On Sat, Jan 30, 2016 at 9:59 AM, Gabriel Wicke gwicke@wikimedia.org wrote:
Right now, Yuvi is evaluating the Kubernetes cluster manager in labs.
Just a clarification: Yuvi has already evaluated kubernetes and it's being actively used to build an awesome replacement for at least part of what toollabs does right now. A handful of tools are already running, with success, on it for quite a long time.
Its features include scheduling of "pods" (groups of containers) to hardware nodes, networking, rolling deploys and more. While all these features provide a very high degree of automation, they also mean that failures in Kubernetes can have grave consequences. I think operations are wise to wait for Kubernetes to mature a bit further before considering it for critical production use cases.
Failures in any complex system are surely scary, but kubernetes seems stable enough to be evaluated for production use. We also had an unconference session at the WMDS about this - or better what we want to achieve by using kubernetes as a tool.
I will also stress that there are more "mature" cluster/container framework like Apache Mesos/Aurora/Marathon, but after taking a hard look at them me and Yuvi evaluated that kubernetes is way more promising for any of our use cases.
This is still a bit further away in the future, anyways. There is already a phabricator task for this, which is anyways sitting idle at the moment as it's not in our immediate roadmap. The task is by the way trying to be independent of the specific technology in describing what we actually want to achieve. Kubernetes, as any other product we might use, is just a mean to an end, and we should never be in love with any specific technology.
https://phabricator.wikimedia.org/T122822
There is also some support to run docker images in systemd, which could be an alternative if we want to avoid the dependency on the docker runtime in production.
I guess you mean containers can run within systemd, but I don't think just running containers instead of firejail would give us any practical advantage at the moment from any operational prespective, but I might miss the point.
Lets get together and figure out a plan.
Let's do it! maybe next quarter when ops are not mostly focused on the datacenter switch it will be easier, I guess :)
Cheers,
Giuseppe