Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Cloud Foundry / Community Advisory Board / 17 Aug 2022
Cloud Foundry / Community Advisory Board / 17 Aug 2022
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: Cloud Foundry CAB Call recording Aug 2022

Description

Matt Royal from VMware gave a talk on RunWorkload and BuildWorkload which are both a part of Korifi.
Korifi, as you have all heard, is a Cloud Foundry interface for Kubernetes clusters. Matt is a regular contributor to the project and has agreed to share some valuable insights about the internals that power the tool.
Date: 17th August '22
Day: Wednesday
Time: 8 AM Pacific/11 AM Eastern/4 PM London
GitHub: https://github.com/cloudfoundry/korifi
Slides: https://docs.google.com/presentation/d/1RAWVT3sAkzfhcJiDLlSWmjGiVhQWaO6GOCGvevs1Bf0/edit?usp=sharing

A

Okay,.

B

Hello: everyone wishing you a good morning good afternoon or good evening, depending on where you're joining us in the world from today um welcome to the August edition of the cloud Foundry cab call. We have and exciting time ahead, um not just in this call, but also like for the foundation.

B

um So a quick, a couple of quick updates uh about activities at the foundation before we jump into the meat of this of the presentation that we have prepared for today. um So please be aware that the.

B

Last dates for cfp submission are a little over a week away. We have about 10 days to go so if you're interested in submitting a cfp to the cloud Foundry Day, you have about 10 days to do that, and we all typically tend to do this in the last week. Last couple of days last day, what have you but uh we'll send out a few email reminders about this, but be aware that the last date is quickly approaching.

B

There's also a call for volunteers to be part of the program committee. Another program committee is a set of three, maybe four individuals who are part of the CF Community who get to choose what tracks get chosen for the stage at Cloud Foundry Day. So we have a an expression of Interest open for those who might want to participate in that I'm going to leave the link to the form in chat.

B

So if either you are interested in joining this or if you know folks who might uh want to be part of this, uh please share the link with them or you know, fill in the form herself. So we're definitely going to need to incentivize this um so we're thinking of a few ways of how to do that. But anyhow, if you're interested in being part of the cfp committee that gets to choose the proposals, then please do fill the form. If you know folks who you think might be a good fit share it with them.

B

um So those are the big updates that I had um so today we have a matte Royal with us. Matt joins us from somewhere exotic on the west coast of the United States, uh so he's going to talk a little bit about uh karifi architecture. So, like a lot of you folks already know, karifi is the cloud Foundry project that basically aims to build the cloud Foundry experience to deploy to kubernetes clusters. We've had many successes.

B

In the past few weeks and months um we reached a couple of Milestones, so we are at version 0 to 0.2 right now um you know inching our way towards stability and towards production, Readiness, slowly and steadily, but yeah. So obviously, uh architecture and internals are a lot of interest to many folks in the community and in particular, if you combine like the cloud Foundry world and the kubernetes world, it makes for a lot of interesting discussion. So Matt. Why don't you kick us off um for discussions about uh query fee internals foreign.

C

I'm in San Francisco, uh as Ron said um it's a little early for me, so I apologize in advance that I yawn once or twice uh but uh I. So just the the structure I had in mind for this is um I've got just a deck, just to kind of do a high level overview of the changes we made and just kind of give us some structure to talk about, and then I'm just going to open the floor for questions and answer any questions that people might have.

C

So let me try sharing.

A

My screen and.

C

See how this works out.

C

Can everybody see that now that it's full screen- yep, okay, great yeah, um so I'm here to talk about some recent changes we've made to karifi, to allow you to plug in alternative workflows, for building and running alternative implementations?

C

So for those of you who need to refresh on karifi or who aren't familiar, um it's basically Cloud Foundry on kubernetes um we've, you might be familiar with CFR Kates. This is the successor to that project with the idea being that it's meant to be a little more kubernetes native.

C

um So some of the ways it's different is you know we're not reusing the ruby-based cloud controller. We have a re-implementation of the cloud Foundry API in golang. We aren't backed by a database we're using custom resources in the kubernetes API to represent all of the cloud Foundry nouns um and it's kind of a bring your own auth situation. So you know anything that can off against the kubernetes. Api can auth against karifi no UAA anymore.

