1人運用を支えるAmazon EKSノウハウ / Amazon EKS Know-How

̍ਓӡ༻Λࢧ͑Δ Amazon EKSϊ΢ϋ΢ Kubernetes Meetup Tokyo #32 0EB)JSPTIJ!IJ

1SPpMF w 0EB)JSPTIJ!IJ w (MPCBM.PCJMJUZ4FSWJDFגࣜձࣾ w ΠϯϑϥΤϯδχΞ w "84,VCFSOFUFT5FSSBGPSN w
,VCFSOFUFTྺɿ໿̍೥ 2

ຊൃදͷ໨త "NB[PO&,4 ,VCFSOFUFT Λ໿೥΄Ͳຊ൪ӡ༻͖ͯͨ͠தͰɺӡ༻ʹߩݙ ͨ͠ϊ΢ϋ΢Λ·ͱΊΔ͜ͱ ͜ͷൃදΛ௨ͯ͠ɺ"NB[PO&,4Λར༻͠Α͏ͱ͍͏࣌ͷώϯτʹͳΕ͹޾ ͍Ͱ͢ 3

໨࣍ w ର৅γεςϜʹ͍ͭͯ w ਓӡ༻Ͱେࣄͳ͜ͱ w "NB[PO&,4 ,VCFSOFUFT ϊ΢ϋ΢ w
՝୊ w ·ͱΊ 4

՝୊ w ·ͱΊ 5

ձࣾ঺հ 6 https://www.global-mobility-service.com/news/detail_200319.html

ର৅γεςϜʹ͍ͭͯ w ं྆ͷϞχλϦϯά΍ं྆ͷԕִΤϯδϯىಈ੍ޚ͕Մೳͳ8FCϕʔεͷγεςϜ 7 /PEF਺ɿʙ 1PE਺ɿʙ

ର৅γεςϜʹ͍ͭͯ w ं྆ͷϞχλϦϯά΍ं྆ͷԕִΤϯδϯىಈ੍ޚ͕Մೳͳ8FCϕʔεͷγεςϜ 8 /PEF਺ɿʙ 1PE਺ɿʙ &,4ΛਓͰӡ༻

՝୊ w ·ͱΊ 9

ਓӡ༻Ͱେࣄͳ͜ͱ ӡ༻ͷ໘౗Λͳͨ͘͢Ίͷ̐ͭͷϙΠϯτ w ճ෮ྗ w ࣗಈԽ w 4*.1-& w &"4:
10

,VCFSOFUFTʹͳ͍͜ͱ l,VCFSOFUFT͸఻౷తͳԿͰ΋ೖΓͷ1BB4γεςϜͰ͸͋Γ·ͤΜɻ ʜ ,VCFSOFUFT͸։ൃऀͷج൫Λߏங͢ΔͨΊͷߏ੒ཁૉΛఏڙ͠·͕͢ɺॏཁ ͳ৔߹͸Ϣʔβʔͷબ୒ͱॊೈੑΛҡ࣋͠·͢ɻz 11 Ҿ༻ https://kubernetes.io/ja/docs/concepts/overview/what-is-kubernetes/

ճ෮ྗ αʔϏε͕μ΢ϯͨ͠Β͙͢ʹ෮چ͢ΔΑ͏ʹͳͬͯཉ͍͠ w ͍ΘΏΔηϧϑώʔϦϯά w ӡ༻ෛՙ͕ߴ͍ͨΊɺαʔϏε͕μ΢ϯ͢Δ౓ʹ෮چ࡞ۀ͕ඞཁͳӡ༻͸ ආ͚͍ͨ 12

ࣗಈԽ ࣗಈͰϦιʔε͕εέʔϧ͢ΔΑ͏ʹͳͬͯཉ͍͠ w ͍ΘΏΔΦʔτεέʔϧ w ӡ༻ෛՙ͕ߴ͍ͨΊɺτϥϑΟοΫ͕૿͑Δ౓ʹखಈͰͷϦιʔε૿ڧ͕ඞ ཁͳӡ༻͸ආ͚͍ͨ 13

4*.1-& ,VCFSOFUFTΛ4*.1-&ʹอͭ w ίϯςφΦʔέετϨʔγϣϯπʔϧͱ͠ ͯར༻͢Δ ,VCFSOFUFT͸ϓϥοτϑΥʔϜͳͷͰଟ͘ ͷػೳ͕͋Δ w ηΩϡϦςΟͳͲͷػೳΛ੝ΓࠐΉͱ ,VCFSOFUFT͕ෳࡶʹͳ͍ͬͯ͘
14 ϫʔΫϩʔυ ωοτϫʔΫ ઃఆ ηΩϡϦςΟ ϙϦγʔ ֦ு

