SlideShare una empresa de Scribd logo
1 de 44
Descargar para leer sin conexión
JUNE FANATICAL
SUPPORT FOR
AWS CUSTOMER
WEBINAR:
AMAZON EKS
• WARNING : This session
will be recorded !
AWS EKS
(ELASTIC
KUBERNETES
SERVICE)
4
AGENDA
• Introduction & Recap
• Kubernetes
• EKS
• ECR
• AWS & CONTAINERS
• Q & A (You can ask questions in
chat at anytime)
5
AGENDA
• Introduction & Recap
• Kubernetes
• EKS
• ECR
• AWS & CONTAINERS
• Q & A (You can ask questions in
chat at anytime)
6
CONTAINER VS VM
Host OS
Hypervisor
App A
Binaries
Guest OS
(Windows)
App B
Binaries
Guest OS
(Linux)
Host OS
Container
Engine
App A
Binaries
OS
Image
(Ubuntu)
App B
Binaries
OS image
(Red Hat)
The same Host Kernel
VM CONTAINER
Hardware
Emulation
7
THE ECOSYSTEM
Container PaaS
A software package that contains
everything the software needs to
run; executables system tools,
libraries, and settings.
• Docker
• LXC
Container Orchestration
Container
Automating the process of
deploying multiple containers to
implement an application
• Docker Swarm
• Apache Mesos
• Kubernetes
A platform as-a-service that
provides a fully managed
container platform
• AWS EKS
• GKE (Google Kubernetes Engine)
• RedHat OpenShift
8
THE CONTAINER BENEFITS
• Look Cool – The cool kids are doing this.
• Consistency - Predictable environments that include software dependencies
such as specific versions of programming language runtimes and other software
• Portability – Consistency drives the portability no matter where the application
is ultimately deployed
• Faster – Low overhead ensures faster boot time (order of seconds)
• Better Economics – Lower overhead than a VM ensures better hardware use
9
DOCKER BASICS
Docker Client
docker pull
Dockerfile
docker build
docker run
Docker Registry
Docker Hub
docker push
Docker Host
docker daemon
docker API
Running containers
10
DOCKER BASICS
• https://docs.docker.com/engine/getstarted/
• https://github.com/docker/labs
11
AGENDA
• Introduction & Recap
• Kubernetes
• EKS
• ECR
• AWS & CONTAINERS
• Q & A (You can ask questions in
chat at anytime)
12
WHAT IS KUBERNETES
§ K.1.2.3.4.5.6.7.8.s (k8s)
§ Ancient Greek for “Pilot” or ”Helmsman”
§ Google’s opinionated Container management framework
13
IT IS MORE THAN GOOGLE
• Open source (Apache 2.0 license)
• Part of CNCF (Cloud Native Computing Foundation)
• RedHat , IBM, Vmware, Pivotal & Microsoft are
contributing to it
14
AND IS WINNING…
§ The Container Management Battle
• Google has support for K8s
• Docker has support for K8s
• AWS has support for K8s
• Azure has support for K8s
• Red Hat Openshift uses K8s
15
KUBERNETES DESIGN GOALS
§ Primary goal is distributed micro services
§ But can cater for more traditional or stateful services
• Concept of statefulsets in 1.9/1.10 (persistent
storage, graceful deployment and termination,
network identifiers)
16
KUBERNETES DESIGN PRINCIPLES
§ Application defines/declares desired state, K8s maintains it
§ Lots of primitives to help with container-centric infrastructure
• Scheduling
• Auto-restarting/Auto-healing
• Application monitoring
• Service discovery & naming
• Secret management
• Storage
17
EXTENSIBLE
• Extensible – API for Plugins
• Calico/Flannel – Overlay networks
• CoreDNS – Service discovery using DNS
18
K8S DESIGN
18
Good to know but not
critical if you are an
end user consuming a
K8s PaaS like Google
GKE or AWS EKS
API SERVER
etcd
SCHEDULER
CONTROLLER
MANAGER
Master
KUBELET
KUBEPROXY
CADVISOR
Node
PLUGINS
KUBELET
KUBEPROXY
CADVISOR
Node
PLUGINS
Cluster Architecture
KUBECTL
Developer
Operator
KOPS
19
KUBERNETES CLUSTER ARCHITECTURE
§ Master – Runs the control plane and is the heart of the system
• Etcd – Configuration and metadata store
• API server – REST based API
• Scheduler – Schedules Activites (Pods etc)
• Controller Manager server – Cluster operations (adding nodes)
• Minion – The worker nodes
• Cluster – Master + Minions
20
KUBERNETES CLUSTER ARCHITECTURE
§ Kubelet - Agent that runs on nodes and provides the execution
arm for activities (e.g deploying pods)
§ Kube-proxy – Network proxy for load balancing, port mapping
§ cAdvisor – Container advisor. Resource usage and performance
characteristics of running containers
§ Kubectl – Kubernetes CLI (cluster management and
deployment)
§ Kops – Kubernetes cluster manager
21
21
KUBERNETES CONCEPTS & TERMINOLOGY
Deployment:
auth
Image - auth:stable
Replicas - 10
Container Port - 10080
Label -app:auth
Pod: auth-fm8lzPod: auth-qwc4df
Deployments - Declares
desired state for Pods &
ReplicaSets.
Pods - Runs of one or
more containers. Basic
building block
ReplicaSets - Ensures that
a specified number of
pods are running
Service: auth
Port: 80
Node Port: <service>
Target Port : 10080
DNS:
auth.default.cluster.local
IP: X.X.X.X or
LoadBalancer :a469bd69f-XXXXX.us-west-
2.elb.amazonaws.com
Services – Services binds deployments into a “service”
• Creates Endpoints or load balancer
• Auto-update service with DNS Names and SRV
records
• Updates resources whenever Pods in it change
Labels & Label
Selectors - Labels are
key value pairs for
identifying objects.
Label sector matches
labels to rules
E.g. environment =
production &&
application = auth
22
22
Deployment:
auth
Image - auth:stable
Replicas - 10
Container Port - 10080
Label -app:auth
Pod: auth-fm8lzPod: auth-qwc4df
Service: auth
IP: 1.1.1.1 or
LoadBalancer :a469bd69f-XXXXX.us-west-
2.elb.amazonaws.com
Namespace: dev
Deployment:
auth
Image - auth:stable
Replicas - 10
Container Port - 10080
Label -app:auth
Pod: auth-fm8lzPod: auth-qwc4df
Service: auth
Port: 80
Node Port: <service>
Target Port : 10080
DNS: auth.prod.cluster.local
IP: 2.2.2.2 or
LoadBalancer :6rtfj5i9bd69f-XXXXX.us-west-
2.elb.amazonaws.com
Namespace: prod
Port: 80
Node Port: <service>
Target Port : 10080
DNS: auth.dev.cluster.local
Namespaces –Logical
environments inside the
same physical cluster
Typically used with different
teams or different
environments
(staging/production)
Services can have same
names across namespaces
DNS entries are updated in
relation to namespaces
KUBERNETES CONCEPTS & TERMINOLOGY
23
KUBERNETES CONCEPTS & TERMINOLOGY
§ StatefulSet - Introduced in version 1.10 and is like a deployment but
provides guarantees about the ordering and uniqueness of these Pods
(Sticky identity)
§ DaemonSets – Run something on every node. E.g Log collection or storage
daemon
