Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AWSのマネージドサービスを活かした Kubernetes 運用とAmazon EKS によるクラスタのシングルテナント戦略について

foostan
June 13, 2019
Technology
3
1.9k

AWSのマネージドサービスを活かした Kubernetes 運用とAmazon EKS によるクラスタのシングルテナント戦略について

foostan

June 13, 2019
Tweet

More Decks by foostan

See All by foostan
Crafting the Endgame Keyboard
foostan
1
570
Merpay SRE Teamが目指すもの
foostan
0
36
キーボードは好きですか? / Do you like keyboards?
foostan
21
18k
kube-aws から EKS に移行した話
foostan
5
1.4k
freeeのクラウドサービス活用術とパフォーマンス改善活動のご紹介
foostan
0
11k
Digdag で CI ジョブを定義する
foostan
1
1.2k
グリーで行われている勉強会とその特徴 ✕ 勉強会を主催してみた話
foostan
0
140
Consulにコントリビュートした話
foostan
4
1.2k

Other Decks in Technology

See All in Technology
The CloudCompare project by Dr. Daniel Girardeau-Montaut
kentaitakura
0
520
本当のAWS基礎
toru_kubota
0
350
どうするコスト最適化のトレードオフ
tetsuyaooooo
1
400
WebアプリケーションにおけるPDOの使い方入門 / phpcon odawara 2024
meihei3
2
440
Azure犬駆動開発の記録/GlobalAzureFukuoka2024_20240420
nina01
1
160
Cloud Native Java with Spring Boot (CNCF Aarhus, April 2024)
thomasvitale
1
150
ワールドカフェI /チューターを改良する / World Café I and Improving the Tutors
ks91
PRO
0
110
推しは推せるときに推せ! プロダクトにフィードバックしていこう
nakasho
0
190
EMとして2023年度に頑張ったこと / What we did well in FY2023 as a EM
pauli
1
130
20240418_Google ColabにLLMが搭載されたようなのでPython x データ分析の勉強方法を考えてみる
doradora09
0
120
最近たまに見かけるTiDBってなんだ? - Findy
pingcap0315
2
730
オーナーシップを持つ領域を明確にする
konifar
13
3k

Featured

See All Featured
What's in a price? How to price your products and services
michaelherold
237
11k
A better future with KSS
kneath
231
16k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
6
990
Fashionably flexible responsive web design (full day workshop)
malarkey
397
65k
10 Git Anti Patterns You Should be Aware of
lemiorhan
646
58k
The Straight Up "How To Draw Better" Workshop
denniskardys
227
130k
Principles of Awesome APIs and How to Build Them.
keavy
120
16k
The Language of Interfaces
destraynor
151
23k
Gamification - CAS2011
davidbonilla
76
4.6k
Faster Mobile Websites
deanohume
297
30k
Web Components: a chance to create the future
zenorocha
305
41k
Being A Developer After 40
akosma
56
580k

Transcript

  1. GSFFFגࣜձࣾ 1 "84ͷϚωʔδυαʔϏεΛ׆͔ͨ͠,VCFSOFUFTӡ༻ͱ "NB[PO&,4ʹΑΔΫϥελͷγϯάϧςφϯτઓུʹ͍ͭͯ AWS Summit Tokyo 2019

  2. 2 w ೥݄dGSFFFʹೖࣾ w ೥݄d43& w ೥͙Β͍ϑϩϯτΤϯυͱαʔόαΠυͷ։ൃ w 43&ʹҠ͔ͬͯΒ&,4Ҡߦ΍ϚϧνΫϥελσϓϩΠπʔ ϧͷ։ൃͳͲ

    w झຯ w ࣗಈԽ w ࣗ࡞ΩʔϘʔυ Kosuke Adachi @foostan GSFFFגࣜձࣾ 43&

  3. ࣭໰ 3

  4. ,Tຊ൪Ͱ࢖͍ͬͯΔΑ 4

  5. &,4ຊ൪Ͱ࢖͍ͬͯΔΑ 5

  6. 6 ΠϯϑϥϦιʔεͷίʔυԽͱ ,VCFSOFUFTͷγϯάϧςφϯτԽͰαʔ Ϗεͷӡ༻ίετΛ෼ࢄͤ͞Δ ຊ೔͓࿩͢Δ͜ͱ

  7. ຊ೔͓࿩͢Δ͜ͱ 7 αʔϏεن໛͕֦େɺαʔϏε਺͕૿Ճɺ։ൃऀ͕૿Ճ w ڧ͍ݖݶΛ͍࣋ͬͯΔͷͰԿͰ΋԰ʹͳΓ͕ͪ w 43&ʹ໰͍߹Θ͕ͤूத w ໨ઌͷλεΫʹ௥ΘΕΔ೔ʑ w

    43&ͷਓ਺͸ͳ͔ͳ͔૿͑ͳ͍ 43&͕ϘτϧωοΫʹ ։ൃऀνʔϜʹαʔϏεͷ ӡ༻Λ͓·͔ͤ͢Δ αʔϏεͷӡ༻ίετΛ෼ࢄͤ͞Δʁ

  8. 8 w Πϯϑϥߏங w ,VCFSOFUFTΫϥελߏங w ΞϓϦέʔγϣϯσϓϩΠ w αʔϏε؂ࢹ w

    ΞϥʔτରԠ ͳͲɺجຊతʹαʔϏεӡ༻ʹඞཁͳ͜ͱ͢΂ͯ ։ൃνʔϜ͚ͩͰαʔϏεӡ༻ͷຆͲΛ·͔ ͳ͑ΔΑ͏ͳج൫ͮ͘ΓΛ43&͕ߦ͏ ຊ೔͓࿩͢Δ͜ͱ ͓·͔ͤ͢Δ಺༰

  9. 9 0WFSWJFX ɹɹγϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ ɹɹΠϯϑϥϦιʔεͷίʔυԽ ɹɹGSFFFʹ͍ͭͯ ɹɹ&,4ΛϚωʔδυαʔϏεͱ૊Έ߹ΘͤͯΫϥελͷӡ༻ίετΛ཈͑Δ ɹɹϚϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

  10. 10 01 GSFFFʹ͍ͭͯ Section

  11. 11 εϞʔϧϏδωεΛɺ ੈքͷओ໾ʹɻ .*44*0/ ੜ࢈೥ྸਓޱ͕ܶతʹݮগ͠ɺຫੑతͳਓखෆ଍ͱͳΔ೔ຊ Ͱ࿑ಇੜ࢈ੑ޲্͸ۓٸͷ՝୊ͱͳ͍ͬͯ·͢ freee͸ʮਓ޻஌ೳʯͱʮ౷߹جװۀ຿γεςϜʯΛΫϥ΢υ ٕज़Λ׆༻͠ɺۀ຿ޮ཰ԽͷαϙʔτΛଓ͚Δ͜ͱͰɺதݎத খاۀͷόοΫΦϑΟεۀ຿ޮ཰ԽΛ໨ࢦ͍ͯ͠·͢ GSFFFʹ͍ͭͯ

