Slide 1

Slide 1 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Containers on AWS C h r i s t o p h K a s s e n S o l u t i o n s A r c h i t e c t , A W S h t t p s : / / t w i t t e r . c o m / c h r i s t o p h _ k A W S U G B e r l i n - F e b r u a r y 2 0 t h , 2 0 1 8

Slide 2

Slide 2 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AMAZON CONTAINER SERVICES (coming soon)

Slide 3

Slide 3 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CONTAINERS, CONTAINERS, CONTAINERS

Slide 4

Slide 4 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. WHY DO WE LOVE CONTAINERS? Packaging Distribution Immutable infrastructure

Slide 5

Slide 5 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. OUR JOURNEY

Slide 6

Slide 6 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DAY ONE

Slide 7

Slide 7 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. BUILDING AN ECOSYSTEM

Slide 8

Slide 8 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PRODUCTION WORKLOADS ON AWS AWS VPC networking mode Advanced task placement Deep integration with AWS platform ECS CLI … { } Global footprint Powerful scheduling engines Auto scaling CloudWatch metrics Load balancers

Slide 9

Slide 9 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. HELPING CUSTOMERS SCALE CONTAINERS 450+% growth Hundreds of millions of containers started each week millions of container instances

Slide 10

Slide 10 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Slide 11

Slide 11 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Make AWS the BEST PLACE to run containerized applications © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Slide 12

Slide 12 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. SERVICE LEVEL AGREEMENT 99.99

Slide 13

Slide 13 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Make containers a fundamental compute primitive

Slide 14

Slide 14 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. TASK NETWORKING Default/Root Global Namespace docker0 Io eth0 172.16.0.0 172.16.1.0 172.16.2.0 1. Pre ENI Attachment: The Primary ENI (eth0) is in the default namespace 2. ENI Attachment: The new ENI (eth1) is in the default namespace 3. ENI Provisioned: The ECS Agent invokes CNI plugins to move the new ENI into a new namespace and configures addresses and routes Default/Root Global Namespace docker0 Io eth0 172.16.0.0 172.16.1.0 172.16.2.0 eth1 Default/Root Global Namespace ecs0 Io eth0 172.16.0.0 172.16.1.0 172.16.2.0 docker0 Io eth0 172.16.0.0 172.16.1.0 172.16.2.0 ve-c1

Slide 15

Slide 15 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. MANAGED SERVICE DISCOVRY Applications invoked by name Automatically resolved to IP or port Native to Amazon ECS services No infrastructure to manage

Slide 16

Slide 16 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. FULL CD WITH AWS CODEPIPELINE AWS CodeCommit AWS CodeBuild Amazon ECR Amazon ECS Source Repository Build Deploy or or AWS CodePipeline Store Image

Slide 17

Slide 17 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. WINDOWS CONTAINERS NOW GA AWS IAM roles for tasks Advanced task placement Deep integration with AWS platform ECS CLI … { } Global footprint Powerful scheduling engines Auto scaling CloudWatch metrics Load balancers

Slide 18

Slide 18 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CUSTOMERS ARE OUR KEY! 50+ releases since 2015 Customers Release Feedback / New Use Cases Learn Experiment, Innovate, & Build Features

Slide 19

Slide 19 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Make AWS the BEST PLACE to run ANY containerized applications © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Slide 20

Slide 20 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ENABLE FOCUS ON APPLICATIONS

Slide 21

Slide 21 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. INTRODUCING AWS FARGATE!

Slide 22

Slide 22 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. No instances to manage Task native API Resource based pricing Simple, easy to use, powerful – and new consumption model = CHANGING COMPUTE CONSUMPTION MODEL

Slide 23

Slide 23 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. HOW DO I RUN CONTAINERS ON FARGATE?

Slide 24

Slide 24 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RUNNING A SINGLE CONTAINER

Slide 25

Slide 25 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. EC2 Instance Task Task Task Task EC2 Instance Task Task Task Task EC2 Instance Task Task Task Task EC2 Instance Task Task Task Task EC2 Instance Task Task Task Task RUNNING CONTAINERS

Slide 26

Slide 26 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scheduling and Orchestration Cluster Manager Placement Engine RUNNING CONTAINERS AT SCALE WITH ECS Availability Zone #1 Availability Zone #2 Availability Zone #3

Slide 27

Slide 27 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ECS AMI Docker agent ECS agent ECSTask ECSTask ECSTask ECSTask EC2 Instance