§ Job – Creates one of more Pods and ensures a specified number are
successful. Can be used to run multiple pods in parallel
24
AGENDA
• Introduction & Recap
• Kubernetes
• EKS
• ECR
• AWS & CONTAINERS
• Q & A (You can ask questions in
chat at anytime)
25
EKS (MANAGED KUBERNETES)
§ Fully managed Kubernetes cluster
§ High availability
§ Managed Upgrades
§ Automatically detects and replaces
unhealthy masters
§ Integrated
§ IAM Support
§ VPC Support
§ Autoscale models
§ Cloudwatch & Cloudtrail support
26
EKS (MANAGED KUBERNETES)
§ Certified Kubernetes Conformant
§ https://github.com/cncf/k8s-conformance
§ Kubernetes versions
• Currently 1.10
• Choice of 3 most recent versions (going forward)
• All the existing plugins and tooling from the Kubernetes
community supported on your workers
§ Open source theme
§ Many components are open source
27
EKS PRICING
• $0.20 per hour per cluster (About 144 per month)
• You also pay for worker node resources
- EC2 (instance sizes, reserved instances)
- EBS (Elastic Block Storage)
- Load balancer
- Bandwidth
28
EKS CLUSTER CREATION
Prerequisites
Provision
cluster
Provision
worker
nodes
Node
Registration
Add-ons
- IAM Role for EKS
- VPC with two AZs
- Public + private
subnets
- Security group
- Kubectl
- Cluster name
- Version
- IAM role
- VPC and Subnets
- Security Groups
- EC2 instances
- Count
- Autoscale
configuration
- VPC and Subnets
- Security Groups
- Apply
configuration
map
- Network
plugins
- Storage
profiles
- etc
30
EKS NETWORKING
• A new open source VPC plugin – CNI (Container Network Interface)
- Allows pods to have the same IP address as they do on the VPC network
- Can be used with EC2 based K8s
• This plugin does the following
- Attaches network interfaces and allocates IPs to the K8s nodes
- Maintains a "warm pool" of IP addresses for assignment
- Configures networking on each node
- Use Iptables at the host level for NAT etc (yes, it does)
31
EKS NETWORKING - CALICO
• Support for Calico, a network policy engine for Kubernetes
• Enables the implementation of network segmentation and tenant
isolation
- E.g. To separate the same cluster from different environments
• Works similar to security groups
- Create network ingress and egress rules,
- Assign network policies
- But applies to pods using pod selectors and labels
32
EKS USER MANAGEMENT
• Two part auth; AWS IAM + K8s RBAC
• Uses Heptio authenticator plugin
• User creation steps
- Create an IAM User or Role
- Edit K8s config map to add to the K8s environment
- Add IAM User or Role
- Apply RBAC permissions
33
EKS AUTOSCALING
Deployments
• Scaling Control Plane
• Transparently managed by AWS
Worker Nodes
Cluster
• Same as EC2 autoscaling.
• Autoscale policies (e.g. using CPU or RAM)
• Pod Autoscaler (Horizontal scaling)
• Needs to be
designed in
conjunction
34
EKS LIMITATIONS & CONSIDERATIONS
• US West (Oregon) and US East (N.Virginia) only
• Limitations with ELB
- Native support for classic type
- Beta support for the application load balancer
- Alpha support for the network load balancer
• Limits to secondary IPs by instance types
- Impacts your Pod architecture
35
EKS LIMITATIONS & CONSIDERATIONS
• No Cloudwatch for the Cluster
- You can use your own plugins
• Security groups work at the ENI level and not the Pod
level. Limits isolation between Pods.
- Plugins like Calico can help overcome this
• Persistent volumes are limited to block(EBS). No EFS
support.
• No Fargate support
- Roadmap item for 2018
36
EKS(CONTAINER) BEST PRACTICES
• 12-factor app; https://12factor.net/ Best practices for
micro-services
• Have a logging strategy; i.e. consolidate logs from start
- Send application logs to Stdout and Stderr
37
EKS BEST PRACTICES
• Use separate clusters for environment separation
• Design networking requirements to match EC2 limits
• Autoscale models need to be careful consideration
(Deployments + EC2 autoscale)
• Version control Kubernetes configuration files
• Use Kubernetes labels and match them with AWS tags
38
EKS FURTHER READING PLAYING
• https://github.com/aws-samples/aws-workshop-for-kubernetes
• https://kubernetes.io/docs/setup/minikube/
39
AGENDA
• Introduction & Recap
• Kubernetes
• EKS
• ECR
• AWS & CONTAINERS
• Q & A (You can ask questions in
chat at anytime)
40
ECR
• Very simple service
• Same as Docker Hub
• Highly available Docker repository
• Integrated into IAM
• Lifecycle policies
41
ECR
• Only pay for data stored and the network transfer
• Can be used with on-premise Docker setups (with AWS cli)
• No public images (needs an IAM user)
• No private VPC endpoints (you are accessing over a public HTTPS
interface)
42
AGENDA
• Introduction & Recap
• Kubernetes
• EKS
• ECR
• AWS & CONTAINERS
• Q & A (You can ask questions in
chat at anytime)
43
AWS CONTAINER ECOSYSTEM
DIY EC2 ECS EKS Fargate
Cluster management Customer managed AWS managed AWS managed AWS managed
Cluster Control Full Partial Partial None
Instance(worker node)
Management
Customer managed Customer managed Customer managed AWS managed
Instance control Full Full Full None
Docker control Full Full Full Limited
Container orchestration You decide AWS proprietary and open
source schedulers
Kubernetes and open source
schedulers
AWS proprietary
Pricing model EC2 instances, EBS volumes EC2 instances, EBS volumes EKS control plane costs, EC2
instances, EBS volumes
ECS Tasks
Administrative Overhead Clusters, Worker Nodes,
Containers
Worker Nodes, Containers Worker Nodes, Containers Containers
Typical use cases • Highest degree of control
• Bleeding edge options
• Portable (assuming no
other AWS integration)
• Fully functional micro-
services
• Mix and Match with
Fargate
• Fully functional micro-
services
• Cross platform/clouds
• On demand jobs
• Small micro-services
• Mix and Match with ECS
• EKS support coming soon
44
RACKSPACE & CONTAINERS
• ECS
• Already in our spheres of management
• EKS - We are working on
• Finishing support enablement & internal documentation
• Finalizing our spheres of management document
• Managed Kubernetes
• Launched managed Kubernetes on OpenStack.
• Roadmap to extend that to cloud platforms
• Professional Services
• Application transformation services to build container-based architecture
45
AGENDA
• Introduction & Recap
• Kubernetes
• EKS
• ECR
• AWS & CONTAINERS
• Q & A
Slides and Recording will be shared

Más contenido relacionado

La actualidad más candente

Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon Web Services
 
Kubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive OverviewKubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive OverviewBob Killen
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesKubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesSlideTeam
 
Introduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopIntroduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopBob Killen
 
Dockers and kubernetes
Dockers and kubernetesDockers and kubernetes
Dockers and kubernetesDr Ganesh Iyer
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetesMichal Cwienczek
 
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...SlideTeam
 
Docker and kubernetes_introduction
Docker and kubernetes_introductionDocker and kubernetes_introduction
Docker and kubernetes_introductionJason Hu
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetesRishabh Indoria
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetesGabriel Carro
 
Lets talk about: Azure Kubernetes Service (AKS)
Lets talk about: Azure Kubernetes Service (AKS)Lets talk about: Azure Kubernetes Service (AKS)
Lets talk about: Azure Kubernetes Service (AKS)Pedro Sousa
 
Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Megan O'Keefe
 

La actualidad más candente (20)

Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for Kubernetes
 
Kubernetes
KubernetesKubernetes
Kubernetes
 
Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes Basics
 
Kubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive OverviewKubernetes - A Comprehensive Overview
Kubernetes - A Comprehensive Overview
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesKubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
 
Introduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopIntroduction to Kubernetes Workshop
Introduction to Kubernetes Workshop
 
Dockers and kubernetes
Dockers and kubernetesDockers and kubernetes
Dockers and kubernetes
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
 
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...
 
