Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Amazon Elastic Container Service for Kubernetes (Amazon EKS) I AWS Dev Day 2018

625 visualizaciones

Publicado el

Containers are an increasingly important way for developers to package and deploy their applications and AWS offers multiple container products to help you deploy, manage, and scale containers in production. In this session we dive deep into Amazon Elastic Container Service for Kubernetes (Amazon EKS), a new managed service for running Kubernetes on AWS. Learn how Amazon EKS works, from provisioning nodes, launching pods, and integrations with AWS services such as Elastic Load Balancing and Auto Scaling.
Learn more about containers here: https://aws.amazon.com/containers/

Publicado en: Tecnología
  • Inicia sesión para ver los comentarios

Amazon Elastic Container Service for Kubernetes (Amazon EKS) I AWS Dev Day 2018

  1. 1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Kubernetes on AWS Christoph Kassen, Solutions Architect – AWS @christoph_k #AWSDevDay
  2. 2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. WHY DO WE LOVE CONTAINERS? Packaging Distribution Immutable infrastructure
  3. 3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Make AWS the BEST PLACE to run ANY containerized applications © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  4. 4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  5. 5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Open source container management platform Helps you run containers at scale Gives you primitives for building modern applications What is Kubernetes?
  6. 6. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. WHY DEVELOPERS LOVE KUBERNETES
  7. 7. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. W h y d e v e l o p e r s l o v e K u b e r n e t e s Vibrant and growing community of users and contributors
  8. 8. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why developers love Kubernetes Kubernetes can be run anywhere O N - P R E M I S E S C LO U D
  9. 9. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why developers love Kubernetes A single extensible API S C A L E P E R F O R M A N C E B R E A D T H
  10. 10. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cloud-native applications M I C R O S E R V I C E T O O L I N G N A T I V E A P P L I C A T I O N S
  11. 11. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. But where you run K8s matters Q U A L I T Y O F T H E C L O U D P L A T F O R M Q U A L I T Y O F T H E A P P L I C A T I O N S Y O U R U S E R S
  12. 12. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Let‘s deploy k8s with kops
  13. 13. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Kubernetes on AWS with kops 1. Install Binaries & Tools: kops, AWS CLI tools, kubectl 2. Set IAM User to kops 3. Allow kops user Full access to EC2, Route53, S3, IAM, VPC 4. Configure DNS or Deploy a gossip-based cluster: 5. Create a S3 bucket to save cluster config: my-kops-store 6. Set the kops environmental variables 7. Select cluster design and options for kops 1. HA, Networking, Instance types, AMI 8. Create cluster: kops create cluster and kops validate
  14. 14. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 3x Kubernetes masters for HA Kubernetes on AWS
  15. 15. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. API server Cloud controller Controller manager Scheduler Add-onsKubeDNS Kubernetes master
  16. 16. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Availability Zone 1 etcd Master etcd Master etcd Master Availability Zone 2 Availability Zone 3
  17. 17. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Availability Zone 1 etcd Master etcd Master Availability Zone 2 Availability Zone 3 etcd Master
  18. 18. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. “Run Kubernetes for me.”
  19. 19. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. “Native AWS Integrations.”
  20. 20. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ”An Open Source Kubernetes Experience.”
  21. 21. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. E L A S T I C C O N TA I N E R S E RV I C E F O R K U B E R N E T E S
  22. 22. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Tenet 1 EKS is a platform for enterprises to run production-grade workloads
  23. 23. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Tenet 2 EKS provides a native and upstream Kubernetes experience
  24. 24. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Tenet 3 If EKS customers want to use additional AWS services, the integrations are seamless and eliminate undifferentiated heavy lifting
  25. 25. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Tenet 4 EKS team actively contributes to the Kubernetes project
  26. 26. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  27. 27. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. mycluster.eks.amazonaws.com Availability Zone 1 Availability Zone 2 Availability Zone 3 kubectl
  28. 28. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo!
  29. 29. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  30. 30. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. EKS Master Autoscaling