ิ଍ɿ4*.1-& ,VCFSOFUFTΛ4*.1-&ʹ͢Δ͜ͱͰͷ෭࡞༻ w ϓϥοτϑΥʔϜͷ্Ͱ΋ͷΛ࡞Δͱ͍͏͜ͱ w "84Ͱ,VCFSOFUFTΛ࢖͏ͱ͍͏͜ͱ͸ɺ1MBUGPSNPO1MBUGPSNͷঢ়ଶʹͳΔ w "84ͷϦιʔε͸"84ͷ"1*ɺίϯςφͷϦιʔε͸,VCFSOFUFTͷ"1*Ͱӡ༻ ͢Δ͜ͱʹͳΓҰ؏ੑ͕ͳ͘ͳΔ 15
ࢀߟ https://toris.io/2019/12/what-i-think-about-when-i-think-about-kubernetes-and-ecs/

&"4: ؆୯ʹ,VCFSOFUFTΛར༻Ͱ͖ΔΑ͏ʹ͢Δ w ,VCFSOFUFTૢ࡞࣌ͷ࡞ۀྔΛগͳ͘͢Δ w ΞϓϦέʔγϣϯ։ൃऀ΋,VCFSOFUFTΛૢ࡞͠ɺӡ༻ෛՙΛ෼ࢄ͢Δ 16

՝୊ w ·ͱΊ 17

"NB[PO&,4 ,VCFSOFUFT ϊ΢ϋ΢ w 1PEͷىಈํ๏ w ,VCFSOFUFTϦιʔεͷద༻ w Ϋϥελߏ੒ w
ΫϥελͷΞοϓσʔτ 18

1PEͷىಈํ๏ 19

… spec: containers: - name: myapp image: hi1280/myapp:0.0.1 ports: -
containerPort: 3000 livenessProbe: httpGet: path: /healthz port: 3000 readinessProbe: httpGet: path: /healthz port: 3000 1PEͷηϧϑώʔϦϯάΛ༗ޮʹ͢Δ 1SPCFΛઃఆ͢Δ LVCFMFUʹΑΔ؂ࢹػೳͰίϯςφ͕ਖ਼ৗʹಈ͍͍ͯΔ͔֬ೝ͢Δػೳ 20 1PE $POUBJOFS LVCFMFU MJWFOFTT1SPCF SFBEJOFTT1SPCF MJWFOFTT1SPCFɿίϯςφ͕ੜ͖͍ͯΔ͔ΛνΣοΫ͢Δ SFBEJOFTT1SPCFɿίϯςφ͕Ԡ౴Մೳ͔Ͳ͏͔ΛνΣοΫ͢Δ ,VCFSOFUFTϚχϑΣετͷDPOUBJOFS෦෼ൈਮ ࢀߟ https://kubernetes.io/ja/docs/concepts/workloads/pods/pod-lifecycle/

ෛՙʹԠͯࣗ͡ಈతʹ1PE਺Λௐ੔͢ΔͨΊʹɺ)PSJ[POUBM1PE"VUPTDBMFS )1" Λར༻͢Δ w )1"Λ࢖͏͜ͱͰɺ$16ɺϝϞϦɺ$VTUPN.FUSJDT ಠࣗͷNFUSJDT஋ ͱ͍ͬͨ஋ʹج͍ͮͯɺ1PEΛΦʔτε έʔϧ͢Δ͜ͱ͕ՄೳʹͳΔ w "84Ͱ͸ɺ$MPVE8BUDI.FUSJDTΛ)1"ͷNFUSJDTͱͯ͠࢖͏͜ͱ͕Ͱ͖Δɻྫ͑͹ɺ424
2VFVF ͷϝοηʔ δ਺͕࢖͑ΔͷͰɺϝοηʔδ਺ͷ૿ՃΛ֬ೝͯ͠8PSLFSΛεέʔϧͯ͠ෛՙʹରͯ͠ͷࣄલ४උ͕Ͱ͖Δ 1PEΛΦʔτεέʔϧ͢Δ 21 ࢀߟ https://aws.amazon.com/jp/blogs/compute/scaling-kubernetes-deployments-with-amazon-cloudwatch-metrics/

