 2016: Multi-Tenant Kubernetes
KubeCon EU 2016: Multi-Tenant KubernetesKubeAcademy
 
KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...
KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...
KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...KubeAcademy
 
KubeCon EU 2016: Full Automatic Database: PostgreSQL HA with Kubernetes
KubeCon EU 2016: Full Automatic Database: PostgreSQL HA with KubernetesKubeCon EU 2016: Full Automatic Database: PostgreSQL HA with Kubernetes
KubeCon EU 2016: Full Automatic Database: PostgreSQL HA with KubernetesKubeAcademy
 
KubeCon EU 2016: A lightweight deployment system for appops
KubeCon EU 2016: A lightweight deployment system for appopsKubeCon EU 2016: A lightweight deployment system for appops
KubeCon EU 2016: A lightweight deployment system for appopsKubeAcademy
 

Mehr von KubeAcademy (20)

KubeCon EU 2016: Distributed containers in the physical world
KubeCon EU 2016: Distributed containers in the physical worldKubeCon EU 2016: Distributed containers in the physical world
KubeCon EU 2016: Distributed containers in the physical world
 
KubeCon EU 2016:
KubeCon EU 2016: KubeCon EU 2016:
KubeCon EU 2016:
 
KubeCon EU 2016: ChatOps and Automatic Deployment on Kubernetes
KubeCon EU 2016: ChatOps and Automatic Deployment on KubernetesKubeCon EU 2016: ChatOps and Automatic Deployment on Kubernetes
KubeCon EU 2016: ChatOps and Automatic Deployment on Kubernetes
 
KubeCon EU 2016: A Practical Guide to Container Scheduling
KubeCon EU 2016: A Practical Guide to Container SchedulingKubeCon EU 2016: A Practical Guide to Container Scheduling
KubeCon EU 2016: A Practical Guide to Container Scheduling
 
KubeCon EU 2016: Trading in the Kube
KubeCon EU 2016: Trading in the KubeKubeCon EU 2016: Trading in the Kube
KubeCon EU 2016: Trading in the Kube
 
KubeCon EU 2016: Integrated trusted computing in Kubernetes
KubeCon EU 2016: Integrated trusted computing in KubernetesKubeCon EU 2016: Integrated trusted computing in Kubernetes
KubeCon EU 2016: Integrated trusted computing in Kubernetes
 
KubeCon EU 2016: Secure, Cloud-Native Networking with Project Calico
KubeCon EU 2016: Secure, Cloud-Native Networking with Project CalicoKubeCon EU 2016: Secure, Cloud-Native Networking with Project Calico
KubeCon EU 2016: Secure, Cloud-Native Networking with Project Calico
 
KubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to KubernetesKubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to Kubernetes
 
KubeCon EU 2016: Kubernetes Storage 101
KubeCon EU 2016: Kubernetes Storage 101KubeCon EU 2016: Kubernetes Storage 101
KubeCon EU 2016: Kubernetes Storage 101
 
KubeCon EU 2016: Kubernetes in Production in The New York Times newsroom
KubeCon EU 2016: Kubernetes in Production in The New York Times newsroomKubeCon EU 2016: Kubernetes in Production in The New York Times newsroom
KubeCon EU 2016: Kubernetes in Production in The New York Times newsroom
 
KubeCon EU 2016: ITNW (If This Now What): Orchestrating an Enterprise
KubeCon EU 2016: ITNW (If This Now What): Orchestrating an EnterpriseKubeCon EU 2016: ITNW (If This Now What): Orchestrating an Enterprise
KubeCon EU 2016: ITNW (If This Now What): Orchestrating an Enterprise
 
KubeCon EU 2016: SmartCity IoT on Kubernetes
KubeCon EU 2016: SmartCity IoT on KubernetesKubeCon EU 2016: SmartCity IoT on Kubernetes
KubeCon EU 2016: SmartCity IoT on Kubernetes
 
KubeCon EU 2016: Templatized Application Configuration on OpenShift and Kuber...
KubeCon EU 2016: Templatized Application Configuration on OpenShift and Kuber...KubeCon EU 2016: Templatized Application Configuration on OpenShift and Kuber...
KubeCon EU 2016: Templatized Application Configuration on OpenShift and Kuber...
 
