Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AWS Startup 2020 - AMIS

Kyle Bai
September 24, 2020
Technology
0
38

AWS Startup 2020 - AMIS

Kyle Bai

September 24, 2020
Tweet

More Decks by Kyle Bai

See All by Kyle Bai
讓 Jenkins 老爺爺掌舵帶領開發者航向美好新世界
kairen
1
130
學習 Kubernetes 不是為了成為 YAML Engineer
kairen
0
230
How to make your container:Kubernetes is a bit more secure
kairen
0
130
Vishwakarma: Terraform modules for deploying EKS and Self-hosting Kubernetes(AWS))
kairen
0
64
Vishwakarma: Terraform modules for deploying EKS and Self-hosting Kubernetes
kairen
0
43
Chatbot as a Service on Container(Kubernetes)
kairen
0
770
IT IRONMAN 2020
kairen
0
49
Advanced Kubernetes For UMC
kairen
0
110
Practical Kubernetes For UMC
kairen
0
51

Other Decks in Technology

See All in Technology
スタートアップの技術顧問を3年間続けて発生した事と気付き
biwakonbu
0
160
「手動オペレーションに定評がある」と言われた私が心がけていること / phpcon_odawara2024
blue_goheimochi
2
320
PHP"オレ"カンファレンスの告知
ysknsid25
0
360
SIEMを用いて、セキュリティログ分析の可視化と分析を実現し、PDCAサイクルを回してみた
coconala_engineer
0
210
巨大なテーブルのテーブル定義を無停止で安全に誰でも変更できるようにする / Table-definitions-for-huge-tables-can-be-modified-by-anyone-safely-and-non-disruptively
freee
1
740
Data and AI Governance: Existing Challenges and Emerging Trends
scotthsieh825
0
150
Tebiki株式会社 エンジニア採用資料
tebiki
0
4.1k
Signals Unleashed: The Full Guide
rainerhahnekamp
0
360
0→1開発における技術選定において一番大切なこと
bicstone
1
320
Discord とビルダー&チャットボットの使い方 / How to use Discord and Builder & Chatbots
ks91
PRO
0
130
20240416_devopsdaystokyo
kzkmaeda
1
180
NLP2024 参加報告LT ~RAGの生成評価と懇親戦略~ / nlp2024_attendee_presentation_LT_masuda
taro_masuda
1
200

Featured

See All Featured
Optimizing for Happiness
mojombo
370
69k
StorybookのUI Testing Handbookを読んだ
zakiyama
11
4.6k
The MySQL Ecosystem @ GitHub 2015
samlambert
242
12k
From Idea to $5000 a Month in 5 Months
shpigford
377
45k
5 minutes of I Can Smell Your CMS
philhawksworth
199
19k
Atom: Resistance is Futile
akmur
258
25k
Designing with Data
zakiwarfel
95
4.8k
For a Future-Friendly Web
brad_frost
171
8.9k
No one is an island. Learnings from fostering a developers community.
thoeni
14
2.1k
Typedesign – Prime Four
hannesfritz
36
2.1k
Building Better People: How to give real-time feedback that sticks.
wjessup
354
18k
10 Git Anti Patterns You Should be Aware of
lemiorhan
646
57k

Transcript

  1. © 2020, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. @k2r2bai Customer case: AMIS 帳聯網路科技 Kyle Bai Site Reliability Engineer AMIS

  2. @k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates.

    All rights reserved. About Me ⽩凱仁(Kyle Bai) • SRE at AMIS/MaiCoin. • AWS Container Hero. • OSS Contributor. • Co-organizer of Cloud Native Taiwan User Group. • Interested in emerging technologies. GitHub: kairen([email protected]) Blog: https://k2r2bai.com

  3. @k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates.

    All rights reserved. AMIS 帳聯網路科技 Driving The Decentralized Future AMIS is a financial technology company creating bonds between traditional and decentralized worlds. We provide security and accessibility for blockchains as well as crypto currencies. With us, our customers are able to adopt blockchain technology with ease and confidence. Building bonds between traditional and decentralized finances https://www.am.is/

  4. @k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates.

    All rights reserved. AMIS + MaiCoin Group Relationship MAX Digital Asset Exchange MaiCoin AMIS Provide blockchain tech and Digital asset custody

  5. @k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates.

    All rights reserved. MaiCoin / AMIS Group Timeline

  6. @k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates.