Slide 28

Slide 28 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scheduling and Orchestration Cluster Manager Placement Engine ECS AMI Docker agent ECS agent EC2 Instance ECS AMI Docker agent ECS agent EC2 Instance ECS AMI Docker agent ECS agent EC2 Instance

Slide 29

Slide 29 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RUNNING FARGATE CONTAINERS WITH ECS

Slide 30

Slide 30 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Define application containers: Image URL, CPU & Memory requirements, etc. register Task Definition create Cluster • Infrastructure Isolation boundary • IAM Permissions boundary run Task • A running instantiation of a task definition • Use FARGATE launch type create Service Elastic Load Balancer • Maintain x running copies • Integrated with Load Balancing • Unhealthy tasks automatically replaced ECS CONSTRUCTS

Slide 31

Slide 31 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. TASK DEFINITION { "family": “scorekeep", "containerDefinitions": [ { "name":“scorekeep-frontend", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/fe" }, { "name":“scorekeep-api", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/api" } ] } Immutable, versioned document Identified by family:version Contains a list of up to 10 container definitions All containers are co-located on the same host Each container definition has: • A name • Image URL (Amazon ECR or Public Images) • And more…stay tuned! Task Definition Snippet

Slide 32

Slide 32 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RUNNING FARGATE CONTAINERS WITH ECS Use ECS APIs to launch Fargate Containers Easy migration – Run Fargate and EC2 launch type tasks in the same cluster Same Task Definition schema

Slide 33

Slide 33 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DEMO

Slide 34

Slide 34 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. NETWORKING

Slide 35

Slide 35 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VPC INTEGRATION 172.31.0.0/16 Subnet 172.31.1.0/24 Internet Other Entities in VPC EC2 LB DB etc. Private IP 172.31.1.164 • AWS VPC Networking Mode – each task gets its own interface • All Fargate Tasks run in customer VPC and subnets • Configure security groups to control inbound & outbound traffic • Public IP support • Spread your application across subnets in multiple Availability Zones (AZs) for resiliency us-east-1a us-east-1b us-east-1c ENI Fargate Task Public / 208.57.73.13 /

Slide 36

Slide 36 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. LOAD BALANCING APPLICATION LOAD BALANCER NETWORK LOAD BALANCER

Slide 37

Slide 37 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. SECURITY

Slide 38

Slide 38 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CLUSTER LEVEL ISOLATION PROD Cluster Infrastructure DEV Cluster Infrastructure BETA Cluster Infrastructure QA Cluster Infrastructure Web Web Shopping Cart Shopping Cart Notifications Notifications Web Shopping Cart Notifications Web Shopping Cart Shopping Cart Notifications Notifications Web Web PROD CLUSTER BETA CLUSTER DEV CLUSTER QA CLUSTER

Slide 39

Slide 39 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PERMISSION TIERS Cluster Permissions Application Permissions Task Housekeeping Permissions Cluster Fargate Task Cluster Permissions: Who can run/see tasks in the cluster? Application (Task) Permissions: Which of my AWS resources can this application access? Housekeeping Permissions: What permissions do I want to grant ECS to perform? e.g. • ECR Image Pull • CloudWatch Logs pushing • ENI creation • Register/Deregister targets into ELB

Slide 40

Slide 40 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CONTAINER REGISTRIES

Slide 41

Slide 41 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. REGISTRY SUPPORT 3rd Party Private Repositories (coming soon!) Public Repositories supported Amazon Elastic Container Registry (ECR)

Slide 42

Slide 42 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VISIBILITY AND MONITORING Service-level metrics available CloudWatch Logs CloudWatch Events supported

Slide 43

Slide 43 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. STORAGE Container Storage Space – 10GB Ephemeral storage backed by EBS Shared volume space for containers within the task – 4GB

Slide 44

Slide 44 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CONFIGURATIONS & PRICING

Slide 45

Slide 45 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PRICING DIMENSIONS { ”cpu": “1 vCPU”, ”memory": “2 gb”, "networkMode": ”AWSVPC", "compatibilities": [”FARGATE", ”EC2"], "placementConstraints": [], "containerDefinitions": [ { ….... Task level resources • Configurable independently (within a range) Dimensions: Task level CPU and memory Per-second billing Task Level Resources

