Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AWS Usergroup Munich - January 2020 - Introduct...

AWS Usergroup Munich - January 2020 - Introduction to Amazon EKS

Short introduction into Amazon EKS to help you get started quickly.

Christoph Kassen

January 23, 2020
Tweet

More Decks by Christoph Kassen

Other Decks in Technology

Transcript

  1. © 2020, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Amazon Confidential and Trademark Christoph Kassen Solutions Architect – Amazon Web Services @christoph_k Introducing Amazon EKS
  2. © 2020, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Amazon Confidential and Trademark – @christoph_k AWS container services landscape Management Deployment, Scheduling, Scaling & Management of containerized applications Hosting Where the containers run Amazon Elastic Container Service Amazon Elastic Kubernetes Service Amazon EC2 AWS Fargate Image Registry Container Image Repository Amazon Elastic Container Registry
  3. © 2020, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Amazon Confidential and Trademark – @christoph_k Upstream Kubernetes Use standard Kubernetes APIs. Works with community tools. Highly available Built for production workloads, all clusters are highly available. Backed by a 99.9% SLA. Integrated with the AWS ecosystem: VPC Networking, Elastic Load Balancing, IAM Permissions, CloudWatch and more Amazon Elastic Kubernetes Service
  4. © 2020, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Amazon Confidential and Trademark – @christoph_k Transparent roadmap https://github.com/aws/containers-roadmap/
  5. © 2020, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Amazon Confidential and Trademark – @christoph_k Components EKS Control Plane Worker Nodes
  6. © 2020, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Amazon Confidential and Trademark – @christoph_k Amazon EKS Architecture https://00000000000000000000000000000000.xyz.eu-central-1.eks.amazonaws.com EKS workers kubectl AZ 1 AZ 2 AZ 3 Your AWS account VPC Amazon EKS
  7. © 2020, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Amazon Confidential and Trademark – @christoph_k CLI to provision EKS clusters - Manages worker node groups - Configures k8s CLI https://eksctl.io – Official open-source CLI tool for EKS eksctl create cluster --name=eks-patterns --nodes=4 --region=eu-central-1
  8. © 2020, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Amazon Confidential and Trademark – @christoph_k eksctl customizations kubeletExtraConfig: kubeReserved: cpu: "300m" memory: "300Mi" ephemeral-storage: "1Gi" kubeReservedCgroup: "/kube- reserved" systemReserved: cpu: "300m" memory: "300Mi" ephemeral-storage: "1Gi" evictionHard: memory.available: "200Mi" nodefs.available: "10%" YAML based configuration kubelet parameters Resource reservations Labels & Tains Custom VPC setups Autoscaling Multiple Node Groups Spot & GPU node support Windows worker IAM Policies gitops
  9. © 2020, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Amazon Confidential and Trademark – @christoph_k Components EKS Control Plane Worker Nodes
  10. © 2020, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Amazon Confidential and Trademark – @christoph_k Managed Node Groups EKS APIs to provision and manage worker nodes • Easy to provision: One-click deploy of multi-AZ node groups backed by EC2 ASG and the latest EKS AMIs. • Easy to manage: All nodes in a single API call or console, integrated health monitoring. • Easy to update: Minor or patch version upgrades with zero downtime. • Scaling controls: Automatic tagging for cluster-autoscaler, pass- through ASG controls.
  11. © 2020, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Amazon Confidential and Trademark – @christoph_k Managed by AWS No EC2 Instances to provision, scale or manage Elastic Scale up & down seamlessly. Pay only for what you use Integrated with the AWS ecosystem: VPC Networking, Elastic Load Balancing, IAM Permissions, CloudWatch and more. Run Kubernetes pods or ECS tasks. AWS Fargate
  12. © 2020, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Amazon Confidential and Trademark – @christoph_k Make Kubernetes Pods serverless Bring existing pods Production ready Right-Sized and Integrated Fargate runs tens of millions of containers for AWS customers every week
  13. © 2020, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Amazon Confidential and Trademark – @christoph_k Components EKS Control Plane Worker Nodes
  14. © 2020, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Amazon Confidential and Trademark – @christoph_k IAM Roles for ServiceAccounts
  15. © 2020, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Amazon Confidential and Trademark – @christoph_k Step 1: Create an IAM policy { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "sqs:GetQueueUrl", "sqs:ListDeadLetterSourceQueues", "sqs:ReceiveMessage", "sqs:GetQueueAttributes", "sqs:ListQueueTags”, "sqs:ListQueues" ], "Resource": ”*" } ] } IAM Roles for ServiceAccount
  16. © 2020, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Amazon Confidential and Trademark – @christoph_k Step 2: Create ServiceAccount, IAM Role and correct association eksctl create iamserviceaccount \ --name sqs-orderservice \ --namespace default \ --cluster eks-patterns-demo \ --attach-policy-arn IAM_policy_ARN \ --approve \ --override-existing-serviceaccounts Note: Cluster name is required but namespace and service account are optional IAM Roles for ServiceAccounts
  17. © 2020, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Amazon Confidential and Trademark – @christoph_k Step 3: Use ServiceAccount in Pod definition apiVersion: apps/v1 kind: Deployment metadata: name: orderservice spec: replicas: 1 selector: matchLabels: app: orderservice template: metadata: labels: app: orderservice spec: serviceAccountName: sqs-orderservice containers: - name: orderservice image: .../eks-patterns-demo:latest IAM Roles for ServiceAccount https://github.com/aws/amazon-eks-pod-identity-webhook
  18. © 2020, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Amazon Confidential and Trademark – @christoph_k ALB Ingress Controller AWS Resources Kubernetes Cluster Node Node Kubernetes API Server ALB Ingress Controller Node HTTPS Listener HTTP Listener Rule: /recommend Rule: /cart TargetGroup (IP Mode) TargetGroup (Instance Mode) NodePort NodePort
  19. © 2020, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Amazon Confidential and Trademark – @christoph_k CloudWatch Container Insights
  20. © 2020, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Amazon Confidential and Trademark – @christoph_k Prometheus & Grafana Well-known open source monitoring & dashboarding Commonly used by our customers Long Term Storage Options Cortex -> DynamoDB / S3 Thanos -> S3 Install adapter to expose metrics to metrics-server https://github.com/DirectXMan12/k8s-prometheus-adapter
  21. © 2020, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Amazon Confidential and Trademark – @christoph_k Container Storage Interface (CSI) for EFS and EBS EBS • Static Provisioning / Dynamic Provisioning • Mount Option • Block Volume • Volume Snapshot • NVMe Integrated k8s support CSI Driver EFS NFS shared filesystem Shared mount Single or Multiple Container Support only via CSI driver https://github.com/kubernetes-sigs/aws-ebs-csi-driver https://github.com/kubernetes-sigs/aws-efs-csi-driver
  22. © 2020, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Amazon Confidential and Trademark – @christoph_k © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Resources
  23. © 2020, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Amazon Confidential and Trademark – @christoph_k Resources AWS Containers Blog - https://aws.amazon.com/blogs/containers/ Public Roadmap - https://github.com/aws/containers- roadmap/projects/1?card_filter_query=label%3Aeks Workshop - https://eksworkshop.com EKS Helm Charts - https://github.com/aws/eks-charts
  24. © 2020, Amazon Web Services, Inc. or its Affiliates. All

    rights reserved. Amazon Confidential and Trademark Thank You! Christoph Kassen Solutions Architect @christoph_k