New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow cluster resources to be subdivided #442
Comments
If I understand it correctly, does sub-container (partly) solve this issue? This feature (sub-container) is implemented in lmctfy, but not in docker. Not sure if docker will add this function in the future. (I'm not saying that sub-container is the only solution. Just think it could be a way.) |
This is subdivision of total cluster resources across one or more tenants, vs subdivision of resources in a container. |
Clayton, Not ignoring you, just buried in email. This is an interesting topic. On Sun, Jul 13, 2014 at 2:15 PM, Clayton Coleman notifications@github.com
|
Clayton:
Assuming I got those uses cases right, here are a few thoughts: Quota can possibly be done at a very fine granularity (fractions of cores, ~kB of RAM, etc). Exclusion typically happens at a number of coarser granularities (core, VM, physical machine, rack, site, etc). Since Quota can be fine grained, it is easy to assign just the right amount to a project. One project's quota can be represented concisely (e.g. one integer each for ram, compute, disk). This representation has additive properties, so it is convenient for producing accounting reports. It can be traded among teams, so there can be an economy of resources. Exclusion has a more complex representation (list of labels or of physical machine names, etc). An economy of exclusion-resources sometimes has too much friction. A basic type of exclusion can be implemented by saying "run your own k8s cluster if you want to be separate". You can get a long ways with a combination of quota and multiple k8s clusters. This does imply a need to name k8s clusters. But this is useful for other reasons. |
Clayton, at a high level this all sounds very reasonable and compatible with our cloud APIs. We'll need to discuss in more detail how users will authenticate and what authorization policies will look like. A few other comments:
|
This one is probably a 3rd use case. I'd restate the original more correctly in terms of this:
For Quota - no disagreement that it is typically fine grained, although I can think of cases where compute impact can be nuanced in terms of how it impacts other users (the two sides of CPU scheduling, percentage of each time interval to which you are allocated a CPU vs maximum contiguous block within that interval which you may execute without interruption). I think from a use case perspective in our area we see Exclusion as less common, and agree that the basic type often works. The next step is typically at a large granularity (and thus inefficient), but occurs for either "important customer/project" or "production vs development". Fine grained exclusion seems less common. So Quota and Limited Visibility drive a lot of our thinking, with Exclusion being the less important because you can (as you note) easily say "run your own cluster". |
Brian, for admission control do you see that as fundamentally a hard limit, or soft with reconciliation? Since you're drawing from a pool you need to coordinate the reservation of that resource - if failures occur after you've reserved but before you deploy you then need to undo that reservation, and doing that correctly is difficult to implement correctly. We struggle with this in practical terms of whether you can allow eventually consistent behavior at the admission control level (create something, 5s later it gets deleted) and whether that compromises experience. This is getting more into implementation, just fishing for different perspectives here. |
(answering for Brian)
One way you could approach this is:
Thoughts? |
btw, I used quota and limit interchangeably in that last post, which wasn't very precise. |
On Wed, Jul 16, 2014 at 10:59 AM, Clayton Coleman
Define "interact" ?
|
@thockin - Can I (on team A) see the pods you've created (on team B)? Can I change the replication controllers you've created? Can I see the environment variables in the pod templates you've created? Can my pods reach your pods over IPv4 if we're not on the same team? There are places where you explicitly want distinct teams to coordinate, although you'd prefer they do so through a defined boundary (network host and port, load balancer, dns name, specific API key) that steps outside of infrastructure (traditionally). The last question is a fairly specific topology request from OpenShift customers - they'd like to blanket drop outgoing packets from containers except those that match certain IPs in their project / team's units. It requires a willingness to distribute out the graph of connections to endpoints (which imposes its own scale limits), but is something that isn't terribly hard to do if motivated. That's a separate thread though. |
That's what I thought you meant. Yeah, that all gets complicated. On Wed, Jul 16, 2014 at 11:54 AM, Clayton Coleman notifications@github.com
|
Updated the description at top to capture the three scenarios. @erictune - the approach you described makes a lot of sense - hard limits for big, fungible limits for soft. There's also benefit to allowing temporary resource usage over soft limits for small teams (to within limits that they perhaps define). |
@smarterclayton @derekwaynecarr @erictune What else needs to be done on this issue? Do we have an overview doc that describes this area? |
Other than the individual efforts for authz, authn, and identity which continue elsewhere, the primary objective of this issue is satisfied. I'd be ok with closing and letting those issues stand on their own |
Also process /dev/xvd? partitions
edit the theme section from SIG Apps to match with other SIGs' themes
Remove race-condition when setting up masquerade rules
…-capture Capture the logs from stderr of custom plugins
Currently Kubernetes supports a single global scope for all resources. This works well for single/small deployments where a small group of admins are coordinating changes. There are two other important use cases that we would like to solve with Kubernetes:
At best, the two additional use cases would not complicate the simple scenario (an administrator can start a cluster without having to configure subdivision). In addition, a consumer of the pod/controller/service APIs should be agnostic to the subdivision.
Assumptions about subdivision:
Straw-man proposal:
Thoughts?
The text was updated successfully, but these errors were encountered: