Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AWSのマネージドサービスを活かした Kubernetes 運用とAmazon EKS によるクラスタのシングルテナント戦略について

foostan
June 13, 2019

AWSのマネージドサービスを活かした Kubernetes 運用とAmazon EKS によるクラスタのシングルテナント戦略について

foostan

June 13, 2019
Tweet

More Decks by foostan

Other Decks in Technology

Transcript

  1. GSFFFגࣜձࣾ 1
    "84ͷϚωʔδυαʔϏεΛ׆͔ͨ͠,VCFSOFUFTӡ༻ͱ
    "NB[PO&,4ʹΑΔΫϥελͷγϯάϧςφϯτઓུʹ͍ͭͯ
    AWS Summit Tokyo 2019

    View Slide

  2. 2
    w ೥݄dGSFFFʹೖࣾ
    w ೥݄d43&
    w ೥͙Β͍ϑϩϯτΤϯυͱαʔόαΠυͷ։ൃ
    w 43&ʹҠ͔ͬͯΒ&,4Ҡߦ΍ϚϧνΫϥελσϓϩΠπʔ
    ϧͷ։ൃͳͲ
    w झຯ
    w ࣗಈԽ
    w ࣗ࡞ΩʔϘʔυ
    Kosuke Adachi
    @foostan
    GSFFFגࣜձࣾ
    43&

    View Slide

  3. ࣭໰
    3

    View Slide

  4. ,Tຊ൪Ͱ࢖͍ͬͯΔΑ
    4

    View Slide

  5. &,4ຊ൪Ͱ࢖͍ͬͯΔΑ
    5

    View Slide

  6. 6
    ΠϯϑϥϦιʔεͷίʔυԽͱ
    ,VCFSOFUFTͷγϯάϧςφϯτԽͰαʔ
    Ϗεͷӡ༻ίετΛ෼ࢄͤ͞Δ
    ຊ೔͓࿩͢Δ͜ͱ

    View Slide

  7. ຊ೔͓࿩͢Δ͜ͱ
    7
    αʔϏεن໛͕֦େɺαʔϏε਺͕૿Ճɺ։ൃऀ͕૿Ճ
    w ڧ͍ݖݶΛ͍࣋ͬͯΔͷͰԿͰ΋԰ʹͳΓ͕ͪ
    w 43&ʹ໰͍߹Θ͕ͤूத
    w ໨ઌͷλεΫʹ௥ΘΕΔ೔ʑ
    w 43&ͷਓ਺͸ͳ͔ͳ͔૿͑ͳ͍
    43&͕ϘτϧωοΫʹ
    ։ൃऀνʔϜʹαʔϏεͷ
    ӡ༻Λ͓·͔ͤ͢Δ
    αʔϏεͷӡ༻ίετΛ෼ࢄͤ͞Δʁ

    View Slide

  8. 8
    w Πϯϑϥߏங
    w ,VCFSOFUFTΫϥελߏங
    w ΞϓϦέʔγϣϯσϓϩΠ
    w αʔϏε؂ࢹ
    w ΞϥʔτରԠ
    ͳͲɺجຊతʹαʔϏεӡ༻ʹඞཁͳ͜ͱ͢΂ͯ
    ։ൃνʔϜ͚ͩͰαʔϏεӡ༻ͷຆͲΛ·͔
    ͳ͑ΔΑ͏ͳج൫ͮ͘ΓΛ43&͕ߦ͏
    ຊ೔͓࿩͢Δ͜ͱ
    ͓·͔ͤ͢Δ಺༰

    View Slide

  9. 9
    0WFSWJFX
    ɹɹγϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ
    ɹɹΠϯϑϥϦιʔεͷίʔυԽ
    ɹɹGSFFFʹ͍ͭͯ
    ɹɹ&,4ΛϚωʔδυαʔϏεͱ૊Έ߹ΘͤͯΫϥελͷӡ༻ίετΛ཈͑Δ
    ɹɹϚϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

    View Slide

  10. 10
    01 GSFFFʹ͍ͭͯ
    Section

    View Slide

  11. 11
    εϞʔϧϏδωεΛɺ
    ੈքͷओ໾ʹɻ
    .*44*0/
    ੜ࢈೥ྸਓޱ͕ܶతʹݮগ͠ɺຫੑతͳਓखෆ଍ͱͳΔ೔ຊ
    Ͱ࿑ಇੜ࢈ੑ޲্͸ۓٸͷ՝୊ͱͳ͍ͬͯ·͢
    freee͸ʮਓ޻஌ೳʯͱʮ౷߹جװۀ຿γεςϜʯΛΫϥ΢υ
    ٕज़Λ׆༻͠ɺۀ຿ޮ཰ԽͷαϙʔτΛଓ͚Δ͜ͱͰɺதݎத
    খاۀͷόοΫΦϑΟεۀ຿ޮ཰ԽΛ໨ࢦ͍ͯ͠·͢
    GSFFFʹ͍ͭͯ

    View Slide

  12. 12
    PRODUCTS
    ͦͷଞΠϯλʔφϧͳ
    ϚΠΫϩαʔϏεଟ਺
    GSFFFʹ͍ͭͯ

    View Slide

  13. 13
    w ਓҎ্ɺνʔϜdਓఔ౓
    w νʔϜͰෳ਺ͷαʔϏεΛ݉೚͢Δ͜ͱ͕ଟ͍
    w αʔϏεͷن໛ʹΑͬͯ͸ෳ਺ͷνʔϜͰ։ൃ͢Δ͜ͱ΋͋Δ
    Dev A Dev B Dev C
    αʔϏεA
    αʔϏ
    εB
    Dev D Dev E
    αʔϏεC
    αʔϏ
    εD
    Dev F
    αʔϏεE
    Dev G Dev H
    αʔϏ
    εG
    αʔϏ
    εH
    αʔϏ
    εF
    SRE
    GSFFFͷ։ൃνʔϜ
    GSFFFʹ͍ͭͯ

    View Slide

  14. 14
    Dev A Dev B Dev C
    αʔϏεA
    αʔϏ
    εB
    Dev D Dev E
    αʔϏεC
    αʔϏ
    εD
    Dev F
    αʔϏεE
    Dev G Dev H
    αʔϏ
    εG
    αʔϏ
    εH
    αʔϏ
    εF
    SRE
    w ਓ
    w ͢΂ͯͷϓϩμΫταʔϏεͷΠϯϑϥΛࢧ͑ΔԣஅతͳνʔϜ
    w αʔϏεͷՁ஋ΛϢʔβʔʹಧ͚ΔͨΊʹɺ҆ఆͨ͠ΠϯϑϥΛ
    ఏڙ͠ଓ͚Δͷ͕ϛογϣϯ
    GSFFFͷ43&νʔϜ
    GSFFFʹ͍ͭͯ

    View Slide

  15. 15
    *10४උɾ੒௕اۀ΁ͷಋೖ͕Ճ଎
    41%
    ࢿۚௐୡ5PQࣾͷ
    GSFFFಋೖ཰
    ※ ग़యɿentrepedia ϕϯνϟʔϦετ
    ※ ࢿۚௐୡֹTOP100ࣾɿ௚ۙ1೥Ͱ1ԯԁҎ্ͷࢿۚௐୡΛͨ͠اۀΛର৅ʹௐࠪ
    GSFFFʹ͍ͭͯ

    View Slide

  16. 16
    40$อূ

    ্৔اۀ͕ࣗࣾͷࡒ຿ใࠂ͕͖ͪΜͱ͍ͯ͠Δ͜ͱΛอূ͢Δ΋ͷ

    GSFFF ձܭιϑτ
    Λར༻͢Δ৔߹ɺGSFFF΋؂ࠪͷର৅ʹͳΔ

    40$Λऔಘ͍ͯ͠Ε͹GSFFF͕40$อূ͕ຬͨ͞Ε͍ͯΔͱೝΊΒΕΔ
    ૬ԠͷηΩϡϦςΟରࡦ͕ඞཁ
    GSFFFʹ͍ͭͯ
    डୗۀ຿ʹ܎Δ಺෦౷੍ͷอূใࠂॻ
    40$5ZQFใࠂॻ
    Λडྖ
    ྫ͑͹%#ʹ௚઀ΞΫηε͢Δ৔߹

    ೝূɺೝՄɺཤྺ؅ཧ͕ඞཁ
    &$Πϯελϯε౳͔ΒͷΞΫηε΋
    4FDVSJUZ(SPVQͳͲͰ໌֬ʹݖݶ؅
    ཧͰ͖͍ͯΔ͜ͱ͕๬·͍͠

    View Slide

  17. 17
    02 ΠϯϑϥϦιʔεͷίʔυԽ
    Section

    View Slide

  18. 43&ͱ։ൃνʔϜͷ໾ׂ
    18
    ͱ͋Δ৽نϓϩμΫτΛϦϦʔε͢Δͱͯ͠
    Product A
    SRE
    ΠϯϑϥϦιʔεͷίʔυԽ
    w ωοτϫʔΫ੔උ

    View Slide

  19. 43&ͱ։ൃνʔϜͷ໾ׂ
    19
    ͱ͋Δ৽نϓϩμΫτΛϦϦʔε͢Δͱͯ͠
    Product A
    SRE
    ΠϯϑϥϦιʔεͷίʔυԽ
    w ωοτϫʔΫ੔උ
    w -#௥Ճ
    SG
    ALB

    View Slide

  20. 43&ͱ։ൃνʔϜͷ໾ׂ
    20
    ͱ͋Δ৽نϓϩμΫτΛϦϦʔε͢Δͱͯ͠
    Product A
    SRE
    ΠϯϑϥϦιʔεͷίʔυԽ
    w ωοτϫʔΫ੔උ
    w -#௥Ճ
    w "VUP4DBMJOH(SPVQ
    ௥Ճ
    SG
    ALB
    SG
    Kubernetes
    AutoScalingGroup

    View Slide

  21. σϓϩΠδϣϒ
    43&ͱ։ൃνʔϜͷ໾ׂ
    21
    ͱ͋Δ৽نϓϩμΫτΛϦϦʔε͢Δͱͯ͠
    Product A
    SRE
    ΠϯϑϥϦιʔεͷίʔυԽ
    w ωοτϫʔΫ੔උ
    w -#௥Ճ
    w "VUP4DBMJOH(SPVQ
    ௥Ճ
    w σϓϩΠ؀ڥ੔උ
    SG
    ALB
    SG
    Kubernetes
    AutoScalingGroup

    View Slide

  22. σϓϩΠδϣϒ
    43&ͱ։ൃνʔϜͷ໾ׂ
    22
    ͱ͋Δ৽نϓϩμΫτΛϦϦʔε͢Δͱͯ͠
    Product A
    SRE
    ΠϯϑϥϦιʔεͷίʔυԽ
    w ωοτϫʔΫ੔උ
    w -#௥Ճ
    w "VUP4DBMJOH(SPVQ
    ௥Ճ
    w σϓϩΠ؀ڥ੔උ
    w %#௥Ճ
    SG
    ALB
    SG
    Kubernetes
    SG RDS
    AutoScalingGroup

    View Slide

  23. σϓϩΠδϣϒ
    43&ͱ։ൃνʔϜͷ໾ׂ
    23
    ͱ͋Δ৽نϓϩμΫτΛϦϦʔε͢Δͱͯ͠
    Product A
    SRE
    ΠϯϑϥϦιʔεͷίʔυԽ
    w ωοτϫʔΫ੔උ
    w -#௥Ճ
    w "VUP4DBMJOH(SPVQ
    ௥Ճ
    w σϓϩΠ؀ڥ੔උ
    w %#௥Ճ
    w 3PVUFొ࿥
    SG
    ALB
    SG
    Kubernetes
    SG RDS
    AutoScalingGroup

    View Slide

  24. σϓϩΠδϣϒ
    43&ͱ։ൃνʔϜͷ໾ׂ
    24
    ͱ͋Δ৽نϓϩμΫτΛϦϦʔε͢Δͱͯ͠
    Product A
    SRE
    ΠϯϑϥϦιʔεͷίʔυԽ
    w ωοτϫʔΫ੔උ
    w -#௥Ճ
    w "VUP4DBMJOH(SPVQ
    ௥Ճ
    w σϓϩΠ؀ڥ੔උ
    w %#௥Ճ
    w 3PVUFొ࿥
    w ηΩϡϦςΟ֬อ
    SG
    ALB
    SG
    Kubernetes
    SG RDS
    AutoScalingGroup

    View Slide

  25. σϓϩΠδϣϒ
    43&ͱ։ൃνʔϜͷ໾ׂ
    25
    ͱ͋Δ৽نϓϩμΫτΛϦϦʔε͢Δͱͯ͠
    Product A
    SRE
    ΠϯϑϥϦιʔεͷίʔυԽ
    w ωοτϫʔΫ੔උ
    w -#௥Ճ
    w "VUP4DBMJOH(SPVQ
    ௥Ճ
    w σϓϩΠ؀ڥ੔උ
    w %#௥Ճ
    w 3PVUFొ࿥
    w ηΩϡϦςΟ֬อ
    w *".ϩʔϧ௥Ճ
    SG
    ALB
    SG
    Kubernetes
    SG RDS
    AutoScalingGroup

    View Slide

  26. σϓϩΠδϣϒ
    43&ͱ։ൃνʔϜͷ໾ׂ
    26
    ͱ͋Δ৽نϓϩμΫτΛϦϦʔε͢Δͱͯ͠
    Product A
    SRE
    ΠϯϑϥϦιʔεͷίʔυԽ
    w ωοτϫʔΫ੔උ
    w -#௥Ճ
    w "VUP4DBMJOH(SPVQ
    ௥Ճ
    w σϓϩΠ؀ڥ੔උ
    w %#௥Ճ
    w 3PVUFొ࿥
    w ηΩϡϦςΟ֬อ
    w *".ϩʔϧ௥Ճ
    SG
    ALB
    SG
    Kubernetes
    SG RDS
    AutoScalingGroup
    Developers
    w ΞϓϦέʔγϣϯ։ൃ

