►
From YouTube: Kubernetes SIG API Machinery 20180314
Description
March 14, 2018 API Machinery Sig meeting recording
A
A
A
C
A
A
C
C
So
the
background
is
I'm
studying
I'm
interested
in
using
the
kubernetes
api
machinery
to
just
build
distributed
systems
in
general,
I.
Think
the
the
idea
of
focusing
on,
as
these
guys
say,
level
based
rather
than
edge
based
management
and
the
idea
of
watches
is
a
good
way
to
build
distributed
systems
in
a
way.
That's
simple
and
reliable
and
I'm
trying
to
do
that
and
to
support
that
I'm
studying
the
performance
of
the
machinery,
so
I
have
a
struct
at
a
simple
test.
C
Micro
benchmark
I
took
the
example
aggregated
API
server,
which
implements
objects
called
pflueger's
for
some
reason,
and
the
example
controller
and
modified
it
to
work
with
flenders
and
all
it
does
with.
Flutters
is
basically
law
of
timing
information.
So
I
wanted
to
study
the
latency
from
the
time
that
the
client
does
an
operation
on
a
flutter
to
the
time
that
all
these
controllers,
which
I
call
loggers
cuz
all
they
do,
is
a
long
time.
C
Ii
receive
the
information
and
I
want
to
be
the
latency
and
then
the
costs
in
terms
of
CPU
memory
and
network
along
the
way,
and
so
I've
been
doing
some
experiments
and
there's
a
pointer
in
that
issue
to
a
Google
Docs
site,
where
I'm
compiling
results
of
those
experiments
and
I'm.
Finding
that,
in
the
normal
configuration
where
these
loggers
connect
to
the
main
API
server,
which
in
turn
proxies
their
watches
to
the
aggregated,
API,
server
and
I'm,
starting
with
very
simple
configuration
where
there's
just
one
of
each
and
each
has
its
own
SD
server.
C
I
based.
You
know,
because
I'm
using
the
sample,
API
server
config,
which
has
a
pod
with
an
aggregated
server
and
its
own
entity,
sarena
and
deploying
with
coops
great,
which
puts
up
one
API
server
and
one
SD
server
anyway.
In
that
configuration
I,
find
I
can't
use
up
all
the
CPU
and
network,
whereas
if
instead
I
make
the
loggers
connect
directly
to
the
aggregated
API
server,
which
is
relatively
simple
by
just
hacking.
Their
client
set
object
that
I
can
use
up
the
CPU
on
the
machine
that
is
running
the
aggregated,
API
server.
C
C
Yeah
I
I
would
imagine
that's
true
a
quick
question,
so
we've
got
the
main
API
server
is
presumably
doing
an
I
need
to
validate.
This
is
doing
a
watch
against
the
aggregated,
API
server.
The
aggregated,
IP
I
servers
then
also
doing
a
watch
against
its
storage
layer.
No,
no,
the
the
main
API
server
is
simply
proxying
each
watch,
so
the
aggregated
server
sees
a
bunch
of
watches
on
Flender
objects
right,
but
that
that
API
server
is
I.
I,
don't
remember
the
plunder
implementation.
C
C
C
It's
probably
worth
one
of
us
validating
I
have
done
some
with
V
turned
up
to
ten,
so
I
think
we
can
see
in
pretty
great
detail
what
happens.
I'm,
not
sure,
with
our
shared
logs
from
that.
But
I
can
do
that.
If
you
like
I
I,
think
we
just
need
someone
to
check
I'm,
just
trying,
partly
I'm
just
going
through
the
deeds
I'll
see
if
I
can
trigger
any
thoughts
in
my
brain
as
to
what
might
be
going
on
all
right.
C
Well,
I'll
remind
you
that
you
know
the
two
patient's
cases
I'm,
comparing
the
in
both
cases,
the
aggregate,
a
pacer
risk
getting
watched
operations.
So
it's
serving
the
watch
operations,
presumably
the
same
in
both
cases.
