Kubernetes Operators: Operating Cloud Native services at scale Horacio Gonzalez 2021-02-05

Who are we? Introducing myself and introducing OVH OVHcloud

Horacio Gonzalez @LostInBrittany Spaniard lost in Brittany, developer, dreamer and all-around geek Flutter

OVHcloud: A global leader Web Cloud & Telcom 30 Data Centers in 12 locations 1 Million+ Servers produced since 1999 Private Cloud 34 Points of Presence on a 20 TBPS Bandwidth Network 1.5 Million Customers across 132 countries Public Cloud 2200 Employees worldwide 3.8 Million Websites hosting Storage 115K Private Cloud VMS running 1.5 Billion Euros Invested since 2016 300K Public Cloud instances running P.U.E. 1.09 Energy efficiency indicator 380K Physical Servers running in our data centers 20 Years in Business Disrupting since 1999 Network & Security

OVHcloud Managed Kubernetes You use it, we operate it

Built over our Openstack based Public Cloud

Some interesting features

Operating Kubernetes Easier said than done

Operating microservices? Are you sure you want to operate them by hand?

Taming microservices with Kubernetes

Declarative infrastructure

Desired State Management

Beyond a simple deployment Everything is good now, isn’t it?

Complex deployments

Complex deployments

Helm Charts are configuration Operating is more than installs & upgrades

Kubernetes is about automation How about automating human operators?

Kubernetes Operators A Kubernetes version of the human operator

Building operators Basic K8s elements: Controllers and Custom Resources

Kubernetes Controllers Keeping an eye on the resources

A control loop They watch the state of the cluster, and make or request changes where needed

A reconcile loop Strives to reconcile current state and desired state

Custom Resource Definitions Extending Kubernetes API

Extending Kubernetes API By defining new types of resources

Kubernetes Operator Automating operations

What’s a Kubernetes Operator?

Example: databases Things like adding an instance to a pool, doing a backup, sharding…

Knowledge encoded in CRDs and Controllers

Custom Controllers for Custom Resources Operators implement and manage Custom Resources using custom reconciliation logic

Operator Capability Model Gauging the operator maturity

How to write an Operator

Kubebuilder SDK for building Kubernetes APIs using CRDs

The Operator Framework Open source framework to accelerate the development of an Operator

Operator SDK Three different ways to build an Operator

Operator SDK and Capability Model

Operator Lifecycle Manager

OperatorHub.io

Harbor Operator Managing private registries at scale

We wanted to build a new product OVHcloud Managed Private Registry

Looking at the Open Source world Two main alternatives around Docker Registry

Harbor has more community traction Two main alternatives

Harbor has lots of components

But it has a Helm Chart It should be easy to install, isn’t it? $ helm install harbor What about configuration? Installing a 200 GB K8s volume? Nginx pods for routing requests? One DB instance per customer? Managing pods all around the cluster?

We wanted a Managed Private Registry

Using the platform Kubernetes tooling to the rescue

Let’s automate it We needed an operator… and there wasn’t any

Working with the community Harbor community also needed the operator

The challenge: reconciliation loop

The Harbor Operator

It’s Open Source https://github.com/goharbor/harbor-operator

LoadBalancer Operator A managed LoadBalancer at scale

Load Balancer: a critical cog Cornerstone of any Cloud Provider’s infrastructure

Our legacy Load Balancer stack ● Excellent performances ○ ○ Built on bare metal servers + BGP Custom made servers tuned for network traffic ● Carry the TLS termination ○ SSL / LetsEncrypt ● Not cloud ready ○ ○ Piloted by configuration files Long configuration loading time ● Custom made hardware ○ ○ Slower to build Needs to be deployed on 30 datacenters

Our needs for a new Load Balancer ● Supporting mass update ● Quickly reconfigurable ● Available anywhere quickly ● Easily operable ● Integrated into our Public Cloud

Building it on Kubernetes

A Load Balancer in a pod

Orchestrating one million LBs… kubectl apply -f lb is not an option!

We needed an Operator

Network: multus-cni Attaching multiple network interfaces to pods: Bridge + Host-local

Adding network interfaces on the fly Using annotations to add interfaces to pod

Config management Using Config Map How to detect a change on Config Map files? Watch + Trigger? More information on Config Map working martensson.io/go-fsnotify-and-kubernetes-configmaps

A Controller to watch and trigger

Observability Tried Prometheus Operator, limited to one container per pod Switched to Warp 10 with Beamium Operator

That’s all, folks! Thank you all!