    View Slide

  27. σϓϩΠδϣϒ
    43&ͱ։ൃνʔϜͷ໾ׂ
    27
    ͱ͋Δ৽نϓϩμΫτΛϦϦʔε͢Δͱͯ͠
    Product A
    SRE
    ΠϯϑϥϦιʔεͷίʔυԽ
    w ωοτϫʔΫ੔උ
    w -#௥Ճ
    w "VUP4DBMJOH(SPVQ
    ௥Ճ
    w σϓϩΠ؀ڥ੔උ
    w %#௥Ճ
    w 3PVUFొ࿥
    w ηΩϡϦςΟ֬อ
    w *".ϩʔϧ௥Ճ
    SG
    ALB
    SG
    Kubernetes
    SG RDS
    AutoScalingGroup
    Developers
    w ΞϓϦέʔγϣϯ։ൃ
    w ΞϓϦέʔγϣϯσϓ
    ϩΠ

    View Slide

  28. ϓϩμΫτ αʔϏε
    ͸ϦϦʔεͯ͠ऴΘΓͰ͸ͳ͍
    28
    ຊ൪͸͔͜͜Β

    View Slide

  29. σϓϩΠδϣϒ
    43&ͱ։ൃνʔϜͷ໾ׂ
    29
    ӡ༻ϑΣʔζͰ͸໰͍߹Θͤ͸43&ʹू·Γ͕ͪ
    Product A
    ΠϯϑϥϦιʔεͷίʔυԽ
    SG
    ALB
    SG
    Kubernetes
    SG RDS
    AutoScalingGroup
    SRE
    Developers
    σϓϩΠࣦഊ͠·ͨ͠

    View Slide

  30. σϓϩΠδϣϒ
    43&ͱ։ൃνʔϜͷ໾ׂ
    30
    ӡ༻ϑΣʔζͰ͸໰͍߹Θͤ͸43&ʹू·Γ͕ͪ
    Product A
    ΠϯϑϥϦιʔεͷίʔυԽ
    SG
    ALB
    SG
    Kubernetes
    SG RDS
    AutoScalingGroup
    SRE
    Developers
    αʔϏε͕མͪ·ͨ͠

    σϓϩΠࣦഊ͠·ͨ͠

    View Slide

  31. σϓϩΠδϣϒ
    43&ͱ։ൃνʔϜͷ໾ׂ
    31
    ӡ༻ϑΣʔζͰ͸໰͍߹Θͤ͸43&ʹू·Γ͕ͪ
    Product A
    ΠϯϑϥϦιʔεͷίʔυԽ
    SG
    ALB
    SG
    Kubernetes
    SG RDS
    AutoScalingGroup
    SRE
    Developers
    ΞΫηε਺૿Ճͯ͠
    ͞͹͖͖Ε·ͤΜ

    σϓϩΠࣦഊ͠·ͨ͠
    αʔϏε͕མͪ·ͨ͠

    View Slide

  32. σϓϩΠδϣϒ
    43&ͱ։ൃνʔϜͷ໾ׂ
    32
    ӡ༻ϑΣʔζͰ͸໰͍߹Θͤ͸43&ʹू·Γ͕ͪ
    Product A
    ΠϯϑϥϦιʔεͷίʔυԽ
    SG
    ALB
    SG
    Kubernetes
    SG RDS
    AutoScalingGroup
    SRE
    Developers
    %#ͷ*014ߴ͍Ͱ͢ɺ

    ଱͑ΒΕ·ͤΜ

    σϓϩΠࣦഊ͠·ͨ͠
    αʔϏε͕མͪ·ͨ͠
    ΞΫηε਺૿Ճͯ͠͞͹͖͖Ε·ͤΜ

    View Slide

  33. σϓϩΠδϣϒ
    43&ͱ։ൃνʔϜͷ໾ׂ
    33
    ӡ༻ϑΣʔζͰ͸໰͍߹Θͤ͸43&ʹू·Γ͕ͪ
    ΠϯϑϥϦιʔεͷίʔυԽ
    SRE
    Developers
    αʔϏε͕૿͑·ͨ͠
    σϓϩΠࣦഊ͠·ͨ͠
    αʔϏε͕མͪ·ͨ͠
    ΞΫηε਺૿Ճͯ͠͞͹͖͖Ε·ͤΜ
    Product A
    SG
    ALB
    SG
    Kubernetes
    SG RDS
    AutoScalingGroup
    ProductB
    SG
    ALB
    SG
    Kubernetes
    SG RDS
    AutoScalingGroup

    View Slide

  34. σϓϩΠ
    δϣϒ
    43&ͱ։ൃνʔϜͷ໾ׂ
    34
    ӡ༻ϑΣʔζͰ͸໰͍߹Θͤ͸43&ʹू·Γ͕ͪ
    Product A
    ΠϯϑϥϦιʔεͷίʔυԽ
    SG
    ALB
    SG
    SG RDS
    SRE
    Developers
    αʔϏε͕૿͑·ͨ͠
    σϓϩΠࣦഊ͠·ͨ͠
    αʔϏε͕མͪ·ͨ͠
    ΞΫηε਺૿Ճͯ͠͞͹͖͖Ε·ͤΜ
    αʔϏε͕૿͑·ͨ͠
    Product B
    SG
    ALB
    SG
    SG RDS
    Product C
    SG
    ALB
    SG
    SG RDS

    View Slide

  35. σϓϩΠ
    δϣϒ
    43&ͱ։ൃνʔϜͷ໾ׂ
    35
    ӡ༻ϑΣʔζͰ͸໰͍߹Θͤ͸43&ʹू·Γ͕ͪ
    A
    ΠϯϑϥϦιʔεͷίʔυԽ
    SG
    ALB
    SG
    SG
    RDS
    SRE
    Developers
    αʔϏε͕૿͑·ͨ͠
    σϓϩΠࣦഊ͠·ͨ͠
    αʔϏε͕མͪ·ͨ͠
    ΞΫηε਺૿Ճͯ͠͞͹͖͖Ε·ͤΜ
    αʔϏε͕૿͑·ͨ͠
    αʔϏε͕૿͑·ͨ͠
    B
    SG
    ALB
    SG
    SG
    RDS
    C
    SG
    ALB
    SG
    SG
    RDS
    D
    SG
    ALB
    SG
    SG
    RDS
    E
    SG
    ALB
    SG
    SG
    RDS

    View Slide

  36. 36
    w αʔϏε͕૿͑Δʹैͬͯ43&΁ͷґཔ݅਺΋૿Ճ
    w ։ൃऀͷํ͕ѹ౗తʹଟ͍ͷͰɺ43&͕ϘτϧωοΫʹ
    w ԿͰ΋԰ʹͳΓ͕ͪͰɺ໨ઌͷλεΫʹ௥ΘΕΔ೔ʑ
    43&͕ϘτϧωοΫʹ
    ઃఆมߋ
    ґཔ
    Քಇ཰ͷ
    ୲อ
    ো֐ରԠ
    ؂ࢹ
    ෛՙରࡦ
    CI/CD੔උ
    EOL
    43&
    ߏ੒૬ஊ
    ΠϯϑϥϦιʔεͷίʔυԽ

