By Liheng
OpenKruise [1] is an open-source cloud-native application automation management suite provided by Alibaba Cloud, and it's also an incubating project hosted by the Cloud Native Computing Foundation (CNCF). Leveraging Alibaba Group's accumulated expertise in containerization and cloud-native technologies, OpenKruise is a standard extension component based on Kubernetes, widely used in Alibaba Group's production environment. It's a technical concept and best practice that closely follows upstream community standards and adapts to large-scale Internet scenarios.
OpenKruise has released its latest version, v1.6 (ChangeLog [2]), in March 2024. This article provides an overview of the core features of the new version.
• Starting from v1.6.0, OpenKruise must be installed and used in Kubernetes clusters of Kubernetes >= 1.18 or later. If you have disabled Kruise-Daemon components (featureGates="KruiseDaemon=false"), you can still install it on clusters with Kubernetes 1.16 and 1.17.
• OpenKruise Leader election uses the leases mode by default. For users of OpenKruise 1.3.0 or earlier, please upgrade OpenKruise to version 1.4 or 1.5 before upgrading to version 1.6 to avoid unexpected Multiple Leader issues during the upgrade process.
• To avoid potential circular dependency issues, webhook-dependent functions will no longer be available for kube-system resources, such as SidecarSet, WorkloadSpread, PodUnavailableBudget, ContainerLaunchPriority, and PersistentPodState.
As the digital transformation of enterprises accelerates, more and more key businesses are deployed on Kubernetes clusters hosted on the cloud. The increase of deployed services and types on Kubernetes puts forward diversified demands for the deployment mode in a single Kubernetes cluster, such as:
• Scheduled scaling: During periodic peak hours, it scales out the business to the elastic resource pool. After the peak hours, it scales in the elastic resource instances.
• Multi-architecture computing power: The cluster contains both x86 and arm computing power.
• Multi-data center disaster recovery: Application instances are deployed in multiple A/Z zones for disaster recovery.
WorkloadSpread is a multi-domain management solution proposed by OpenKruise v0.10 to solve the preceding problems. Common Scenarios:
Fix: subset replicas ratio will be broken during the rolling upgrade of Deployment/CloneSet
If maxSurge>0 is configured during the rolling update of Deployment/CloneSet, the deployment will be scaled out before it is scaled in. As shown in the following figure, when Pod-10 is created, since the x86 resource pool already has six pods (one v1 and five v2), Pod-10 is allocated to the arm resource pool. After the v1-Pod is deleted, x86 and arm have 50% replicas pods respectively, which destroys the workloadSpread subset replicas ratio configuration.
In this version, WorkloadSpread considers the pod version when allocating the subset pod, so this issue has been fixed. Therefore, if you use the workloadSpread feature in a production environment, we recommend that you upgrade it to Kruise v1.6.
OpenKruise image pre-download allows you to pre-download Base and business images to Node in advance. This greatly accelerates business scaling out and meets the demand for high-speed elasticity during peak hours.
When OpenKruise pre-downloads an image, it first determines whether the image of the Tag exists on the Node. If the image exists, OpenKruise will not pre-download the image. Therefore, if the image Tag remains unchanged but the image content changes, then the images cannot be pre-downloaded, for example, the images of Latest Tag.
This version adds the imagePullPolicy='Always' policy to support the preceding scenarios. In addition, it can be matched with completionPolicy.type=Never to normally pre-download Base images:
apiVersion: apps.kruise.io/v1alpha1
kind: ImagePullJob
metadata:
name: job-with-base
spec:
image: base:latest
imagePullPolicy: Always
parallelism: 10
completionPolicy:
type: Never
pullPolicy:
backoffLimit: 3
timeoutSeconds: 300To improve the stability and security of Kubernetes clusters, OpenKruise provides a safety policy to prevent cascading deletion for some resources, such as CRD, Namespace, and Deployment. In this version, we have added new protection for Service and Ingress resources. The current policy only supports 'Always', which means that all deletion of Service and Ingress resources will be blocked (unless the label[policy.kruise.io/delete-protection] is removed). Configuration details:
apiVersion: v1
kind: Service
metadata:
labels:
policy.kruise.io/delete-protection: Always
name: test-webCurrently, we have planned three versions:
• Release 1.7: CloneSet/Advanced StatefulSet supports in-place PVC configuration change, kruise api is upgraded to v1beta1, and the Liveness Probe feature is added.
• Release 1.8: SidecarSet supports Kubernetes 1.28 Sidecar Containers and Kruise component minimization deployment solutions.
• Release 1.9: CloneSet/Advanced StatefulSet supports Resource in-place VPA.
Welcome to participate in the construction and version planning of kruise. In addition, welcome to get involved with OpenKruise by joining us in Github and Slack. Share your voice through the Slack channel [4].
[1] OpenKruise
https://github.com/openkruise/kruise
[2] ChangeLog
https://github.com/openkruise/kruise/blob/master/CHANGELOG.md
[3] Slack channel
https://kubernetes.slack.com/channels/openkruise
488 posts | 48 followers
FollowAlibaba Cloud Native Community - December 29, 2023
Alibaba Cloud Native Community - May 4, 2023
Alibaba Developer - May 20, 2021
Alibaba Developer - October 13, 2020
Alibaba Clouder - December 3, 2020
Alibaba Cloud Native - June 9, 2022
488 posts | 48 followers
Follow
Cloud-Native Applications Management Solution
Accelerate and secure the development, deployment, and management of containerized applications cost-effectively.
Learn More
Managed Service for Prometheus
Multi-source metrics are aggregated to monitor the status of your business and services in real time.
Learn More
Container Service for Kubernetes
Alibaba Cloud Container Service for Kubernetes is a fully managed cloud container management service that supports native Kubernetes and integrates with other Alibaba Cloud products.
Learn More
ACK One
Provides a control plane to allow users to manage Kubernetes clusters that run based on different infrastructure resources
Learn MoreMore Posts by Alibaba Cloud Native Community