Docker and kubernetes_introduction
Docker and kubernetes_introductionDocker and kubernetes_introduction
Docker and kubernetes_introduction
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
 
Intro to kubernetes
Intro to kubernetesIntro to kubernetes
Intro to kubernetes
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
 
Lets talk about: Azure Kubernetes Service (AKS)
Lets talk about: Azure Kubernetes Service (AKS)Lets talk about: Azure Kubernetes Service (AKS)
Lets talk about: Azure Kubernetes Service (AKS)
 
Deep Dive - CI/CD on AWS
Deep Dive - CI/CD on AWSDeep Dive - CI/CD on AWS
Deep Dive - CI/CD on AWS
 
Advanced Container Security
Advanced Container Security Advanced Container Security
Advanced Container Security
 
Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)
 
01. Kubernetes-PPT.pptx
01. Kubernetes-PPT.pptx01. Kubernetes-PPT.pptx
01. Kubernetes-PPT.pptx
 

Similar a Elastic Kubernetes Services (EKS)

aks_training_document_Azure_kuberne.pptx
aks_training_document_Azure_kuberne.pptxaks_training_document_Azure_kuberne.pptx
aks_training_document_Azure_kuberne.pptxWaseemShare
 
ECS and Docker at Okta
ECS and Docker at OktaECS and Docker at Okta
ECS and Docker at OktaJon Todd
 
Docker clusters on AWS with Amazon ECS and Kubernetes
Docker clusters on AWS with Amazon ECS and KubernetesDocker clusters on AWS with Amazon ECS and Kubernetes
Docker clusters on AWS with Amazon ECS and KubernetesJulien SIMON
 
EKS New features - Re:invent 2022 recap at AWSUGNL Benelux
EKS New features - Re:invent 2022 recap at AWSUGNL BeneluxEKS New features - Re:invent 2022 recap at AWSUGNL Benelux
EKS New features - Re:invent 2022 recap at AWSUGNL BeneluxMasoom Tulsiani
 
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMwareVMUG IT
 
DevJam 2019 - Introduction to Kubernetes
DevJam 2019 - Introduction to KubernetesDevJam 2019 - Introduction to Kubernetes
DevJam 2019 - Introduction to KubernetesRonny Trommer
 
Kubernetes Basics - ICP Workshop Batch II
Kubernetes Basics - ICP Workshop Batch IIKubernetes Basics - ICP Workshop Batch II
Kubernetes Basics - ICP Workshop Batch IIPT Datacomm Diangraha
 
Kubernetes for Enterprise DevOps
Kubernetes for Enterprise DevOpsKubernetes for Enterprise DevOps
Kubernetes for Enterprise DevOpsJim Bugwadia
 
Container orchestration k8s azure kubernetes services
Container orchestration  k8s azure kubernetes servicesContainer orchestration  k8s azure kubernetes services
Container orchestration k8s azure kubernetes servicesRajesh Kolla
 
Eks and fargate
Eks and fargateEks and fargate
Eks and fargateAsaf Abres
 
Kubernetes Introduction & Whats new in Kubernetes 1.6
Kubernetes Introduction & Whats new in Kubernetes 1.6Kubernetes Introduction & Whats new in Kubernetes 1.6
Kubernetes Introduction & Whats new in Kubernetes 1.6Opcito Technologies
 
Application portability with kubernetes
Application portability with kubernetesApplication portability with kubernetes
Application portability with kubernetesOleg Chunikhin
 
Pro2516 10 things about oracle and k8s.pptx-final
Pro2516   10 things about oracle and k8s.pptx-finalPro2516   10 things about oracle and k8s.pptx-final
Pro2516 10 things about oracle and k8s.pptx-finalMichel Schildmeijer
 
DevConf.cz - Introduction to Kubernetes Operators for Databases
DevConf.cz - Introduction to Kubernetes Operators for DatabasesDevConf.cz - Introduction to Kubernetes Operators for Databases
DevConf.cz - Introduction to Kubernetes Operators for DatabasesJuarez Junior
 
Centralizing Kubernetes and Container Operations
Centralizing Kubernetes and Container OperationsCentralizing Kubernetes and Container Operations
Centralizing Kubernetes and Container OperationsKublr
 
DevNetCreate - ACI and Kubernetes Integration
DevNetCreate - ACI and Kubernetes IntegrationDevNetCreate - ACI and Kubernetes Integration
DevNetCreate - ACI and Kubernetes IntegrationHank Preston
 
