Skip to content

Instantly share code, notes, and snippets.

@ConnorDoyle
Last active April 30, 2017 23:13
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ConnorDoyle/ddfa508473de5c77a0fc931b13f1ff49 to your computer and use it in GitHub Desktop.
Save ConnorDoyle/ddfa508473de5c77a0fc931b13f1ff49 to your computer and use it in GitHub Desktop.

Extended resource isolation demo

Start a local cluater

sudo KUBELET_FLAGS="--enable-extended-isolation --node-labels=cgroup-cpuset-cpus-isolator=enabled" ./hack/local-up-cluster.sh

Build the cpuset isolator image

cd cluster/addons/iso-client/coreaffinity
sudo GOPATH=$GOPATH make docker

Run a test pod and view the effective cpus-allowed

kubectl create -f cluster/addons/iso-client/examples/cpuset-visualizer-0.yaml --validate=false
kubectl get pods -o json | jq ".items[].status.podIP"

Explain the policy implemented by the isolator

TODO

Create the RBAC profile and isolator daemonset

kubectl create -f cluster/addons/iso-client/examples --validate=false
kubectl get pods --namespace=kube-system

Show advertised opaque integer resources

kubectl get node -o json | jq ".items[0].status.capacity"

Get the pod's IP addresses (two test pods are newly created)

kubectl get pods -o json | jq ".items[].status.podIP"

Open each in a browser

isolation-example

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment