Introduction to EKS (AWS User Group Slovakia)

© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Kubernetes as a managed service on AWS:
Amazon Elastic Container Service for
Kubernetes (EKS)
Vladimir Simek, Senior Solutions Architect, AWS
26th of March, 2018

2012 2013 2015 TODAY2014 20162008 2009 2010 2011
M I L L I O N S O F AC T I V E C U S T O M E R S

G AR T N E R M AG I C Q U AD R A N T
F O R C L O U D I N F R AS T R U C T U R E
AS A S E R V I C E , W O R L D W I D E

516
24 48 61 82
159
280
722
1,017
LAUNCHES
2 0 0 8 2 0 0 9 2 0 1 0 2 0 1 1 2 0 1 2 2 0 1 3 2 0 1 4 2 0 1 5 2 0 1 6
1,300+
2 0 1 7
New capabilities daily
PAC E O F I N N O VAT I O N

AWS Global Infrastructure

Open source container
management platform
Helps you run
containers at scale
Gives you primitives
for building
modern applications
What is Kubernetes?

W h y d e v e l o p e r s l o v e K u b e r n e t e s
Kubernetes can be run anywhere
O N - P R E M I S E S C L O U D

W h y d e v e l o p e r s l o v e K u b e r n e t e s
A single extensible API
S C A L E P E R F O R M A N C E B R E A D T H

Cloud-native applications
M I C R O S E R V I C E
T O O L I N G
N AT I V E
A P P L I C AT I O N S

But where you run K8s matters
Q U A L I T Y O F T H E
C L O U D P L AT F O R M
Q U A L I T Y O F T H E
A P P L I C AT I O N S
Y O U R U S E R S

63% of Kubernetes workloads
run on AWS today
—CNCF survey

3x Kubernetes masters for HA
Kubernetes on AWS

API
server
Cloud
controller
Controller
manager
Scheduler Add-onsKubeDNS
Kubernetes master

Availability
Zone 1
Etcd
Master
Etcd
Master
Etcd
Master
Availability
Zone 2
Availability
Zone 3

Availability
Zone 1
Etcd
Master
Etcd
Master
Availability
Zone 2
Availability
Zone 3
Etcd
Master

”Lets look which tools are available to
build a K8s Cluster on AWS”

”Lets look an excellent Community Tool,
KOPS, to build a K8s Cluster on AWS”

1 . I n s t a l l B i n a r i e s & To o l s : k o p s , A W S C L I t o o l s , k u b e c t l
2 . S e t I A M U s e r t o “ k o p s ”
3 . A l l o w “ k o p s ” u s e r F u l l a c c e s s t o E C 2 , R o u t e 5 3 , S 3 , I A M , V P C
4 . C o n f i g u r e A W S c l i e n t t o n e w I A M u s e r “ k o p s ”
5 . C o n f i g u r e D N S ( o r ) D e p l o y a g o s s i p - b a s e d c l u s t e r :
• W e h o s t e d t h e s u b d o m a i n “ d n i s h i . k 8 s d e m o l a b s . c o m ” i n R o u t e 5 3
6 . C r e a t e a S 3 b u c k e t t o s a v e c l u s t e r c o n f i g : “ d n i s h i - k o p s - s t o r e ”
7 . S e t t h e “ k o p s e n v i r o n m e n t a l v a r i a b l e s ”
8 . C r e a t e c l u s t e r : ” k o p s c r e a t e c l u s t e r ” a n d “ k o p s v a l i d a t e c l u s t e r ”

“Run Kubernetes for me.”

“Native AWS Integrations.”

”An Open Source Kubernetes
Experience.”