Aws container webinar day 1
Aws container webinar day 1Aws container webinar day 1
Aws container webinar day 1HoseokSeo7
 

Similar a Elastic Kubernetes Services (EKS) (20)

aks_training_document_Azure_kuberne.pptx
aks_training_document_Azure_kuberne.pptxaks_training_document_Azure_kuberne.pptx
aks_training_document_Azure_kuberne.pptx
 
ECS and Docker at Okta
ECS and Docker at OktaECS and Docker at Okta
ECS and Docker at Okta
 
Kubernetes on aws
Kubernetes on awsKubernetes on aws
Kubernetes on aws
 
Docker clusters on AWS with Amazon ECS and Kubernetes
Docker clusters on AWS with Amazon ECS and KubernetesDocker clusters on AWS with Amazon ECS and Kubernetes
Docker clusters on AWS with Amazon ECS and Kubernetes
 
EKS New features - Re:invent 2022 recap at AWSUGNL Benelux
EKS New features - Re:invent 2022 recap at AWSUGNL BeneluxEKS New features - Re:invent 2022 recap at AWSUGNL Benelux
EKS New features - Re:invent 2022 recap at AWSUGNL Benelux
 
Kubernetes integration with ODL
Kubernetes integration with ODLKubernetes integration with ODL
Kubernetes integration with ODL
 
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
 
DevJam 2019 - Introduction to Kubernetes
DevJam 2019 - Introduction to KubernetesDevJam 2019 - Introduction to Kubernetes
DevJam 2019 - Introduction to Kubernetes
 
Kubernetes Basics - ICP Workshop Batch II
Kubernetes Basics - ICP Workshop Batch IIKubernetes Basics - ICP Workshop Batch II
Kubernetes Basics - ICP Workshop Batch II
 
Kubernetes for Enterprise DevOps
Kubernetes for Enterprise DevOpsKubernetes for Enterprise DevOps
Kubernetes for Enterprise DevOps
 
Container orchestration k8s azure kubernetes services
Container orchestration  k8s azure kubernetes servicesContainer orchestration  k8s azure kubernetes services
Container orchestration k8s azure kubernetes services
 
Eks and fargate
Eks and fargateEks and fargate
Eks and fargate
 
AKS
AKSAKS
AKS
 
Kubernetes Introduction & Whats new in Kubernetes 1.6
Kubernetes Introduction & Whats new in Kubernetes 1.6Kubernetes Introduction & Whats new in Kubernetes 1.6
Kubernetes Introduction & Whats new in Kubernetes 1.6
 
Application portability with kubernetes
Application portability with kubernetesApplication portability with kubernetes
Application portability with kubernetes
 
Pro2516 10 things about oracle and k8s.pptx-final
Pro2516   10 things about oracle and k8s.pptx-finalPro2516   10 things about oracle and k8s.pptx-final
Pro2516 10 things about oracle and k8s.pptx-final
 
DevConf.cz - Introduction to Kubernetes Operators for Databases
DevConf.cz - Introduction to Kubernetes Operators for DatabasesDevConf.cz - Introduction to Kubernetes Operators for Databases
DevConf.cz - Introduction to Kubernetes Operators for Databases
 
Centralizing Kubernetes and Container Operations
Centralizing Kubernetes and Container OperationsCentralizing Kubernetes and Container Operations
Centralizing Kubernetes and Container Operations
 
DevNetCreate - ACI and Kubernetes Integration
DevNetCreate - ACI and Kubernetes IntegrationDevNetCreate - ACI and Kubernetes Integration
DevNetCreate - ACI and Kubernetes Integration
 
Aws container webinar day 1
Aws container webinar day 1Aws container webinar day 1
Aws container webinar day 1
 

Más de sriram_rajan

Containers and security
Containers and securityContainers and security
Containers and securitysriram_rajan
 
Unlocked 2014 onmetal and docker
Unlocked 2014 onmetal and dockerUnlocked 2014 onmetal and docker
Unlocked 2014 onmetal and dockersriram_rajan
 
DevOps Toolbox: Infrastructure as code
DevOps Toolbox: Infrastructure as codeDevOps Toolbox: Infrastructure as code
DevOps Toolbox: Infrastructure as codesriram_rajan
 
DevOps Toolbox: Application monitoring and insights
DevOps Toolbox: Application monitoring and insightsDevOps Toolbox: Application monitoring and insights
DevOps Toolbox: Application monitoring and insightssriram_rajan
 
DevOps Meetup ansible
DevOps Meetup   ansibleDevOps Meetup   ansible
DevOps Meetup ansiblesriram_rajan
 
Openstack & rackspace – yesterday, today and tomorrow
 Openstack & rackspace – yesterday, today and tomorrow Openstack & rackspace – yesterday, today and tomorrow
Openstack & rackspace – yesterday, today and tomorrowsriram_rajan
 

Más de sriram_rajan (7)

Containers and security
Containers and securityContainers and security
Containers and security
 
