Skip to content

Commit 4ee3718

Browse files
committed
Demo code for initiating in-place pod resize using eBPF
1 parent cc57f91 commit 4ee3718

10 files changed

+392
-0
lines changed

ebpf-pod-resize/README.md

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
# ebpf-pod-resize
2+
3+
This code is meant to illustrate how eBPF can help proactively initiate in-place resize of pod resources
4+
for use cases such as the Remote Development Environment. The defining characteristic of such an use case
5+
is the spikes in resource needs.
6+
7+
A reactive approach such as VPA is not the best option for such use case. eBPF can help resize the pod
8+
with significantly lower latency based on user specified conditions.
9+
10+
NOTE: This code is for illustration purposes only and not meant for any production use. It was written
11+
to illustrate and demonstrate an idea.
Lines changed: 65 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,65 @@
1+
#!/bin/bash -x
2+
3+
# Supported only for Ubuntu 20.04 LTS (may work with 22.04)
4+
5+
cd $HOME
6+
mkdir -p $HOME/tmp
7+
cd $HOME/tmp
8+
9+
# Install required packages
10+
apt-get update -y
11+
apt-get upgrade -y
12+
apt-get install -y build-essential jq curl wget vim
13+
14+
# Install go 1.19.2
15+
if [[ "$(uname -m)" == "aarch64" ]]; then
16+
wget https://go.dev/dl/go1.19.2.linux-arm64.tar.gz
17+
tar -xf go1.19.2.linux-arm64.tar.gz
18+
mv go /usr/local/
19+
else
20+
wget https://go.dev/dl/go1.19.2.linux-amd64.tar.gz
21+
tar -xf go1.19.2.linux-amd64.tar.gz
22+
mv go /usr/local/
23+
fi
24+
25+
# Install and configure containerd, crictl, kubectl
26+
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
27+
echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
28+
apt-get update -y && apt-get install -y containerd cri-tools kubectl kubernetes-cni
29+
cat > /etc/crictl.yaml << EOF
30+
runtime-endpoint: unix:///var/run/containerd/containerd.sock
31+
image-endpoint: unix:///var/run/containerd/containerd.sock
32+
timeout: 2
33+
debug: false
34+
pull-image-on-create: false
35+
EOF
36+
37+
# Clone in-place resize k8s repo
38+
mkdir -p ~/go/src/k8s.io
39+
pushd ~/go/src/k8s.io
40+
git clone https://github.com/vinaykul/kubernetes k8s-pod-resize
41+
pushd ~/go/src/k8s.io/k8s-pod-resize
42+
git checkout restart-free-pod-vertical-scaling
43+
./hack/install-etcd.sh
44+
45+
# Clone and build cfssl
46+
export GOPATH=$HOME/go
47+
export GOROOT=/usr/local/go
48+
export PATH=$GOPATH/bin:$GOROOT/bin:$PATH
49+
mkdir -p ~/go/src/github.com/cloudflare
50+
pushd ~/go/src/github.com/cloudflare
51+
git clone https://github.com/cloudflare/cfssl
52+
cd cfssl
53+
make all
54+
cp bin/cfssl /usr/sbin/
55+
cp bin/cfssljson /usr/sbin/
56+
57+
# Install bpftool
58+
apt-get update -y
59+
apt-get install -y linux-tools-common linux-tools-$(uname -r)
60+
61+
set +x
62+
echo "Please add go root and go path to your .profile"
63+
echo " export GOPATH=$HOME/go"
64+
echo " export GOROOT=/usr/local/go"
65+
echo " export PATH=$GOPATH/bin:$GOROOT/bin:$PATH"
Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
#!/bin/bash -x
2+
3+
docker rmi -f skiibum/ebpf-pod-resize:demo
4+
docker image build -t skiibum/ebpf-pod-resize:demo -f ebpf-pod-resize-demo.Dockerfile .