1PE಺ͷ$POUBJOFSʹϦιʔε $16 ͷཁٻ஋Λઃఆ͢Δ )1"ͷར༻ํ๏ 22 %FQMPZNFOU 3FQMJDB4FU 1PE 1PE 1PE
… spec: containers: - name: myapp image: hi1280/myapp:0.0.1 ports: - containerPort: 3000 resources: requests: cpu: 200m $16N $16N ,VCFSOFUFTϚχϑΣετͷDPOUBJOFS෦෼ൈਮ ϛϦ$16Λཁٻ͢Δ $16N

)1"ͷར༻ํ๏ 23 apiVersion: autoscaling/v2beta2 kind: HorizontalPodAutoscaler metadata: name: myapp spec:
scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: myapp minReplicas: 1 maxReplicas: 10 metrics: - type: Resource resource: name: cpu target: type: Utilization averageUtilization: 50 )1"ͷZBNM ໨ඪ஋ͱͳΔ$16࢖༻཰Λࢦఆ͢Δ $16ͷར༻Λௐ੔͢ΔͨΊͷ໨ඪ஋Λઃఆ͢Δ %FQMPZNFOU 3FQMJDB4FU 1PE 1PE 1PE )1" .FUSJDT4FSWFS $PMMFDUNFUSJDT 1PE $16࢖༻཰ʹԠͯ͡1PE਺͕૿ݮ $PMMFDUNFUSJDT ࣮ࡍͷ$16࢖༻཰ΛܭଌՄೳʹ͢Δ ͨΊʹσϓϩΠ͢Δ

ෛՙʹԠͯࣗ͡ಈతʹ/PEF਺Λௐ੔͢ΔͨΊʹɺ $MVTUFS"VUPTDBMFSΛར༻͢Δ $MVTUFS"VUPTDBMFS͸/PEFͷϦιʔεෆ଍ΛτϦ Ψʔʹͯ͠ɺ/PEFΛεέʔϧ͢Δ $MVTUFS"VUPTDBMFSͷར༻ํ๏͸ɺ֤Ϋϥ΢υϓϩό ΠμʔͰҟͳΔ &,4Ͱར༻͢Δํ๏ʹ͍ͭͯઆ໌͢Δ /PEFΛΦʔτεέʔϧ͢Δ 24 $MVTUFS"VUPTDBMFS
/PEF /PEF /PEF 1PE 1PE 1PE 1PE 1PE 1PE /PEF 1PE

25 <&,4>$MVTUFS"VUPTDBMFSͷར༻ํ๏ ҎԼͷΑ͏ͳखॱΛߦ͏ɻ͜͜Ͱ͸FLTDUMΛར༻͢Δલఏͱ͢Δ w $MVTUFS"VUPTDBMFSʹ*".ϙϦγʔΛઃఆ͢Δ w "VUP4DBMJOH(SPVQʹλά෇͚͢Δ w "VUP4DBMJOH(SPVQͱ-PBE#BMBODFSΛؔ࿈෇͚Δ w
$MVTUFS"VUPTDBMFSΛσϓϩΠ͢Δ

26 … nodeGroups: - name: ng1-public instanceType: m5.xlarge desiredCapacity: 10
targetGroupARNs: - arn:aws:elasticloadbalancing:eu- west-2:01234567890:targetgroup/targetgroup-1/abcdef0123456789 iam: withAddonPolicies: autoScaler: true FLTDUMͷઃఆϑΝΠϧൈਮ $MVTUFS"VUPTDBMFS͕"VUP4DBMJOH(SPVQΛ࢖͑ ΔΑ͏ʹ*".ϙϦγʔΛઃఆ͢Δ <&,4>$MVTUFS"VUPTDBMFSͷར༻ํ๏

27 FLTDUMͷઃఆϑΝΠϧൈਮ $MVTUFS"VUPTDBMFS͕"VUP4DBMJOH(SPVQΛࣗಈ ݕग़Ͱ͖ΔΑ͏ʹ"VUP4DBMJOH(SPVQʹλά෇͚ ͢Δ w FLTDUMͷ৔߹ɺ"VUP4DBMJOH(SPVQ࡞੒࣌ʹࣗ ಈతʹλά෇͚͞ΕΔ <&,4>$MVTUFS"VUPTDBMFSͷར༻ํ๏ …
nodeGroups: - name: ng1-public instanceType: m5.xlarge desiredCapacity: 10 targetGroupARNs: - arn:aws:elasticloadbalancing:eu- west-2:01234567890:targetgroup/targetgroup-1/abcdef0123456789 iam: withAddonPolicies: autoScaler: true

