loader

Deployment Specification of Kubernetes in AWS

ABOUT THE PROJECT

Why go for multi-master setup?

To have a truly reliable, highly available distributed system for your applications. Master fault tolerance.

Why go for multi-zone setup?

To improve availability in case of a single zone outage/maintenance. Zone failure tolerance.

Why 3 masters?

Some of the master components need to run as a single actor to avoid split-brain situation. More on ‘Master elected components section’ below

Why 3 workers?

In case one of the zones goes down the applications to be able to start on the other zone. We can use “Pod affinity” to run our pods on a zone with higher number of workers

How to scale?

By using Amazon’s Single auto-scaling group spanning on multiple zones.

How to set a persistent storage?

AWS S3 is Kubernetes compatible. Amazon EBS provides persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud.

How to monitor in AWS?

We can use open-source tools like Icinga2, Prometheus, etc. or we can go for Amazon CloudWatch Service. Both suitable solutions.

THE CHALLENGE

Build a highly available Kubernetes cluster with features as Master fault tolerance and zone failure tolerance.

 

THE SOLUTION

Establish a redundant reliable storage:

The number one rule of high availability is to protect the data. Whatever else happens, whatever catches on fire, if you have the data, you can rebuild.

Clustering ETCD

Use persistent storage provided by Amazon S3 where it is designed to deliver 99.999999999% durability
https://aws.amazon.com/s3/  OR Each Amazon EBS volume is designed for 99.999% availability and automatically replicates within its Availability Zone to protect your applications from component failure. https://aws.amazon.com/ebs/

Replicated API:

Install API server on all master nodes with the YAML definition.
Setup Load Balancing between the master nodes using desired method. With AWS you go with ELB.

Master elected components:

So far we haven’t done anything that actually modifies cluster state, such as the controller manager and scheduler. To achieve reliability, we want only one actor modifying state of the cluster, but we also want replicated instances of these actors, in case the machine dies. Lease-lock is used in the API to perform master election (leader-elect flag).
The scheduler and controller-manager can be configured to communicate using the load balanced IP address of the API servers. Regardless of how they are configured, the scheduler and controller-manager will complete the leader election process mentioned above when using the leader-elect flag.
In case of a failure accessing the API server, the elected leader will not be able to renew the lease, causing a new leader to be elected. This is especially relevant when configuring the scheduler and controller-manager to access the API server via 127.0.0.1, with the API server on the same node being unavailable.

Adding Workers:

Fort a fresh cluster: we need to install the kubelet and kube-proxy on each worker node, and set the –apiserver flag to your replicated endpoint.

Multi-zone setup:

Multi-zone support is deliberately limited: a single Kubernetes cluster can run in multiple zones, but only within the same region (and cloud provider).
With multiple-zone clusters, this spreading behavior is extended across zones (to reduce the impact of zone failures.) (This is achieved via SelectorSpreadPriority).

Limitations for multi-zone setup:

We need to assure that the different zones are located close to each other in the network, so we don’t perform any zone-aware routing. Particularly the traffic that goes via services might cross zones (even if pods in some pods backing that service exist in the same zone as the client), and this may incur additional latency and cost.