Weitere ähnliche Inhalte
Ähnlich wie Introduction to EKS (AWS User Group Slovakia) (20)
Mehr von Vladimir Simek (18)
Kürzlich hochgeladen (20)
Introduction to EKS (AWS User Group Slovakia)
- 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Kubernetes as a managed service on AWS:
Amazon Elastic Container Service for
Kubernetes (EKS)
Vladimir Simek, Senior Solutions Architect, AWS
26th of March, 2018
- 2. 2012 2013 2015 TODAY2014 20162008 2009 2010 2011
M I L L I O N S O F AC T I V E C U S T O M E R S
- 3. G AR T N E R M AG I C Q U AD R A N T
F O R C L O U D I N F R AS T R U C T U R E
AS A S E R V I C E , W O R L D W I D E
- 6. 516
24 48 61 82
159
280
722
1,017
LAUNCHES
2 0 0 8 2 0 0 9 2 0 1 0 2 0 1 1 2 0 1 2 2 0 1 3 2 0 1 4 2 0 1 5 2 0 1 6
1,300+
2 0 1 7
New capabilities daily
PAC E O F I N N O VAT I O N
- 8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Global Infrastructure
- 9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Open source container
management platform
Helps you run
containers at scale
Gives you primitives
for building
modern applications
What is Kubernetes?
- 11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
W h y d e v e l o p e r s l o v e K u b e r n e t e s
Kubernetes can be run anywhere
O N - P R E M I S E S C L O U D
- 14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
W h y d e v e l o p e r s l o v e K u b e r n e t e s
A single extensible API
S C A L E P E R F O R M A N C E B R E A D T H
- 15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Cloud-native applications
M I C R O S E R V I C E
T O O L I N G
N AT I V E
A P P L I C AT I O N S
- 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
But where you run K8s matters
Q U A L I T Y O F T H E
C L O U D P L AT F O R M
Q U A L I T Y O F T H E
A P P L I C AT I O N S
Y O U R U S E R S
- 17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
63% of Kubernetes workloads
run on AWS today
—CNCF survey
- 18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
3x Kubernetes masters for HA
Kubernetes on AWS
- 19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
API
server
Cloud
controller
Controller
manager
Scheduler Add-onsKubeDNS
Kubernetes master
- 20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Availability
Zone 1
Etcd
Master
Etcd
Master
Etcd
Master
Availability
Zone 2
Availability
Zone 3
- 21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Availability
Zone 1
Etcd
Master
Etcd
Master
Availability
Zone 2
Availability
Zone 3
Etcd
Master
- 22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
”Lets look which tools are available to
build a K8s Cluster on AWS”
- 23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
”Lets look an excellent Community Tool,
KOPS, to build a K8s Cluster on AWS”
- 25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
1 . I n s t a l l B i n a r i e s & To o l s : k o p s , A W S C L I t o o l s , k u b e c t l
2 . S e t I A M U s e r t o “ k o p s ”
3 . A l l o w “ k o p s ” u s e r F u l l a c c e s s t o E C 2 , R o u t e 5 3 , S 3 , I A M , V P C
4 . C o n f i g u r e A W S c l i e n t t o n e w I A M u s e r “ k o p s ”
5 . C o n f i g u r e D N S ( o r ) D e p l o y a g o s s i p - b a s e d c l u s t e r :
• W e h o s t e d t h e s u b d o m a i n “ d n i s h i . k 8 s d e m o l a b s . c o m ” i n R o u t e 5 3
6 . C r e a t e a S 3 b u c k e t t o s a v e c l u s t e r c o n f i g : “ d n i s h i - k o p s - s t o r e ”
7 . S e t t h e “ k o p s e n v i r o n m e n t a l v a r i a b l e s ”
8 . C r e a t e c l u s t e r : ” k o p s c r e a t e c l u s t e r ” a n d “ k o p s v a l i d a t e c l u s t e r ”
- 26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 27. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 28. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 29. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 30. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 31. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 32. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 33. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 34. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 35. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 36. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
“Run Kubernetes for me.”
- 37. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
“Native AWS Integrations.”
- 38. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
”An Open Source Kubernetes
Experience.”