    View Slide

  37. ϚΠΫϩαʔϏεԽͷྲྀΕ
    37
    ։ൃ૊৫ͷ֦େʹ൐͍ɺ͜Ε·Ͱͷ&$"VUP4DBMJOHͩͱਏ͘ͳ͖ͬͯͨ
    w ݴޠ΍ϑϨʔϜϫʔΫͷଟ༷Խ
    w ෳࡶԽ͢ΔσϓϩΠϑϩʔ
    w ґଘ͢ΔαʔϏεͷ૿Ճ
    w 43&ʹ໰͍߹Θ͕ͤ͞Βʹूத
    ΠϯϑϥϦιʔεͷίʔυԽ

    View Slide

  38. 38
    ͢΂ͯͷΞϓϦέʔγϣ
    ϯΛίϯςφԽ
    ຊ൪؀ڥͷίϯςφͷ
    ϥϯλΠϜͱͯ͠࠾༻
    "84ϦιʔεͷίʔυԽ
    GSFFFΛࢧ͑ΔΠϯϑϥܥπʔϧ
    ΠϯϑϥϦιʔεͷίʔυԽ

    View Slide

  39. 39
    ͢΂ͯͷΞϓϦέʔγϣϯΛίϯςφԽ
    ଟ༷Խ͢Δݴޠ΍ϑϨʔϜϫʔΫΛٵऩ
    ΠϯϑϥϦιʔεͷίʔυԽ

    View Slide

  40. σϓϩΠ
    δϣϒ
    40
    A
    ΠϯϑϥϦιʔεͷίʔυԽ
    SG
    ALB
    SG
    SG
    RDS
    B
    SG
    ALB
    SG
    SG
    RDS
    C
    SG
    ALB
    SG
    SG
    RDS
    D
    SG
    ALB
    SG
    SG
    RDS
    E
    SG
    ALB
    SG
    SG
    RDS
    ͢΂ͯͷΞϓϦέʔγϣϯΛίϯςφԽ

    View Slide

  41. σϓϩΠδϣϒ
    41
    A
    ΠϯϑϥϦιʔεͷίʔυԽ
    SG
    ALB
    SG
    SG
    RDS
    B
    SG
    ALB
    SG
    SG
    RDS
    C
    SG
    ALB
    SG
    SG
    RDS
    D
    SG
    ALB
    SG
    SG
    RDS
    E
    SG
    ALB
    SG
    SG
    RDS
    ECR
    ͢΂ͯͷΞϓϦέʔγϣϯΛίϯςφԽ
    ίϯςφʹٵऩ͞Εͯߟ͑ํ͕γϯϓϧʹ

    View Slide

  42. 42
    ΞϓϦέʔγϣϯͷಈ࡞؀ڥΛϚχϑΣετͱͯ͠ίʔυԽ
    એݴతʹσϓϩΠɺΦʔτεέʔϦϯάɺηϧϑώʔϦϯάΛ࣮ݱ
    ຊ൪؀ڥͷίϯςφͷϥϯλΠϜͱͯ͠࠾༻
    ΠϯϑϥϦιʔεͷίʔυԽ

    View Slide

  43. σϓϩΠδϣϒ
    43
    A
    ΠϯϑϥϦιʔεͷίʔυԽ
    SG
    ALB
    SG
    SG
    RDS
    B
    SG
    ALB
    SG
    SG
    RDS
    C
    SG
    ALB
    SG
    SG
    RDS
    D
    SG
    ALB
    SG
    SG
    RDS
    E
    SG
    ALB
    SG
    SG
    RDS
    ECR
    ίϯςφΛ,VCFSOFUFTͰಈ͔͢
    ΞϓϦέʔγϣϯͷߏ੒͕ίʔυԽ͞ΕΔ

    View Slide

  44. 44
    A
    ΠϯϑϥϦιʔεͷίʔυԽ
    SG
    ALB
    SG
    SG
    RDS
    B
    SG
    ALB
    SG
    SG
    RDS
    C
    SG
    ALB
    SG
    SG
    RDS
    D
    SG
    ALB
    SG
    SG
    RDS
    E
    SG
    ALB
    SG
    SG
    RDS
    ECR
    ίϯςφΛ,VCFSOFUFTͰಈ͔͢
    namespace namespace namespace namespace namespace
    pod
    pod
    pod
    pod
    pod Manifests
    Manifests
    ΞϓϦέʔγϣϯͷߏ੒͕ίʔυԽ͞ΕΔ

    View Slide

  45. 45
    એݴతʹ"84ͷϦιʔεΛ֬อ
    "84ϦιʔεͷίʔυԽ
    ΠϯϑϥϦιʔεͷίʔυԽ

    View Slide

  46. 46
    A
    ΠϯϑϥϦιʔεͷίʔυԽ
    SG
    ALB
    SG
    SG
    RDS
    B
    SG
    ALB
    SG
    SG
    RDS
    C
    SG
    ALB
    SG
    SG
    RDS
    D
    SG
    ALB
    SG
    SG
    RDS
    E
    SG
    ALB
    SG
    SG
    RDS
    એݴతʹ"84ϦιʔεΛ֬อ
    namespace namespace namespace namespace namespace
    pod
    pod
    pod
    pod
    pod
    SRE
    w ωοτϫʔΫ੔උ
    w -#௥Ճ
    w "VUP4DBMJOH(SPVQ
    ௥Ճ
    w σϓϩΠ؀ڥ੔උ
    w %#௥Ճ
    w 3PVUFొ࿥
    w ηΩϡϦςΟ֬อ
    w *".ϩʔϧ௥Ճ

    View Slide

  47. 47
    A
    ΠϯϑϥϦιʔεͷίʔυԽ
    SG
    ALB
    SG
    SG
    RDS
    B
    SG
    ALB
    SG
    SG
    RDS
    C
    SG
    ALB
    SG
    SG
    RDS
    D
    SG
    ALB
    SG
    SG
    RDS
    E
    SG
    ALB
    SG
    SG
    RDS
    એݴతʹ"84ϦιʔεΛ֬อ
    namespace namespace namespace namespace namespace
    pod
    pod
    pod
    pod
    pod
    Manifests
    TF Files
    "84Ϧιʔε͕ίʔυԽ͞ΕΔ

    View Slide

  48. ΠϯϑϥϦιʔε͕ίʔυԽ͞ΕΔͱ։ൃνʔϜͱ
    43&ͱͷίϛϡχέʔγϣϯํ๏͕มΘΔ
    48
    ΠϯϑϥϦιʔεͷίʔυԽ

    View Slide

  49. 49
    ΠϯϑϥϦιʔεͷίʔυԽ
    SRE
    Developers
    αʔϏε͕૿͑·ͨ͠
    ΠϯϑϥϦιʔε͕ίʔυԽ͞Ε͍ͯͳ͍ੈք
    Πϯϑϥͷߏஙʹ͸ڧ͍ݖݶ͕ඞཁ
    ݱঢ়ͷΠϯϑϥߏ੒Λཧղ͍ͯ͠ͳ͍
    ΠϯϑϥΛ৮Δͷ͸ͳΜͱͳ͘ා͍
    43&ʹ͓ئ͍͢Δ͔͠ͳ͍
    ͜ͷݴ༿ʹ͸ҎԼͷ಺༰ؚ͕·Ε͍ͯΔͷͰ͸ͳ͍͔

    View Slide

  50. 50
    ΠϯϑϥϦιʔεͷίʔυԽ
    SRE
    Developers
    ίʔυॻ͖·ͨ͠ʂ

    ϨϏϡʔ͓ئ͍͠·͢ʂ
    ΠϯϑϥϦιʔε͕ίʔυԽ͞Εͨੈք
    Πϯϑϥߏஙͷݖݶ͕༩͑ΒΕ͍ͯΔ
    ݱঢ়ͷΠϯϑϥߏ੒͸طଘͷίʔυ͔ΒಡΈऔΕΔ
    ΠϯϑϥΛ৮Δͷ͸·ͩා͍͚Ͳ43&ʹϨϏϡʔͯ͠΋Β͑Δ
    ։ൃνʔϜ͕ΠϯϑϥͷίʔυΛॻ͍ͯ43&͕ϨϏϡʔ͢Δ
    Manifests
    TF File

    View Slide

  51. ΠϯϑϥϦιʔε͕ίʔυԽ͞ΕΔͱ։ൃνʔϜͱ
    43&ͱͷίϛϡχέʔγϣϯํ๏͕มΘΔ
    51
    ΠϯϑϥϦιʔεͷίʔυԽ
    ։ൃऀνʔϜʹαʔϏεͷӡ༻Λ͓·͔ͤͰ͖Δ
    ͔΋͠Εͳ͍

    View Slide

  52. 52
    03 γϯάϧςφϯτͰݖݶΛ෼཭͠
    ͯΫϥελͷӡ༻Λ͓·͔ͤ͢Δ
    Section

    View Slide

  53. Ϛϧνςφϯτ͔γϯάϧςφϯτ͔
    53
    K8s cluster
    Product A
    Service A-1
    Service A-2
    Service A-3
    Product B
    Service B-1
    ServiceB-2
    Service B-3
    Product C
    Service C-1
    Service C-2
    Service C-3
    K8s cluster
    Product A
    Service A-1
    Service A-2
    Service A-3
    K8s cluster
    Product B
    Service B-1
    Service B-2
    Service B-3
    K8s cluster
    Product C
    Service C-1
    Service C-2
    Service C-3
    ϓϩμΫτ ෼཭͍ͨ͠ݖ
    ݶ
    ୯ҐͰ෼ׂͨ͠γϯά
    ϧςφϯτ
    γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ
    ͢΂ͯͷϓϩμΫτ͕ಈ͍͍ͯΔ
    Ϛϧνςφϯτ

    View Slide

  54. γϯάϧςφϯτͷϝϦοτ
    w #MBTUSBEJVT ো֐ͷӨڹൣғ
    ͕
    খ͍͞
    w ηΩϡϦςΟͷڥքઢͷ໌֬Խ
    w Ϋϥελશମʹؔ܎͢ΔΞοϓσʔ
    τ࡞ۀ͕͠΍͍͢
    γϯάϧςφϯτͷσϝϦοτ
    w ར༻ྉ͕ۚ૿͑Δ
    w ӡ༻ίετ͕૿͑Δ
    54
    ݖݶҠৡʹΑΓӡ༻ίετͷ
    ෼ࢄ͸Մೳ
    γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ
    Ϛϧνςφϯτ͔γϯάϧςφϯτ͔

    View Slide

  55. #MBTUSBEJVT ো֐ͷӨڹൣғ
    ͕খ͍͞
    55
    ϦεΫΛ෼ࢄ͠ɺ৺ཧత҆શੑΛߴΊΔ
    γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ

    View Slide

  56. K8s cluster
    Product A
    Service A-1
    Service A-2
    Service A-3
    Product B
    Service B-1
    ServiceB-2
    Service B-3
    Product C
    Service C-1
    Service C-2
    Service C-3
    K8sͷόά
    Φϖϛε
    શαʔϏεμ΢ϯͷةݥ
    w #MBTUSBEJVT ো֐ͷӨڹൣғ
    ͕େ͖͍
    w ӡ༻ͷ೉қ౓͕ߴ͍
    w νϟϨϯδͮ͠Β͍ۭؾ
    ϚϧνςφϯτͷϦεΫ
    56
    γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ

    View Slide

  57. γϯάϧςφϯτʹΑΔϦεΫͷܰݮ
    57
    K8s cluster
    Product A
    Service A-1
    Service A-2
    Service A-3
    K8s cluster
    Product B
    Service B-1
    Service B-2
    Service B-3
    K8s cluster
    Product C
    Service C-1
    Service C-2
    Service C-3
    K8sͷόά
    Φϖϛε
    Ұ෦ͷΈαʔϏεμ΢ϯ
    w #MBTUSBEJVT ো֐ͷӨڹൣғ
    ͕খ͍͞
    w ӡ༻ͷ೉қ౓͸Լ͕Δ
    w νϟϨϯδ͠΍͍ۭ͢ؾ
    w ৺ཧత҆શੑ͕ߴ͍
    γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ

    View Slide

  58. ηΩϡϦςΟͷڥքઢͷ໌֬Խ
    58
    ϓϩμΫτؒͷෆਖ਼ͳΞΫηεΛͲ͏๷͙͔
    γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ

    View Slide

  59. 59
    40$อূ

    ্৔اۀ͕ࣗࣾͷࡒ຿ใࠂ͕͖ͪΜͱ͍ͯ͠Δ͜ͱΛอূ͢Δ΋ͷ

    GSFFF ձܭιϑτ
    Λར༻͢Δ৔߹ɺGSFFF΋؂ࠪͷର৅ʹͳΔ

    40$Λऔಘ͍ͯ͠Ε͹GSFFF͕40$อূ͕ຬͨ͞Ε͍ͯΔͱೝΊΒΕΔ
    ૬ԠͷηΩϡϦςΟରࡦ͕ඞཁ
    ྫ͑͹%#ʹ௚઀ΞΫηε͢Δ৔߹

    ೝূɺೝՄɺཤྺ؅ཧ͕ඞཁ
    &$Πϯελϯε౳͔ΒͷΞΫηε΋
    4FDVSJUZ(SPVQͳͲͰ໌֬ʹݖݶ؅
    ཧͰ͖͍ͯΔ͜ͱ͕๬·͍͠
    <࠶ܝ>GSFFFʹ͍ͭͯ
    डୗۀ຿ʹ܎Δ಺෦౷੍ͷอূใࠂॻ
    40$5ZQFใࠂॻ
    Λडྖ

    View Slide

  60. Product B
    ϚϧνςφϯτͰڥքઢͷ໌֬Խ͸೉͍͠
    60
    Product A
    SG
    Kubernetes node
    Kubernetes node
    Service A-1
    Service B-2
    Service B-3
    Kubernetes node
    Kubernetes node
    Service B-1
    Service A-2
    Service A-3
    SG SG
    4FDVSJUZ(SPVQʹΑΔ෼ׂ͸ෆՄ
    *".ͱ,JBNͰ"84Ϧιʔε΁ͷ੍ޚ͸Մೳ
    3#"$Ͱ/BNFTQBDFؒͷΞΫηε੍ޚ͸Մೳ
    ͨͩ͠ϓϩμΫτؒͰ7.͸ڞ௨
    ˣ
    ϓϩμΫτ୯ҐͰ/PEF(SPVQΛ෼ׂ͢Ε͹ର
    ԠՄೳ͕ͩɺͦͷͨΊͷ࢓૊Έͮ͘Γ͕ඞཁ
    γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ

    View Slide

  61. Product B
    SG
    Product A
    SG
    Kubernetes node
    Kubernetes node
    Service A-1
    Service B-2
    Service B-3
    Kubernetes node
    Kubernetes node
    Service B-1
    Service A-2
    Service A-3
    SG SG
    ςφϯτ͸෼཭͍ͨ͠ݖݶ୯Ґʹͳ͍ͬͯΔ
    4FDVSJUZ(SPVQ͕ར༻Մೳ
    3#"$Λซ༻
    7.ϨϕϧͰ෼ׂ͞Ε͍ͯΔ
    ˣ
    ࠓ·Ͱӡ༻͖ͯͨ͠ ރΕͨ
    ߏ੒ͱ
    ҰॹͳͷͰѻ͍͕؆୯
    γϯάϧςφϯτͳΒڥքͷ໌֬Խ͸༰қ
    61
    γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ

    View Slide

  62. Ϋϥελશମʹؔ܎͢ΔΞοϓσʔτ࡞ۀ͕͠΍͍͢
    62
    w ,VCFSOFUFTΫϥελ͸සൟʹΞοϓάϨʔυ͕ඞཁ
    w ڞ௨෦෼Ͱར༻͍ͯ͠ΔπʔϧͷΞοϓσʔτ΋ඞཁ
    γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ

    View Slide

  63. 63
    γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ
    K8s cluster
    Product A
    Service A-1
    Service A-2
    Service A-3
    Product B
    Service B-1
    ServiceB-2
    Service B-3
    Product C
    Service C-1
    Service C-2
    Service C-3
    Developers A Developers B Developers C
    ӡ

    ӡ

    ӡ

    Ϛϧνςφϯτ͸Ϋϥελશମʹؔ܎͢Δ
    Ξοϓσʔτ࡞ۀ͕ͮ͠Β͍
    ڞ௨෦෼
    Product A
    SRE
    ΫϥελͷΞοϓ
    άϨʔυͳͲ
    w αʔϏεΛ͢΂ͯఀࢭͤ͞Δඞཁ͕͋Δ
    w ΞοϓάϨʔυʹࣦഊ͢ΔՄೳੑ͕͋Δ
    w ࣦഊͨ͠ͱ͖ͷϩʔϧόοΫͷίετ͕ߴ͍

    View Slide

  64. 64
    γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ
    Developers A Developers B Developers C
    ӡ

    ӡ

    ӡ

    γϯάϧςφϯτ͸Ϋϥελશମʹؔ܎͢Δ
    Ξοϓσʔτ࡞ۀ͕͠΍͍͢
    SRE
    ΫϥελͷΞοϓ
    άϨʔυͳͲ
    w αʔϏεͷఀࢭ͸࠷খݶ
    w ΞοϓάϨʔυʹࣦഊͯ͠΋࠷খݶ
    w ࣦഊͨ͠ͱ͖ͷϩʔϧόοΫͷίετ΋࠷খݶ
    K8s cluster
    Product A
    Service A-1
    Service A-2
    Service A-3
    K8s cluster
    Product B
    Service B-1
    Service B-2
    Service B-3
    K8s cluster
    Product C
    Service C-1
    Service C-2
    Service C-3

    View Slide

  65. γϯάϧςφϯτͷϝϦοτ
    w #MBTUSBEJVT ো֐ͷӨڹൣғ
    ͕খ͍͞
    w ηΩϡϦςΟͷڥքઢͷ໌֬Խ
    w Ϋϥελશମʹؔ܎͢ΔΞοϓσʔτ
    ࡞ۀ͕͠΍͍͢
    65
    γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ
    Ϋϥελͷӡ༻Λ͓·͔ͤ͢ΔͳΒγϯάϧςφϯτ͕Ϛον͢Δ

    View Slide

  66. 66
    ։ൃνʔϜ͕ΫϥελΛ
    ӡ༻͢Δͷ͸؆୯Ͱ͸ͳ͍
    ֤ΫϥελαʔϏεΛԣஅతʹ
    ໘౗ΛݟΔνʔϜΛઃஔ
    w 43&
    w ֤छΞοϓσʔτิॿɺΠϯγσϯτରԠิॿɺΫϥελ࡞੒ิॿɺπʔϧͷ
    ݕূ࡞੒ɺ044΁ͷίϛοτ
    w αʔϏεج൫
    w ڞ௨Ͱ࢖͏ϥΠϒϥϦΛ੔උ
    w ϚΠΫϩαʔϏεҕһձ 43&ͱαʔϏεج൫ΛؚΉ֤αʔϏε୲౰ऀͰߏ੒

    w ڞ௨ͷํ਑΍࢓༷ͷܾఆɺ৘ใڞ༗ɺԣల։
    γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ

    View Slide

  67. 67
    04
    &,4ΛϚωʔδυαʔϏεͱ૊Έ
    ߹ΘͤͯΫϥελͷӡ༻ίετΛ
    ཈͑Δ
    Section

    View Slide

  68. 68
    Product A
    SG
    SG
    SG
    Kubernetes
    node
    applications
    Product B
    SG
    SG
    SG
    Kubernetes
    node
    applications
    ,VCFSOFUFTʹͲ͜·Ͱ೚ͤΔʁ
    w "QQMJDBUJPO
    w %BUBCBTF
    w -PBE#BMBODFS
    w 4FDVSJUZ
    w "VUI
    &,4ΛϚωʔδυαʔϏεͱ૊Έ߹ΘͤͯΫϥελͷӡ༻ίετΛ཈͑Δ
    ALB
    RDS
    ALB
    RDS

    View Slide

  69. ,VCFSOFUFTͰͳΜͰ΋΍Ζ͏ͱ͠ͳ͍
    69
    ϚωʔδυαʔϏε͸ੵۃతʹར༻͠ɺ
    γεςϜʹ,VCFSOFUFT &,4
    Λ૊ΈࠐΉ
    ރΕͨӡ༻ϊ΢ϋ΢͸࠷େݶʹ׆͔͢
    &,4ΛϚωʔδυαʔϏεͱ૊Έ߹ΘͤͯΫϥελͷӡ༻ίετΛ཈͑Δ

    View Slide

  70. 70
    Product A
    SG
    SG
    SG
    Kubernetes
    node
    applications
    Product B
    SG
    SG
    SG
    Kubernetes
    node
    applications
    Product A
    SG
    Product B
    SG
    SG
    SG
    Kubernete
    s node
    SG
    SG
    Kubernete
    s node
    &,4ΛϚωʔδυαʔϏεͱ૊Έ߹ΘͤͯΫϥελͷӡ༻ίετΛ཈͑Δ
    ,VCFSOFUFT͸ΞϓϦέʔγϣϯΛಈ͔͢͜ͱ͚ͩ
    ʹར༻͢Δ
    ALB
    RDS
    ALB
    RDS
    ALB
    RDS
    ALB
    RDS

