OVH Guides

Known limits

Requirements and limits to respect

Last updated May 20, 2020.

Nodes and pods

We have tested our OVHcloud Managed Kubernetes service with up to 100 nodes and 100 pods per node.
While we are fairly sure it can go further, we advise you to keep under those limits.

In general, it's better to have several mid-size Kubernetes clusters than one monster-size one.

Delivering a fully managed service, including OS and other component updates, you will neither need nor be able to SSH as root into your nodes.

LoadBalancer

Based on a new highly-available infrastructure since late May 2020, the external load-balancer included in Managed Kubernetes Service is currently offered free-of-charge until July 1st 2020. There is a default quota of 16 external LoadBalancers per cluster.
This limit can be exceptionally raised upon request though our support team.
There is also a limit of 10 open ports on every LoadBalancer, and these ports must be in a range between 6 and 65535. (Additonally, node-ports are using default range of 30000 - 32767 , allowing you to expose 2767 services/ports).

OpenStack

Our Managed Kubernetes service is based on OpenStack, and your nodes and persistent volumes are built on it, using OVH Public Cloud. As such, you can see them in the Compute > Instances section of OVH Public Cloud Manager. It doesn't mean that you can deal directly with these nodes and persistent volumes as other cloud instances.

The managed part of OVHcloud Managed Kubernetes Service means that we have configured those nodes and volumes to be part of our Managed Kubernetes.
Please refrain from manipulating them from the OVH Public Cloud Manager (modifying ports left opened, renaming, resizing volumes...), as you could break them.

There is also a limit of 20 Managed Kubernetes Services by Openstack project (also named Openstack tenant).

Node naming

Due to known limitations currently present in the Kubelet service, be careful to set a unique name to all your Openstack instances running in your tenant including your "Managed Kubernetes Service" nodes and the instances that your start directly on Openstack through manager or API.

The usage of the period (.) character is forbidden in node name. Please, prefer the dash (-) character instead.

Ports

In any case, there are some ports that you shouldn't block on your instances if you want to keep your OVHcloud Managed Kubernetes service running:

Ports to open from public network (INPUT)

Ports to open from instances to public network (OUTPUT)

  • TCP Port 8090 (internal service): needed for nodes management by OVH

Ports to open from others worker nodes (INPUT/OUPUT)

  • UDP Port 8472 (flannel): needed for communication between pods
  • UDP Port 4789 (kube-dns internal usage): needed for DNS resolution between nodes

Private Networks

Private networks (vRack) aren't yet supported in OVHcloud Managed Kubernetes.
Please refrain from adding private networks to your working nodes instances.

Cluster health

The command kubectl get componentstatus is reporting the scheduler, the controller manager and the etcd service as unhealthy. This is a limitation due to our implementation of the Kubernetes control plane as the endpoints needed to report the health of these components are not accesible.

Persistent Volumes resizing

Kubernetes Persistent Volume Claims resizing only allows to expand volumes, not to decrease them.
If you try to decrease the storage size, you will get a message like:

The PersistentVolumeClaim "mysql-pv-claim" is invalid: spec.resources.requests.storage: Forbidden: field can not be less than previous value

For more details, please refer to the Resizing Persistent Volumes documentation documentation.


These guides might also interest you...