PageRenderTime 7ms CodeModel.GetById 2ms app.highlight 3ms RepoModel.GetById 1ms app.codeStats 0ms

ReStructuredText | 83 lines | 60 code | 23 blank | 0 comment | 0 complexity | 108912cf4cdc552a3aa886b099a40093 MD5 | raw file
 1.. title: Kubernetes Failure Stories
 2.. slug: kubernetes-failure-stories
 3.. date: 2019/01/20 11:26:00
 4.. tags: kubernetes
 5.. link:
 6.. description:
 7.. previewimage: ../galleries/kubernetes-logo.png
 8.. type: text
10.. image:: ../galleries/kubernetes-logo.png
11   :class: left
13I started to compile a `list of public failure/horror stories related to Kubernetes <>`_.
14It should make it easier for people tasked with operations to find outage reports to learn from.
19Since we started with Kubernetes at Zalando in 2016, we collected many internal postmortems.
20Docker bugs (`daemon unresponsive <>`_, process stuck in pipe wait, ..) were a major pain point in the beginning, but Docker itself has become more mature and did not bite us recently.
21The biggest chunk of problems can be attributed to the nature of distributed systems and "cascading failures", e.g. a Kubernetes API server outage should not affect running workloads, but `it did <>`_,
22or see `our recent CoreDNS incident <>`_.
24We shared some of our incidents and Kubernetes failures in talks:
26* `Running Kubernetes in Production: A Million Ways to Crash Your Cluster - DevOpsCon Munich 2018 <>`_
27* `Running Kubernetes in Production: A Million Ways to Crash Your Cluster - Container Camp UK 2018 <>`_
28* `Kubernetes on AWS at Zalando: Failures & Learnings - DevOps NRW meetup 2018 <>`_
30My main motivation for giving such talks about failures is that **I want to hear more of them myself!** Nordstrom's `talk "101 Ways to Crash Your Cluster" on KubeCon 2017 <>`_ was my inspiration
31(as you can even see from the similarity in talk titles ;-)). I hope to see more people share their postmortems and give failure talks.
32Monzo's transparency and `public postmortem <>`_ is a great service to the community and should be something we all strive towards.
34Compiling a List of Kubernetes Failure Stories
37On my quest to find more public Kubernetes failure stories, I discovered that it's either really hard to find them (or my web search skills are lacking) or that there are only very few published. Search terms I tried on `DuckDuckGo <>`_ and Google:
39* `kubernetes outage <>`_
40* `kubernetes incident <>`_
41* `kubernetes postmortem <>`_
42* `kubernetes failure <>`_
43* `kubernetes crash <>`_
45I also tried various combinations and "k8s", "kube-dns", and "kube-proxy" instead of "kubernetes". This did not yield many results and most of the pages I found are somehow more "success" stories and highlight how to prevent outages from happening.
46That's boring!
48The `compiled list of Kubernetes Failure Stories I found so far is available on GitHub <>`_.
49I hope to see many contributions to the list from the community, but I guess the hard part is encouraging people to publish their outage reports.
50**Please contribute to the list** by opening an issue, creating a PR or `reaching out to me on Twitter <>`_!
52.. image:: ../galleries/twitter-kubernetes-failure-stories.png
53   :class: center
54   :target:
56What's Next
59I'll be on a meetup in Hamburg in February to talk more about Kubernetes failures, please join if you can: `"Let’s talk about Failures with Kubernetes!" meetup Hamburg <>`_.
61At Zalando, we will try to publish a write-up of our recent Kubernetes DNS incident and hopefully find a way to more systematically share postmortems with the community.
62Sharing our failure stories is something we can all benefit from to harden our setups and help prioritize upstream issues.
63"Production-readiness" is, from my perspective, still something mostly discussed behind closed doors (i.e. inside organizations) --- e.g. `CPU CFS quota behavior and latency impact <>`_ is not well known and not mentioned in `the docs <>`_.
64Let's change that!
66BTW: I'm also still looking for the first Istio failure talk..
68.. image:: ../galleries/twitter-istio-horror-story.png
69   :class: center
70   :target:
72Some recommended talks/reads for Kubernetes in production:
74* `Hardening Kubernetes Setups: War Stories from the Trenches of Production - Giant Swarm - KubeCon North America 2018 <>`_: not very deep, but mentions some good points to look out for
75* `90 days of AWS EKS in Production - Graham Moore - blog post 2018 <>`_: many tunable system parameters (which you probably should not copy 1-1 without understanding them), mentions important ``kube-dns`` scaling
76* `Optimizing Kubernetes Resource Requests/Limits for Cost-Efficiency and Latency - Zalando - Highload++ 2018 <>`_: why you should consider disabling CPU throttling (CFS quota) in your cluster(s)
77* `Kubernetes the very hard way at Datadog <>`_: good insights of common (DNS issues, OOM) and less common (e.g. Datadog uses containerd and IPVS) challenges
78* `Inside Kubernetes Resource Management (QoS) – Mechanics and Lessons from the Field - Michael Gasch - KubeCon Europe 2018 <>`_: fundamental information on how Kubernetes resources work
80UPDATE 2019-01-28
83I did a brief `write-up on what happend after posting this blog article on Hacker News </posts/tale-of-a-hacker-news-post.html>`_.