- 39. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
E L A S T I C C O N TA I N E R S E RV I C E F O R K U B E R N E T E S
(EKS)
- 40. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 41. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 42. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 43. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 44. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Availability
Zone 1
Etcd
Master
Etcd
Master
Availability
Zone 2
Availability
Zone 3
Etcd
Master
- 45. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
mycluster.eks.amazonaws.com
Availability
Zone 1
Availability
Zone 2
Availability
Zone 3
Kubectl
- 46. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
APIAPIAPIAPI
EKS
- 47. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
aws eks create-cluster –cluster-name k8conference –desired-master-version
1.7.1 –role-arn arn:aws:iam::account-id:role/role-name
- 48. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
HTTP/1.1 200 Content-type:
application/json
{ "cluster":
{
"clusterName": "string",
"createdAt": number,
"currentMasterVersion": "string",
"desiredMasterVersion": "string",
"masterEndpoint": "string",
"roleArn": "string",
"status": "string",
"statusMessage": "string"
}
}
aws eks create-cluster
- 49. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
aws eks describe-cluster –cluster-name k8conference
- 50. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
HTTP/1.1 200 Content-type:
application/json
{ "cluster":
{ "clusterName": "string",
"createdAt": number,
"currentMasterVersion": "string",
"desiredMasterVersion": "string",
"masterEndpoint": "string",
"roleArn": "string",
"status": "string",
"statusMessage": "string" }
}
aws eks describe-cluster –cluster-name k8conference
- 51. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
aws eks list-clusters
- 52. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
HTTP/1.1 200
Content-type: application/json
{
"clusterArns": [ "string" ],
"nextToken": "string"
}
aws eks list-clusters
- 53. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
aws eks delete-cluster –cluster-name
k8conference
- 54. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
HTTP/1.1 200 Content-type:
application/json
{ "cluster":
{ "clusterName": "string",
"createdAt": number,
"currentMasterVersion": "string",
"desiredMasterVersion": "string",
"masterEndpoint": "string",
"roleArn": "string",
"status": "string",
"statusMessage": "string" }
}
aws eks delete-cluster –cluster-name k8conference
- 55. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
DEMO
- 56. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 57. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 58. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 59. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 60. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 61. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 62. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 63. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 65. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Native VPC networking
with CNI plugin
Pods have the same VPC
address inside the pod
as on the VPC
Simple, secure networking
Open source and
on Github
…{ }
https://github.com/aws/amazon-vpc-cni-k8s
- 66. Nginx Pod
Rails Pod
ENI
Secondary IPs:
10.0.0.1
10.0.0.2
Veth IP: 10.0.0.1
Veth IP: 10.0.0.2
Nginx Pod
Rails Pod
ENI
Veth IP: 10.0.0.20
Veth IP: 10.0.0.22
Secondary IPs:
10.0.0.20
10.0.0.22
ec2.associateaddress()
VPC Subnet – 10.0.0.0/24
Instance 1 Instance 2
- 68. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Kubernetes Network
Policies enforce network
security rules
Calico is the leading
implementation of the
network policy API
Open source, active
development (>100
contributors)
Commercial support
available from Tigera
- 69. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
S T A G E
S E P A R A T I O N
“ T E N A N T ”
S E P A R A T I O N
F I N E - G R A I N E D
F I R E W A L L S
C O M P L I A N C E
E.g., typically use namespaces
for different teams within
a company—but without
network policy, they are
not network isolated
Reduce attack surface within
microservice-based applications
Isolate dev, test, and prod E.g., PCI, HIPAA
- 71. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Heptio IAM Authenticator
An open source approach to integrating
AWS IAM authentication with Kubernetes
https://github.com/heptiolabs/kubernetes-aws-authenticator
- 72. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Kubectl
3) Authorizes AWS Identity with RBAC
K8s API
1) Passes AWS Identity
2) Verifies AWS Identity
4) K8s action
allowed/denied
AWS Auth
- 77. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Kubectl
Workers
PrivateLink
Interface Amazon EKS
- 78. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 79. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
What is Fargate?
N O I N F R A
M A N A G E
E V E R Y T H I N G A T
T H E C O N T A I N E R
L A U N C H E A S I L Y,
S C A L E Q U I C K L Y
R E S O U R C E
B A S E D P R I C I N G
- 80. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
PLANNED FOR 2018…
- 81. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
- 82. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
CNI plugin
Allow Kubernetes users to take advantage of native
VPC networking in their Kubernetes pods
- 83. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Open source Kubernetes community
C O D E
R E V I E W S
F I X I N G
B U G S
I M P L E M E N T I N G
N E W F E AT U R E S
- 84. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
What’s next?
S I G N - U P F O R
P R E V I E W !
G E N E R A L L Y
A V A I L A B L E 2 0 1 8
L E A R N M O R E :
A W S . A M A Z O N .
C O M / E K S /
P R E V I E W
- 85. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Kubernetes on AWS Workshop
g i t h u b . c o m / a w s - s a m p l e s / a w s - w o r k s h o p - f o r - k u b e r n e t e s
- 86. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Cesko-Slovensky AWS Webinar
S t a y t u n e d …
- 87. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Q & A
- 88. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Thank you!