  12. 12 PRODUCTS ͦͷଞΠϯλʔφϧͳ ϚΠΫϩαʔϏεଟ਺ GSFFFʹ͍ͭͯ

  13. 13 w ਓҎ্ɺνʔϜdਓఔ౓ w νʔϜͰෳ਺ͷαʔϏεΛ݉೚͢Δ͜ͱ͕ଟ͍ w αʔϏεͷن໛ʹΑͬͯ͸ෳ਺ͷνʔϜͰ։ൃ͢Δ͜ͱ΋͋Δ Dev A Dev

    B Dev C αʔϏεA αʔϏ εB Dev D Dev E αʔϏεC αʔϏ εD Dev F αʔϏεE Dev G Dev H αʔϏ εG αʔϏ εH αʔϏ εF SRE GSFFFͷ։ൃνʔϜ GSFFFʹ͍ͭͯ

  14. 14 Dev A Dev B Dev C αʔϏεA αʔϏ εB

    Dev D Dev E αʔϏεC αʔϏ εD Dev F αʔϏεE Dev G Dev H αʔϏ εG αʔϏ εH αʔϏ εF SRE w ਓ w ͢΂ͯͷϓϩμΫταʔϏεͷΠϯϑϥΛࢧ͑ΔԣஅతͳνʔϜ w αʔϏεͷՁ஋ΛϢʔβʔʹಧ͚ΔͨΊʹɺ҆ఆͨ͠ΠϯϑϥΛ ఏڙ͠ଓ͚Δͷ͕ϛογϣϯ GSFFFͷ43&νʔϜ GSFFFʹ͍ͭͯ

  15. 15 *10४උɾ੒௕اۀ΁ͷಋೖ͕Ճ଎ 41% ࢿۚௐୡ5PQࣾͷ GSFFFಋೖ཰ ※ ग़యɿentrepedia ϕϯνϟʔϦετ ※ ࢿۚௐୡֹTOP100ࣾɿ௚ۙ1೥Ͱ1ԯԁҎ্ͷࢿۚௐୡΛͨ͠اۀΛର৅ʹௐࠪ

    GSFFFʹ͍ͭͯ

  16. 16 40$อূ
 ্৔اۀ͕ࣗࣾͷࡒ຿ใࠂ͕͖ͪΜͱ͍ͯ͠Δ͜ͱΛอূ͢Δ΋ͷ
 GSFFF ձܭιϑτ Λར༻͢Δ৔߹ɺGSFFF΋؂ࠪͷର৅ʹͳΔ
 40$Λऔಘ͍ͯ͠Ε͹GSFFF͕40$อূ͕ຬͨ͞Ε͍ͯΔͱೝΊΒΕΔ ૬ԠͷηΩϡϦςΟରࡦ͕ඞཁ GSFFFʹ͍ͭͯ डୗۀ຿ʹ܎Δ಺෦౷੍ͷอূใࠂॻ

    40$5ZQFใࠂॻ Λडྖ ྫ͑͹%#ʹ௚઀ΞΫηε͢Δ৔߹
 ೝূɺೝՄɺཤྺ؅ཧ͕ඞཁ &$Πϯελϯε౳͔ΒͷΞΫηε΋ 4FDVSJUZ(SPVQͳͲͰ໌֬ʹݖݶ؅ ཧͰ͖͍ͯΔ͜ͱ͕๬·͍͠

  17. 17 02 ΠϯϑϥϦιʔεͷίʔυԽ Section

  18. 43&ͱ։ൃνʔϜͷ໾ׂ 18 ͱ͋Δ৽نϓϩμΫτΛϦϦʔε͢Δͱͯ͠ Product A SRE ΠϯϑϥϦιʔεͷίʔυԽ w ωοτϫʔΫ੔උ

  19. 43&ͱ։ൃνʔϜͷ໾ׂ 19 ͱ͋Δ৽نϓϩμΫτΛϦϦʔε͢Δͱͯ͠ Product A SRE ΠϯϑϥϦιʔεͷίʔυԽ w ωοτϫʔΫ੔උ w

    -#௥Ճ SG ALB

  20. 43&ͱ։ൃνʔϜͷ໾ׂ 20 ͱ͋Δ৽نϓϩμΫτΛϦϦʔε͢Δͱͯ͠ Product A SRE ΠϯϑϥϦιʔεͷίʔυԽ w ωοτϫʔΫ੔උ w

    -#௥Ճ w "VUP4DBMJOH(SPVQ ௥Ճ SG ALB SG Kubernetes AutoScalingGroup

  21. σϓϩΠδϣϒ 43&ͱ։ൃνʔϜͷ໾ׂ 21 ͱ͋Δ৽نϓϩμΫτΛϦϦʔε͢Δͱͯ͠ Product A SRE ΠϯϑϥϦιʔεͷίʔυԽ w ωοτϫʔΫ੔උ

    w -#௥Ճ w "VUP4DBMJOH(SPVQ ௥Ճ w σϓϩΠ؀ڥ੔උ SG ALB SG Kubernetes AutoScalingGroup

  22. σϓϩΠδϣϒ 43&ͱ։ൃνʔϜͷ໾ׂ 22 ͱ͋Δ৽نϓϩμΫτΛϦϦʔε͢Δͱͯ͠ Product A SRE ΠϯϑϥϦιʔεͷίʔυԽ w ωοτϫʔΫ੔උ

    w -#௥Ճ w "VUP4DBMJOH(SPVQ ௥Ճ w σϓϩΠ؀ڥ੔උ w %#௥Ճ SG ALB SG Kubernetes SG RDS AutoScalingGroup

  23. σϓϩΠδϣϒ 43&ͱ։ൃνʔϜͷ໾ׂ 23 ͱ͋Δ৽نϓϩμΫτΛϦϦʔε͢Δͱͯ͠ Product A SRE ΠϯϑϥϦιʔεͷίʔυԽ w ωοτϫʔΫ੔උ

    w -#௥Ճ w "VUP4DBMJOH(SPVQ ௥Ճ w σϓϩΠ؀ڥ੔උ w %#௥Ճ w 3PVUFొ࿥ SG ALB SG Kubernetes SG RDS AutoScalingGroup