… nodeGroups: - name: ng1-public instanceType: m5.xlarge desiredCapacity: 10 targetGroupARNs:
- arn:aws:elasticloadbalancing:eu- west-2:01234567890:targetgroup/targetgroup-1/abcdef0123456789 iam: withAddonPolicies: autoScaler: true 28 FLTDUMͷઃఆϑΝΠϧൈਮ "VUP4DBMJOH(SPVQͱ-PBE#BMBODFSΛؔ࿈෇͚Δ w -PBE#BMBODFSͷUBSHFUHSPVQΛࢦఆ͢Δ ˞"QQMJDBUJPO-PBE#BMBODFSͷ৔߹ <&,4>$MVTUFS"VUPTDBMFSͷར༻ํ๏

$MVTUFS"VUPTDBMFSΛσϓϩΠ͢Δ ԼهͷϚχϑΣετϑΝΠϧྫΛར༻͢Δ https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/aws/examples/cluster-autoscaler- autodiscover.yaml มߋ͢Δ఺͸ҎԼͷͱ͓Γ w$MVTUFS"VUPTDBMFSͷόʔδϣϯΛ,VCFSOFUFTΫϥελͷόʔδϣϯͱ߹ΘͤΔ w:063$-645&3/".&ͷ෦෼ΛΫϥελ໊ʹมߋ͢Δ 29 <&,4>$MVTUFS"VUPTDBMFSͷར༻ํ๏

1PEͷϦιʔε࢖༻ྔΛܧଓతʹݟ௚͢ ϝϞϦ࢖༻ྔ͕଍Γͳ͍৔߹ɺ1PEͷεέʔϧΞ΢τͰ͸ղܾ͠ͳ͍Մೳੑ͕͋ΔɻϦιʔε࢖༻ঢ়گΛ؂ࢹͯ͠ɺ ͦͷঢ়گΛݟಀ͞ͳ͍Α͏ʹ͢Δɻ௨஌Λ͖͔͚ͬʹͯ͠ɺϝϞϦ࢖༻ྔͷϦιʔεઃఆΛݟ௚͢ ྫ͑͹ɺ1SPNFUIFVTͷ"MFSUNBOBHFSͰϦιʔε࢖༻ঢ়گΛ4MBDLʹ௨஌͢Δ 30 /PEF 1PE 1PE D"EWJTPS "MFSUNBOBHFS
4FSWFS QVMMNFUSJDT OPUJGZ QVTIBMFSUT

1SPNFUIFVTͷઃఆྫ 31 groups: - name: container rules: - alert: ContainerMemoryAlert
expr: (sum(container_memory_working_set_bytes) by (container) / sum(kube_pod_container_resource_limits_memory_bytes) by (container)) * 100 > 90 for: 5m "MFSU3VMFઃఆྫͷൈਮ global: slack_api_url: '<slack_webhook_url>' route: receiver: 'slack-notifications' receivers: - name: 'slack-notifications' slack_configs: {} "MFSUNBOBHFSઃఆྫͷൈਮ

ෆ۩߹ൃੜ࣌ͷϦεΫΛԼ͛Δ %FQMPZNFOUϦιʔεͷ୅ΘΓʹ"SHP3PMMPVUTΛར༻͢Δ w %FQMPZNFOUϦιʔεͱ΄΅࢖༻ײ͕มΘΒͣʹϒϧʔάϦʔϯσϓϩΠϝϯτ΍ΧφϦΞσϓϩΠͱ͍ͬͨ %FQMPZNFOUϦιʔεʹ͸ͳ͍σϓϩΠઓུ͕ར༻Ͱ͖Δ w "SHP3PMMPVUTͰ৽ͨʹར༻Ͱ͖ΔσϓϩΠઓུ͸σϓϩΠʹ͓͚ΔϦεΫΛආ͚Δͷʹ໾ཱͭ 32 ࢀߟ https://argoproj.github.io/argo-rollouts/

