Open bsctl opened 3 years ago
@prometherion do you have any concern about this enhancement?
How to handle fairness when an Owner owns multiple Tenant resources?
We would end up with duplicates matching different values, not sure how the Kubernetes controller would deal with them.
Describe the feature
Kubernetes introduced the API Priority and Fairness (APF) feature [beta in k8s 1.20] to control the behaviour of the Kubernetes API server in an overload situation. See here for details.
When multiple tenants are deployed, a buggy or malicious application running in a tenant can overload the APIs server or it can compete with other tenants and starve their applications.
Each request sent to the APIs server is matched by a
FlowSchema
. TheFlowSchema
states thePriorityLevel
for requests that match it, and assigns a Flow identifier to these requests. Flow identifiers are how the system determines whether requests are from the same source or not.The
PriorityLevels
may be configured to behave in several ways. EachPriorityLevel
gets its own isolated concurrency pool.To prevent any one tenant from monopolising a
PriorityLevel
, they may be configured to have multiple queues. The Shuffle Sharding algorithm is used to assign each flow of requests to a subset of the queues.Finally, when there is capacity to service a request, a Fair Queuing algorithm is used to select the next request. Within each priority level the queues compete with even fairness.
It would be nice to implement support for APF in Capsule:
FlowSchema
with priority just one step lower than other system controllers. This assures the Capsule Operator cannot be starved by default user generated requests.PriorityLevel
with default priority. This assures each tenant is not starved by other tenants.What would the new user story look like?
FlowSchema
is created.FlowSchema
is created/modified/deletedExpected behavior
Support for API Priority and Fairness per tenant