Más contenido relacionado La actualidad más candente (20) Similar a Breaking the Monolith using AWS Container Services (20) Más de Amazon Web Services (20) Breaking the Monolith using AWS Container Services1. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Breaking the Monolith using
AWS Container Services
M A P 0 0 4
Marek Kuczynski Bernard Grymonpon
Sr. Solutions Architect Engineering Lead
Amazon Web Services Showpad
2. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
Modern application development
Monolith Microservices
Does everything
Shared release pipeline
Rigid scaling
High impact of change
Hard to adopt new technologies
Does one thing
Independent deployments
Independent scaling
Small impact of change
Choice of technology
3. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
Mobile
client
Client
IoT
A microservice architecture
API
Gateway
Account DB
Shipping DB
Inventory DB
Store Front
Web App
Account
Lookup
Shipment
Query
Inventory
Query
4. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
Recap: What is a container?
Runtime
Code
Dependencies
Single, immutable object
Deploy your container anywhere
Easy to update using Dockerfiles
5. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
At first there was
Amazon EC2
Then Docker!
EC2 Instance
Containers
Available since 2006 Available since 2013
6. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
Containers have become the standard for how to ship and
run your application in the cloud
7. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
Manually downloading and launching containers by hand is
inefficient and error prone
8. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
“Now launch 10 copies of my
container distributed across three
availability zones and connect
them to this load balancer”
“Here is a cluster of EC2
instances to use to run my
applications”
9. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
EC2 based clusters require work!
Patching and Upgrading OS, agents, etc.
Scaling the number of instances in the cluster
for optimal utilization according to the number
of containers you need to run
ECS
Agent
Docker
AgentOS
EC2 Instance
10. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
“Just launch 10 copies of
my container distributed
across three availability
zones and connect them
to this load balancer”
X 10
11. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
AWS native container stack
MANAGEMENT
The API interface you use to launch applications
Tracks application state and connects application
to other resources like load balancers
HOSTING
Containers run on demand
No capacity planning needed
Automatically updated and patched infrastructure
IMAGE REGISTRY
Stores your docker container right there
in the datacenter where you will run it
12. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Core concepts of AWS Fargate
13. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
Version controlled description of your
application: Image URL, CPU & Memory
requirements, environment variables, etc
register
Task Definition
create
Cluster
• Infrastructure Isolation boundary
• IAM Permissions boundary
run
Task
• A single running copy
of your application
container
create
Service
Elastic Load
Balancer
• Maintain n running copies
• Integrated with ELB
• Crashed containers
automatically replaced
Fargate constructs
14. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
Fargate task configurations
50 different CPU/Memory configurations to choose from
CPU Memory
256 (.25 vCPU) 512MB, 1GB, 2GB
512 (.5 vCPU) 1GB, 2GB, 3GB, 4GB
1024 (1 vCPU) 2GB, 3GB, 4GB, 5GB, 6GB, 7GB, 8GB
2048 (2 vCPU) Between 4GB and 16GB in 1GB increments
4096 (4 vCPU) Between 8GB and 30GB in 1GB increments
15. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
Configurable networking
172.31.0.0/16
Subnet
172.31.1.0/24
Internet
Other Entities in VPC
EC2 LB DB etc.
Private IP
172.31.1.164
Explicit control for your containers networking:
• Subnet placement, specific IP address ranges
• Private IP address, possible to use public too
• Security group to control traffic
• Can use in combination with ELB or PrivateLink
Under the hood:
• AWS creates an Elastic Network Interface (ENI)
• The ENI is allocated a private IP from your subnet
and attached to the task
• Optionally, you can also give it a public IP address
if its in a public subnet with internet access
ENI Fargate
TaskPublic /
208.57.73.13 /
16. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
CloudWatch Logs
Logs Tab in the
Task Detail Page
17. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
Access Management
Cluster
Permissions
Application
Permissions
Task
Housekeeping
Permissions
Cluster
Fargate Task
Cluster Permissions
Control who can launch/describe tasks in your cluster
Application Permissions
Allows your application containers to access AWS
resources securely
Housekeeping Permissions
Allows us to perform housekeeping activities around
your task:
• ECR Image Pull
• Cloudwatch logs pushing
• ENI creation
• Register/Deregister targets into ELB
18. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
Building a CI/CD pipeline for containers
Developers AWS
CodeCommit
AWS
CodePipeline
AWS CodeBuild
AWS
CloudFormation
Amazon ECS
Amazon ECR
19. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Running Kubernetes on AWS
20. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
Open source container
management platform
Helps you run
containers at scale
Gives you primitives
for building
modern applications
What is Kubernetes?