Cloudinit
CloudinitCloudinit
Cloudinit
 
Unlocked 2014 onmetal and docker
Unlocked 2014 onmetal and dockerUnlocked 2014 onmetal and docker
Unlocked 2014 onmetal and docker
 
DevOps Toolbox: Infrastructure as code
DevOps Toolbox: Infrastructure as codeDevOps Toolbox: Infrastructure as code
DevOps Toolbox: Infrastructure as code
 
DevOps Toolbox: Application monitoring and insights
DevOps Toolbox: Application monitoring and insightsDevOps Toolbox: Application monitoring and insights
DevOps Toolbox: Application monitoring and insights
 
DevOps Meetup ansible
DevOps Meetup   ansibleDevOps Meetup   ansible
DevOps Meetup ansible
 
Openstack & rackspace – yesterday, today and tomorrow
 Openstack & rackspace – yesterday, today and tomorrow Openstack & rackspace – yesterday, today and tomorrow
Openstack & rackspace – yesterday, today and tomorrow
 

Último

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine  KG and Vector search for  enhanced R...Workshop - Best of Both Worlds_ Combine  KG and Vector search for  enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
🐬 The future of MySQL is Postgres 🐘
🐬  The future of MySQL is Postgres   🐘🐬  The future of MySQL is Postgres   🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 

Último (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine  KG and Vector search for  enhanced R...Workshop - Best of Both Worlds_ Combine  KG and Vector search for  enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
🐬 The future of MySQL is Postgres 🐘
🐬  The future of MySQL is Postgres   🐘🐬  The future of MySQL is Postgres   🐘
🐬 The future of MySQL is Postgres 🐘
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 

Elastic Kubernetes Services (EKS)

