SlideShare a Scribd company logo

Amazon EKS Deep Dive

Download as PPTX, PDF
A
Andrzej Komarnicki

Amazon EKS Architecture in detail including CNI/Networking, IAM, Provisioning, Shared Responsibility Model, Project Calico, Load Balancing, Logging/Metrics, CI/CD using AWS CodePipeline, CodeCommit, CodeBuild, Lambda, Amazon ECR and Parameter Store and finally the use of Spot Instances which could yield a savings of 70-90% versus conventional on-demand EC2 instances.

Software
1 of 42
AMAZON EKS DEEP DIVE ANDRZEJ KOMARNICKI – DEVOPS ARCHITECT
Kubernetes Version Kubernetes Patch Version Amazon EKS Platform Version Enabled Admission Controllers Release Notes 1.10 1.10.3 eks.2 ​Initializers, NamespaceLifecycle, Limit Ranger, ServiceAccount, DefaultStora geClass, ResourceQuota, DefaultToler ationSeconds, NodeRestriction, Muta tingAdmissionWebhook,ValidatingAd missionWebhook •Added support for Kubernetes aggregation layer. •Added support for Kubernetes Horizontal Pod Autoscaler (HPA). •Kubernetes Metrics Server 0.3.0 or greater is compatible with EKS platform version eks.2. 1.10 1.10.3 eks.1 ​Initializers, NamespaceLifecycle, Limit Ranger, ServiceAccount, DefaultStora geClass, ResourceQuota, DefaultToler ationSeconds,NodeRestriction Initial launch of Amazon EKS. Current and recent Amazon EKS platform versions are described in the table below:
EKS CUSTOMERS
EKS – KUBERNETES MASTERS
EKS ARCHITECTURE
Amazon EKS Shared Responsibility Model For Amazon EKS, AWS is responsible for the Kubernetes control plane, which includes the control plane nodes and etcd database. You assume responsibility and management of the following: • The security configuration of the data plane, including the configuration of the security groups that allow traffic to pass from the Amazon EKS control plane into the customer VPC • The configuration of the worker nodes and the containers themselves • The worker node guest operating system (including updates and security patches) • Other associated application software: • Setting up and managing network controls, such as firewall rules • Managing platform-level identity and access management, either with or in addition to IAM
EKS NETWORKING
CNI PLUGIN Any Kubernetes cluster on AWS • EKS • BYOK8s Daemonset deployment • kubectl create –f eks-cni.yaml
CNI INFRASTRUCTURE
VPC CNI NETWORKING INTERNALS
VPC CNI PLUGIN ARCHITECTURE
Kubernetes + AWS IAM • AWS native access management • In collaboration with Heptio • Kubectl and worker nodes • Works with Kubernetes RBAC IAM Auth Support == Upstream in 1.10 https://github.com/kubernetes-sigs/aws-iam-authenticator
IAM AUTHENTICATION + KUBECTL https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html
WORKER PROVISIONING
Load Balancing - Classic/NLB Amazon EKS supports the Network Load Balancer and the Classic Load Balancer through the Kubernetes service of type LoadBalancer. The configuration of your load balancer is controlled by annotations that are added to the manifest for your service. By default, Classic Load Balancers are used for LoadBalancer type services. To use the Network Load Balancer instead, apply the following annotation to your service: service.beta.kubernetes.io/aws-load-balancer-type: nlb
Load Balancing - ALB • CoreOS ALB Ingress Controller: Supported by AWS (in beta) • Exposes ALB functionality to Kubernetes via Ingress Resources • Layer 7 load balancing, supports content-based routing by host or path https://github.com/kubernetes-sigs/aws-alb-ingress-controller