  24. σϓϩΠδϣϒ 43&ͱ։ൃνʔϜͷ໾ׂ 24 ͱ͋Δ৽نϓϩμΫτΛϦϦʔε͢Δͱͯ͠ Product A SRE ΠϯϑϥϦιʔεͷίʔυԽ w ωοτϫʔΫ੔උ

    w -#௥Ճ w "VUP4DBMJOH(SPVQ ௥Ճ w σϓϩΠ؀ڥ੔උ w %#௥Ճ w 3PVUFొ࿥ w ηΩϡϦςΟ֬อ SG ALB SG Kubernetes SG RDS AutoScalingGroup

  25. σϓϩΠδϣϒ 43&ͱ։ൃνʔϜͷ໾ׂ 25 ͱ͋Δ৽نϓϩμΫτΛϦϦʔε͢Δͱͯ͠ Product A SRE ΠϯϑϥϦιʔεͷίʔυԽ w ωοτϫʔΫ੔උ

    w -#௥Ճ w "VUP4DBMJOH(SPVQ ௥Ճ w σϓϩΠ؀ڥ੔උ w %#௥Ճ w 3PVUFొ࿥ w ηΩϡϦςΟ֬อ w *".ϩʔϧ௥Ճ SG ALB SG Kubernetes SG RDS AutoScalingGroup

  26. σϓϩΠδϣϒ 43&ͱ։ൃνʔϜͷ໾ׂ 26 ͱ͋Δ৽نϓϩμΫτΛϦϦʔε͢Δͱͯ͠ Product A SRE ΠϯϑϥϦιʔεͷίʔυԽ w ωοτϫʔΫ੔උ

    w -#௥Ճ w "VUP4DBMJOH(SPVQ ௥Ճ w σϓϩΠ؀ڥ੔උ w %#௥Ճ w 3PVUFొ࿥ w ηΩϡϦςΟ֬อ w *".ϩʔϧ௥Ճ SG ALB SG Kubernetes SG RDS AutoScalingGroup Developers w ΞϓϦέʔγϣϯ։ൃ

  27. σϓϩΠδϣϒ 43&ͱ։ൃνʔϜͷ໾ׂ 27 ͱ͋Δ৽نϓϩμΫτΛϦϦʔε͢Δͱͯ͠ Product A SRE ΠϯϑϥϦιʔεͷίʔυԽ w ωοτϫʔΫ੔උ

    w -#௥Ճ w "VUP4DBMJOH(SPVQ ௥Ճ w σϓϩΠ؀ڥ੔උ w %#௥Ճ w 3PVUFొ࿥ w ηΩϡϦςΟ֬อ w *".ϩʔϧ௥Ճ SG ALB SG Kubernetes SG RDS AutoScalingGroup Developers w ΞϓϦέʔγϣϯ։ൃ w ΞϓϦέʔγϣϯσϓ ϩΠ

  28. ϓϩμΫτ αʔϏε ͸ϦϦʔεͯ͠ऴΘΓͰ͸ͳ͍ 28 ຊ൪͸͔͜͜Β

  29. σϓϩΠδϣϒ 43&ͱ։ൃνʔϜͷ໾ׂ 29 ӡ༻ϑΣʔζͰ͸໰͍߹Θͤ͸43&ʹू·Γ͕ͪ Product A ΠϯϑϥϦιʔεͷίʔυԽ SG ALB SG

    Kubernetes SG RDS AutoScalingGroup SRE Developers σϓϩΠࣦഊ͠·ͨ͠ ☓

  30. σϓϩΠδϣϒ 43&ͱ։ൃνʔϜͷ໾ׂ 30 ӡ༻ϑΣʔζͰ͸໰͍߹Θͤ͸43&ʹू·Γ͕ͪ Product A ΠϯϑϥϦιʔεͷίʔυԽ SG ALB SG

    Kubernetes SG RDS AutoScalingGroup SRE Developers αʔϏε͕མͪ·ͨ͠ ☓ σϓϩΠࣦഊ͠·ͨ͠

  31. σϓϩΠδϣϒ 43&ͱ։ൃνʔϜͷ໾ׂ 31 ӡ༻ϑΣʔζͰ͸໰͍߹Θͤ͸43&ʹू·Γ͕ͪ Product A ΠϯϑϥϦιʔεͷίʔυԽ SG ALB SG

    Kubernetes SG RDS AutoScalingGroup SRE Developers ΞΫηε਺૿Ճͯ͠ ͞͹͖͖Ε·ͤΜ ☓ σϓϩΠࣦഊ͠·ͨ͠ αʔϏε͕མͪ·ͨ͠

  32. σϓϩΠδϣϒ 43&ͱ։ൃνʔϜͷ໾ׂ 32 ӡ༻ϑΣʔζͰ͸໰͍߹Θͤ͸43&ʹू·Γ͕ͪ Product A ΠϯϑϥϦιʔεͷίʔυԽ SG ALB SG

    Kubernetes SG RDS AutoScalingGroup SRE Developers %#ͷ*014ߴ͍Ͱ͢ɺ
 ଱͑ΒΕ·ͤΜ ☓ σϓϩΠࣦഊ͠·ͨ͠ αʔϏε͕མͪ·ͨ͠ ΞΫηε਺૿Ճͯ͠͞͹͖͖Ε·ͤΜ

  33. σϓϩΠδϣϒ 43&ͱ։ൃνʔϜͷ໾ׂ 33 ӡ༻ϑΣʔζͰ͸໰͍߹Θͤ͸43&ʹू·Γ͕ͪ ΠϯϑϥϦιʔεͷίʔυԽ SRE Developers αʔϏε͕૿͑·ͨ͠ σϓϩΠࣦഊ͠·ͨ͠ αʔϏε͕མͪ·ͨ͠

    ΞΫηε਺૿Ճͯ͠͞͹͖͖Ε·ͤΜ Product A SG ALB SG Kubernetes SG RDS AutoScalingGroup ProductB SG ALB SG Kubernetes SG RDS AutoScalingGroup

  34. σϓϩΠ δϣϒ 43&ͱ։ൃνʔϜͷ໾ׂ 34 ӡ༻ϑΣʔζͰ͸໰͍߹Θͤ͸43&ʹू·Γ͕ͪ Product A ΠϯϑϥϦιʔεͷίʔυԽ SG ALB

    SG SG RDS SRE Developers αʔϏε͕૿͑·ͨ͠ σϓϩΠࣦഊ͠·ͨ͠ αʔϏε͕མͪ·ͨ͠ ΞΫηε਺૿Ճͯ͠͞͹͖͖Ε·ͤΜ αʔϏε͕૿͑·ͨ͠ Product B SG ALB SG SG RDS Product C SG ALB SG SG RDS