Yeah
I
mean
the
interesting
thing
is
that
unless
I
miss
remember
how
the
API
server
implements
watch,
it
is
essentially
just
an
open
request
which
gets
replied
to
when
there
is
data
available.
So
it's
not
exactly
I
mean
it's
all
pooch
based
rather
than
home,
based.
Yes,
they
are
at
the
implementation
of
a
watch.
C
B
C
Seems
like
we'd,
be
much
better
off
with
a
she
to
be?
Oh
well,
yes,
it
does
alright,
then
the
go
code
does
use
HTV
when
you're
using
TLS.
Unless
you
take
steps
to
disable
it
so
I
was
qualified
explicitly
qualified.
My
remark
in
HTTP
one
uses
the
chunked
transfer
encoding,
but
in
this
case
act
the
actual
traffic
is
using
HTTP
2,
which
doesn't
use
chunked.
C
It
doesn't
have
chunk,
but
it
has
this
framing
concept
in
HTTP,
and
so
it
just
sends
a
series
of
frames
back
and
everybody
has
something
to
say
yes,
so
the
weird
parts
of
that
is
that
if
it's
all
push
based,
it's
sort
of
I'm
trying
to
I'm
having
a
hard
time
thinking
what
could
be
going
wrong
between
the
central
API
server
and
the
aggregated
API
server
such
that
you're
limiting
and
the
only
way
I
can
think
of
is.
Is
there
some
sort
of
delay
in
how
long
it
is
before
it?
C
So
the
claim
here
is
that
if
you
do
a
watch
directly
against
the
aggregated
API
server,
you
can
could
as
much
resources
as
you
need
to
be
clear.
This
is
not
about
one
watch.
This
is
about
hundreds
of
watches,
oh
sure,
but
with
the
key
being,
the
difference
is
that
the
direct
you
know
directly
watching
against
the
API
server,
rather
than
going
against
the
central,
the
cube
API
server,
which
that
aggregates
and
that
somehow
the
aggregating,
the
watches
is
preventing
the
system
from
scaling.
Well,
my.
C
C
Just
like
there's
a
throughput
limit,
so
the
failure
symptom
when
the
the
proxy
case
hits
the
wall.
Well,
the
what
goes
wrong
is,
watches
fall
behind
and
they
terminate
early
and
when
they
set.
When
the
informer
or
reflector
says
pick
up
where
you
left
off
the
server
says:
oh
that's
way
long
ago,
I
can't
do
that,
and
so
it
has
to
do
a
list
again,
which
cost
even
more
bandwidth
and
that.
A
C
That's
the
trick:
it's
not
CPU
bound.
It's
not
hitting
the
network
capacity.
I'll
tell
you.
My
primary
suspicion
is
in
the
fact
that
this
proxying
is
done
over
one
TCP
connection.
The
HTTP
2
mechanism
is
doing
multiplexing
and
demultiplexing
over
one
screen
and
that's
logically,
a
serial
operation.
So
there's
going
to
be
a
bottleneck,
a
multiplex
thing
on
the
aggregate,
an
API
server,
all
those
responses
back
down
into
one
TCP
connection
instantly,
there's
going
to
be
a
bottle,
unlike
demultiplexing
them
all
into
the
various
watch.
Requests
on
that
the
main
supersite
sounds.
A
B
A
C
The
problem
is
that
I
mean
if
he's
right
and
I
think
he
probably
is
that
what
we're
really
talking
about
is
essentially
it's
a
lock
contention
problem.
Oh
no
I
wouldn't
call
a
lock
contention
problem.
The
lock
is
just
an
imitation
detail.
The
problem
is
that
there's
this
logical
necessity
to
multiplex
a
bunch
of
concurrent
response
streams
into
one
TCP
stream
right,
and
that
inherently
is
a
serialization
thing
and
it
doesn't
matter
whether
you
implement
it
with
love,
yeah.