The following diagram details the AWS components this controller creates. It also demonstrates the route ingress traffic takes from the ALB to the Kubernetes cluster.
Ingress Creation This section describes each step (circle) above. This example demonstrates satisfying 1 ingress resource. [1]: The controller watches for ingress events from the API server. When it finds ingress resources that satisfy its requirements, it begins the creation of AWS resources. [2]: An ALB (ELBv2) is created in AWS for the new ingress resource. This ALB can be internet-facing or internal. You can also specify the subnets it's created in using annotations. [3]: Target Groups are created in AWS for each unique Kubernetes service described in the ingress resource. [4]: Listeners are created for every port detailed in your ingress resource annotations. When no port is specified, sensible defaults (80 or 443) are used. Certificates may also be attached via annotations. [5]: Rules are created for each path specified in your ingress resource. This ensures traffic to a specific path is routed to the correct Kubernetes Service. Along with the above, the controller also... •deletes AWS components when ingress resources are removed from k8s. •modifies AWS components when ingress resources change in k8s. •assembles a list of existing ingress-related AWS components on start-up, allowing you to recover if the controller were to be restarted.
VISIBILITY THROUGHOUT YOUR KUBERNETES CLUSTER
LOG AGGREGATION IN CLOUDWATCH LOGS VIA FLUENTD https://github.com/kubernetes/charts/tree/master/incubator/fluentd-cloudwatch
METRICS
CI/CD for apps on Kubernetes - options Jenkins AWS CodePipeline, AWS CodeCommit, AWS CodeBuild AWS partners • GitLab • Shippable • CircleCI • Codeship
https://github.com/aws-samples/aws-kube-codesuite
Spot Instances Amazon EC2 Spot Instances are spare EC2 capacity that offer discounts of 70-90% over On- Demand prices. The Spot price is determined by term trends in supply and demand and the amount of On-Demand capacity on a particular instance size, family, Availability Zone, and AWS Region. If the available On-Demand capacity of a particular instance type is depleted, the Spot Instance is sent an interruption notice two minutes ahead to gracefully wrap up things. I recommend a diversified fleet of instances, with multiple instance types created by Spot Fleets or EC2 Fleets. You can use Spot Instances for various fault-tolerant and flexible applications. In a workload that uses container orchestration and management platforms like EKS or Amazon Elastic Container Service (Amazon ECS), the schedulers have built-in mechanisms to identify any pods or containers on these interrupted EC2 instances. The interrupted pods or containers are then replaced on other EC2 instances in the cluster.
Solution component Role in solution Code Deployment Cluster Autoscaler Scales EC2 instances in or out Open source K8s pod DaemonSet on On-Demand Instances Auto Scaling group Provisions Spot or On-Demand Instances AWS Via CloudFormation Spot Instance interrupt handler Sets K8s nodes to drain state, when the Spot Instance is interrupted Open source K8s pod DaemonSet on all K8s nodes with the label lifecycle=EC2Spot Solution architecture There are three goals to accomplish with this solution: 1. The cluster must scale automatically to match the demands of an application. 2. Optimize for cost by using Spot Instances. 3. The cluster must be resilient to Spot Instance interruptions. These goals are accomplished with the following components:
EKS Deep Dive Complete http://www.linkedin.com/in/andrzejkomarnicki/