KubeCon EU 2016 Keynote: Pushing Kubernetes Forward
KubeCon EU 2016 Keynote: Pushing Kubernetes ForwardKubeCon EU 2016 Keynote: Pushing Kubernetes Forward
KubeCon EU 2016 Keynote: Pushing Kubernetes Forward
 
KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...
KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...
KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...
 
KubeCon EU 2016: Killing containers to make weather beautiful
KubeCon EU 2016: Killing containers to make weather beautifulKubeCon EU 2016: Killing containers to make weather beautiful
KubeCon EU 2016: Killing containers to make weather beautiful
 
KubeCon EU 2016: Multi-Tenant Kubernetes
KubeCon EU 2016: Multi-Tenant KubernetesKubeCon EU 2016: Multi-Tenant Kubernetes
KubeCon EU 2016: Multi-Tenant Kubernetes
 
KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...
KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...
KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...
 
KubeCon EU 2016: Full Automatic Database: PostgreSQL HA with Kubernetes
KubeCon EU 2016: Full Automatic Database: PostgreSQL HA with KubernetesKubeCon EU 2016: Full Automatic Database: PostgreSQL HA with Kubernetes
KubeCon EU 2016: Full Automatic Database: PostgreSQL HA with Kubernetes
 
KubeCon EU 2016: A lightweight deployment system for appops
KubeCon EU 2016: A lightweight deployment system for appopsKubeCon EU 2016: A lightweight deployment system for appops
KubeCon EU 2016: A lightweight deployment system for appops
 

Kürzlich hochgeladen

AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 

Kürzlich hochgeladen (20)

AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 

KubeCon EU 2016: Using Traffic Control to Test Apps in Kubernetes

  • 1. in Kubernetes Alban Crequy Using Traffic Control to Test Apps KubeCon EU 2016 - Londonhttps://goo.gl/Zh2CMQ
  • 2. Alban Crequy ∘ Worked on rkt the last 14 months ∘ Currently tech lead on rkt ∘ In 2014, worked on traffic control for multimedia applications in cars (tcmmd) https://github.com/alban
  • 3. ∘ What is traffic control and how does it work on Linux ∘ Using TC in containers for tests ∘ Demo ∘ In Kubernetes ∘ Demo with pings ∘ Demo with guestbook ∘ Integration in a testing framework ∘ Demo with guestbook Plan
  • 4. What is traffic control? How does it work on Linux?
  • 5. Traffic control, why? web server client client client THE INTERNET ∘ fair distribution of bandwidth ∘ reserve bandwidth to specific applications ∘ avoid bufferbloat
  • 6. ∘ Network scheduling algorithm ∘ which packet to emit next? ∘ when? ∘ Configurable at run-time: ∘ /sbin/tc ∘ Netlink ∘ Default on new network interfaces: sysctl net.core.default_qdisc Queuing disciplines (qdisc) eth0 THE INTERNETqdisc
  • 7. ∘ First In, First Out ∘ But with 3 bands, based on IP header’s ToS field (type of service) Linux’ default qdisc: pfifo_fast eth0 THE INTERNETFIFO 1 FIFO 2 FIFO 0
  • 8. Stochastic Fairness Queueing (sfq) eth0 THE INTERNET FIFO n FIFO 1 FIFO 0 ... round robin
  • 9. ∘ drop packets to avoid buffer bloat ∘ similar to Random Early Detection (red) but based on delays rather than the size of the buffer ∘ set as default by systemd since 2014 Fair Queuing Controlled Delay (fq_codel) eth0 THE INTERNET X
  • 11. Network emulator (netem) eth0 THE INTERNETnetem bandwidth latency packet loss corrupt ...
  • 12. Testing with containers container 1 container 2 eth0eth0 Testing framework configure “netem” qdiscs: bandwidth, latency, packet drop...
  • 13. ingress / egress server THE INTERNET egress ingress
  • 14. ingress / egress eth0 THE INTERNET egress ingress ifb0
  • 15. Testing a media server rkt pod host veth1eth0 RTP server egress qdisc media player
  • 16. Demo Try it yourself: https://github.com/kinvolk/demo
  • 17. How it worked rkt pod host veth1eth0 RTP server egress qdisc media player
  • 19. Testing with traffic control in Kubernetes Kubernetes minion 1 pod pod Kubernetes minion 2 pod pod Testing framework ∘ configure network simulator ∘ play scenarios
  • 20. Testing with traffic control in Kubernetes Kubernetes minion 1 pod pod Kubernetes minion 2 pod pod tcd tcd gRPC or D-Bus methods: ∘ Install() ∘ ConfigureEgress() https://github.com/kinvolk/tcd
  • 21. Testing Weave Scope Kubernetes minion 1 tcd Scope Probe pod pod pod pod Kubernetes minion 2 tcd Scope Probe pod pod pod pod Scope App
  • 22. Demo Try it yourself: https://github.com/kinvolk/demo
  • 23. Demo Try it yourself: https://github.com/kinvolk/demo
  • 24. Testing framework for web apps Selenium
  • 25. Demo
  • 27. How to define classes of traffic eth0 netem interface latency=100ms, drop=2% http/80 ip=10.0.4.* http/80 ip=10.0.5.* other, dns/53, ...
  • 28. u32: filter on content eth0 HTB HTB HTBHTB HTB netemnetem netem interface root qdisc (type = HTB) root class (type = HTB) leaf qdiscs (type = netem) leaf classes (type = HTB) filters (type=u32) dport=80 dport=53ip=10.* latency=10ms drop=2%
  • 29. Using filters in Kubernetes Kubernetes minion 1 pod pod Kubernetes minion 2 pod pod Testing framework drop 100% latency 100ms latency 100ms configuring tc filter based on IPs (type=u32)
  • 30. Testing Raft Consensus Algorithm etcd etcd etcd etcd latency 1ms latency 80ms latency 5000ms etcd parameters: ∘ heartbeat interval: 100ms ∘ election timeout: 1000ms
  • 31. ∘ 1 network namespace per pod ∘ rktnetes: apps started as systemd units ∘ How to filter by app? systemd.resource-control(5): NetClass=auto ∘ added in v227, 2015-10-07 ∘ removed in v229 :( Filtering by app Kubernetes minion 1 pod app app pod app app
  • 32. cgroup “net_cls”: filter by app ∘ Classifying based on cgroups with “net_cls” ∘ Previously exposed by systemd ∘ Then, tc filter “cgroup” ∘ But not available in cgroup unified hierarchy, to ensure delegation ∘ netfilter/iptables being replaced by nftables ∘ New xt_cgroup just added to match on cgroup full path, then could mark it and use net_cls
  • 33. Filtering with cBPF/eBPF eth0 BPF netemnetem kernel userspace BPF_JMP... BPF_LD... BPF_RET... if (skb->protocol…) return TC_H_MAKE(TC_H_ROOT, mark); compilation clang... -march=bpf upload in the kernel: - bpf() - Netlink x86_64 code JIT compilation
  • 34. eBPF maps eth0 BPF netemnetem kernel userspace x86_64 code eBPF map Testing framework ∘ Build statistics ∘ Make them available to the testing framework
  • 35. The End Try the demos yourself: https://github.com/kinvolk/demo Source: https://github.com/kinvolk/tcd The slides: https://goo.gl/Zh2CMQ
  • 36. 2 things before questions
  • 38. coreos.com/fest - @coreosfest May 9 & 10, 2016 - Berlin, Germany