  • 1. JUNE FANATICAL SUPPORT FOR AWS CUSTOMER WEBINAR: AMAZON EKS
  • 2. • WARNING : This session will be recorded !
  • 4. 4 AGENDA • Introduction & Recap • Kubernetes • EKS • ECR • AWS & CONTAINERS • Q & A (You can ask questions in chat at anytime)
  • 5. 5 AGENDA • Introduction & Recap • Kubernetes • EKS • ECR • AWS & CONTAINERS • Q & A (You can ask questions in chat at anytime)
  • 6. 6 CONTAINER VS VM Host OS Hypervisor App A Binaries Guest OS (Windows) App B Binaries Guest OS (Linux) Host OS Container Engine App A Binaries OS Image (Ubuntu) App B Binaries OS image (Red Hat) The same Host Kernel VM CONTAINER Hardware Emulation
  • 7. 7 THE ECOSYSTEM Container PaaS A software package that contains everything the software needs to run; executables system tools, libraries, and settings. • Docker • LXC Container Orchestration Container Automating the process of deploying multiple containers to implement an application • Docker Swarm • Apache Mesos • Kubernetes A platform as-a-service that provides a fully managed container platform • AWS EKS • GKE (Google Kubernetes Engine) • RedHat OpenShift
  • 8. 8 THE CONTAINER BENEFITS • Look Cool – The cool kids are doing this. • Consistency - Predictable environments that include software dependencies such as specific versions of programming language runtimes and other software • Portability – Consistency drives the portability no matter where the application is ultimately deployed • Faster – Low overhead ensures faster boot time (order of seconds) • Better Economics – Lower overhead than a VM ensures better hardware use
  • 9. 9 DOCKER BASICS Docker Client docker pull Dockerfile docker build docker run Docker Registry Docker Hub docker push Docker Host docker daemon docker API Running containers
  • 11. 11 AGENDA • Introduction & Recap • Kubernetes • EKS • ECR • AWS & CONTAINERS • Q & A (You can ask questions in chat at anytime)
  • 12. 12 WHAT IS KUBERNETES § K.1.2.3.4.5.6.7.8.s (k8s) § Ancient Greek for “Pilot” or ”Helmsman” § Google’s opinionated Container management framework
  • 13. 13 IT IS MORE THAN GOOGLE • Open source (Apache 2.0 license) • Part of CNCF (Cloud Native Computing Foundation) • RedHat , IBM, Vmware, Pivotal & Microsoft are contributing to it
  • 14. 14 AND IS WINNING… § The Container Management Battle • Google has support for K8s • Docker has support for K8s • AWS has support for K8s • Azure has support for K8s • Red Hat Openshift uses K8s
  • 15. 15 KUBERNETES DESIGN GOALS § Primary goal is distributed micro services § But can cater for more traditional or stateful services • Concept of statefulsets in 1.9/1.10 (persistent storage, graceful deployment and termination, network identifiers)
  • 16. 16 KUBERNETES DESIGN PRINCIPLES § Application defines/declares desired state, K8s maintains it § Lots of primitives to help with container-centric infrastructure • Scheduling • Auto-restarting/Auto-healing • Application monitoring • Service discovery & naming • Secret management • Storage
  • 17. 17 EXTENSIBLE • Extensible – API for Plugins • Calico/Flannel – Overlay networks • CoreDNS – Service discovery using DNS
  • 18. 18 K8S DESIGN 18 Good to know but not critical if you are an end user consuming a K8s PaaS like Google GKE or AWS EKS API SERVER etcd SCHEDULER CONTROLLER MANAGER Master KUBELET KUBEPROXY CADVISOR Node PLUGINS KUBELET KUBEPROXY CADVISOR Node PLUGINS Cluster Architecture KUBECTL Developer Operator KOPS
  • 19. 19 KUBERNETES CLUSTER ARCHITECTURE § Master – Runs the control plane and is the heart of the system • Etcd – Configuration and metadata store • API server – REST based API • Scheduler – Schedules Activites (Pods etc) • Controller Manager server – Cluster operations (adding nodes) • Minion – The worker nodes • Cluster – Master + Minions
  • 20. 20 KUBERNETES CLUSTER ARCHITECTURE § Kubelet - Agent that runs on nodes and provides the execution arm for activities (e.g deploying pods) § Kube-proxy – Network proxy for load balancing, port mapping § cAdvisor – Container advisor. Resource usage and performance characteristics of running containers § Kubectl – Kubernetes CLI (cluster management and deployment) § Kops – Kubernetes cluster manager
  • 21. 21 21 KUBERNETES CONCEPTS & TERMINOLOGY Deployment: auth Image - auth:stable Replicas - 10 Container Port - 10080 Label -app:auth Pod: auth-fm8lzPod: auth-qwc4df Deployments - Declares desired state for Pods & ReplicaSets. Pods - Runs of one or more containers. Basic building block ReplicaSets - Ensures that a specified number of pods are running Service: auth Port: 80 Node Port: <service> Target Port : 10080 DNS: auth.default.cluster.local IP: X.X.X.X or LoadBalancer :a469bd69f-XXXXX.us-west- 2.elb.amazonaws.com Services – Services binds deployments into a “service” • Creates Endpoints or load balancer • Auto-update service with DNS Names and SRV records • Updates resources whenever Pods in it change Labels & Label Selectors - Labels are key value pairs for identifying objects. Label sector matches labels to rules E.g. environment = production && application = auth
  • 22. 22 22 Deployment: auth Image - auth:stable Replicas - 10 Container Port - 10080 Label -app:auth Pod: auth-fm8lzPod: auth-qwc4df Service: auth IP: 1.1.1.1 or LoadBalancer :a469bd69f-XXXXX.us-west- 2.elb.amazonaws.com Namespace: dev Deployment: auth Image - auth:stable Replicas - 10 Container Port - 10080 Label -app:auth Pod: auth-fm8lzPod: auth-qwc4df Service: auth Port: 80 Node Port: <service> Target Port : 10080 DNS: auth.prod.cluster.local IP: 2.2.2.2 or LoadBalancer :6rtfj5i9bd69f-XXXXX.us-west- 2.elb.amazonaws.com Namespace: prod Port: 80 Node Port: <service> Target Port : 10080 DNS: auth.dev.cluster.local Namespaces –Logical environments inside the same physical cluster Typically used with different teams or different environments (staging/production) Services can have same names across namespaces DNS entries are updated in relation to namespaces KUBERNETES CONCEPTS & TERMINOLOGY
  • 23. 23 KUBERNETES CONCEPTS & TERMINOLOGY § StatefulSet - Introduced in version 1.10 and is like a deployment but provides guarantees about the ordering and uniqueness of these Pods (Sticky identity) § DaemonSets – Run something on every node. E.g Log collection or storage daemon § Job – Creates one of more Pods and ensures a specified number are successful. Can be used to run multiple pods in parallel