Slide 46

Slide 46 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. TASK CPU & MEMORY CONFIGURATIONS Flexible configuration options – 50 CPU/memory configurations CPU Memory 256 (.25 vCPU) 512MB*, 1GB, 2GB 512 (.5 vCPU) 1GB to 4GB (1GB increments) 1024 (1 vCPU) 2GB to 8GB (1GB increments) 2048 (2 vCPU) 4GB to 16GB (1GB increments) 4096 (4 vCPU) 8GB to 30GB (1GB increments)

Slide 47

Slide 47 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ECS Instance ECS Instance ECS Instance ECS Instance ECS Instance ECS Instance EC2 FARGATE Notifications Amazon ECS CLUSTER Availability Zone #1 Availability Zone #2 Availability Zone #3 Subnet 2 172.31.2.0/24 Subnet 1 172.31.1.0/24 Subnet 3 172.31.3.0/24 Web Shopping Cart

Slide 48

Slide 48 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AVAILABLE NOW!

Slide 49

Slide 49 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Slide 50

Slide 50 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Open source container management platform Helps you run containers at scale Gives you primitives for building modern applications What is Kubernetes?

Slide 51

Slide 51 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Slide 52

Slide 52 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Slide 53

Slide 53 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. W h y d e v e l o p e r s l o v e K u b e r n e t e s Kubernetes can be run anywhere O N - P R E M I S E S C L O U D

Slide 54

Slide 54 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. W h y d e v e l o p e r s l o v e K u b e r n e t e s A single extensible API S C A L E P E R F O R M A N C E B R E A D T H

Slide 55

Slide 55 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cloud-native applications M I C R O S E R V I C E T O O L I N G N AT I V E A P P L I C AT I O N S

Slide 56

Slide 56 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. But where you run K8s matters Q U A L I T Y O F T H E C L O U D P L AT F O R M Q U A L I T Y O F T H E A P P L I C AT I O N S Y O U R U S E R S

Slide 57

Slide 57 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 63%of Kubernetes workloads run on AWS today —CNCF survey

Slide 58

Slide 58 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 3x Kubernetes masters for HA Kubernetes on AWS

Slide 59

Slide 59 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. API server Cloud controller Controller manager Scheduler Add-ons KubeDNS Kubernetes master

Slide 60

Slide 60 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Availability Zone 1 etcd Master etcd Master etcd Master Availability Zone 2 Availability Zone 3

Slide 61

Slide 61 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Availability Zone 1 etcd Master etcd Master Availability Zone 2 Availability Zone 3 etcd Master

Slide 62

Slide 62 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Make AWS the BEST PLACE to run ANY containerized applications © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Slide 63

Slide 63 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. “Run Kubernetes for me.”

Slide 64

Slide 64 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. “Native AWS Integrations.”

Slide 65

Slide 65 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ”An Open Source Kubernetes Experience.”

Slide 66

Slide 66 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. E L A S T I C C O N TA I N E R S E RV I C E F O R K U B E R N E T E S (EKS)

Slide 67

Slide 67 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Slide 68

Slide 68 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Slide 69

Slide 69 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Slide 70

Slide 70 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Slide 71

Slide 71 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Availability Zone 1 etcd Master etcd Master Availability Zone 2 Availability Zone 3 etcd Master

Slide 72

Slide 72 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. mycluster.eks.amazonaws.com Availability Zone 1 Availability Zone 2 Availability Zone 3 kubectl

Slide 73

Slide 73 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DEMO

Slide 74

Slide 74 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Slide 75

Slide 75 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Slide 76

Slide 76 text

No content

Slide 77

Slide 77 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Heptio IAM Authenticator An open source approach to integrating AWS IAM authentication with Kubernetes

Slide 78

Slide 78 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Kubectl 3) Authorizes AWS Identity with RBAC K8s API 1) Passes AWS Identity 2) Verifies AWS Identity 4) K8s action allowed/denied AWS Auth

Slide 79

Slide 79 text

No content

Slide 80

Slide 80 text

No content

Slide 81

Slide 81 text

1.7.4 1.7.5 Version 1.7 Version 1.8

Slide 82

Slide 82 text

No content

Slide 83

Slide 83 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Kubectl Workers PrivateLink Interface Amazon EKS

Slide 84

Slide 84 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PLANNED FOR LATER IN 2018…

Slide 85

Slide 85 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AMAZON CONTAINER SERVICES (coming soon)

Slide 86

Slide 86 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Questions?

Slide 87

Slide 87 text

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. THANK YOU https://aws.amazon.com/containers