  35. σϓϩΠ δϣϒ 43&ͱ։ൃνʔϜͷ໾ׂ 35 ӡ༻ϑΣʔζͰ͸໰͍߹Θͤ͸43&ʹू·Γ͕ͪ A ΠϯϑϥϦιʔεͷίʔυԽ SG ALB SG

    SG RDS SRE Developers αʔϏε͕૿͑·ͨ͠ σϓϩΠࣦഊ͠·ͨ͠ αʔϏε͕མͪ·ͨ͠ ΞΫηε਺૿Ճͯ͠͞͹͖͖Ε·ͤΜ αʔϏε͕૿͑·ͨ͠ αʔϏε͕૿͑·ͨ͠ B SG ALB SG SG RDS C SG ALB SG SG RDS D SG ALB SG SG RDS E SG ALB SG SG RDS

  36. 36 w αʔϏε͕૿͑Δʹैͬͯ43&΁ͷґཔ݅਺΋૿Ճ w ։ൃऀͷํ͕ѹ౗తʹଟ͍ͷͰɺ43&͕ϘτϧωοΫʹ w ԿͰ΋԰ʹͳΓ͕ͪͰɺ໨ઌͷλεΫʹ௥ΘΕΔ೔ʑ 43&͕ϘτϧωοΫʹ ઃఆมߋ ґཔ

    Քಇ཰ͷ ୲อ ো֐ରԠ ؂ࢹ ෛՙରࡦ CI/CD੔උ EOL 43& ߏ੒૬ஊ ΠϯϑϥϦιʔεͷίʔυԽ

  37. ϚΠΫϩαʔϏεԽͷྲྀΕ 37 ։ൃ૊৫ͷ֦େʹ൐͍ɺ͜Ε·Ͱͷ&$ "VUP4DBMJOHͩͱਏ͘ͳ͖ͬͯͨ w ݴޠ΍ϑϨʔϜϫʔΫͷଟ༷Խ w ෳࡶԽ͢ΔσϓϩΠϑϩʔ w ґଘ͢ΔαʔϏεͷ૿Ճ

    w 43&ʹ໰͍߹Θ͕ͤ͞Βʹूத ΠϯϑϥϦιʔεͷίʔυԽ

  38. 38 ͢΂ͯͷΞϓϦέʔγϣ ϯΛίϯςφԽ ຊ൪؀ڥͷίϯςφͷ ϥϯλΠϜͱͯ͠࠾༻ "84ϦιʔεͷίʔυԽ GSFFFΛࢧ͑ΔΠϯϑϥܥπʔϧ ΠϯϑϥϦιʔεͷίʔυԽ

  39. 39 ͢΂ͯͷΞϓϦέʔγϣϯΛίϯςφԽ ଟ༷Խ͢Δݴޠ΍ϑϨʔϜϫʔΫΛٵऩ ΠϯϑϥϦιʔεͷίʔυԽ

  40. σϓϩΠ δϣϒ 40 A ΠϯϑϥϦιʔεͷίʔυԽ SG ALB SG SG RDS

    B SG ALB SG SG RDS C SG ALB SG SG RDS D SG ALB SG SG RDS E SG ALB SG SG RDS ͢΂ͯͷΞϓϦέʔγϣϯΛίϯςφԽ

  41. σϓϩΠδϣϒ 41 A ΠϯϑϥϦιʔεͷίʔυԽ SG ALB SG SG RDS B

    SG ALB SG SG RDS C SG ALB SG SG RDS D SG ALB SG SG RDS E SG ALB SG SG RDS ECR ͢΂ͯͷΞϓϦέʔγϣϯΛίϯςφԽ ίϯςφʹٵऩ͞Εͯߟ͑ํ͕γϯϓϧʹ

  42. 42 ΞϓϦέʔγϣϯͷಈ࡞؀ڥΛϚχϑΣετͱͯ͠ίʔυԽ એݴతʹσϓϩΠɺΦʔτεέʔϦϯάɺηϧϑώʔϦϯάΛ࣮ݱ ຊ൪؀ڥͷίϯςφͷϥϯλΠϜͱͯ͠࠾༻ ΠϯϑϥϦιʔεͷίʔυԽ

  43. σϓϩΠδϣϒ 43 A ΠϯϑϥϦιʔεͷίʔυԽ SG ALB SG SG RDS B

    SG ALB SG SG RDS C SG ALB SG SG RDS D SG ALB SG SG RDS E SG ALB SG SG RDS ECR ίϯςφΛ,VCFSOFUFTͰಈ͔͢ ΞϓϦέʔγϣϯͷߏ੒͕ίʔυԽ͞ΕΔ

  44. 44 A ΠϯϑϥϦιʔεͷίʔυԽ SG ALB SG SG RDS B SG

    ALB SG SG RDS C SG ALB SG SG RDS D SG ALB SG SG RDS E SG ALB SG SG RDS ECR ίϯςφΛ,VCFSOFUFTͰಈ͔͢ namespace namespace namespace namespace namespace pod pod pod pod pod Manifests Manifests ΞϓϦέʔγϣϯͷߏ੒͕ίʔυԽ͞ΕΔ

  45. 45 એݴతʹ"84ͷϦιʔεΛ֬อ "84ϦιʔεͷίʔυԽ ΠϯϑϥϦιʔεͷίʔυԽ

  46. 46 A ΠϯϑϥϦιʔεͷίʔυԽ SG ALB SG SG RDS B SG

    ALB SG SG RDS C SG ALB SG SG RDS D SG ALB SG SG RDS E SG ALB SG SG RDS એݴతʹ"84ϦιʔεΛ֬อ namespace namespace namespace namespace namespace pod pod pod pod pod SRE w ωοτϫʔΫ੔උ w -#௥Ճ w "VUP4DBMJOH(SPVQ ௥Ճ w σϓϩΠ؀ڥ੔උ w %#௥Ճ w 3PVUFొ࿥ w ηΩϡϦςΟ֬อ w *".ϩʔϧ௥Ճ

  47. 47 A ΠϯϑϥϦιʔεͷίʔυԽ SG ALB SG SG RDS B SG

    ALB SG SG RDS C SG ALB SG SG RDS D SG ALB SG SG RDS E SG ALB SG SG RDS એݴతʹ"84ϦιʔεΛ֬อ namespace namespace namespace namespace namespace pod pod pod pod pod Manifests TF Files "84Ϧιʔε͕ίʔυԽ͞ΕΔ