Recommended

Introduction to Amazon EKS
Introduction to Amazon EKSIntroduction to Amazon EKS
Introduction to Amazon EKSAmazon Web Services
 
Kubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSKubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSAmazon Web Services
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon Web Services
 
K8s on AWS - Introducing Amazon EKS
K8s on AWS - Introducing Amazon EKSK8s on AWS - Introducing Amazon EKS
K8s on AWS - Introducing Amazon EKSAmazon Web Services
 
Getting Started on Amazon EKS
Getting Started on Amazon EKSGetting Started on Amazon EKS
Getting Started on Amazon EKSMatthew Barlocker
 
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitKubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitAmazon Web Services
 
AWS ECS vs EKS
AWS ECS vs EKSAWS ECS vs EKS
AWS ECS vs EKSNorberto Enomoto
 
AWS Containers Day.pdf
AWS Containers Day.pdfAWS Containers Day.pdf
AWS Containers Day.pdfAmazon Web Services
 

Recommended

Introduction to Amazon EKS
Introduction to Amazon EKSIntroduction to Amazon EKS
Introduction to Amazon EKSAmazon Web Services
 
Kubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSKubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSAmazon Web Services
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon Web Services
 
K8s on AWS - Introducing Amazon EKS
K8s on AWS - Introducing Amazon EKSK8s on AWS - Introducing Amazon EKS
K8s on AWS - Introducing Amazon EKSAmazon Web Services
 
Getting Started on Amazon EKS
Getting Started on Amazon EKSGetting Started on Amazon EKS
Getting Started on Amazon EKSMatthew Barlocker
 
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitKubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitAmazon Web Services
 
AWS ECS vs EKS
AWS ECS vs EKSAWS ECS vs EKS
AWS ECS vs EKSNorberto Enomoto
 
AWS Containers Day.pdf
AWS Containers Day.pdfAWS Containers Day.pdf
AWS Containers Day.pdfAmazon Web Services
 
EKS Workshop
EKS Workshop EKS Workshop
EKS WorkshopAWS Germany
 
Containers - Amazon EKS
Containers - Amazon EKSContainers - Amazon EKS
Containers - Amazon EKSAmazon Web Services
 
Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018
Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018
Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018Amazon Web Services
 
K8s on AWS: Introducing Amazon EKS
K8s on AWS: Introducing Amazon EKSK8s on AWS: Introducing Amazon EKS
K8s on AWS: Introducing Amazon EKSAmazon Web Services
 
Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022 Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022 Jean-François LOMBARDO
 
Containers on AWS: An Introduction
Containers on AWS: An IntroductionContainers on AWS: An Introduction
Containers on AWS: An IntroductionAmazon Web Services
 
Intro to Amazon ECS
Intro to Amazon ECSIntro to Amazon ECS
Intro to Amazon ECSAmazon Web Services
 
VMware Tanzu Introduction
VMware Tanzu IntroductionVMware Tanzu Introduction
VMware Tanzu IntroductionVMware Tanzu
 
EKS vs GKE vs AKS - Evaluating Kubernetes in the Cloud
EKS vs GKE vs AKS - Evaluating Kubernetes in the CloudEKS vs GKE vs AKS - Evaluating Kubernetes in the Cloud
EKS vs GKE vs AKS - Evaluating Kubernetes in the CloudDevOps.com
 
20180425 AWS Black Belt Online Seminar Amazon Relational Database Service (Am...
20180425 AWS Black Belt Online Seminar Amazon Relational Database Service (Am...20180425 AWS Black Belt Online Seminar Amazon Relational Database Service (Am...
20180425 AWS Black Belt Online Seminar Amazon Relational Database Service (Am...Amazon Web Services Japan
 
Amazon EKS: Getting Started
Amazon EKS: Getting StartedAmazon EKS: Getting Started
Amazon EKS: Getting StartedTanya Seno
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
 
AWS Monitoring & Logging
AWS Monitoring & LoggingAWS Monitoring & Logging
AWS Monitoring & LoggingJason Poley
 
CI/CD on AWS
CI/CD on AWSCI/CD on AWS
CI/CD on AWSAmazon Web Services
 
Introduction to New CloudWatch Agent
Introduction to New CloudWatch AgentIntroduction to New CloudWatch Agent
Introduction to New CloudWatch AgentNoritaka Sekiyama
 
Introducing Amazon EKS
Introducing Amazon EKSIntroducing Amazon EKS
Introducing Amazon EKSAmazon Web Services
 
Elastic Kubernetes Services (EKS)
Elastic Kubernetes Services (EKS)Elastic Kubernetes Services (EKS)
Elastic Kubernetes Services (EKS)sriram_rajan
 