E L A S T I C C O N TA I N E R S E RV I C E F O R K U B E R N E T E S
(EKS)

mycluster.eks.amazonaws.com
Availability
Zone 1
Availability
Zone 2
Availability
Zone 3
Kubectl

APIAPIAPIAPI
EKS

aws eks create-cluster –cluster-name k8conference –desired-master-version
1.7.1 –role-arn arn:aws:iam::account-id:role/role-name

HTTP/1.1 200 Content-type:
application/json
{ "cluster":
{
"clusterName": "string",
"createdAt": number,
"currentMasterVersion": "string",
"desiredMasterVersion": "string",
"masterEndpoint": "string",
"roleArn": "string",
"status": "string",
"statusMessage": "string"
}
}
aws eks create-cluster

aws eks describe-cluster –cluster-name k8conference

application/json
{ "cluster":
{ "clusterName": "string",
"status": "string",
"statusMessage": "string" }
}
aws eks describe-cluster –cluster-name k8conference

aws eks list-clusters

HTTP/1.1 200
Content-type: application/json
{
"clusterArns": [ "string" ],
"nextToken": "string"
}
aws eks list-clusters

aws eks delete-cluster –cluster-name
k8conference

application/json
{ "cluster":
{ "clusterName": "string",
"status": "string",
"statusMessage": "string" }
}
aws eks delete-cluster –cluster-name k8conference

DEMO

Native VPC networking
with CNI plugin
Pods have the same VPC
address inside the pod
as on the VPC
Simple, secure networking
Open source and
on Github
…{ }
https://github.com/aws/amazon-vpc-cni-k8s

Nginx Pod
Rails Pod
ENI
Secondary IPs:
10.0.0.1
10.0.0.2
Veth IP: 10.0.0.1
Veth IP: 10.0.0.2
Nginx Pod
Rails Pod
ENI
Veth IP: 10.0.0.20
Veth IP: 10.0.0.22
Secondary IPs:
10.0.0.20
10.0.0.22
ec2.associateaddress()
VPC Subnet – 10.0.0.0/24
Instance 1 Instance 2

Kubernetes Network
Policies enforce network
security rules
Calico is the leading
implementation of the
network policy API
Open source, active
development (>100
contributors)
Commercial support
available from Tigera

S T A G E
S E P A R A T I O N
“ T E N A N T ”
S E P A R A T I O N
F I N E - G R A I N E D
F I R E W A L L S
C O M P L I A N C E
E.g., typically use namespaces
for different teams within
a company—but without
network policy, they are
not network isolated
Reduce attack surface within
microservice-based applications
Isolate dev, test, and prod E.g., PCI, HIPAA

Heptio IAM Authenticator
An open source approach to integrating
AWS IAM authentication with Kubernetes
https://github.com/heptiolabs/kubernetes-aws-authenticator

Kubectl
3) Authorizes AWS Identity with RBAC
K8s API
1) Passes AWS Identity
2) Verifies AWS Identity
4) K8s action
allowed/denied
AWS Auth

1.7.41.7.5
Version
1.7
Version
1.8

Kubectl
Workers
PrivateLink
Interface Amazon EKS

What is Fargate?
N O I N F R A
M A N A G E
E V E R Y T H I N G A T
T H E C O N T A I N E R
L A U N C H E A S I L Y,
S C A L E Q U I C K L Y
R E S O U R C E
B A S E D P R I C I N G

PLANNED FOR 2018…

CNI plugin
Allow Kubernetes users to take advantage of native
VPC networking in their Kubernetes pods

Open source Kubernetes community
C O D E
R E V I E W S
F I X I N G
B U G S
I M P L E M E N T I N G
N E W F E AT U R E S

What’s next?
S I G N - U P F O R
P R E V I E W !
G E N E R A L L Y
A V A I L A B L E 2 0 1 8
L E A R N M O R E :
A W S . A M A Z O N .
C O M / E K S /
P R E V I E W

Kubernetes on AWS Workshop
g i t h u b . c o m / a w s - s a m p l e s / a w s - w o r k s h o p - f o r - k u b e r n e t e s

Cesko-Slovensky AWS Webinar
S t a y t u n e d …

Q & A

Thank you!

Introduction to EKS (AWS User Group Slovakia)

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie Introduction to EKS (AWS User Group Slovakia)

Ähnlich wie Introduction to EKS (AWS User Group Slovakia) (20)

Mehr von Vladimir Simek

Mehr von Vladimir Simek (18)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Introduction to EKS (AWS User Group Slovakia)