C

um I've got some links here. um Aren't super useful right now, but um when I send this stuck out later, when ROM does um so, these are some useful resources to kind of understand. Karifi and some of the vision behind it um so before I get further into this talk. uh I just want to put out some caveats.

C

um The the design we're talking about is still under active development. We're making breaking changes.

C

um So you know the design I show you today may not be the exact design that we have in a week or a month, um so just be aware that breaking changes are likely to come, but this always give you an idea of what we have in place right now,.

C

um Yeah so originally um carifi uh directly managed both building and running of apps. Now we did that through. We used kpac images to do the building and we used stateful sets to do the running right.

C

um So you build your image with the Capac image we uh the droplet out of that, and then we run your app instances with staple sets. um The the work we're talking about today added this new abstraction, these new abstractions. Rather um these new uh the build workload and Formerly Known does the the Run workload but now called the app workload, and these are just resources that include all the information you need to implement either of those workflows.

C

um You know building image from Source or running an already built image um and then they're kind of a an attachment point where you can plug in an implementation that that maybe does something a little different, um just some some quick terminology, um the components that actually do the building I'm going to call Builders um the components that do the running I'm, going to call Runners, pretty straightforward right um and, as I mentioned they're both they both use these workload resources too, as their interface and to communicate State.

C

No one thing that's worth knowing is after we introduced this, the behavior inquiry is actually still the same. We've just taken the existing behavior that was part of karifi core and put them into these.

C

um These sort of sub projects there's a Capac image Builder, which does what it sounds like and the state full set Runner, which also does what it sounds like um now. The the goals of this work uh were to basically to make it possible to to plug in different Behavior right, and we wanted to to minimize uh the difficulty of doing that um and make it as simple as possible right.

C

So that's the the rationale between behind putting um all the information in one resource and having using that kind of exclusively for communication between karifi, and these alternative implementations um also want to. uh We wanted to create a very clear separation between karifi and these, so that we didn't have to know the details of the underlying architecture for how you're building your image, how you're running it.

C

um This is some where we, we still have some room for improvement, um but we're actively working on it um and in the short term, we only intend to have on a given deployment to have one component. That's actively doing the building one components that act, that's actively doing the running um in the future. We may add support for having multiple, concurrent, Builders and Runners, where you know you dynamically dispatch to one or the other.

C

um So here's um there's a lot of words. Here's a diagram to help help break it down. So this is kind of a simplified flow of what the internals of Curry feel like the objects on the on the Kate's cluster and the components involved are doing when you create a build now.

C

um So, as I mentioned, um you know, we use custom resources for all of our our nouns instead of periphy, so we've got the CF build. The creation of that by the API indicates: hey we've got this building we want to run. um It turns out that a lot of information goes into generating a build. So uh the controller part of karifi correlates all the information, that's necessary from the build itself from the package. You'll get the source location, for example, from that any credentials that need to be in there from service bindings.

C

You know, etc, etc, um and then it's going to bundle all that information up, put it on the build workload and then in the default deployment. You've got this kpac image Builder that I mentioned before, which is going to to take the information on that and ultimately build a capec image from it.

C

Now what this diagram doesn't show, but it kind of follows from this: is you know, as the kpac image either succeeds building or fails for some reason that state will be communicated back to karifi by updating the status of the build workload here, foreign and there's a very, very similar diagram for what the app workload flow looks like um you know, just the the trigger is a little different, so, instead of creating an app being the trigger it's um setting the desired state of the app to running, but the same thing happens, it correlates data from a bunch of different sources, puts it onto this app workload, object which then triggers the stateful set Runner, and then that creates a staple set and the number of available replicas is or running.

C

Replicas rather is communicated back through the the workload object.

C

um I've got some more links for um again for uh to be useful after this talk, but um one thing that might be worth looking at right now is just uh what these actually look like in practice.

C

um I, don't think it's worth like going through all the keys necessarily, but we can just do a quick, quick overview. You can see that, like for the the build workload, you've got information about all the environment, variables that need to be available in you know, in the same format, you would have on, for example, like a pod container uh in kubernetes.

C

You've got information about where to actually pull the source and the credentials you need to do it, and then the status of the result gets communicated back here right so like this was a successful build, and so it succeeded- and uh you have the information about where to pull the the image actually from under droplet here and also what processes are on and which commands to run. So you know this.