  48. ΠϯϑϥϦιʔε͕ίʔυԽ͞ΕΔͱ։ൃνʔϜͱ 43&ͱͷίϛϡχέʔγϣϯํ๏͕มΘΔ 48 ΠϯϑϥϦιʔεͷίʔυԽ

  49. 49 ΠϯϑϥϦιʔεͷίʔυԽ SRE Developers αʔϏε͕૿͑·ͨ͠ ΠϯϑϥϦιʔε͕ίʔυԽ͞Ε͍ͯͳ͍ੈք Πϯϑϥͷߏஙʹ͸ڧ͍ݖݶ͕ඞཁ ݱঢ়ͷΠϯϑϥߏ੒Λཧղ͍ͯ͠ͳ͍ ΠϯϑϥΛ৮Δͷ͸ͳΜͱͳ͘ා͍ 43&ʹ͓ئ͍͢Δ͔͠ͳ͍

    ͜ͷݴ༿ʹ͸ҎԼͷ಺༰ؚ͕·Ε͍ͯΔͷͰ͸ͳ͍͔

  50. 50 ΠϯϑϥϦιʔεͷίʔυԽ SRE Developers ίʔυॻ͖·ͨ͠ʂ
 ϨϏϡʔ͓ئ͍͠·͢ʂ ΠϯϑϥϦιʔε͕ίʔυԽ͞Εͨੈք Πϯϑϥߏஙͷݖݶ͕༩͑ΒΕ͍ͯΔ ݱঢ়ͷΠϯϑϥߏ੒͸طଘͷίʔυ͔ΒಡΈऔΕΔ ΠϯϑϥΛ৮Δͷ͸·ͩා͍͚Ͳ43&ʹϨϏϡʔͯ͠΋Β͑Δ

    ։ൃνʔϜ͕ΠϯϑϥͷίʔυΛॻ͍ͯ43&͕ϨϏϡʔ͢Δ Manifests TF File

  51. ΠϯϑϥϦιʔε͕ίʔυԽ͞ΕΔͱ։ൃνʔϜͱ 43&ͱͷίϛϡχέʔγϣϯํ๏͕มΘΔ 51 ΠϯϑϥϦιʔεͷίʔυԽ ։ൃऀνʔϜʹαʔϏεͷӡ༻Λ͓·͔ͤͰ͖Δ ͔΋͠Εͳ͍

  52. 52 03 γϯάϧςφϯτͰݖݶΛ෼཭͠ ͯΫϥελͷӡ༻Λ͓·͔ͤ͢Δ Section

  53. Ϛϧνςφϯτ͔γϯάϧςφϯτ͔ 53 K8s cluster Product A Service A-1 Service A-2

    Service A-3 Product B Service B-1 ServiceB-2 Service B-3 Product C Service C-1 Service C-2 Service C-3 K8s cluster Product A Service A-1 Service A-2 Service A-3 K8s cluster Product B Service B-1 Service B-2 Service B-3 K8s cluster Product C Service C-1 Service C-2 Service C-3 ϓϩμΫτ ෼཭͍ͨ͠ݖ ݶ ୯ҐͰ෼ׂͨ͠γϯά ϧςφϯτ γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ ͢΂ͯͷϓϩμΫτ͕ಈ͍͍ͯΔ Ϛϧνςφϯτ

  54. γϯάϧςφϯτͷϝϦοτ w #MBTUSBEJVT ো֐ͷӨڹൣғ ͕ খ͍͞ w ηΩϡϦςΟͷڥքઢͷ໌֬Խ w Ϋϥελશମʹؔ܎͢ΔΞοϓσʔ

    τ࡞ۀ͕͠΍͍͢ γϯάϧςφϯτͷσϝϦοτ w ར༻ྉ͕ۚ૿͑Δ w ӡ༻ίετ͕૿͑Δ 54 ݖݶҠৡʹΑΓӡ༻ίετͷ ෼ࢄ͸Մೳ γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ Ϛϧνςφϯτ͔γϯάϧςφϯτ͔

  55. #MBTUSBEJVT ো֐ͷӨڹൣғ ͕খ͍͞ 55 ϦεΫΛ෼ࢄ͠ɺ৺ཧత҆શੑΛߴΊΔ γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ

  56. K8s cluster Product A Service A-1 Service A-2 Service A-3

    Product B Service B-1 ServiceB-2 Service B-3 Product C Service C-1 Service C-2 Service C-3 K8sͷόά Φϖϛε શαʔϏεμ΢ϯͷةݥ w #MBTUSBEJVT ো֐ͷӨڹൣғ ͕େ͖͍ w ӡ༻ͷ೉қ౓͕ߴ͍ w νϟϨϯδͮ͠Β͍ۭؾ ϚϧνςφϯτͷϦεΫ 56 γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ

  57. γϯάϧςφϯτʹΑΔϦεΫͷܰݮ 57 K8s cluster Product A Service A-1 Service A-2

    Service A-3 K8s cluster Product B Service B-1 Service B-2 Service B-3 K8s cluster Product C Service C-1 Service C-2 Service C-3 K8sͷόά Φϖϛε Ұ෦ͷΈαʔϏεμ΢ϯ w #MBTUSBEJVT ো֐ͷӨڹൣғ ͕খ͍͞ w ӡ༻ͷ೉қ౓͸Լ͕Δ w νϟϨϯδ͠΍͍ۭ͢ؾ w ৺ཧత҆શੑ͕ߴ͍ γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ

  58. ηΩϡϦςΟͷڥքઢͷ໌֬Խ 58 ϓϩμΫτؒͷෆਖ਼ͳΞΫηεΛͲ͏๷͙͔ γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ

  59. 59 40$อূ
 ্৔اۀ͕ࣗࣾͷࡒ຿ใࠂ͕͖ͪΜͱ͍ͯ͠Δ͜ͱΛอূ͢Δ΋ͷ
 GSFFF ձܭιϑτ Λར༻͢Δ৔߹ɺGSFFF΋؂ࠪͷର৅ʹͳΔ
 40$Λऔಘ͍ͯ͠Ε͹GSFFF͕40$อূ͕ຬͨ͞Ε͍ͯΔͱೝΊΒΕΔ ૬ԠͷηΩϡϦςΟରࡦ͕ඞཁ ྫ͑͹%#ʹ௚઀ΞΫηε͢Δ৔߹
 ೝূɺೝՄɺཤྺ؅ཧ͕ඞཁ

    &$Πϯελϯε౳͔ΒͷΞΫηε΋ 4FDVSJUZ(SPVQͳͲͰ໌֬ʹݖݶ؅ ཧͰ͖͍ͯΔ͜ͱ͕๬·͍͠ <࠶ܝ>GSFFFʹ͍ͭͯ डୗۀ຿ʹ܎Δ಺෦౷੍ͷอূใࠂॻ 40$5ZQFใࠂॻ Λडྖ

