A compiled list of links to public failure stories related to Kubernetes. Most recent publications on top.
- 10 Ways to Shoot Yourself in the Foot with Kubernetes, #9 Will Surprise You - Datadog - KubeCon Barcelona 2019
- involved: CoreDNS,
ndots:5, IPVS conntrack,imagePullPolicy: Always, DaemonSet, NAT instances,latesttag, API serverOOMKill, kube2iam, cluster-autoscaler, PodPriority, audit logs,spec.replicas, AWS ASG rebalance, CronJob, Pod toleration, zombies,readinessProbe.exec, cgroup freeze, kubectl - impact: unknown, API server outage, pending pods, slow deployments
- involved: CoreDNS,
- How Spotify Accidentally Deleted All its Kube Clusters with No User Impact - Spotify - KubeCon Barcelona 2019
- involved: GKE, cluster deletion, browser tabs, Terraform, global state file, git PRs, GCP permissions
- impact: no impact on end users
- Kubernetes Failure Stories - Zalando - KubeCon Barcelona 2019
- involved: Skipper-Ingress, AWS,
OOMKill, high latency, CronJob, CoreDNS,ndots:5, etcd, CPU throttling - impact: multiple production outages
- involved: Skipper-Ingress, AWS,
- Oh Sh*t! The Config Changed! - Pusher - KubeCon Barcelona 2019
- involved: AWS, nginx, ConfigMap change
- impact: production outage
- Misunderstanding the behaviour of one templating line - Skyscanner - blog post 2019
- involved: HAProxy-Ingress, Service VIPs, Golang templating
- impact: Significantly increased latency, 5XXs thrown from some services
- All pods scheduled to same failing host - Moonlight - postmortem 2019
- involved: Google Kubernetes Engine, scheduler, anti-affinity rules
- impact: major production outage, 100% traffic loss
- The shipwreck of GKE Cluster Upgrade - Loveholidays GKE - blog post 2019
- involved: GCP Ingress, GKE Cluster, nodes
- impact: critical drop in pod availability, loss of ingress, 2 hour maintenance lasting 7 hours
- Breaking Kubernetes: How We Broke and Fixed our K8s Cluster - Civis Analytics - blog post 2019
- involved: AWS, kops, large clusters, batch jobs infrastructure, Datadog, API server, DNS, CPU throttling
- impact: production outage
- Let's talk about Failures with Kubernetes - Zalando - Hamburg meetup 2019
- involved: AWS,
NotReadynodes, ELB dynamic IPs, Ingress, API server, CronJob, CoreDNS,OOMKill, kubelet memory leak, CPU throttling - impact: production outages
- involved: AWS,
- Total DNS outage in Kubernetes cluster - Zalando - postmortem 2019
- involved: AWS, DNS, CoreDNS,
OOMKill,ndots:5, HTTP retries - impact: production outage
- involved: AWS, DNS, CoreDNS,
- Maximize learnings from a Kubernetes cluster failure - NU.nl - blog post 2019
- involved: AWS,
NotReadynodes,SystemOOM, Helm, ElastAlert, no resource limits set - impact: user experience affected for internally used tools and dashboards
- involved: AWS,
- Kubernetes Load Balancer Configuration - Beware when draining nodes - DevOps Hof - blog post 2019
- involved: GCP Load Balancer,
externalTrafficPolicy, ingress-nginx - impact: total ingress traffic outage
- involved: GCP Load Balancer,
- On Infrastructure at Scale: A Cascading Failure of Distributed Systems - Target - Medium post January 2019
- involved: on-premise, Kafka, large cluster, Consul, Docker daemon, high CPU usage
- impact: development environment outage
- How NOT to do Kubernetes - Sr.SRE Medya Ghazizadeh - Google - Cloud Native Meetup Sep 2018
- involved: public container registery, ingress wild card, image size, replica count, 12factor
- impact: security, stablity of clusters.