AWS CodeCommit, CodeDeploy & CodePipeline
AWS CodeCommit, CodeDeploy & CodePipelineAWS CodeCommit, CodeDeploy & CodePipeline
AWS CodeCommit, CodeDeploy & CodePipelineJulien SIMON
 
Amazon EKS multi-cluster gitops-bridge
Amazon EKS multi-cluster gitops-bridgeAmazon EKS multi-cluster gitops-bridge
Amazon EKS multi-cluster gitops-bridgeCarlos Santana
 
EKS New features - Re:invent 2022 recap at AWSUGNL Benelux
EKS New features - Re:invent 2022 recap at AWSUGNL BeneluxEKS New features - Re:invent 2022 recap at AWSUGNL Benelux
EKS New features - Re:invent 2022 recap at AWSUGNL BeneluxMasoom Tulsiani
 
aks_training_document_Azure_kuberne.pptx
aks_training_document_Azure_kuberne.pptxaks_training_document_Azure_kuberne.pptx
aks_training_document_Azure_kuberne.pptxWaseemShare
 

More Related Content

What's hot

Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018
Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018
Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018Amazon Web Services
 
K8s on AWS: Introducing Amazon EKS
K8s on AWS: Introducing Amazon EKSK8s on AWS: Introducing Amazon EKS
K8s on AWS: Introducing Amazon EKSAmazon Web Services
 
Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022 Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022 Jean-François LOMBARDO
 
Containers on AWS: An Introduction
Containers on AWS: An IntroductionContainers on AWS: An Introduction
Containers on AWS: An IntroductionAmazon Web Services
 
VMware Tanzu Introduction
VMware Tanzu IntroductionVMware Tanzu Introduction
VMware Tanzu IntroductionVMware Tanzu
 
EKS vs GKE vs AKS - Evaluating Kubernetes in the Cloud
EKS vs GKE vs AKS - Evaluating Kubernetes in the CloudEKS vs GKE vs AKS - Evaluating Kubernetes in the Cloud
EKS vs GKE vs AKS - Evaluating Kubernetes in the CloudDevOps.com
 
20180425 AWS Black Belt Online Seminar Amazon Relational Database Service (Am...
20180425 AWS Black Belt Online Seminar Amazon Relational Database Service (Am...20180425 AWS Black Belt Online Seminar Amazon Relational Database Service (Am...
20180425 AWS Black Belt Online Seminar Amazon Relational Database Service (Am...Amazon Web Services Japan
 
Amazon EKS: Getting Started
Amazon EKS: Getting StartedAmazon EKS: Getting Started
Amazon EKS: Getting StartedTanya Seno
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
 
AWS Monitoring & Logging
AWS Monitoring & LoggingAWS Monitoring & Logging
AWS Monitoring & LoggingJason Poley
 
Introduction to New CloudWatch Agent
Introduction to New CloudWatch AgentIntroduction to New CloudWatch Agent
Introduction to New CloudWatch AgentNoritaka Sekiyama
 
Elastic Kubernetes Services (EKS)
Elastic Kubernetes Services (EKS)Elastic Kubernetes Services (EKS)
Elastic Kubernetes Services (EKS)sriram_rajan
 
AWS CodeCommit, CodeDeploy & CodePipeline
AWS CodeCommit, CodeDeploy & CodePipelineAWS CodeCommit, CodeDeploy & CodePipeline
AWS CodeCommit, CodeDeploy & CodePipelineJulien SIMON
 
Amazon EKS multi-cluster gitops-bridge
Amazon EKS multi-cluster gitops-bridgeAmazon EKS multi-cluster gitops-bridge
Amazon EKS multi-cluster gitops-bridgeCarlos Santana
 

What's hot (20)

EKS Workshop
EKS Workshop EKS Workshop
EKS Workshop
 
Containers - Amazon EKS
Containers - Amazon EKSContainers - Amazon EKS
Containers - Amazon EKS
 
Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018
Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018
Kubernetes Clusters Security with Amazon EKS (CON338-R1) - AWS re:Invent 2018
 
K8s on AWS: Introducing Amazon EKS
K8s on AWS: Introducing Amazon EKSK8s on AWS: Introducing Amazon EKS
K8s on AWS: Introducing Amazon EKS
 
Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022 Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022
 
Containers on AWS: An Introduction
Containers on AWS: An IntroductionContainers on AWS: An Introduction
Containers on AWS: An Introduction
 
Intro to Amazon ECS
Intro to Amazon ECSIntro to Amazon ECS
Intro to Amazon ECS
 
VMware Tanzu Introduction
VMware Tanzu IntroductionVMware Tanzu Introduction
VMware Tanzu Introduction
 
EKS vs GKE vs AKS - Evaluating Kubernetes in the Cloud
EKS vs GKE vs AKS - Evaluating Kubernetes in the CloudEKS vs GKE vs AKS - Evaluating Kubernetes in the Cloud
EKS vs GKE vs AKS - Evaluating Kubernetes in the Cloud
 
20180425 AWS Black Belt Online Seminar Amazon Relational Database Service (Am...
20180425 AWS Black Belt Online Seminar Amazon Relational Database Service (Am...20180425 AWS Black Belt Online Seminar Amazon Relational Database Service (Am...
20180425 AWS Black Belt Online Seminar Amazon Relational Database Service (Am...
 
Amazon EKS: Getting Started
Amazon EKS: Getting StartedAmazon EKS: Getting Started
Amazon EKS: Getting Started
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control Tower
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
 
AWS Monitoring & Logging
AWS Monitoring & LoggingAWS Monitoring & Logging
AWS Monitoring & Logging
 
CI/CD on AWS
CI/CD on AWSCI/CD on AWS
CI/CD on AWS
 
Introduction to New CloudWatch Agent
Introduction to New CloudWatch AgentIntroduction to New CloudWatch Agent
Introduction to New CloudWatch Agent
 
Introducing Amazon EKS
Introducing Amazon EKSIntroducing Amazon EKS
Introducing Amazon EKS
 
Elastic Kubernetes Services (EKS)
Elastic Kubernetes Services (EKS)Elastic Kubernetes Services (EKS)
Elastic Kubernetes Services (EKS)
 
AWS CodeCommit, CodeDeploy & CodePipeline
AWS CodeCommit, CodeDeploy & CodePipelineAWS CodeCommit, CodeDeploy & CodePipeline
AWS CodeCommit, CodeDeploy & CodePipeline
 
Amazon EKS multi-cluster gitops-bridge
Amazon EKS multi-cluster gitops-bridgeAmazon EKS multi-cluster gitops-bridge
Amazon EKS multi-cluster gitops-bridge
 

Similar to Amazon EKS Deep Dive

EKS New features - Re:invent 2022 recap at AWSUGNL Benelux
EKS New features - Re:invent 2022 recap at AWSUGNL BeneluxEKS New features - Re:invent 2022 recap at AWSUGNL Benelux
EKS New features - Re:invent 2022 recap at AWSUGNL BeneluxMasoom Tulsiani
 
aks_training_document_Azure_kuberne.pptx
aks_training_document_Azure_kuberne.pptxaks_training_document_Azure_kuberne.pptx
aks_training_document_Azure_kuberne.pptxWaseemShare
 
Meetup CNCF Torino - Amazon EKS March 29th 2019
Meetup CNCF Torino - Amazon EKS March 29th 2019 Meetup CNCF Torino - Amazon EKS March 29th 2019
Meetup CNCF Torino - Amazon EKS March 29th 2019 Massimo Ferre'
 
Docker clusters on AWS with Amazon ECS and Kubernetes
Docker clusters on AWS with Amazon ECS and KubernetesDocker clusters on AWS with Amazon ECS and Kubernetes
Docker clusters on AWS with Amazon ECS and KubernetesJulien SIMON
 