ΧφϦΞσϓϩΠͷಈ࡞આ໌ TUSBUFHZϑΟʔϧυʹΧφϦΞσϓϩΠͷઃఆ஋Λ༩͑Δ ʮTFU8FJHIUʯͰͷׂ߹Ͱ৽͍͠3FQMJDB4FUͷ1PE͕ىಈ͢Δ ৽͍͠3FQMJDB4FUʹΑΔ1PE͕ɺݹ͍3FQMJDB4FUʹΑΔ1PE͕ىಈ͢Δ ʮQBVTF\^ʯͰ͜ͷ··ঢ়ଶͰσϓϩΠ͕ఀࢭ͢Δ QBVTFΛղআ͢Δʹ͸ɺԼهͷίϚϯυΛ࣮ߦ͢Δ QBVTFΛղআ͢Δͱɺશͯͷ1PE͕৽͍͠1PEʹͳΔ ͜ͷΑ͏ʹTUFQΛਐΊΔ͜ͱͰɺ৽͍͠1PEΛগͳׂ͍߹ͰσϓϩΠͯ͠ɺ໰୊͕ͳ ͍͜ͱΛ֬ೝ͠ͳ͕ΒσϓϩΠΛਐΊΔ͜ͱ͕Ͱ͖Δ DBOBSZʹԿ΋ઃఆ͠ͳ͚Ε͹ɺϩʔϦϯάΞοϓσʔτͱͯ͠ػೳ͢Δ
33 ࢀߟ https://argoproj.github.io/argo-rollouts/ … strategy: canary: steps: - setWeight: 20 - pause: {} ΧφϦΞσϓϩΠͷઃఆྫͷൈਮ $ kubectl argo rollouts promote <rollout> … strategy: canary: {} ϩʔϦϯάΞοϓσʔτͷઃఆྫͷൈਮ

,VCFSOFUFTͰεςʔτΛ࣋ͨͳ͍ 34 ,VCFSOFUFTΛγϯϓϧʹอͭͨΊʹͳΔ΂͘εςʔτΛ࣋ͨͳ͍ w 1FSTJTUFOU7PMVNFʹΑͬͯɺ,VCFSOFUFTͰετϨʔδΛ؅ཧ͠ɺ1PEʹϚ΢ϯτ͢Δ͜ͱ͕Ͱ͖Δ w 1FSTJTUFOU7PMVNFʹ&#4Λ࢖༻͢Δ৔߹ɺ&#4ͱಉ͡";Ͱ͔͠/PEF͕ىಈͰ͖ͳ͍ͱ੍͍ͬͨ໿͕ൃੜ͢ ΔɻίϯϐϡʔςΟϯάϦιʔεͱσʔλετϨʔδͱͷؒΛͲͷΑ͏ʹܨ͙ͷ͔ߟྀ͢΂͖ϙΠϯτ͕૿͑ͯ͠ ·͏ w
σʔλϕʔεΛ࢖༻͢Δ৔߹ɺ,VCFSOFUFT಺ʹσʔλϕʔεΛߏங͢ΔͷͰ͸ͳ͘ɺ,VCFSOFUFTͷ֎ʹ͋ΔϚωʔ δυͳσʔλϕʔεΛར༻͢Δͷ͕ྑ͍ ࢀߟ https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler/cloudprovider/aws

,VCFSOFUFTϦιʔεͷద༻ 35

,VCFSOFUFTΛ؆୯ʹར༻͢Δ࢓૊Έͮ͘Γ 36 ؆୯ʹ,VCFSOFUFTΛར༻Ͱ͖Δ࢓૊ΈΛ࡞Δ͜ͱͰɺ,VCFSOFUFT͕෼͔Βͳͯ͘΋ΞϓϦ։ൃऀʹ,VCFSOFUFTͷ ӡ༻ʹڠྗͯ͠΋Β͏ ,VCFSOFUFT ӡ༻ऀ ,VCFSOFUFT ར༻ऀ ΞϓϦ։ൃऀ ,VCFSOFUFTΫϥελ
LVCFDUM LVCFDUM࣮ߦ؀ڥ ΞϓϦ։ൃऀ͕සൟʹߦ͏ૢ࡞ΛίϚϯυͱ͠ ͯఏڙ͢Δ w ίϯςφͷ؀ڥม਺Λมߋ͢Δ w ίϯςφͷΠϝʔδΛมߋ͢Δ গͳ͍ख਺Ͱ,VCFSOFUFTΛૢ࡞Ͱ͖ΔΑ͏ʹ ͢Δ LVCFDUM ίϚϯυ

։ൃऀ޲͚ͷ؀ڥͮ͘Γ 37 LVCFDUM࣮ߦ؀ڥ͸Πϛϡʔλϒϧͳ؀ڥΛ༻ҙ͢Δ w $PEF#VJMEΛ࢖༻֤ͯ͠ίϚϯυʹରԠͨ͠εΫϦϓτΛ࣮ߦ͢Δ εΫϦϓτ಺Ͱ͸LVTUPNJ[FΛར༻͢Δ w ։ൃ؀ڥ΍ຊ൪؀ڥຖͷࠩ෼ͷLVCFSOFUFTϚχϑΣετΛ༻ҙͯ͠ɺࠩ ෼͚͕ͩมߋ͞ΕͨϚχϑΣετΛ࡞Δ͜ͱ͕Ͱ͖Δ w
ίϯςφͷ؀ڥม਺ͷมߋ΍ΠϝʔδมߋʹରԠͨ͠ػೳ͕͋Δʢޙड़ʣ w LVCFDUMʹಉࠝ͞Ε͍ͯΔLVTUPNJ[F͸ݹ͍ͷͰ࠷৽൛Λར༻͢Δ ,VCFSOFUFT ར༻ऀ ΞϓϦ։ൃऀ ,VCFSOFUFT Ϋϥελ LVCFDUM࣮ߦ؀ڥ LVCFDUM ίϚϯυ ࢀߟ https://github.com/kubernetes-sigs/kustomize