    View Slide

  71. &,4ΛϚωʔδυαʔϏεͱ૊Έ߹ΘͤͯΫϥελͷӡ༻ίετΛ཈͑Δ
    .BOBHFE,VCFSOFUFT4FSWJDF .BOBHFE$POUSPM1MBOF

    8PSLFS/PEFT͸&$Ͱಈ͕͘ࠓޙ'BSHBUFʹରԠ༧ఆ
    .BOHFE8PSLFS/PEFT΋ϩʔυϚοϓʹ͸ࡌ͍ͬͯΔͷͰ͍ͣΕରԠ͞ΕΔ͸ͣ
    "QQ.FTI΍$MPVE.BQʹ࿈ܞ

    View Slide

  72. 72
    Product A
    SG
    Product B
    SG
    SG
    SG
    Kubernete
    s node
    SG
    SG
    Kubernete
    s node
    ϚωʔδυαʔϏεͱ,VCFSOFUFTͷಘҙ෼໺͕
    ׆͖Δ
    એݴతσϓϩΠ
    ࣗಈ഑ஔ
    ηϧϑώʔϦϯά
    ΦʔτεέʔϦϯά
    Databases
    MySQL/Redis/
    ElasticSearch
    Load Balancer
    Application/Classic
    Load Balancer
    Security
    GuardDuty/IAM/
    WAF
    &,4ΛϚωʔδυαʔϏεͱ૊Έ߹ΘͤͯΫϥελͷӡ༻ίετΛ཈͑Δ
    ALB
    RDS
    ALB
    RDS

    View Slide

  73. 73
    Product A
    SG
    Product B
    SG
    SG
    SG
    Kubernete
    s node
    SG
    SG
    Kubernete
    s node
    ෦඼ͷަ׵Λ΍Γ΍͍͢ঢ়ଶʹอͭ
    ΑΓྑ͍΋ͷ͕ग़͖ͯͨͱ͖ʹͦΕΛऔΓࠐΈ΍͢
    ͍ঢ়ଶʹ͓ͯ͘͠
    "84"QQ.FTI *TUJP
    &,4PO'BSHBUF &$4PO'BSHBUF
    ,OBUJWF
    /FYUHFOFSBUJPO-# /FYUHFOFSBUJPO%#
    &,4ΛϚωʔδυαʔϏεͱ૊Έ߹ΘͤͯΫϥελͷӡ༻ίετΛ཈͑Δ
    ALB
    RDS
    ALB
    RDS

    View Slide

  74. 74
    05 Ϛϧνςφϯτ͔Βγϯάϧςφ
    ϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ
    Section

    View Slide

  75. GSFFFͰ,VCFSOFUFT͕ຊ൪ಋೖ͞Εͨͷ͸໿೥લ
    75
    w ৽͍͠ϚΠΫϩαʔϏε͕ग़͖ͯͨ͜ͱ͕͖͔͚ͬ
    w 5FSSBGPSNʹΑΔ"84ϦιʔεͷίʔυԽ͸Ұ෦ͰಋೖࡁΈ
    w ,VCFBXTΛ࠾༻
    w Ϛϧνςφϯτ
    Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

    View Slide

  76. &,45PLZP3FHJPO
    76
    w LVCFBXTͷΫϥελͷূ໌ॻ͕݄೔ʹ੾ΕΔ
    w ূ໌ॻͷೖΕସ͑͸ͪΐͬͱ໘౗ͰαʔϏεϝϯς͕ඞཁ
    w ΋͏&,4ʹҠߦͯ͠͠·͓͏ʂ
    Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

    View Slide

  77. &,4ҠߦϓϩδΣΫτ
    77
    w ݄Լ०ࠒ͔Βελʔτ
    w ݄೔·ͰʹશϓϩμΫτΛҠߦ͢Δ
    w γϯάϧςφϯτʹมߋ͢Δ
    w ඞཁͳ"84Ϧιʔε͸։ൃνʔϜओಋͰ༻ҙͯ͠΋Β͏
    w ,VCFSOFUFTΫϥελ΋։ൃνʔϜओಋͰߏஙͯ͠΋Β͏
    43&͔Β։ൃνʔϜ΁ݖݶҕৡΛՌͨ͠ɺ։ൃνʔϜʹαʔϏ
    εͷӡ༻Λ͓·͔ͤ͢Δ͜ͱ͕࠷େͷϛογϣϯ
    Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

    View Slide

  78. ϓϩδΣΫτͷن໛ײ
    78
    w LVCFBXTͰ΋ͱ΋ͱಈ͍͍ͯͨϓϩμΫτ਺
    w &,4ʹҠߦͨ͠ϓϩμΫτ਺ Ҡߦதʹͭ૿͑ͨ

    w Ϋϥελ૯਺ TUBHJOH؀ڥΛؚΉ

    w ؔΘͬͨਓ਺໿ਓ
    Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

    View Slide

  79. &,4ҠߦϓϩδΣΫτͰ׆༂ͨ͠πʔϧ
    79
    w 5FSSBGPSN
    w LVCFDUM
    w FLTDUM
    w IFMNIFMNGJMF
    w FLTDMTU
    Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

    View Slide

  80. 80
    5FSSBGPSN
    ඞཁͳAWSϦιʔε͸͢΂ͯTerraformͰ༻ҙ/SREͷϨϏϡʔΛܦͯApply
    Product A
    SG
    SG
    SG
    Kubernetes
    node
    Kubernetes node
    Service A-1
    Service A-2
    Service A-3
    Developers A
    PR
    apply
    SRE
    Review/Approve
    resource "aws_lb" "product-a-internal" {
    name = "product-a-internal"
    internal = true
    load_balancer_type = "application"
    security_groups = ["${var.lb_security_groups}"]
    subnets = ${var.subnets}
    ip_address_type = "ipv4"
    enable_deletion_protection = true
    }
    resource "aws_route53_record" "product-a-internal" {
    zone_id = "${var.route53_hosted_zone_id}"
    name = "${var.route53_dns_name}"
    type = "A"
    alias {
    name = "${aws_lb.product-a-internal.dns_name}"
    zone_id = "${aws_lb.product-a-internal.zone_id}"
    evaluate_target_health = true
    }
    }
    Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

    View Slide

  81. 81
    Product A
    SG
    SG
    SG
    Kubernetes
    node
    Kubernetes node
    Service A-1
    Service A-2
    Service A-3
    Developers A (Admin)
    IAM Role
    ops via kubectl
    assume role
    LVCFDUM
    RBAC with
    aws-auth
    aws-auth Λར༻ͯ͠ IAM Role ͱඥ෇͚ͯݖݶΛߜͬͯར༻
    apiVersion: v1
    kind: ConfigMap
    metadata:
    name: aws-auth
    namespace: kube-system
    data:
    mapRoles: |
    - rolearn: {{ .Values.rolearn }}
    username: system:node:{{`{{EC2PrivateDNSName}}`}}
    groups:
    - system:bootstrappers
    - system:nodes
    - rolearn: arn:aws:iam:::role/team-a-admin
    username: team-a-admin:{{`{{SessionName}}`}}
    groups:
    - system:masters
    - rolearn: arn:aws:iam:::role/team-a-readonly
    username: team-a-readonly:{{`{{SessionName}}`}}
    groups:
    - system:authenticated
    Developers A
    (ReadOnly)
    read only access
    Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