Aws container webinar day 1
Aws container webinar day 1Aws container webinar day 1
Aws container webinar day 1HoseokSeo7
 
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECSWeaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECSWeaveworks
 
February 2016 Webinar Series - EC2 Container Service Deep Dive
February 2016 Webinar Series - EC2 Container Service Deep Dive February 2016 Webinar Series - EC2 Container Service Deep Dive
February 2016 Webinar Series - EC2 Container Service Deep Dive Amazon Web Services
 
Running containers in AWS
Running containers in AWSRunning containers in AWS
Running containers in AWSAndrewMay59
 
Deploying a Kubernetes App with Amazon EKS
Deploying a Kubernetes App with Amazon EKSDeploying a Kubernetes App with Amazon EKS
Deploying a Kubernetes App with Amazon EKSLaura Frank Tacho
 
Building a Kubernetes App with Amazon EKS
Building a Kubernetes App with Amazon EKSBuilding a Kubernetes App with Amazon EKS
Building a Kubernetes App with Amazon EKSDevOps.com
 
AWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul Maddox
AWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul MaddoxAWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul Maddox
AWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul MaddoxAWS Riyadh User Group
 
Running kubernetes with amazon eks
Running kubernetes with amazon eksRunning kubernetes with amazon eks
Running kubernetes with amazon eksyanaisama
 
Getting Started with Amazon EKS (Managed Kubernetes)
Getting Started with Amazon EKS (Managed Kubernetes)Getting Started with Amazon EKS (Managed Kubernetes)
Getting Started with Amazon EKS (Managed Kubernetes)Tanya Seno
 

Similar to Amazon EKS Deep Dive (20)

EKS New features - Re:invent 2022 recap at AWSUGNL Benelux
EKS New features - Re:invent 2022 recap at AWSUGNL BeneluxEKS New features - Re:invent 2022 recap at AWSUGNL Benelux
EKS New features - Re:invent 2022 recap at AWSUGNL Benelux
 
aks_training_document_Azure_kuberne.pptx
aks_training_document_Azure_kuberne.pptxaks_training_document_Azure_kuberne.pptx
aks_training_document_Azure_kuberne.pptx
 
應用開發新思維
應用開發新思維應用開發新思維
應用開發新思維
 
Meetup CNCF Torino - Amazon EKS March 29th 2019
Meetup CNCF Torino - Amazon EKS March 29th 2019 Meetup CNCF Torino - Amazon EKS March 29th 2019
Meetup CNCF Torino - Amazon EKS March 29th 2019
 
Docker clusters on AWS with Amazon ECS and Kubernetes
Docker clusters on AWS with Amazon ECS and KubernetesDocker clusters on AWS with Amazon ECS and Kubernetes
Docker clusters on AWS with Amazon ECS and Kubernetes
 
Aws container webinar day 1
Aws container webinar day 1Aws container webinar day 1
Aws container webinar day 1
 
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECSWeaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
 
February 2016 Webinar Series - EC2 Container Service Deep Dive
February 2016 Webinar Series - EC2 Container Service Deep Dive February 2016 Webinar Series - EC2 Container Service Deep Dive
February 2016 Webinar Series - EC2 Container Service Deep Dive
 
Introduzione ad Amazon EKS
Introduzione ad Amazon EKSIntroduzione ad Amazon EKS
Introduzione ad Amazon EKS
 
ECS and ECR deep dive
ECS and ECR deep diveECS and ECR deep dive
ECS and ECR deep dive
 
Introduzione ad Amazon EKS
Introduzione ad Amazon EKSIntroduzione ad Amazon EKS
Introduzione ad Amazon EKS
 
Running containers in AWS
Running containers in AWSRunning containers in AWS
Running containers in AWS
 