ίϯςφͷ؀ڥม਺Λมߋ͢Δ 38 LVTUPNJ[FͷDPOpH.BQ(FOFSBUPS΍TFDSFU(FOFSBUPSΛར༻͢Δͱɺ؀ڥ ม਺ͷมߋΛͨ͠৔߹ʹEFQMPZNFOUʹมߋ͕൓ө͞ΕΔ ී௨ʹDPOpH.BQ΍TFDSFUΛ࡞Δͱ؀ڥม਺ͷมߋ͸൓ө͞Εͳ͍ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization commonLabels:
app: nginx resources: - deployment.yaml configMapGenerator: - envs: - config.env name: config secretGenerator: - envs: - secret.env name: secret type: Opaque LVTUPNJ[BUJPOZBNM EFQMPZNFOUZBNM apiVersion: apps/v1 kind: Deployment metadata: name: nginx spec: replicas: 4 template: spec: containers: - name: nginx envFrom: - configMapRef: name: config - secretRef: name: secret ,VCFSOFUFT ར༻ऀ ΞϓϦ։ൃऀ ,VCFSOFUFT Ϋϥελ LVCFDUM࣮ߦ؀ڥ LVCFDUM ίϚϯυ

ίϯςφͷΠϝʔδΛมߋ͢Δ 39 $ IMAGE=nginx $ VERSION=1.12 $ kustomize edit set
image $IMAGE:$VERSION $ kustomize build . | kubectl apply -f - ˞࣮ࡍ͸ύϥϝʔλͰ*."(&΍7&34*0/͕౉͞ΕΔ૝ఆ LVTUPNJ[FFEJUίϚϯυͰ1PEͷJNBHFUBH෦෼Λมߋ͢Δ LVTUPNJ[BUJPOZBNMʹJNBHFUBH෦෼ͷࠩ෼৘ใ͕௥ه͞Εͯɺ LVTUPNJ[FCVJMEͰࠩ෼ΛؚΜͩશମͷϚχϑΣετ͕࡞ΒΕΔ apiVersion: kustomize.config.k8s.io/ v1beta1 kind: Kustomization … images: - name: nginx newTag: "1.12" Πϝʔδͷόʔδϣϯ ͕มߋ͞ΕΔ LVTUPNJ[BUJPOZBNMൈਮ 4IFMM ,VCFSOFUFT ར༻ऀ ΞϓϦ։ൃऀ ,VCFSOFUFT Ϋϥελ LVCFDUM࣮ߦ؀ڥ LVCFDUM ίϚϯυ

։ൃऀ͕,VCFSOFUFTͷ৘ใΛࢀর͢Δखஈ ։ൃऀ͕σϓϩΠঢ়گΛ֬ೝ͢Δํ๏ͱͯ͠ɺLVCFDUMͷ୅ΘΓʹ,VCFSOFUFT%BTICPBSEΛఏڙ͢Δ 40 ࢀߟ https://github.com/kubernetes/dashboard

Ϋϥελߏ੒ 41

؀ڥຖʹΫϥελΛ༻ҙ͢Δ ,VCFSOFUFTΛ4*.1-&ʹͰ͖Δ w Ϋϥελ಺ͰͲͷΑ͏ʹ؀ڥΛ෼཭͢Δ͔ͱ͍ ͏ߟྀΛ͢Δඞཁ͕ͳ͘ͳΔ ΫϥελΛ࡞Δͱ͖ͷϙΠϯτ w αϒωοτͷαΠζ͸े෼ʹߟྀ͢Δɻ*1Ξυ Ϩε਺ͷ੍ݶʹΑͬͯɺ1PE͕ىಈͰ͖ͳ͍͜ ͱ͕͋Δ
w ؀ڥຖʹαϒωοτΛ෼͚Δ 42 "84 1SPEVDUJPO Ϋϥελ 71$ 4UBHJOH Ϋϥελ ࢀߟ https://docs.aws.amazon.com/ja_jp/eks/latest/userguide/pod-networking.html 4UBHJOH༻ αϒωοτ 1SPEVDUJPO༻ αϒωοτ

