Promote AWS platform from alpha to beta

This commit is contained in:
Dalton Hubble 2017-11-06 21:19:11 -08:00
parent ccc832f468
commit 58cf82da56
6 changed files with 21 additions and 25 deletions

View File

@ -4,6 +4,9 @@ Notable changes between versions.
## Latest ## Latest
* All platforms run etcd on-host, across controllers
* AWS platform promoted to beta
#### Google Cloud #### Google Cloud
* Add required variable `region` (e.g. "us-central1") * Add required variable `region` (e.g. "us-central1")
@ -17,8 +20,10 @@ Notable changes between versions.
#### AWS #### AWS
* Promote AWS platform to beta
* Reduce time to bootstrap a cluster * Reduce time to bootstrap a cluster
* Change etcd to run on-host, across controllers (etcd-member.service) * Change etcd to run on-host, across controllers (etcd-member.service)
* Fix firewall rules for multi-controller kubelet scraping and node-exporter
* Remove support for self-hosted etcd * Remove support for self-hosted etcd
## v1.8.2 ## v1.8.2

View File

@ -22,7 +22,7 @@ Typhoon provides a Terraform Module for each supported operating system and plat
| Platform | Operating System | Terraform Module | Status | | Platform | Operating System | Terraform Module | Status |
|---------------|------------------|------------------|--------| |---------------|------------------|------------------|--------|
| AWS | Container Linux | [aws/container-linux/kubernetes](aws/container-linux/kubernetes) | alpha | | AWS | Container Linux | [aws/container-linux/kubernetes](aws/container-linux/kubernetes) | beta |
| Bare-Metal | Container Linux | [bare-metal/container-linux/kubernetes](bare-metal/container-linux/kubernetes) | stable | | Bare-Metal | Container Linux | [bare-metal/container-linux/kubernetes](bare-metal/container-linux/kubernetes) | stable |
| Digital Ocean | Container Linux | [digital-ocean/container-linux/kubernetes](digital-ocean/container-linux/kubernetes) | beta | | Digital Ocean | Container Linux | [digital-ocean/container-linux/kubernetes](digital-ocean/container-linux/kubernetes) | beta |
| Google Cloud | Container Linux | [google-cloud/container-linux/kubernetes](google-cloud/container-linux/kubernetes) | beta | | Google Cloud | Container Linux | [google-cloud/container-linux/kubernetes](google-cloud/container-linux/kubernetes) | beta |
@ -72,7 +72,7 @@ $ terraform apply
Apply complete! Resources: 37 added, 0 changed, 0 destroyed. Apply complete! Resources: 37 added, 0 changed, 0 destroyed.
``` ```
In 5-10 minutes (varies by platform), the cluster will be ready. This Google Cloud example creates a `yavin.example.com` DNS record to resolve to a network load balancer across controller nodes. In 4-8 minutes (varies by platform), the cluster will be ready. This Google Cloud example creates a `yavin.example.com` DNS record to resolve to a network load balancer across controller nodes.
```sh ```sh
$ KUBECONFIG=/home/user/.secrets/clusters/yavin/auth/kubeconfig $ KUBECONFIG=/home/user/.secrets/clusters/yavin/auth/kubeconfig

View File

@ -6,12 +6,6 @@ We'll declare a Kubernetes cluster in Terraform using the Typhoon Terraform modu
Controllers and workers are provisioned to run a `kubelet`. A one-time [bootkube](https://github.com/kubernetes-incubator/bootkube) bootstrap schedules an `apiserver`, `scheduler`, `controller-manager`, and `kube-dns` on controllers and runs `kube-proxy` and `calico` or `flannel` on each node. A generated `kubeconfig` provides `kubectl` access to the cluster. Controllers and workers are provisioned to run a `kubelet`. A one-time [bootkube](https://github.com/kubernetes-incubator/bootkube) bootstrap schedules an `apiserver`, `scheduler`, `controller-manager`, and `kube-dns` on controllers and runs `kube-proxy` and `calico` or `flannel` on each node. A generated `kubeconfig` provides `kubectl` access to the cluster.
!!! warning "Alpha"
Typhoon Kubernetes clusters on AWS are marked as "alpha".
!!! warning "Disabled"
Clusters do not use EC2 instances with elevated IAM roles. Kubernetes AWS integrations are not enabled.
## Requirements ## Requirements
* AWS Account and IAM credentials * AWS Account and IAM credentials
@ -87,7 +81,7 @@ module "aws-tempest" {
dns_zone = "aws.example.com" dns_zone = "aws.example.com"
dns_zone_id = "Z3PAABBCFAKEC0" dns_zone_id = "Z3PAABBCFAKEC0"
controller_count = 1 controller_count = 1
controller_type = "t2.small" controller_type = "t2.medium"
worker_count = 2 worker_count = 2
worker_type = "t2.small" worker_type = "t2.small"
ssh_authorized_key = "ssh-rsa AAAAB3Nz..." ssh_authorized_key = "ssh-rsa AAAAB3Nz..."
@ -147,7 +141,7 @@ module.aws-tempest.null_resource.bootkube-start: Creation complete after 11m8s (
Apply complete! Resources: 98 added, 0 changed, 0 destroyed. Apply complete! Resources: 98 added, 0 changed, 0 destroyed.
``` ```
In 5-10 minutes, the Kubernetes cluster will be ready. In 4-8 minutes, the Kubernetes cluster will be ready.
## Verify ## Verify

View File

@ -137,14 +137,14 @@ $ terraform apply
module.google-cloud-yavin.null_resource.bootkube-start: Still creating... (10s elapsed) module.google-cloud-yavin.null_resource.bootkube-start: Still creating... (10s elapsed)
... ...
module.google-cloud-yavin.null_resource.bootkube-start: Still creating... (8m30s elapsed) module.google-cloud-yavin.null_resource.bootkube-start: Still creating... (5m30s elapsed)
module.google-cloud-yavin.null_resource.bootkube-start: Still creating... (8m40s elapsed) module.google-cloud-yavin.null_resource.bootkube-start: Still creating... (5m40s elapsed)
module.google-cloud-yavin.null_resource.bootkube-start: Creation complete (ID: 5768638456220583358) module.google-cloud-yavin.null_resource.bootkube-start: Creation complete (ID: 5768638456220583358)
Apply complete! Resources: 64 added, 0 changed, 0 destroyed. Apply complete! Resources: 64 added, 0 changed, 0 destroyed.
``` ```
In 5-10 minutes, the Kubernetes cluster will be ready. In 4-8 minutes, the Kubernetes cluster will be ready.
## Verify ## Verify