A quick introduction to AKS
A quick introduction to AKSA quick introduction to AKS
A quick introduction to AKS
 
Deploying a Kubernetes App with Amazon EKS
Deploying a Kubernetes App with Amazon EKSDeploying a Kubernetes App with Amazon EKS
Deploying a Kubernetes App with Amazon EKS
 
Building a Kubernetes App with Amazon EKS
Building a Kubernetes App with Amazon EKSBuilding a Kubernetes App with Amazon EKS
Building a Kubernetes App with Amazon EKS
 
Amazon ECS Deep Dive
Amazon ECS Deep DiveAmazon ECS Deep Dive
Amazon ECS Deep Dive
 
AWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul Maddox
AWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul MaddoxAWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul Maddox
AWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul Maddox
 
Advanced Container Security
Advanced Container Security Advanced Container Security
Advanced Container Security
 
Running kubernetes with amazon eks
Running kubernetes with amazon eksRunning kubernetes with amazon eks
Running kubernetes with amazon eks
 
Getting Started with Amazon EKS (Managed Kubernetes)
Getting Started with Amazon EKS (Managed Kubernetes)Getting Started with Amazon EKS (Managed Kubernetes)
Getting Started with Amazon EKS (Managed Kubernetes)
 

Recently uploaded

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 

Recently uploaded (20)