C

This might look familiar from CF or VMS, just kind of in a more Casey format um and similarly for the app workload we have all the we actually have, probably more more information than we need on the app workload. We're likely going to cut a lot of these fields off soon.

C

um But it's just it's the same idea and then the um the implementer of the runner of the Builder is responsible for taking this input and deciding how that's going to actually be represented. On, for example, your stateful site.

C

um Yeah, so I went through a lot pretty fast. um uh How about I.

D

Don't know, does anyone.

C

Have any questions anything you want me to dig into deeper lecturing my screen potentially.

D

Hi a quick question: what triggered this this redesign? What was what was the uh uh the impetus to come up with this type of style.

C

Yeah I think right now, it's mostly a proof of concept.

C

um We, as I mentioned we're deploying all of our applications as stateful sets right now, but there is talk of potentially um supporting deployments, or maybe even k-native services in the future, and so um part of the motivation for this design was enabling that work to be simplified in the future.

C

um So you know you can imagine that if we do want to support deployments, um we can write an alternative Runner that just has the logic or our deployments and decide not to deploy with the staple set Runner and um we've pretty pretty cheaply supported a different workflow without a lot of engineering work. So that was part of the thought process.

C

um Actually I have some other team members here as well, um Phil and Tim. So if either, if you want to chime in about motivation, please do oh interested sorry. So.

A

To um remember the vision document I think that we had uh I think even before in starting the implementation and like one of the goals of this new project was to make a specific functionalities uh pluggable both so that uh this could be useful to as many for as many use cases as possible, but also to avoid like re-implementing stuff. So one thing we decided is, you know, authentication.

A

We delegate that networking we work against well-known interfaces instead of providing our own implementation uh and so I think it was only natural to do the same for for runtime for building uh I can't remember if there were other interfaces that we haven't covered, but yeah I think the the main ones were networking runtime, building off uh so yeah. This means, because if you can build with all sorts of backlines and can run stuff with all sorts of packets,.

D

But are you integrating with things like bazel and other type of Builders behind the scenes, and then integrated it back in? Is that what you're trying to accomplish.

A

uh It so when we talk about a builder is mostly a Beast that is capable of going from sources to Docker container, so I don't know if bazel qualifies, but mostly you.

D

Can do that in bazel? Yes,.

A

Yeah so I guess someone could Implement a builder based on that then, oh, like just more simply, for example, at the moment we don't support Docker files, but like another Builder could just build based on dockerfile, uh or you know there might be many. There might be many use cases uh support for you know at the moment we support the specific, build packs like Cloud native, build packs, who knows tomorrow and some something new comes out. That is uh interesting or better. We can just plug it in yeah.

A

The hope is that if the abstractions are well designed we'll be able to to do this.

D

Thank you.

C

It's worth mentioning um something that didn't make it into the slides is that um Giuseppe and some of our other European teammates have recently added task support and it uses a very similar structure used as a task workload which I didn't talk about today, because I, just don't I, haven't dealt with it much, but just so you're aware that's there.

A

I'm, the default implementation uses jobs so again, Same Same Spirit, like the default implementation uses, kubernetes built-ins, tries to be as cheap and straightforward as possible and and they're. All lots of this is at least inspired by the previous ABD implementation, so we've basically replaced the mini types with these new types that are a bit more I would say, straightforward to use a little bit cleaner, removed some craft in the process and managed to also get rid of our dependency in the process.

C

Yeah so um when I mentioned earlier, that we're likely going to print a fair number of fields off of the the app workload part of that is that we, we basically just started by copying the exact same structure as the Irene lrp, um and we've realized that we don't need some of those. Some of those fields.

C

All right: well, um if anybody else thinks of a question or wants to kind of engage with the team you can. You can find us on the cloud Foundry slack in the in the query: feed Dev, Channel foreign.

B

We can probably get the slides out to folks as well, um so I'll follow up with you on that, uh but in general thanks for the talk, it was really useful and I. Think the more we um talk about these architectures and some query: Primitives the better territory be for people who are trying to build an understanding about the project, so yeah thanks and yeah. Thank you.

B

Everybody for uh being on the cab call today um hope to see you on future editions too and to everyone watching the recording um stay tuned, we'll be adding content all the time. Thanks very much bye.

D

Thanks.