Ϋϥελ಺ͷݖݶ෼཭ͷ࢓૊ΈΛར༻͠ͳ͍ ,VCFSOFUFTΛ4*.1-&ʹͰ͖Δ w /BNFTQBDFͱ3#"$ʹΑΔݖݶ෼཭ͷ࢓૊ΈΛར༻͠ͳ͍ w ؅ཧऀݖݶ TZTUFNNBTUFSTάϧʔϓ ͷΈར༻͢Δ લఏ৚݅ w
LVCFDUMΛར༻͢Δͷ͕ӡ༻ऀͷΈͰݖݶ෼཭Λ͢Δඞཁ͕ͳ͍ w ݖݶ෼཭Λ͢Δඞཁ͕ͳ͍΄ͲʹνʔϜ͕খ͍͞ 43

ΫϥελͷΞοϓσʔτ 44

<&,4>ΫϥελͷΞοϓσʔτํ๏ 45 w ΫϥελͷΞοϓσʔτΛςετ͢Δ༻ʹΫϥελΛผͰ༻ҙ͢Δ w 7FMFSPΛ࢖ͬͯ4UBHJOH؀ڥ͔ΒϦετΞ͢ΔͱָʹΫϥελΛ࡞੒Ͱ͖Δ w &,4ͷެࣜυΩϡϝϯτʹ฿͏ w LVCFQSPYZͳͲͷΞυΦϯͷΞοϓσʔτखॱ͕ৄࡉʹهࡌ͞Ε͍ͯΔ
w ,VCFSOFUFTʹΞοϓάϨʔυʹ͢ΔͨΊͷલఏ৚݅ͱ͍߲ͬͨ໨ͳͲɺΞοϓσʔτʹରͯ͠ͷαϙʔ τ͕ͳ͞Ε͍ͯΔ ࢀߟ https://velero.io/docs/main/ https://docs.aws.amazon.com/eks/latest/userguide/update-cluster.html

<&,4>/PEFͷΞοϓσʔτํ๏ 46 ˞4FMGNBOBHFEXPSLFSOPEFFLTDUMͷ৔߹ ࣄલ४උ w 1PE%JTSVQUJPO#VEHFUΛద༻͢Δ w ϦΫΤετड෇Մೳͳ1PE͕ͳ͍ͱ͍͏ঢ়ଶ ʹͳΒͳ͍Α͏ʹ1PE਺Λอূͯ͠/PEFΛఀ ࢭ͢Δ
apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: name: nginx-pdb spec: minAvailable: 50% selector: matchLabels: app: nginx 1PE%JTSVQUJPO#VEHFUͷZBNM ˢͷ1PE਺Λอূ͢Δ

<&,4>/PEFͷΞοϓσʔτํ๏ खॱ w $MVTUFS"VUPTDBMFSΛఀࢭ͢Δ w ৽όʔδϣϯͷ/PEF(SPVQΛ࡞੒͢Δ w چόʔδϣϯͷ/PEF(SPVQΛ࡟আ͢Δ w $MVTUFS"VUPTDBMFSΛ։࢝͢Δ
47 $ kubectl scale deployments/cluster-autoscaler --replicas=0 -n kube-system $ kubectl scale deployments/cluster-autoscaler --replicas=1 -n kube-system $ eksctl create nodegroup --config-file=<path> $ eksctl delete nodegroup --cluster <cluster> --name <ng-name>

՝୊ w ·ͱΊ 48

"84ͱ,VCFSOFUFTͷϦιʔε؅ཧ 49 w "84Ͱ؅ཧ͍ͯ͠ΔϦιʔεͱ,VCFSOFUFTͰ؅ཧ͍ͯ͠ΔϦιʔε͕͋Δঢ়ଶʹͳ͍ͬͯΔ w ӡ༻ʹҰ؏ੑ͕ͳ͘ɺ෼͔ΓͮΒ͍ ,VCFSOFUFT FLTDUM "84 5FSSBGPSN
71$ &-# 5BSHFU(SPVQ "VUP4DBMJOH (SPVQ /PEF &$ &,4