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
21. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
Amazon Elastic Container Service for Kubernetes
Managed Kubernetes on AWS
Highly available Automated
version upgrades
Integration with
other AWS
services
Etcd
Master
Managed
Kubernetes
control plane
CloudTrail, CloudWatch,
ELB, IAM, VPC,
PrivateLink
22. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
Community, contribution, choice
23. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
mycluster.eks.amazonaws.com
Availability
Zone 1
Availability
Zone 2
Availability
Zone 3
kubectl
on your
machine
Amazon EKS architecture
24. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
VPC
Kubernetes control plane
Highly available and single
tenant infrastructure
Uses “native AWS” components,
such as VPC networking and
ELB integration
AWS takes care of patching and
maintenance of control plane
NLB
Amazon
EKS
Multiple Availability Zones
Backend
API Servers
25. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
Provisioning EKS worker nodes on EC2
You can deploy EKS worker nodes as follows;
• Through AWS CloudFormation stacks developed by AWS
• Using the ”eksctl” tool; https://github.com/weaveworks/eksctl
• Several third party integrations are available as well (Terraform,
Pulumi, Rancher, etc.)
Fargate support for EKS is coming later this year
26. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
AWS Identity and Access Management (IAM)
Authentication
kubectl
3) Authorizes AWS identity with RBAC
K8s API
1) Passes AWS identity
2) Verifies AWS identity
4) K8s action
allowed/denied
27. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Showpad – customer use case
Bernard Grymonpon
Engineering Lead
Showpad
28. 2011
Founded and
signed our first
customer
2016 2017
Showtime launch
(now the biggest annual sales enablement
conference in Europe)
2018
2013
Incorporated
Showpad in US
2016 2018
Series C investment
round
(led by Insight Venture Partners )
Opening Chicago
Office
Leader in the
Forrester Wave
2019
Platform
release
Welcome
Learncore and Voicefox
teams
Our Story
29. 90%
YoY growth rate
1200+
Customers in 50+
countries
7 Locations
400
Employees
$120M
Funding
Partners
Ghent - London
Chicago - Portland
San Francisco
Munich - Wroclaw
2019: +250 Employees
Facts
30. Showpad ❤ Kubernetes
Kubernetes v1.2 Production usage
Prepare Staging
Immutable Kubernetes Future ...
April 2016
Summer 2016
Q1 2017 Q1 2019
+2500 containers
2018 2019-
32. Why?
Allows us to focus on core
Unifies tooling and procedures
We can easily swap when needed
33. Spot nodes
Nov 2018 ASG with multiple instance types
• Mix instance types in a ASG
• Mix spot & on-demand
• Baselines for on-demand
Perfect for (our) Kubernetes nodes
34. Kubernetes Spot Node lifecycle
K8S requires
addi7onal node
Spot node is
added to the
cluster
We cordon / drain
the node
(2 minutes)
ASG is
increased
Termination
event triggers
If needed, ASG is
increased again
Node is terminated
39. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
AWS container services landscape
Management
Deployment, scheduling, scaling,
& management of containerized
applications
Hosting
Where the containers run
Amazon Elastic
Container Service
Amazon Elastic
Container Service
for Kubernetes
Amazon EC2 AWS Fargate
Image registry
Container image repository
Amazon Elastic
Container Registry
40. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
New: AWS Cloud Map
Service discovery for all your cloud resources
Constantly monitor the health of every resource
Dynamically update the location of each microservice
Increase developer productivity
Single registry for all app resources
Define resources with user-friendly names
Integration with Amazon container services
AWS Fargate
Amazon ECS
Amazon EKS
AWS
Cloud
Map
41. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
New: AWS App Mesh
Observability & traffic control
Easily export logs, metrics, and traces
Client side traffic policies—circuit breaking, retries
Routes for deployments
Works across clusters and container services
Amazon ECS
Amazon EKS
Kubernetes on EC2
AWS Fargate (coming soon!)
AWS built and run
No control plane to manage
Ease of operations
High scale
42. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential
Public container roadmap for ECR/ECS/EKS
Take a look at https://github.com/aws/containers-roadmap/projects/1
43. Thank you!
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Marek Kuczynski Bernard Grymonpon
Sr. Solutions Architect Engineering Lead
Amazon Web Services Showpad
@marekq @wonko_be
marekku@amazon.nl bernard.grymonpon@showpad.com
44. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Please complete the
session survey.