Amazon EKS 그리고 Service Mesh
Kubernetes는 컨테이너 서비스를 도입하는 기업들에게 가장 있기있는 Orchestration 플랫폼입니다. 이 세션에서는 아마존에서 6월 정식 출시한 managed Kubenetes서비스인 EKS를 소개해드리며, 오픈소스 버전과의 차이점 및 장점 등에 대해 설명하고, 진보한 마이크로 서비스인 Service Mesh를 구현하는 Linkerd 소개 및 데모를 진행하고자 합니다.
2. • How do I deploy my containers to hosts?
• How do I do zero downtime or blue green deployments?
• How do I keep my containers alive?
• How can my containers talk to each other?
• Linking? Service Discovery?
• How can I configure my containers at runtime?
• What about secrets?
• How do I best optimize my "pool of compute”?
Common Questions
5. Instance Instance Instance
OS OS OS
Container Runtime Container Runtime Container Runtime
App Service App App Service Service
Container Orchestration
Container Orchestration
6. Instance/OS Instance/OS Instance/OS
App Service App App Service Service
Service Management
Scheduling
Resource Management
Orchestration
Service Management
§Availability
§Lifecycle
§Discovery
Container Orchestration
7. Instance/OS Instance/OS Instance/OS
App Service App App Service Service
Service Management
Scheduling
Resource Management
Orchestration
Scheduling
§Placement
§Scaling
§Upgrades
§Rollbacks
Container Orchestration
8. Instance/OS Instance/OS Instance/OS
App Service App App Service Service
Service Management
Scheduling
Resource Management
Orchestration
Resource
Management
§ Memory
§ CPU
§ Ports
Container Orchestration
9.
10. Open source container
management platform
Helps you run
containers at scale
Gives you primitives
for building
modern applications
What is Kubernetes?
13. Amazon Elastic Container Service for Kubernetes (Amazon EKS) is a
managed service that makes it easy for you to run Kubernetes on AWS without
needing to stand up or maintain your own Kubernetes control plane. Kubernetes
is an open-source system for automating the
deployment, scaling, and management of containerized applications.
What is Amazon EKS?
15. MANAGEMENT
Deployment, Scheduling,
Scaling & Management of
containerized applications
HOSTING
Where the containers run
Amazon Elastic
Container Service
Amazon Elastic
Container Service
for Kubernetes
Amazon EC2 AWS Fargate
IMAGE REGISTRY
Container Image
Repository
GA : June 6, 2018
Amazon Elastic
Container Registry
Amazon Container Services Landscape
16. AMAZON CONTAINER SERVICES
Choose your orchestration tool1
Choose your launch type2
ECS EKS
EC2 Fargate EC2 Fargate
Run a (managed) container on AWS
17. There are a variety of different
ways to run Kubernetes
27. Kubectl
3) Authorizes AWS Identity with RBAC
K8s API
1) Passes AWS Identity
2) Verifies AWS Identity
4) K8s action
allowed/denied
AWS Auth
https://github.com/heptiolabs/kubernetes-aws-authenticator
IAM Authentication + Kubectl
28. Native VPC networking
with CNI plugin
Pods have the same VPC
address inside the pod
as on the VPC
Simple, secure
networking
Open source and
on Github
…{ }
https://github.com/aws/amazon-vpc-cni-k8s
34. 1. The network is reliable
2. Latency is zero
3. Bandwidth is infinite
4. The network is secure
5. Topology doesn’t change
6. There is one administrator
7. Transport cost is zero
8. The network is homogeneous
https://www.somethingsimilar.com/2013/01/14/notes-on-distributed-systems-for-young-bloods/
Eight Fallacies of Distributed Computing
36. A service mesh is a dedicated infrastructure layer for handling service-
to-service communication. It’s responsible for the reliable delivery of
requests through the complex topology of services that comprise a
modern, cloud native application. In practice, the service mesh is
typically implemented as an array of lightweight network proxies that
are deployed alongside application code, without the application
needing to be aware.
- Linkerd CEO William Morgan
What is Service Mesh?
38. • Service Discovery
• Load balancing
• Timeouts and Retries
• Metrics
• Monitoring
• Health checking
• Canary releases
• Rate limiting
• Access control
• End-to-end authentication
Service Mesh Features
• Thread bulk heading
• Circuit breaking
• Failure recovery
• Routing between services
(adaptive, zone-aware)
• Deadlines
• Back pressure
• Outlier detection
• Traffic shaping
• Request shadowing
• & more ……
39.
40. • Linkerd is an ultralight service mesh for Kubernetes. It makes running
services on Kubernetes safer and more reliable by transparently managing
the runtime communication between services.
• Layer 5 Proxy
• Speaks HTTP, Thrift, Mux, HTTP/2, gRPC, etc. (not raw TCP)
• Deals with requests and responses
• Based on Finagle
• Runs as a separate process, not a library
What is Linkerd?
51. • It is a completely open source service mesh that layers transparently
onto existing distributed applications. It is also a platform, including
APIs that let it integrate into any logging platform, or telemetry or
policy system.
• An open platform to connect, manage and secure microservices.
What is Istio?
53. • The data plane is composed of a set of intelligent proxies (Envoy) deployed
as sidecars. These proxies mediate and control all network communication
between microservices along with Mixer, a general-purpose policy and
telemetry hub.
• The control plane manages and configures the proxies to route traffic.
Additionally, the control plane configures Mixers to enforce policies and
collect telemetry.
Istio Architecture
54. • > 100 services
• > 10,000 hosts
• > 2,000,000 RPS
• All service to service traffic (REST and gRPC)
• Use gRPC bridge to unlock Python and PHP clients
• MongoDB proxy
• DynamoDB proxy
• External service proxy (AWS and other partners)
• Kibana/Elastic Search for logging
• LightStep for tracing
• Wavefront for stats
Envoy deployment @ Lyft
55. - apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: fast-http
namespace: fast-http
spec:
gateways:
- fast-http
- mesh
hosts:
- fast-http
http:
- route:
- destination:
host: fast-http
subset: canary
weight: 5
- destination:
host: fast-http
subset: baseline
weight: 5
- destination:
host: fast-http
subset: current
weight: 90
Traffic Routing with Istio
Fine grained
per request routing
based pod labels