    All rights reserved. AMIS Quick Summary • Integrated Fintech Product Development, Financial Services & Advisory Company. • Sister Company of MaiCoin. (Taiwan’s longest running digital asset platform & brokerage service since 2014) • Developed technology for the MAX Digital Asset Exchange. (launched 2018 as leading full-function, global exchange w/ crypto-crypto & NTD-crypto trading). (asset custody) • Core Blockchain Tech Developer for corporations and major institutions. (JP Morgan’s Ethereum blockchain platform ‘Quorum’ adopted AMIS developed IBFT / Fault Tolerance Consensus Algorithm in 2017) • Founding member of the Ethereum Enterprise Alliance.

  7. @k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates.

    All rights reserved. Services and Products

  8. @k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates.

    All rights reserved. Security Usability Self Sovereignty AMIS Wallet Service

  9. @k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates.

    All rights reserved.

  10. @k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates.

    All rights reserved. ⼀句話描述 Wallet Service 提供⾼可⽤性 API 且安全的數位資產錢包服務 (Secure cloud digital asset wallet service with highly available API)

  11. @k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates.

    All rights reserved. ⼀張圖描述 Wallet Service + Node Cluster (Blockchain) Key Storage

  12. @k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates.

    All rights reserved. ⼀張圖總結 Wallet Service Wallet security Reliable Developer API Professional and economical node operation

  13. @k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates.

    All rights reserved. Technical Architecture on AWS

  14. @k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates.

    All rights reserved. Our Kubernetes Decision Tree Self-Hosted on EC2 AWS EKS Spot On Demand

  15. @k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates.

    All rights reserved. Vishwakarma: Self-Hosted on AWS • Terraform modules to setup self-hosting Kubernetes cluster on AWS. • Can customize anything. • Align company compliance. • Cost: Clusters have different topology. • Infrastructure-as-code (IaC). • Versioning infrastructure. • Reusable modules. • With default and customized ASG. • YOU NEED TO MAINTAIN ANYTHING. • Github: https://github.com/getamis/vishwakarma • https://github.com/getamis/terraform-ignition-kubernetes • https://github.com/getamis/terraform-ignition-etcd

  16. @k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates.

    All rights reserved. Elastic Kubernetes Service(EKS) • Easier to create and manage. • No Control Plane to manage. • Auto Repairing / Patching of Control Plane Nodes. • Some reduction of user management requirements during node version patching/ upgrades by draining nodes of pods and replacing them. • Kubernetes assets can integrate seamlessly with AWS services using EKS. • ... AWS Managed (Control Plane) Customer Account (Worker Nodes)

  17. @k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates.

    All rights reserved. AWS EKS Amazon EC2 Auto Scaling Availability Zone 1 NAT gateway Auto Scaling group Worker Node Worker Node Availability Zone 1 NAT gateway Auto Scaling group Worker Node Worker Node AWS Fargate

  18. @k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates.

    All rights reserved. AWS EKS

  19. @k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates.

    All rights reserved. Tightly integrate with AWS services

  20. @k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates.

    All rights reserved. ALB Ingress Controller Kubernetes Cluster kube-apiserver Update status Watch changes ALB Ingress Controller Pod B Pod A Pod B Pod A Pod C Pod D Pod B Pod A Pod C Pod D NP: A NP: B NP: A NP: B NP: A NP: B NP: Node Port Target Group: Service A (mode instance) Target Group: Service B (mode instance) Target Group: Service C (mode IP) Application Load Balancer Rule: /* Rule: /products Rule: /accounts Listener: HTTP Listener: HTTPS AWS Resources

  21. @k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates.

    All rights reserved. AWS VPC CNI ec.associatedAddress() CNI VPC Subnet: 10.0.0.0/24 instance 1 instance 2 Nginx Pod (Veth IP: 10.0.0.1) Java Pod (Veth IP: 10.0.0.2) ENI Secondary IPs: 10.0.0.1 10.0.02 Secondary IPs: 10.0.0.20 10.0.021 ENI CNI Nginx Pod (Veth IP: 10.0.0.20) Java Pod (Veth IP: 10.0.0.21) VPC

  22. @k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates.

    All rights reserved. IAM Authenticator 1: Generate signed STS URL 2: Pass AWS identity 3: Verity AWS identity 4: Kubernetes action allowed / denied Kubernetes Master API Role Base Access Control(RBAC)

  23. @k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates.

    All rights reserved. IAM Roles for Service Accounts(IRSA) Pod Identity Webhook kube-apiserver Apps IAM Roles (Apps roles) inject call pull AWS Resources S3 bucket (Discovery endpoint) ECR OpenID Connect Provider assume Kubernetes

  24. @k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates.

    All rights reserved. Thank you! Kyle Bai [email protected]