- Running Kubernetes in Production: A Million Ways to Crash Your Cluster - Zalando - DevOpsCon Munich 2018
- involved: AWS, Ingress, CronJob, etcd, flannel, Docker, CPU throttling
- impact: production outages
- Outages? Downtime? - Veracode - blog post 2018
- involved: AWS, AWS IAM, region migration, kubespray, Terraform, pod CIDR
- impact: QA/dev cluster outage
- NRE Labs Outage Post-Mortem - NRE Labs - blog post 2018
- involved: GCP, kubeadm, etcd, Terraform,
livenessProbe - impact: production outage
- involved: GCP, kubeadm, etcd, Terraform,
- A Perfect DNS Storm - Toyota Connected - blog post 2018
- involved: Azure, DNS,
ndots:5, Alpine musl libc - impact: DNS resolution failures
- involved: Azure, DNS,
- Kubernetes and the Menace ELB, the tale of an outage - Turnitin - blog post 2018
- involved: AWS, kube-aws, ELB dynamic IPs, API server, kubelet,
NotReadynodes - impact: 15 minutes cluster outage
- involved: AWS, kube-aws, ELB dynamic IPs, API server, kubelet,
- Moving the Entire Stack to K8s Within a Year – Lessons Learned - ThredUP - DevOpsStage 2018
- involved: AWS, kops, HAProxy,
livenessProbe, DNS, too many open files - impact: unknown outages, DNS errors
- involved: AWS, kops, HAProxy,
- AirMap Platform Service Outage - AirMap - incident report 2018
- involved: Azure,
NotReadynodes, kubelet PLEG, CNI - impact: production AirMap platform outage
- involved: Azure,
- Anatomy of a Production Kubernetes Outage - Monzo - KubeCon Europe 2018
- involved: AWS, etcd, Linkerd,
NullPointerException, gRPC client, services without endpoints, incompatible Kubernetes API change - impact: production ledger/platform outage
- involved: AWS, etcd, Linkerd,
- Stories from the Playbook - Google - KubeCon Europe 2018
- involved: GKE, etcd, Docker daemon, Image registry, dnsmasq vulnerabilities
- impact: production outage
- 101 Ways to "Break and Recover" Kubernetes Cluster - Oath/Yahoo - KubeCon Europe 2018
- involved: on-premise, namespace deletion, domain name collision,
NotReadynodes, etcd empty dir, TLS certificate refresh, DNS issues, OOM - impact: unknown cluster outages
- involved: on-premise, namespace deletion, domain name collision,
- 101 Ways to Crash Your Cluster - Nordstrom - KubeCon North America 2017
- involved: AWS,
NotReadynodes, OOM, eviction thresholds, ELB dynamic IPs, kubelet, cluster autoscaler, etcd split - impact: full production cluster outage, other outages
- involved: AWS,
- Major Outage: Current account payments may fail - Monzo - Monzo Community post 2017
- involved: AWS, etcd, Linkerd,
NullPointerException, services without endpoints - impact: major production outage, full platform outage, current account payments fail
- involved: AWS, etcd, Linkerd,
- Fallacies of Distributed Computing with Kubernetes on AWS - Zalando - AWS User Group Hamburg October 2017
- involved: AWS, unhealthy nodes, Ingress, CronJob
- impact: production outage
- Search and Reporting Outage - Universe - incident report 2017
- involved: Job,
RestartPolicy, consume node resources - impact: production Universe search and reporting outage
- involved: Job,
- Our First Kubernetes Outage - Saltside - blog post 2017
- involved: AWS, kops, Helm,
NotReadynodes, resource exhaustion - impact: nonproduction cluster outage
- involved: AWS, kops, Helm,
- Our Failure Migrating to Kubernetes - Saltside - blog post 2017
- involved: AWS, kops, ELB,
BackendConnectionErrors,LoadBalancerservice - impact: aborted application migration
- involved: AWS, kops, ELB,
- SaleMove US System Issue - SaleMove - incident report 2017
- involved: AWS, ELB dynamic IPs, DNS
Arecord for master, API server - impact: production issues with SaleMove US System
- involved: AWS, ELB dynamic IPs, DNS
Kubernetes is a fairly complex system with many moving parts. Its ecosystem is constantly evolving and adding even more layers (service mesh, ...) to the mix. Considering this environment, we don't hear enough real-world horror stories to learn from each other! This compilation of failure stories should make it easier for people dealing with Kubernetes operations (SRE, Ops, platform/infrastructure teams) to learn from others and reduce the unknown unknowns of running Kubernetes in production. For more information, see the blog post.
Please help the community and share a link to your failure story by opening a Pull Request! Failure stories can be anything like blog posts, conference/meetup talks, incident postmortems, tweetstorms, ...
I would also be glad to hear about your failure stories on Twitter: my handle is @try_except_