  60. Product B ϚϧνςφϯτͰڥքઢͷ໌֬Խ͸೉͍͠ 60 Product A SG Kubernetes node Kubernetes

    node Service A-1 Service B-2 Service B-3 Kubernetes node Kubernetes node Service B-1 Service A-2 Service A-3 SG SG 4FDVSJUZ(SPVQʹΑΔ෼ׂ͸ෆՄ *".ͱ,JBNͰ"84Ϧιʔε΁ͷ੍ޚ͸Մೳ 3#"$Ͱ/BNFTQBDFؒͷΞΫηε੍ޚ͸Մೳ ͨͩ͠ϓϩμΫτؒͰ7.͸ڞ௨ ˣ ϓϩμΫτ୯ҐͰ/PEF(SPVQΛ෼ׂ͢Ε͹ର ԠՄೳ͕ͩɺͦͷͨΊͷ࢓૊Έͮ͘Γ͕ඞཁ γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ

  61. Product B SG Product A SG Kubernetes node Kubernetes node

    Service A-1 Service B-2 Service B-3 Kubernetes node Kubernetes node Service B-1 Service A-2 Service A-3 SG SG ςφϯτ͸෼཭͍ͨ͠ݖݶ୯Ґʹͳ͍ͬͯΔ 4FDVSJUZ(SPVQ͕ར༻Մೳ 3#"$Λซ༻ 7.ϨϕϧͰ෼ׂ͞Ε͍ͯΔ ˣ ࠓ·Ͱӡ༻͖ͯͨ͠ ރΕͨ ߏ੒ͱ ҰॹͳͷͰѻ͍͕؆୯ γϯάϧςφϯτͳΒڥքͷ໌֬Խ͸༰қ 61 γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ

  62. Ϋϥελશମʹؔ܎͢ΔΞοϓσʔτ࡞ۀ͕͠΍͍͢ 62 w ,VCFSOFUFTΫϥελ͸සൟʹΞοϓάϨʔυ͕ඞཁ w ڞ௨෦෼Ͱར༻͍ͯ͠ΔπʔϧͷΞοϓσʔτ΋ඞཁ γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ

  63. 63 γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ K8s cluster Product A Service A-1 Service A-2

    Service A-3 Product B Service B-1 ServiceB-2 Service B-3 Product C Service C-1 Service C-2 Service C-3 Developers A Developers B Developers C ӡ ༻ ӡ ༻ ӡ ༻ Ϛϧνςφϯτ͸Ϋϥελશମʹؔ܎͢Δ Ξοϓσʔτ࡞ۀ͕ͮ͠Β͍ ڞ௨෦෼ Product A SRE ΫϥελͷΞοϓ άϨʔυͳͲ w αʔϏεΛ͢΂ͯఀࢭͤ͞Δඞཁ͕͋Δ w ΞοϓάϨʔυʹࣦഊ͢ΔՄೳੑ͕͋Δ w ࣦഊͨ͠ͱ͖ͷϩʔϧόοΫͷίετ͕ߴ͍

  64. 64 γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ Developers A Developers B Developers C ӡ ༻

    ӡ ༻ ӡ ༻ γϯάϧςφϯτ͸Ϋϥελશମʹؔ܎͢Δ Ξοϓσʔτ࡞ۀ͕͠΍͍͢ SRE ΫϥελͷΞοϓ άϨʔυͳͲ w αʔϏεͷఀࢭ͸࠷খݶ w ΞοϓάϨʔυʹࣦഊͯ͠΋࠷খݶ w ࣦഊͨ͠ͱ͖ͷϩʔϧόοΫͷίετ΋࠷খݶ K8s cluster Product A Service A-1 Service A-2 Service A-3 K8s cluster Product B Service B-1 Service B-2 Service B-3 K8s cluster Product C Service C-1 Service C-2 Service C-3

  65. γϯάϧςφϯτͷϝϦοτ w #MBTUSBEJVT ো֐ͷӨڹൣғ ͕খ͍͞ w ηΩϡϦςΟͷڥքઢͷ໌֬Խ w Ϋϥελશମʹؔ܎͢ΔΞοϓσʔτ ࡞ۀ͕͠΍͍͢

    65 γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ Ϋϥελͷӡ༻Λ͓·͔ͤ͢ΔͳΒγϯάϧςφϯτ͕Ϛον͢Δ

  66. 66 ։ൃνʔϜ͕ΫϥελΛ ӡ༻͢Δͷ͸؆୯Ͱ͸ͳ͍ ֤ΫϥελαʔϏεΛԣஅతʹ ໘౗ΛݟΔνʔϜΛઃஔ w 43& w ֤छΞοϓσʔτิॿɺΠϯγσϯτରԠิॿɺΫϥελ࡞੒ิॿɺπʔϧͷ ݕূ࡞੒ɺ044΁ͷίϛοτ

    w αʔϏεج൫ w ڞ௨Ͱ࢖͏ϥΠϒϥϦΛ੔උ w ϚΠΫϩαʔϏεҕһձ 43&ͱαʔϏεج൫ΛؚΉ֤αʔϏε୲౰ऀͰߏ੒  w ڞ௨ͷํ਑΍࢓༷ͷܾఆɺ৘ใڞ༗ɺԣల։ γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ

  67. 67 04 &,4ΛϚωʔδυαʔϏεͱ૊Έ ߹ΘͤͯΫϥελͷӡ༻ίετΛ ཈͑Δ Section

  68. 68 Product A SG SG SG Kubernetes node applications Product

    B SG SG SG Kubernetes node applications ,VCFSOFUFTʹͲ͜·Ͱ೚ͤΔʁ w "QQMJDBUJPO w %BUBCBTF w -PBE#BMBODFS w 4FDVSJUZ w "VUI &,4ΛϚωʔδυαʔϏεͱ૊Έ߹ΘͤͯΫϥελͷӡ༻ίετΛ཈͑Δ ALB RDS ALB RDS

  69. ,VCFSOFUFTͰͳΜͰ΋΍Ζ͏ͱ͠ͳ͍ 69 ϚωʔδυαʔϏε͸ੵۃతʹར༻͠ɺ γεςϜʹ,VCFSOFUFT &,4 Λ૊ΈࠐΉ ރΕͨӡ༻ϊ΢ϋ΢͸࠷େݶʹ׆͔͢ &,4ΛϚωʔδυαʔϏεͱ૊Έ߹ΘͤͯΫϥελͷӡ༻ίετΛ཈͑Δ