"84ͱ,VCFSOFUFTͷϦιʔε؅ཧ 50 w FLTDUM͸৽ن࡞੒͚ͩͰɺมߋ͸Ͱ͖ͳ͍ w FLTDUMͰ"VUP4DBMJOH(SPVQ͔Β5BSHFU(SPVQ΁ͷࢦఆΛม͑Δ͜ͱ͕Ͱ͖ͳ͍ ,VCFSOFUFT FLTDUM "84 5FSSBGPSN
71$ &-# 5BSHFU(SPVQ "VUP4DBMJOH (SPVQ /PEF &$ &,4

"84ͱ,VCFSOFUFTͷϦιʔε؅ཧ 51 ଞͷํ๏ w 5FSSBGPSNͰ,VCFSOFUFT޲͚ͷ"84ϦιʔεΛ؅ཧ͢Δ w 5FSSBGPSN3FHJTUSZʹ͋ΔUFSSBGPSNBXTFLTϞδϡʔϧΛ࢖͏ "84 5FSSBGPSN "VUP4DBMJOH
(SPVQ ࢀߟ https://github.com/terraform-aws-modules/terraform-aws-eks &,4 71$ &-# 5BSHFU(SPVQ /PEF &$

ଞͷํ๏ w ,VCFSOFUFTͰ"84ͷϦιʔεΛ؅ཧ͢Δ w FLTDUMͰ71$Λ࡞Δɺ"-#*OHSFTT$POUSPMMFSͰ&-#΍5BSHFU(SPVQΛ࡞Δ ,VCFSOFUFTΫϥελ͕࡟আ͞ΕͨΒɺಉ࣌ʹ"84ͷϦιʔε͕࡟আ͞Εͯ͠·͏ͷ͸ࠔΔύλʔϯ͕͋Δ 52 "84ͱ,VCFSOFUFTͷϦιʔε؅ཧ ,VCFSOFUFT FLTDUM
71$ &-# 5BSHFU(SPVQ /PEF &$ "VUP4DBMJOH (SPVQ &,4

1SPNFUIFVT (SBGBOBʹΑΔ؂ࢹӡ༻ 53 1SPNFUIFVT (SBGBOBͷࣗલӡ༻͕πϥ͘ͳ͖ͬͯͨ w .FUSJDTΛ௕ظؒอ࣋࢝͠Ίͨͱ͜Ζɺ(SBGBOBΛݟΔͨͼʹ1SPNFUIFVTͷϝϞϦ࢖༻཰͕ٸʹ૿Ճ͢Δ w 1SPNFUIFVTʹ͸1FSTJTUFOU7PMVNF &#4
Λ࢖༻͍ͯ͠ΔͨΊɺ";ݻఆʹͳͬͯ͠·͍ɺ";Λ௒͑ͨ৑௕Խ͕Ͱ ͖ͳ͍ 1SPNFUIFVT (SBGBOBͰ&"4:ʹ؂ࢹ͢Δͱ͜Ζ͔Βن໛֦େʹ൐ͬͯࠜຊతͳݟ௚͕͠ඞཁʹͳ͖ͬͯͨɻ࣮֬ʹ ,VCFSOFUFT؀ڥͷϝτϦΫεΛऩू͍ͨ͠ͱ͍͏ͷ͕ཁٻͰ͋Δ 1SPNFUIVFT (SBGBOBͰ͸-POHUFSNTUPSBHFΛར༻͢Δͱ͍ͬͨํ๏͕͋Δ͕ɺࣗલӡ༻͸΍͸Γݫ͍͠ %BUBEPH΍$MPVE8BUDI$POUBJOFS*OTJHIUTͱ͍ͬͨϚωʔδυͳ؂ࢹαʔϏε΁ͷҠߦ͕ྑ͍͔΋͠Εͳ͍

՝୊ w ·ͱΊ 54

·ͱΊ w ਓӡ༻Ͱେࣄͳ͜ͱ͸ճ෮ྗɺࣗಈԽɺ4*.1-&ɺ&"4: w &,4 ,VCFSOFUFT ͷϊ΢ϋ΢Λճ෮ྗɺࣗಈԽɺ4*.1-&ɺ&"4:ͱ͍͏Ωʔ ϫʔυʹؔ࿈෇͚ͯ঺հͨ͠ w Ϧιʔε؅ཧ΍؂ࢹʹ͸՝୊͕͋Δɻ৽࢝͘͠ΊΔ৔߹ʹ͸ࣄલʹߟྀͯ͠
͓͘ඞཁ͕͋Δ 55

1人運用を支えるAmazon EKSノウハウ / Amazon EKS Know-How

1人運用を支えるAmazon EKSノウハウ / Amazon EKS Know-How

More Decks by Hiroshi Oda

Other Decks in Technology

Featured

Transcript