ebpf-pod-resize/crictl.yaml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
runtime-endpoint: unix:///containerd/containerd.sock
2+
image-endpoint: unix:///containerd/containerd.sock
3+
timeout: 2
4+
debug: false
5+
pull-image-on-create: false
Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
# SPDX-License-Identifier: MIT
2+
# Copyright (c) 2022 The Authors.
3+
4+
# Authors: Vinay Kulkarni <@vinaykul>
5+
6+
# Permission is hereby granted, free of charge, to any person obtaining a copy
7+
# of this software and associated documentation files (the "Software"), to deal
8+
# in the Software without restriction, including without limitation the rights
9+
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10+
# copies of the Software, and to permit persons to whom the Software is
11+
# furnished to do so, subject to the following conditions:The above copyright
12+
# notice and this permission notice shall be included in all copies or
13+
# substantial portions of the Software.THE SOFTWARE IS PROVIDED "AS IS",
14+
# WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
15+
# TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
16+
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE
17+
# FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
18+
# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
19+
# THE USE OR OTHER DEALINGS IN THE SOFTWARE.
20+
21+
FROM ubuntu:20.04
22+
RUN apt-get update -y
23+
RUN apt-get install -y sudo vim build-essential bpfcc-tools jq curl apt-transport-https python3 python3-pip
24+
RUN curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
25+
RUN echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
26+
RUN apt-get update -y && apt-get install -y cri-tools
27+
RUN pip3 install --upgrade bcc kubernetes
28+
COPY crictl.yaml /etc/
29+
COPY init-ebpf-pod-resize.sh podsnoop.py launch-ebpf-pod-resize.sh /
30+
CMD /launch-ebpf-pod-resize.sh
Lines changed: 101 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,101 @@
1+
apiVersion: v1
2+
kind: ServiceAccount
3+
metadata:
4+
name: ebpf-pod-resize-demo
5+
namespace: kube-system
6+
---
7+
apiVersion: rbac.authorization.k8s.io/v1
8+
kind: ClusterRoleBinding
9+
metadata:
10+
name: ebpf-pod-resize-demo
11+
namespace: kube-system
12+
roleRef:
13+
apiGroup: rbac.authorization.k8s.io
14+
kind: ClusterRole
15+
name: cluster-admin
16+
subjects:
17+
- kind: ServiceAccount
18+
name: ebpf-pod-resize-demo
19+
namespace: kube-system
20+
---
21+
apiVersion: apps/v1
22+
kind: DaemonSet
23+
metadata:
24+
name: ebpf-pod-resize-demo
25+
namespace: kube-system
26+
labels:
27+
k8s-app: ebpf-pod-resize-demo
28+
spec:
29+
selector:
30+
matchLabels:
31+
name: ebpf-pod-resize-demo
32+
template:
33+
metadata:
34+
labels:
35+
name: ebpf-pod-resize-demo
36+
spec:
37+
serviceAccountName: ebpf-pod-resize-demo
38+
terminationGracePeriodSeconds: 30
39+
tolerations:
40+
- key: node-role.kubernetes.io/control-plane
41+
operator: Exists
42+
effect: NoSchedule
43+
- key: node-role.kubernetes.io/master
44+
operator: Exists
45+
effect: NoSchedule
46+
hostNetwork: true
47+
hostPID: true
48+
hostIPC: true
49+
volumes:
50+
- name: sys-volume
51+
hostPath:
52+
path: /sys
53+
- name: usr-src-volume
54+
emptyDir: {}
55+
- name: usr-lib-modules-volume
56+
emptyDir: {}
57+
- name: var-run-containerd-volume
58+
hostPath:
59+
path: /var/run/containerd
60+
initContainers:
61+
- name: init-ebpf-pod-resize
62+
image: skiibum/ebpf-pod-resize:demo
63+
imagePullPolicy: IfNotPresent
64+
command: ["/init-ebpf-pod-resize.sh"]
65+
securityContext:
66+
allowPrivilegeEscalation: true
67+
capabilities:
68+
add: ["SYS_ADMIN"]
69+
volumeMounts:
70+
- name: usr-src-volume
71+
mountPath: /usr/src
72+
readOnly: false
73+
- name: usr-lib-modules-volume
74+
mountPath: /usr/lib/modules
75+
readOnly: false
76+
containers:
77+
- name: ebpf-pod-resize
78+
image: skiibum/ebpf-pod-resize:demo
79+
imagePullPolicy: IfNotPresent
80+
command: ["/launch-ebpf-pod-resize.sh"]
81+
resources:
82+
requests:
83+
cpu: 500m
84+
memory: 400Mi
85+
volumeMounts:
86+
- name: sys-volume
87+
mountPath: /sys
88+
readOnly: false
89+
- name: usr-src-volume
90+
mountPath: /usr/src
91+
readOnly: false
92+
- name: usr-lib-modules-volume
93+
mountPath: /usr/lib/modules
94+
readOnly: false
95+
- name: var-run-containerd-volume
96+
mountPath: /containerd
97+
readOnly: true
98+
securityContext:
99+
allowPrivilegeEscalation: true
100+
capabilities:
101+
add: ["SYS_ADMIN", "BPF", "PERFMON"]
Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
#!/bin/bash -xe
2+
3+
apt-get update -y
4+
apt-get install -y linux-headers-$(uname -r)

ebpf-pod-resize/kube-build-pod.yaml

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
apiVersion: v1
2+
kind: Pod
3+
metadata:
4+
name: kube-build-pod
5+
annotations:
6+
"ebpf-resize": '{
7+
"cname": "kube-build-ctr",
8+
"commands": ["make"],
9+
"resize": "{\"requests\":{\"memory\":\"5Gi\"},\"limits\":{\"memory\":\"5Gi\"}}"
10+
}'
11+
spec:
12+
containers:
13+
- name: kube-build-ctr
14+
image: skiibum/kube-build-arm64:v1.25
15+
imagePullPolicy: IfNotPresent
16+
command: ["tail", "-f", "/dev/null"]
17+
resources:
18+
limits:
19+
cpu: "5"
20+
memory: "50Mi"
21+
requests:
22+
cpu: "4"
23+
memory: "50Mi"
Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
#!/bin/bash -xe
2+
3+
python3 /podsnoop.py

0 commit comments

Comments
 (0)