  70. 70 Product A SG SG SG Kubernetes node applications Product

    B SG SG SG Kubernetes node applications Product A SG Product B SG SG SG Kubernete s node SG SG Kubernete s node &,4ΛϚωʔδυαʔϏεͱ૊Έ߹ΘͤͯΫϥελͷӡ༻ίετΛ཈͑Δ ,VCFSOFUFT͸ΞϓϦέʔγϣϯΛಈ͔͢͜ͱ͚ͩ ʹར༻͢Δ ALB RDS ALB RDS ALB RDS ALB RDS

  71. &,4ΛϚωʔδυαʔϏεͱ૊Έ߹ΘͤͯΫϥελͷӡ༻ίετΛ཈͑Δ .BOBHFE,VCFSOFUFT4FSWJDF .BOBHFE$POUSPM1MBOF  8PSLFS/PEFT͸&$Ͱಈ͕͘ࠓޙ'BSHBUFʹରԠ༧ఆ .BOHFE8PSLFS/PEFT΋ϩʔυϚοϓʹ͸ࡌ͍ͬͯΔͷͰ͍ͣΕରԠ͞ΕΔ͸ͣ "QQ.FTI΍$MPVE.BQʹ࿈ܞ

  72. 72 Product A SG Product B SG SG SG Kubernete

    s node SG SG Kubernete s node ϚωʔδυαʔϏεͱ,VCFSOFUFTͷಘҙ෼໺͕ ׆͖Δ એݴతσϓϩΠ ࣗಈ഑ஔ ηϧϑώʔϦϯά ΦʔτεέʔϦϯά Databases MySQL/Redis/ ElasticSearch Load Balancer Application/Classic Load Balancer Security GuardDuty/IAM/ WAF &,4ΛϚωʔδυαʔϏεͱ૊Έ߹ΘͤͯΫϥελͷӡ༻ίετΛ཈͑Δ ALB RDS ALB RDS

  73. 73 Product A SG Product B SG SG SG Kubernete

    s node SG SG Kubernete s node ෦඼ͷަ׵Λ΍Γ΍͍͢ঢ়ଶʹอͭ ΑΓྑ͍΋ͷ͕ग़͖ͯͨͱ͖ʹͦΕΛऔΓࠐΈ΍͢ ͍ঢ়ଶʹ͓ͯ͘͠ "84"QQ.FTI *TUJP &,4PO'BSHBUF &$4PO'BSHBUF ,OBUJWF /FYUHFOFSBUJPO-# /FYUHFOFSBUJPO%# &,4ΛϚωʔδυαʔϏεͱ૊Έ߹ΘͤͯΫϥελͷӡ༻ίετΛ཈͑Δ ALB RDS ALB RDS

  74. 74 05 Ϛϧνςφϯτ͔Βγϯάϧςφ ϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ Section

  75. GSFFFͰ,VCFSOFUFT͕ຊ൪ಋೖ͞Εͨͷ͸໿೥લ 75 w ৽͍͠ϚΠΫϩαʔϏε͕ग़͖ͯͨ͜ͱ͕͖͔͚ͬ w 5FSSBGPSNʹΑΔ"84ϦιʔεͷίʔυԽ͸Ұ෦ͰಋೖࡁΈ w ,VCFBXTΛ࠾༻ w Ϛϧνςφϯτ

    Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

  76. &,45PLZP3FHJPO 76 w LVCFBXTͷΫϥελͷূ໌ॻ͕݄೔ʹ੾ΕΔ w ূ໌ॻͷೖΕସ͑͸ͪΐͬͱ໘౗ͰαʔϏεϝϯς͕ඞཁ w ΋͏&,4ʹҠߦͯ͠͠·͓͏ʂ Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

  77. &,4ҠߦϓϩδΣΫτ 77 w ݄Լ०ࠒ͔Βελʔτ w ݄೔·ͰʹશϓϩμΫτΛҠߦ͢Δ w γϯάϧςφϯτʹมߋ͢Δ w ඞཁͳ"84Ϧιʔε͸։ൃνʔϜओಋͰ༻ҙͯ͠΋Β͏

    w ,VCFSOFUFTΫϥελ΋։ൃνʔϜओಋͰߏஙͯ͠΋Β͏ 43&͔Β։ൃνʔϜ΁ݖݶҕৡΛՌͨ͠ɺ։ൃνʔϜʹαʔϏ εͷӡ༻Λ͓·͔ͤ͢Δ͜ͱ͕࠷େͷϛογϣϯ Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

  78. ϓϩδΣΫτͷن໛ײ 78 w LVCFBXTͰ΋ͱ΋ͱಈ͍͍ͯͨϓϩμΫτ਺ w &,4ʹҠߦͨ͠ϓϩμΫτ਺ Ҡߦதʹͭ૿͑ͨ  w Ϋϥελ૯਺

    TUBHJOH؀ڥΛؚΉ  w ؔΘͬͨਓ਺໿ਓ Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

  79. &,4ҠߦϓϩδΣΫτͰ׆༂ͨ͠πʔϧ 79 w 5FSSBGPSN w LVCFDUM w FLTDUM w IFMNIFMNGJMF

    w FLTDMTU Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

  80. 80 5FSSBGPSN ඞཁͳAWSϦιʔε͸͢΂ͯTerraformͰ༻ҙ/SREͷϨϏϡʔΛܦͯApply Product A SG SG SG Kubernetes node

    Kubernetes node Service A-1 Service A-2 Service A-3 Developers A PR apply SRE Review/Approve resource "aws_lb" "product-a-internal" { name = "product-a-internal" internal = true load_balancer_type = "application" security_groups = ["${var.lb_security_groups}"] subnets = ${var.subnets} ip_address_type = "ipv4" enable_deletion_protection = true } resource "aws_route53_record" "product-a-internal" { zone_id = "${var.route53_hosted_zone_id}" name = "${var.route53_dns_name}" type = "A" alias { name = "${aws_lb.product-a-internal.dns_name}" zone_id = "${aws_lb.product-a-internal.zone_id}" evaluate_target_health = true } } Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

  81. 81 Product A SG SG SG Kubernetes node Kubernetes node

    Service A-1 Service A-2 Service A-3 Developers A (Admin) IAM Role ops via kubectl assume role LVCFDUM RBAC with aws-auth aws-auth Λར༻ͯ͠ IAM Role ͱඥ෇͚ͯݖݶΛߜͬͯར༻ apiVersion: v1 kind: ConfigMap metadata: name: aws-auth namespace: kube-system data: mapRoles: | - rolearn: {{ .Values.rolearn }} username: system:node:{{`{{EC2PrivateDNSName}}`}} groups: - system:bootstrappers - system:nodes - rolearn: arn:aws:iam::<ID>:role/team-a-admin username: team-a-admin:{{`{{SessionName}}`}} groups: - system:masters - rolearn: arn:aws:iam::<ID>:role/team-a-readonly username: team-a-readonly:{{`{{SessionName}}`}} groups: - system:authenticated Developers A (ReadOnly) read only access Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