C
C
C
C
Actions
right
which
shouldn't
require
it's
a
config
change,
not
a
code
change,
yeah,
it's
Fisher's,
it's
flutters
and
Fisher's
officials
and
Sherman.
Let's
see
yeah
I
have
a
very
quick
way
to
confirm
it.
So
we'd
have
to
well
we'd,
have
to
put
the
flounders
in
the
Fisher's
in
different
servers,
though
all
right.
Otherwise,
the
the
main
server
is
going
to
use
one
connection
for
both
of
them.
I
thought
it
was
which
one
which
I
created
API
server
was
a
can.
B
C
B
C
A
C
Not
perfect,
but
what
I
mean
I
and
I
think
I
like
to
the
way
Daniel
put
it
better
than
the
way.
I
put
it.
If
that
doesn't
double
your
throughput
and
we're
on
the
wrong
path,
yeah
I
think
I
stumbled
your
throughput.
Then
we
haven't
proven
it,
but
we've
added
some
pretty
strong
weight
to
the
theory.
Exactly
yeah.
We.
A
C
C
C
B
B
C
I
have
achieved
a
lot.
I
got
different
failures.
Now
my
problem
was
that
I
wasn't
very
wasn't
able
to
get
very
selective,
so
I
disabled
htb
to
basically
everywhere
and
that
produced
a
bad
performance
of
a
very
different
sort.
And
if
you
look
through
that
document,
you
can
see
a
reports
from
experiments
in
this
case,
I.
B
C
C
C
That
was
my
problem:
I
couldn't
get
a
lot
of
connections
and
the
site
disabled.
They
should
be
two
on
both
of
them
now,
maybe
maybe
I
just
watched
something
maybe
I
could
I
can
I'll
try
again
and
also
in
the
go
documentation
for
HTTP
two.
There
are
different
environment
variables
that
are
documented,
so
I
can
try
that
too
so
I
can
go
back
and
try
again
see
if
I
can
get.
You
know
just
the
one
that
I
want,
but
I'm
probably
gonna
disable
it.
C
You
know
what
it
liked
I,
don't
really
want
to
disable
it
on
the
main
one
entirely
I
could
disable
it
on
the
aggregated
one
yeah.
What
I'd
like
to
do
is
disable
it
on
the
aggregator
server
in
its
role
as
a
server,
but
not
as
an
SD
client,
but
I.
Don't
I
well,
I'll,
try
again,
I,
don't
know
if
I
can
do
it.
Control
of
that.
Finally,
yeah.
B
B
C
B
Keeping
with
a
connection
well,
that's
right:
it
does
it
does.
It
does
figure
out
the
endpoints.
It
goes
with
the
endpoints
yeah,
so
yeah
I
just
heard
yeah.
So
if
you
run
two
of
the
back-end
of
the
aggregated
API
servers
behind
the
same
service
or
actually
yeah,
you
can
run
multiple
of
them.
The
main
the
aggregator
should
multiplex
across
them,
and
so,
if
you
run
two,
you
should
see
double
with
your
foot
yeah.
In
fact,
if
you
don't,
let
me
know
because
that's
a
bug
because
I
made.
C
B
C
Me
just
double
check
so
you're
telling
me
that
if
I
do
get
to
egg
di
servers
behind
the
same
service,
just
the
normal
main
API
server
is
going
to
open
connections
to
both
and
load
balanced
requests
across
those
two
connections:
correct,
yeah,
okay,
well,
I'll,
try!
That
sounds
like
the
easiest
thing
to
do.
I'll
try
that
first
and.
B
C
B
C
A
B
C
Doesn't
totally
configure
confirm
because
then
you
have
to
ask
what
is
the
load
balancer?
Introducing
a
bottleneck,
I
think
that
the
paracin
between
what
I've
done
and
what
we
just
outlined
with
two
aggregated
servers
is
a
pretty
direct
one
and
a
pretty
good
test.
So
I
think
I'll.
Try
that
next
yeah.