  31. 31. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  32. 32. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon CloudWatch AWS CloudTrail Master
  33. 33. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Metrics Nodes Node exporter Pod/Container Kube-state-metrics cAdvisor Application /metrics JMX Cluster-wide Aggregator Prometheus, Heapster Visualizer Grafana, Kibana, Dashboard Data Model InfluxDB, Graphite Alerting AlertManager, Kapacitor
  34. 34. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  35. 35. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  36. 36. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Heptio IAM Authenticator An open source approach to integrating AWS IAM authentication with Kubernetes
  37. 37. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Access and Authentication IAM ROLE User X IAM ROLE Service Account Y kubectl → K8s APIs → CRUD Operations on K8s aws-cli → EKS Service APIs → CRUD Operations on Infra K8s Master Nodes K8s Master Nodes K8s Master Nodes API Server Controller Mgr kubelet etcd Cloud Controller Mgr. Scheduler Authentication Webhook Tokens Authorization RBAC Mode Admission Control NamespaceLifecyle,LimitRanger ServiceAccount,DefaultStorageClass, ResourceQuota AWS STS client side Heptio-aws-authenticator server side
  38. 38. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  39. 39. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  40. 40. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. k u b e c t l A W S A u t h c o n f i g m a p & R B A C Wo r k e r s R o l e R o l e
  41. 41. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  42. 42. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Native VPC networking with CNI plugin Pods have the same VPC address inside the pod as on the VPC Simple, secure networking Open source and on Github …{ }
  43. 43. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Nginx Pod Java Pod ENI Veth IP: 172.16.1.147 Veth IP: 172.16.1.224 Nginx Pod Java Pod ENI Veth IP: 172.16.1.38 Veth IP: 172.16.1.24 ec2.associateaddress() VPC Subnet – 172.16.1.0/24 Instance 1 Instance 2 Primary Private IP: 172.16.1.118 Secondary IPs: 172.16.1.147, 172.16.1.224, … Primary Private IP: 172.16.1.15 Secondary IPs: 172.16.1.38, 172.16.1.24, … 172.16.0.0/16
  44. 44. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Networking with CNI plugin 172.16.0.0/16 User X Service Account Y Kubectl K8s Node 2K8s Node 1 kubelet kube-proxy kubelet kube-proxy VPC Subnet per AZ 172.16.0.1/24 ENI ENIPrimary Private IP: 172.16.1.118 Secondary IPs: 172.16.1.147, 172.16.1.224…. Service: Front end POD 2 POD 3 eth0 Service: Back end POD 1 POD 4 eth0 ec2.associateaddress() L3 RouteTable veth0 Bveth0 A eth0 172.16.1.147/32 eth0 172.16.1.224/32 CNI K8s Master NodesK8s Master NodesK8s Master Nodes API Server Controller Manager kubelet etcd Scheduler kube-proxy Cloud Controller Mgr.
  45. 45. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DNS, Services and ELB 172.16.0.0/16 User X Service Account Y K8s Node 2K8s Node 1 kubelet kube-proxy kubelet kube-proxy VPC Subnet per AZ - 172.16.0.1/24 ENI ENI Service: Front end POD 2 POD 3 Service: Back end POD 1 POD 4 CNI K8s Master NodesK8s Master NodesK8s Master Nodes API Server Controller Manager kubelet etcd Scheduler kube-proxy Cloud Controller Mgr. DNS kubedns dnsmasq healthz DNS Service – Static IP POD 2 POD 2 kind: Service type: LoadBalancer
  46. 46. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  47. 47. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Kubernetes Network Policies enforce network security rules Calico is the leading implementation of the network policy API Open source, active development (>100 contributors) Commercial support available fromTigera
  48. 48. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. S T A G E S E P A R A T I O N “ T E N A N T ” S E P A R A T I O N F I N E - G R A I N E D F I R E W A L L S C O M P L I A N C E Namespaces – without network policy, they are not network isolated Reduce attack surface within microservice-based applications Isolate dev, test, and prod E.g., PCI, HIPAA
  49. 49. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  50. 50. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 1.9.31.9.4 Version 1.9 Version 1.10
  51. 51. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  52. 52. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Kubectl Workers PrivateLink Interface Amazon EKS
  53. 53. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  54. 54. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Kubelet on Fargate Run virtual-kubelet on Fargate https://www.contentful.com/blog/2018/04/10/sailing-into-infinity-seamlessly- managed-serverless-containers-using-kubernetes-and-aws-fargate/
  55. 55. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Prioritizing open source
  56. 56. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Open source Kubernetes community C O D E R E V I E W S F I X I N G B U G S I M P L E M E N T I N G N E W F E AT U R E S
  57. 57. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AMAZON CONTAINER SERVICES (coming 2018)
  58. 58. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Questions?
  59. 59. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://aws.amazon.com/containers

×