  • 24. 24 AGENDA • Introduction & Recap • Kubernetes • EKS • ECR • AWS & CONTAINERS • Q & A (You can ask questions in chat at anytime)
  • 25. 25 EKS (MANAGED KUBERNETES) § Fully managed Kubernetes cluster § High availability § Managed Upgrades § Automatically detects and replaces unhealthy masters § Integrated § IAM Support § VPC Support § Autoscale models § Cloudwatch & Cloudtrail support
  • 26. 26 EKS (MANAGED KUBERNETES) § Certified Kubernetes Conformant § https://github.com/cncf/k8s-conformance § Kubernetes versions • Currently 1.10 • Choice of 3 most recent versions (going forward) • All the existing plugins and tooling from the Kubernetes community supported on your workers § Open source theme § Many components are open source
  • 27. 27 EKS PRICING • $0.20 per hour per cluster (About 144 per month) • You also pay for worker node resources - EC2 (instance sizes, reserved instances) - EBS (Elastic Block Storage) - Load balancer - Bandwidth
  • 28. 28 EKS CLUSTER CREATION Prerequisites Provision cluster Provision worker nodes Node Registration Add-ons - IAM Role for EKS - VPC with two AZs - Public + private subnets - Security group - Kubectl - Cluster name - Version - IAM role - VPC and Subnets - Security Groups - EC2 instances - Count - Autoscale configuration - VPC and Subnets - Security Groups - Apply configuration map - Network plugins - Storage profiles - etc
  • 29. 30 EKS NETWORKING • A new open source VPC plugin – CNI (Container Network Interface) - Allows pods to have the same IP address as they do on the VPC network - Can be used with EC2 based K8s • This plugin does the following - Attaches network interfaces and allocates IPs to the K8s nodes - Maintains a "warm pool" of IP addresses for assignment - Configures networking on each node - Use Iptables at the host level for NAT etc (yes, it does)
  • 30. 31 EKS NETWORKING - CALICO • Support for Calico, a network policy engine for Kubernetes • Enables the implementation of network segmentation and tenant isolation - E.g. To separate the same cluster from different environments • Works similar to security groups - Create network ingress and egress rules, - Assign network policies - But applies to pods using pod selectors and labels
  • 31. 32 EKS USER MANAGEMENT • Two part auth; AWS IAM + K8s RBAC • Uses Heptio authenticator plugin • User creation steps - Create an IAM User or Role - Edit K8s config map to add to the K8s environment - Add IAM User or Role - Apply RBAC permissions
  • 32. 33 EKS AUTOSCALING Deployments • Scaling Control Plane • Transparently managed by AWS Worker Nodes Cluster • Same as EC2 autoscaling. • Autoscale policies (e.g. using CPU or RAM) • Pod Autoscaler (Horizontal scaling) • Needs to be designed in conjunction
  • 33. 34 EKS LIMITATIONS & CONSIDERATIONS • US West (Oregon) and US East (N.Virginia) only • Limitations with ELB - Native support for classic type - Beta support for the application load balancer - Alpha support for the network load balancer • Limits to secondary IPs by instance types - Impacts your Pod architecture
  • 34. 35 EKS LIMITATIONS & CONSIDERATIONS • No Cloudwatch for the Cluster - You can use your own plugins • Security groups work at the ENI level and not the Pod level. Limits isolation between Pods. - Plugins like Calico can help overcome this • Persistent volumes are limited to block(EBS). No EFS support. • No Fargate support - Roadmap item for 2018
  • 35. 36 EKS(CONTAINER) BEST PRACTICES • 12-factor app; https://12factor.net/ Best practices for micro-services • Have a logging strategy; i.e. consolidate logs from start - Send application logs to Stdout and Stderr
  • 36. 37 EKS BEST PRACTICES • Use separate clusters for environment separation • Design networking requirements to match EC2 limits • Autoscale models need to be careful consideration (Deployments + EC2 autoscale) • Version control Kubernetes configuration files • Use Kubernetes labels and match them with AWS tags
  • 37. 38 EKS FURTHER READING PLAYING • https://github.com/aws-samples/aws-workshop-for-kubernetes • https://kubernetes.io/docs/setup/minikube/
  • 38. 39 AGENDA • Introduction & Recap • Kubernetes • EKS • ECR • AWS & CONTAINERS • Q & A (You can ask questions in chat at anytime)
  • 39. 40 ECR • Very simple service • Same as Docker Hub • Highly available Docker repository • Integrated into IAM • Lifecycle policies
  • 40. 41 ECR • Only pay for data stored and the network transfer • Can be used with on-premise Docker setups (with AWS cli) • No public images (needs an IAM user) • No private VPC endpoints (you are accessing over a public HTTPS interface)
  • 41. 42 AGENDA • Introduction & Recap • Kubernetes • EKS • ECR • AWS & CONTAINERS • Q & A (You can ask questions in chat at anytime)
  • 42. 43 AWS CONTAINER ECOSYSTEM DIY EC2 ECS EKS Fargate Cluster management Customer managed AWS managed AWS managed AWS managed Cluster Control Full Partial Partial None Instance(worker node) Management Customer managed Customer managed Customer managed AWS managed Instance control Full Full Full None Docker control Full Full Full Limited Container orchestration You decide AWS proprietary and open source schedulers Kubernetes and open source schedulers AWS proprietary Pricing model EC2 instances, EBS volumes EC2 instances, EBS volumes EKS control plane costs, EC2 instances, EBS volumes ECS Tasks Administrative Overhead Clusters, Worker Nodes, Containers Worker Nodes, Containers Worker Nodes, Containers Containers Typical use cases • Highest degree of control • Bleeding edge options • Portable (assuming no other AWS integration) • Fully functional micro- services • Mix and Match with Fargate • Fully functional micro- services • Cross platform/clouds • On demand jobs • Small micro-services • Mix and Match with ECS • EKS support coming soon
  • 43. 44 RACKSPACE & CONTAINERS • ECS • Already in our spheres of management • EKS - We are working on • Finishing support enablement & internal documentation • Finalizing our spheres of management document • Managed Kubernetes • Launched managed Kubernetes on OpenStack. • Roadmap to extend that to cloud platforms • Professional Services • Application transformation services to build container-based architecture
  • 44. 45 AGENDA • Introduction & Recap • Kubernetes • EKS • ECR • AWS & CONTAINERS • Q & A Slides and Recording will be shared