View File

@ -23,7 +23,7 @@ Typhoon provides a Terraform Module for each supported operating system and plat
| Platform | Operating System | Terraform Module | Status | | Platform | Operating System | Terraform Module | Status |
|---------------|------------------|------------------|--------| |---------------|------------------|------------------|--------|
| AWS | Container Linux | [aws/container-linux/kubernetes](aws.md) | alpha | | AWS | Container Linux | [aws/container-linux/kubernetes](aws.md) | beta |
| Bare-Metal | Container Linux | [bare-metal/container-linux/kubernetes](bare-metal.md) | stable | | Bare-Metal | Container Linux | [bare-metal/container-linux/kubernetes](bare-metal.md) | stable |
| Digital Ocean | Container Linux | [digital-ocean/container-linux/kubernetes](digital-ocean.md) | beta | | Digital Ocean | Container Linux | [digital-ocean/container-linux/kubernetes](digital-ocean.md) | beta |
| Google Cloud | Container Linux | [google-cloud/container-linux/kubernetes](google-cloud.md) | beta | | Google Cloud | Container Linux | [google-cloud/container-linux/kubernetes](google-cloud.md) | beta |
@ -71,7 +71,7 @@ $ terraform apply
Apply complete! Resources: 64 added, 0 changed, 0 destroyed. Apply complete! Resources: 64 added, 0 changed, 0 destroyed.
``` ```
In 5-10 minutes (varies by platform), the cluster will be ready. This Google Cloud example creates a `yavin.example.com` DNS record to resolve to a network load balancer across controller nodes. In 4-8 minutes (varies by platform), the cluster will be ready. This Google Cloud example creates a `yavin.example.com` DNS record to resolve to a network load balancer across controller nodes.
``` ```
$ KUBECONFIG=/home/user/.secrets/clusters/yavin/auth/kubeconfig $ KUBECONFIG=/home/user/.secrets/clusters/yavin/auth/kubeconfig

View File

@ -6,21 +6,20 @@ Provisioning times vary based on the platform. Sampling the time to create (appl
| Platform | Apply | Destroy | | Platform | Apply | Destroy |
|---------------|-------|---------| |---------------|-------|---------|
| AWS | 5 min | 5 min | | AWS | 6 min | 5 min |
| Bare-Metal | 10-14 min | NA | | Bare-Metal | 10-14 min | NA |
| Digital Ocean | 3 min 30 sec | 20 sec | | Digital Ocean | 3 min 30 sec | 20 sec |
| Google Cloud | 4 min | 4 min 30 sec | | Google Cloud | 4 min | 4 min 30 sec |
Notes: Notes:
* AWS is alpha * SOA TTL and NXDOMAIN caching can have a large impact on provision time
* DNS propagation times have a large impact on provision time
* Platforms with auto-scaling take more time to provision (AWS, Google) * Platforms with auto-scaling take more time to provision (AWS, Google)
* Bare-metal provision times vary depending on the time for machines to POST and network bandwidth to download images. * Bare-metal POST times and network bandwidth will affect provision times
## Network Performance ## Network Performance
Network performance varies based on the platform and CNI plugin. `iperf` was used to measture the bandwidth between different hosts and different pods. Host-to-host indicates the typical bandwidth offered by the provider. Pod-to-pod shows the bandwidth between two `iperf` containers. The difference provides some idea about the overhead. Network performance varies based on the platform and CNI plugin. `iperf` was used to measture the bandwidth between different hosts and different pods. Host-to-host shows typical bandwidth between host machines. Pod-to-pod shows the bandwidth between two `iperf` containers.
| Platform / Plugin | Theory | Host to Host | Pod to Pod | | Platform / Plugin | Theory | Host to Host | Pod to Pod |
|----------------------------|-------:|-------------:|-------------:| |----------------------------|-------:|-------------:|-------------:|
@ -37,9 +36,7 @@ Network performance varies based on the platform and CNI plugin. `iperf` was use
Notes: Notes:
* AWS is alpha * Calico and Flannel have comparable performance. Platform and configuration differenes dominate.
* Network bandwidth fluctuates on AWS and Digital Ocean. * Neither CNI provider seems to be able to leverage bonded NICs (bare-metal)
* AWS and Digital Ocean network bandwidth fluctuates more than on other platforms.
* Only [certain AWS EC2 instance types](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/network_mtu.html#jumbo_frame_instances) allow jumbo frames. This is why the default MTU on AWS must be 1480. * Only [certain AWS EC2 instance types](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/network_mtu.html#jumbo_frame_instances) allow jumbo frames. This is why the default MTU on AWS must be 1480.
* Between Flannel and Calico, performance differences are usually minimal. Platform and configuration differenes dominate.
* Pods do not seem to be able to leverage the hosts' bonded NIC setup. Possibly a testing artifact.
* Observing the same bonded NIC pod-to-pod limit suggests the bottleneck lies below flannel and calico.