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 

Amazon EKS Deep Dive

  • 1. AMAZON EKS DEEP DIVE ANDRZEJ KOMARNICKI – DEVOPS ARCHITECT
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14. Kubernetes Version Kubernetes Patch Version Amazon EKS Platform Version Enabled Admission Controllers Release Notes 1.10 1.10.3 eks.2 ​Initializers, NamespaceLifecycle, Limit Ranger, ServiceAccount, DefaultStora geClass, ResourceQuota, DefaultToler ationSeconds, NodeRestriction, Muta tingAdmissionWebhook,ValidatingAd missionWebhook •Added support for Kubernetes aggregation layer. •Added support for Kubernetes Horizontal Pod Autoscaler (HPA). •Kubernetes Metrics Server 0.3.0 or greater is compatible with EKS platform version eks.2. 1.10 1.10.3 eks.1 ​Initializers, NamespaceLifecycle, Limit Ranger, ServiceAccount, DefaultStora geClass, ResourceQuota, DefaultToler ationSeconds,NodeRestriction Initial launch of Amazon EKS. Current and recent Amazon EKS platform versions are described in the table below:
  • 18. Amazon EKS Shared Responsibility Model For Amazon EKS, AWS is responsible for the Kubernetes control plane, which includes the control plane nodes and etcd database. You assume responsibility and management of the following: • The security configuration of the data plane, including the configuration of the security groups that allow traffic to pass from the Amazon EKS control plane into the customer VPC • The configuration of the worker nodes and the containers themselves • The worker node guest operating system (including updates and security patches) • Other associated application software: • Setting up and managing network controls, such as firewall rules • Managing platform-level identity and access management, either with or in addition to IAM
  • 20.
  • 21. CNI PLUGIN Any Kubernetes cluster on AWS • EKS • BYOK8s Daemonset deployment • kubectl create –f eks-cni.yaml
  • 23. VPC CNI NETWORKING INTERNALS
  • 24. VPC CNI PLUGIN ARCHITECTURE
  • 25.
  • 26.
  • 27. Kubernetes + AWS IAM • AWS native access management • In collaboration with Heptio • Kubectl and worker nodes • Works with Kubernetes RBAC IAM Auth Support == Upstream in 1.10 https://github.com/kubernetes-sigs/aws-iam-authenticator
  • 28. IAM AUTHENTICATION + KUBECTL https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html
  • 30. Load Balancing - Classic/NLB Amazon EKS supports the Network Load Balancer and the Classic Load Balancer through the Kubernetes service of type LoadBalancer. The configuration of your load balancer is controlled by annotations that are added to the manifest for your service. By default, Classic Load Balancers are used for LoadBalancer type services. To use the Network Load Balancer instead, apply the following annotation to your service: service.beta.kubernetes.io/aws-load-balancer-type: nlb
  • 31. Load Balancing - ALB • CoreOS ALB Ingress Controller: Supported by AWS (in beta) • Exposes ALB functionality to Kubernetes via Ingress Resources • Layer 7 load balancing, supports content-based routing by host or path https://github.com/kubernetes-sigs/aws-alb-ingress-controller
  • 32. The following diagram details the AWS components this controller creates. It also demonstrates the route ingress traffic takes from the ALB to the Kubernetes cluster.
  • 33. Ingress Creation This section describes each step (circle) above. This example demonstrates satisfying 1 ingress resource. [1]: The controller watches for ingress events from the API server. When it finds ingress resources that satisfy its requirements, it begins the creation of AWS resources. [2]: An ALB (ELBv2) is created in AWS for the new ingress resource. This ALB can be internet-facing or internal. You can also specify the subnets it's created in using annotations. [3]: Target Groups are created in AWS for each unique Kubernetes service described in the ingress resource. [4]: Listeners are created for every port detailed in your ingress resource annotations. When no port is specified, sensible defaults (80 or 443) are used. Certificates may also be attached via annotations. [5]: Rules are created for each path specified in your ingress resource. This ensures traffic to a specific path is routed to the correct Kubernetes Service. Along with the above, the controller also... •deletes AWS components when ingress resources are removed from k8s. •modifies AWS components when ingress resources change in k8s. •assembles a list of existing ingress-related AWS components on start-up, allowing you to recover if the controller were to be restarted.
  • 34. VISIBILITY THROUGHOUT YOUR KUBERNETES CLUSTER
  • 35. LOG AGGREGATION IN CLOUDWATCH LOGS VIA FLUENTD https://github.com/kubernetes/charts/tree/master/incubator/fluentd-cloudwatch
  • 37. CI/CD for apps on Kubernetes - options Jenkins AWS CodePipeline, AWS CodeCommit, AWS CodeBuild AWS partners • GitLab • Shippable • CircleCI • Codeship
  • 39. Spot Instances Amazon EC2 Spot Instances are spare EC2 capacity that offer discounts of 70-90% over On- Demand prices. The Spot price is determined by term trends in supply and demand and the amount of On-Demand capacity on a particular instance size, family, Availability Zone, and AWS Region. If the available On-Demand capacity of a particular instance type is depleted, the Spot Instance is sent an interruption notice two minutes ahead to gracefully wrap up things. I recommend a diversified fleet of instances, with multiple instance types created by Spot Fleets or EC2 Fleets. You can use Spot Instances for various fault-tolerant and flexible applications. In a workload that uses container orchestration and management platforms like EKS or Amazon Elastic Container Service (Amazon ECS), the schedulers have built-in mechanisms to identify any pods or containers on these interrupted EC2 instances. The interrupted pods or containers are then replaced on other EC2 instances in the cluster.
  • 40. Solution component Role in solution Code Deployment Cluster Autoscaler Scales EC2 instances in or out Open source K8s pod DaemonSet on On-Demand Instances Auto Scaling group Provisions Spot or On-Demand Instances AWS Via CloudFormation Spot Instance interrupt handler Sets K8s nodes to drain state, when the Spot Instance is interrupted Open source K8s pod DaemonSet on all K8s nodes with the label lifecycle=EC2Spot Solution architecture There are three goals to accomplish with this solution: 1. The cluster must scale automatically to match the demands of an application. 2. Optimize for cost by using Spot Instances. 3. The cluster must be resilient to Spot Instance interruptions. These goals are accomplished with the following components:
  • 41.
  • 42. EKS Deep Dive Complete http://www.linkedin.com/in/andrzejkomarnicki/