  82. 82 FLTDUM Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ Product B SG SG SG Kubernetes node

    Kubernetes node Developers B eksctl create cluster PR Commands SRE Review/Approve apiVersion: eksctl.io/v1alpha5 kind: ClusterConfig metadata: name: cluster-name region: ap-northeast-1 version: "1.13" vpc: id: “*****” cidr: "10.0.0.0/16" subnets: private: ap-northeast-1a: id: “*****” ap-northeast-1c: id: “*****” cluster.yaml ͰΫϥελΛఆٛɺeksctl create cluster Ͱ࡞੒ nodeGroups: - name: nodegroup1 instanceType: r5.large desiredCapacity: 2 availabilityZones: - ap-northeast-1a - ap-northeast-1c privateNetworking: true securityGroups: attachIDs: - ****** iam: withAddonPolicies: imageBuilder: true autoScaler: true attachPolicyARNs: - arn:aws:iam::aws:policy/*****

  83. 83 )FMN)FMNGJMFʹΑΔΞϓϦέʔγϣϯσϓϩΠ GitOps Ͱ KubernetesͷϚχϑΣετΛ҆શʹσϓϩΠ Product B SG SG SG

    Kubernetes node Kubernetes node Service B-1 Service B-2 Service B-3 Team B helmfile sync PR Commands SRE Review/Approve environments: production: values: - production.yaml releases: - name: kube-state-metrics namespace: kube-system chart: stable/kube-state-metrics version: 0.13.0 - name: metricbeat namespace: kube-system chart: stable/metricbeat version: 1.2.1 values: - values.yaml.gotmpl w )FMN )FMN$IBSU  w 5IF,VCFSOFUFT1BDLBHF .BOBHFS w ϚχϑΣετΛύοέʔδԽ w Α͋͘ΔπʔϧͷςϯϓϨ w )FMNGJMF w )FMN$IBSUͷґଘؔ܎ΛϑΝ ΠϧͰϑΝΠϧͰఆٛ w IFMNGJMFTZOD w IFMNGJMFEJGG w IFMNGJMFEFMFUF Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

  84. 84 Templates Manifests FLTDMTUʹΑΔΫϥελͷςϯϓϨԽ Α͋͘Δߏ੒ͷΫϥελςϯϓϨԽ͠ɺΫϥελͷ࡞੒/ෳ੡Λ༰қʹ͢Δ New Product SG Kubernetes node

    Kubernetes node cluster-autoscaler Metricbeat Filebeat New Developers eksctl
 create cluster PR Commands Manifests eksclst init Templates cluster.yaml
 helmfile.yaml aws-auth.yaml ͳͲ helmfile sync w ΫϥελΛྔ࢈͢Δ಺੡πʔϧ w DMVTUFSZBNM w BXTBVUIZBNM w NFUSJDCFBUGJMFCFBU w ͳͲɺҰ͔Βॻ͘ίετΛ࡟ݮ͢Δ ͨΊʹςϯϓϨΛ༻ҙ Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

  85. New Product A Ҡߦ࡞ۀ 85 Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ Product A Product A

    SG SG SG Kubernetes node Kubernetes node Service B-1 Service B-2 Service B-3 SG Kubernetes node Kubernetes node Service B-1 Service B-2 Service B-3 Kube-aws্ͷϓϩμΫτ (࣮ࡍ͸Ϛϧνςφϯτ) EKS্ͷϓϩμΫτ Weighted Routing 80% 20% w ಉ͡ߏ੒ͷΫϥελΛ༻ҙ w "84Ϧιʔε͸ڞ༗Ͱ͖Δ΋ͷ͸ڞ ༗͢Δ %#͸ඞਢ  w 3PVUFͷ8FJHIUFE3PVUJOHΛར ༻ͯ͠ঃʑʹϦΫΤετΛྲྀ͠ࠐΉ w αʔϏεʹΑͬͯ͸3PVUFͰ͸ͳ ͘-#Λڞ௨Խͯ͠ɺ,VCFSOFUFT OPEFΛࠩ͠ସ͑Δํ๏Λ࢖༻ w ϊʔϝϯςͰ੾Γସ͑

  86. ϓϩδΣΫτ੒ޭͷཁҼ 86 w ؔΘͬͨ։ൃνʔϜͷ,VCFSOFUFT΁ͷҙཉ͕ߴ͍ w υΩϡϝϯτΛօͰฤू͠ͳ͕Β ৘ใަ׵Λີʹ͠ ͳ͕Β ਐΊͨ w

    ׬ᘳͰ͸ͳ͍υΩϡϝϯτ΋ϝϯόʔ͕ҙਤΛټΈ औͬͯཧղͯ͘͠Εͨ w ࠷ޙ·ͰϞνϕʔγϣϯ͕Լ͕Βͳ͔ͬͨ Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

  87. ·ͱΊ ΠϯϑϥϦιʔεͷίʔυԽͱ,VCFSOFUFTͷγϯά ϧςφϯτԽͰαʔϏεͷӡ༻ίετΛ෼ࢄͤ͞Δ w ΠϯϑϥϦιʔεͷίʔυԽ͸ඞਢ w Ϋϥελӡ༻Λ͓·͔ͤ͢Δʹ͸γϯάϧςφϯτ͕͓͢͢Ί w Ϋϥελࣗମͷӡ༻ίετΛ཈͑Δʹ͸ϚωʔδυαʔϏεΛ͏·͘࢖͏ w

    ։ൃνʔϜʹ,VCFSOFUFTʹର͢Δߴ͍ҙཉ͕͋Δ͜ͱ͕ॏཁ 87 νʔϜͷߏ੒΍ਓ਺ʹΑͬͯ͜ͷํ๏͕Ϛον͢Δ͔ܾ·ΔͷͰ ৗʹͲ͏͢Δͷ͕ϕλʔͳͷ͔ߟ͑ͳ͕Βӡ༻͍ͯ͘͠ͷ͕ॏཁ

  88. 88 ΞΠσΞ΍ύογϣϯ΍εΩϧ͕͋Ε͹ͩΕͰ΋ɺ ϏδωεΛڧ͘εϚʔτʹҭͯΒΕΔϓϥοτϑΥʔϜ εϞʔϧϏδωεΛɺੈքͷओ໾ʹɻ