    View Slide

  82. 82
    FLTDUM
    Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ
    Product B
    SG
    SG
    SG
    Kubernetes
    node
    Kubernetes node
    Developers B
    eksctl create cluster
    PR
    Commands
    SRE
    Review/Approve
    apiVersion: eksctl.io/v1alpha5
    kind: ClusterConfig
    metadata:
    name: cluster-name
    region: ap-northeast-1
    version: "1.13"
    vpc:
    id: “*****”
    cidr: "10.0.0.0/16"
    subnets:
    private:
    ap-northeast-1a:
    id: “*****”
    ap-northeast-1c:
    id: “*****”
    cluster.yaml ͰΫϥελΛఆٛɺeksctl create cluster Ͱ࡞੒
    nodeGroups:
    - name: nodegroup1
    instanceType: r5.large
    desiredCapacity: 2
    availabilityZones:
    - ap-northeast-1a
    - ap-northeast-1c
    privateNetworking: true
    securityGroups:
    attachIDs:
    - ******
    iam:
    withAddonPolicies:
    imageBuilder: true
    autoScaler: true
    attachPolicyARNs:
    - arn:aws:iam::aws:policy/*****

    View Slide

  83. 83
    )FMN)FMNGJMFʹΑΔΞϓϦέʔγϣϯσϓϩΠ
    GitOps Ͱ KubernetesͷϚχϑΣετΛ҆શʹσϓϩΠ
    Product B
    SG
    SG
    SG
    Kubernetes
    node
    Kubernetes node
    Service B-1
    Service B-2
    Service B-3
    Team B
    helmfile sync
    PR
    Commands
    SRE
    Review/Approve
    environments:
    production:
    values:
    - production.yaml
    releases:
    - name: kube-state-metrics
    namespace: kube-system
    chart: stable/kube-state-metrics
    version: 0.13.0
    - name: metricbeat
    namespace: kube-system
    chart: stable/metricbeat
    version: 1.2.1
    values:
    - values.yaml.gotmpl
    w )FMN )FMN$IBSU

    w 5IF,VCFSOFUFT1BDLBHF
    .BOBHFS
    w ϚχϑΣετΛύοέʔδԽ
    w Α͋͘ΔπʔϧͷςϯϓϨ
    w )FMNGJMF
    w )FMN$IBSUͷґଘؔ܎ΛϑΝ
    ΠϧͰϑΝΠϧͰఆٛ
    w IFMNGJMFTZOD
    w IFMNGJMFEJGG
    w IFMNGJMFEFMFUF
    Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

    View Slide

  84. 84
    Templates
    Manifests
    FLTDMTUʹΑΔΫϥελͷςϯϓϨԽ
    Α͋͘Δߏ੒ͷΫϥελςϯϓϨԽ͠ɺΫϥελͷ࡞੒/ෳ੡Λ༰қʹ͢Δ
    New Product
    SG
    Kubernetes
    node
    Kubernetes node
    cluster-autoscaler
    Metricbeat
    Filebeat
    New Developers
    eksctl

    create cluster
    PR
    Commands
    Manifests
    eksclst init
    Templates
    cluster.yaml

    helmfile.yaml
    aws-auth.yaml ͳͲ
    helmfile sync
    w ΫϥελΛྔ࢈͢Δ಺੡πʔϧ
    w DMVTUFSZBNM
    w BXTBVUIZBNM
    w NFUSJDCFBUGJMFCFBU
    w ͳͲɺҰ͔Βॻ͘ίετΛ࡟ݮ͢Δ
    ͨΊʹςϯϓϨΛ༻ҙ
    Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

    View Slide

  85. New Product A
    Ҡߦ࡞ۀ
    85
    Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ
    Product A
    Product A
    SG
    SG
    SG
    Kubernetes
    node
    Kubernetes node
    Service B-1
    Service B-2
    Service B-3 SG
    Kubernetes
    node
    Kubernetes node
    Service B-1
    Service B-2
    Service B-3
    Kube-aws্ͷϓϩμΫτ
    (࣮ࡍ͸Ϛϧνςφϯτ)
    EKS্ͷϓϩμΫτ
    Weighted Routing
    80% 20%
    w ಉ͡ߏ੒ͷΫϥελΛ༻ҙ
    w "84Ϧιʔε͸ڞ༗Ͱ͖Δ΋ͷ͸ڞ
    ༗͢Δ %#͸ඞਢ

    w 3PVUFͷ8FJHIUFE3PVUJOHΛར
    ༻ͯ͠ঃʑʹϦΫΤετΛྲྀ͠ࠐΉ
    w αʔϏεʹΑͬͯ͸3PVUFͰ͸ͳ
    ͘-#Λڞ௨Խͯ͠ɺ,VCFSOFUFT
    OPEFΛࠩ͠ସ͑Δํ๏Λ࢖༻
    w ϊʔϝϯςͰ੾Γସ͑

    View Slide

  86. ϓϩδΣΫτ੒ޭͷཁҼ
    86
    w ؔΘͬͨ։ൃνʔϜͷ,VCFSOFUFT΁ͷҙཉ͕ߴ͍
    w υΩϡϝϯτΛօͰฤू͠ͳ͕Β ৘ใަ׵Λີʹ͠
    ͳ͕Β
    ਐΊͨ
    w ׬ᘳͰ͸ͳ͍υΩϡϝϯτ΋ϝϯόʔ͕ҙਤΛټΈ
    औͬͯཧղͯ͘͠Εͨ
    w ࠷ޙ·ͰϞνϕʔγϣϯ͕Լ͕Βͳ͔ͬͨ
    Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

    View Slide

  87. ·ͱΊ
    ΠϯϑϥϦιʔεͷίʔυԽͱ,VCFSOFUFTͷγϯά
    ϧςφϯτԽͰαʔϏεͷӡ༻ίετΛ෼ࢄͤ͞Δ
    w ΠϯϑϥϦιʔεͷίʔυԽ͸ඞਢ
    w Ϋϥελӡ༻Λ͓·͔ͤ͢Δʹ͸γϯάϧςφϯτ͕͓͢͢Ί
    w Ϋϥελࣗମͷӡ༻ίετΛ཈͑Δʹ͸ϚωʔδυαʔϏεΛ͏·͘࢖͏
    w ։ൃνʔϜʹ,VCFSOFUFTʹର͢Δߴ͍ҙཉ͕͋Δ͜ͱ͕ॏཁ
    87
    νʔϜͷߏ੒΍ਓ਺ʹΑͬͯ͜ͷํ๏͕Ϛον͢Δ͔ܾ·ΔͷͰ
    ৗʹͲ͏͢Δͷ͕ϕλʔͳͷ͔ߟ͑ͳ͕Βӡ༻͍ͯ͘͠ͷ͕ॏཁ

    View Slide

  88. 88
    ΞΠσΞ΍ύογϣϯ΍εΩϧ͕͋Ε͹ͩΕͰ΋ɺ
    ϏδωεΛڧ͘εϚʔτʹҭͯΒΕΔϓϥοτϑΥʔϜ
    εϞʔϧϏδωεΛɺੈքͷओ໾ʹɻ

    View Slide