Kubernetes is a very powerful and complicated system, and many users don’t understand the underlying systems. Come learn how your users can abuse container runtimes, overwhelm your control plane, and cause outages - it’s actually quite easy! In the last year, we have containerized hundreds of applications and deployed them in large scale clusters (more than 1000 nodes). The journey was eventful and we learned a lot along the way. We’ll share stories of our ten favorite Kubernetes foot guns, including the dangers of cargo culting, rolling updates gone wrong, the pitfalls of initContainers, and nightmarish daemonset upgrades. The talk will present solutions we adopted to avoid or work around some these problems and will finally show several improvements we plan deploy in the future.

2. @lbernail @roboll_

4. @lbernail @roboll_

5. @lbernail @roboll_

6. @lbernail @roboll_
# 1

7. @lbernail @roboll_
# 1.1

8. @lbernail @roboll_
search <namespace>.svc.cluster.local
svc.cluster.local
cluster.local
ec2.internal
options ndots:5

9. @lbernail @roboll_
search <namespace>.svc.cluster.local
svc.cluster.local
cluster.local
ec2.internal
options ndots:5

10. @lbernail @roboll_

11. @lbernail @roboll_
●

12. @lbernail @roboll_
●
●
●
●

13. @lbernail @roboll_
# 1.2

14. @lbernail @roboll_
Pod A
Pod B
Pod C
App

15. @lbernail @roboll_
Pod B
Pod C
App
Pod D

16. @lbernail @roboll_
Pod B
Pod C
App
Pod D

17. @lbernail @roboll_
Pod B
Pod C
App
Pod D

18. @lbernail @roboll_
●
○
○
●
○
○
○
○

19. @lbernail @roboll_
# 2

20. @lbernail @roboll_
52 Completed
1 ErrImagePull
155 Evicted
7 ImagePullBackOff
7 Init:ErrImagePull
4 Init:Error
49 Init:ImagePullBackOff
16 Pending
1267 Running
2 Terminating

21. @lbernail @roboll_
52 Completed
1 ErrImagePull
155 Evicted
7 ImagePullBackOff
7 Init:ErrImagePull
4 Init:Error
49 Init:ImagePullBackOff
16 Pending
1267 Running
2 Terminating

22. @lbernail @roboll_

23. @lbernail @roboll_

24. @lbernail @roboll_

25. @lbernail @roboll_
●
●

26. @lbernail @roboll_
●
●
●

27. @lbernail @roboll_
●
●
●
●
●
●

28. @lbernail @roboll_
●

29. @lbernail @roboll_
●
●

30. @lbernail @roboll_
●

31. @lbernail @roboll_
●
●
○
○
○
○
○

32. @lbernail @roboll_
●
●
○
○
○
○
○
●

33. @lbernail @roboll_
# 3

34. @lbernail @roboll_

35. @lbernail @roboll_

36. @lbernail @roboll_

37. @lbernail @roboll_

38. @lbernail @roboll_

39. @lbernail @roboll_

40. @lbernail @roboll_
# 4

41. @lbernail @roboll_

42. @lbernail @roboll_

43. @lbernail @roboll_

44. @lbernail @roboll_
•
•
•
nodegroup.yaml
---
instanceType: c5.4xlarge
deployment.yaml
---
resources:
requests:
cpu: 15
memory: 30Gi
limits:
cpu: 15
memory: 30Gi

45. @lbernail @roboll_
•
•

46. @lbernail @roboll_
•
•
•

47. @lbernail @roboll_
•
•
•
•

48. @lbernail @roboll_
•
•
•
•

49. @lbernail @roboll_
# 5

50. @lbernail @roboll_

51. @lbernail @roboll_
…

52. @lbernail @roboll_
# 6

53. @lbernail @roboll_
apiVersion: apps/v1
kind: Deployment
spec:
replicas: 60

54. @lbernail @roboll_
apiVersion: apps/v1
kind: Deployment
spec:
replicas: 60
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: myapp
minReplicas: 1
maxReplicas: 10
targetCPUUtilizationPercentage: 50

55. @lbernail @roboll_
apiVersion: apps/v1
kind: Deployment
spec:
replicas: 60
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: myapp
minReplicas: 1
maxReplicas: 10
targetCPUUtilizationPercentage: 50

56. @lbernail @roboll_
apiVersion: apps/v1
kind: Deployment
spec:
replicas: 60
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: myapp
minReplicas: 1
maxReplicas: 10
targetCPUUtilizationPercentage: 50

57. @lbernail @roboll_

58. @lbernail @roboll_
# 7

59. @lbernail @roboll_
● 100+ nodes Cassandra cluster
● Deployed fine
● Broken the following morning

60. @lbernail @roboll_
● 100+ nodes Cassandra cluster
● Deployed fine
● Broken the following morning
> 25% pods pending: “Volume affinity issue”

61. @lbernail @roboll_
● 100+ nodes Cassandra cluster
● Deployed fine
● Broken the following morning
> 25% pods pending: “Volume affinity issue”
> 25% nodes had been deleted + local volumes bound to deleted nodes

62. @lbernail @roboll_
● 100+ nodes Cassandra cluster
● Deployed fine
● Broken the following morning
> 25% pods pending: “Volume affinity issue”
> 25% nodes had been deleted + local volumes bound to deleted nodes

63. @lbernail @roboll_
# 8

64. @lbernail @roboll_

65. @lbernail @roboll_

66. @lbernail @roboll_

67. @lbernail @roboll_
# 9

68. @lbernail @roboll_
# 9.1

69. @lbernail @roboll_

70. @lbernail @roboll_
ps auxf | grep -c defunct
16018

71. @lbernail @roboll_
ps auxf | grep -c defunct
16018

72. @lbernail @roboll_

73. @lbernail @roboll_
•
•
•

74. @lbernail @roboll_
# 9.2

75. @lbernail @roboll_
Symptoms
● Deployment slow
● Pod took 1+mn to start

76. @lbernail @roboll_
Symptoms
● Deployment slow
● Pod took 1+mn to start
Cause
● Load on nodes running deployment high

77. @lbernail @roboll_
Symptoms
● Deployment slow
● Pod took 1+mn to start
Cause
● Load on nodes running deployment high
● Because IOs are being rate limited

78. @lbernail @roboll_

79. @lbernail @roboll_
● Nodes were running coredns pods
● An app started doing 5000+ dns queries per second
● coredns logs filled the disk

80. @lbernail @roboll_

81. @lbernail @roboll_

82. @lbernail @roboll_

83. @lbernail @roboll_

84. @lbernail @roboll_

85. @lbernail @roboll_

86. @lbernail @roboll_

87. @lbernail @roboll_
ips = $(aws ec2 describe-instances --filter=consul)
kubectl update endpoints consul $ips

88. @lbernail @roboll_
ips = $(aws ec2 describe-instances --filter=consul)
kubectl update endpoints consul $ips

89. @lbernail @roboll_
# 10

90. @lbernail @roboll_
•
•

91. @lbernail @roboll_
•
•
•

92. @lbernail @roboll_
•
•
•
•

93. @lbernail @roboll_
•
•
•
•
• ✅

94. @lbernail @roboll_
•
•
•
•
• ✅
•

95. @lbernail @roboll_
•
•
•
•
• ✅
•
•

96. @lbernail @roboll_
•
•
•
•
• ✅
•
•
•

97. @lbernail @roboll_
•
•
•
•
• ✅
•
•
•
• ✅

98. @lbernail @roboll_
1.
2.
3.
4.

99. @lbernail
@roboll_