@k2r2bai TAI P E I 開 發 者交 流 之夜

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. @k2r2bai Vishwakarma: Terraform modules for deploying EKS and Self-hosting Kubernetes Kyle Bai Site Reliability Engineer AMIS Cloud Native Taiwan User Group

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. @k2r2bai About Me ⽩凱仁(Kyle Bai) • SRE at AMIS. • OSS Contributor. • Certified Kubernetes Administrator/Developer. • Co-organizer of Cloud Native Taiwan User Group. • Interested in emerging technologies. GitHub: kairen(k2r2.bai@gmail.com) Blog: https://k2r2bai.com

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Motivations • Infrastructure as code • Vishwakarma • Live Demo Agenda Today I would like to talk about

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Motivations

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Data Centers Networking Servers Application Storage Virtualization OS Hardware Accelerator Drivers Database Runtime Application OS Data Centers Networking Servers Application Storage Virtualization OS Laptop Enterprise IT Public Cloud Customer Managed Provider Managed Database Runtime Database Runtime Drivers Drivers

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Data Centers Networking Servers Application Storage Virtualization OS Hardware Accelerator Drivers Database Runtime Application OS Data Centers Networking Servers Application Storage Virtualization OS Laptop Enterprise IT Public Cloud Customer Managed Provider Managed Database Runtime Database Runtime Drivers Drivers

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Data Centers Networking Servers Application Storage Virtualization OS Hardware Accelerator Drivers Database Runtime Application OS Data Centers Networking Servers Application Storage Virtualization OS Customer Managed Provider Managed Database Runtime Database Runtime Drivers Drivers Laptop Enterprise IT Public Cloud

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Data Centers Networking Servers Application Storage Virtualization OS Hardware Accelerator Drivers Database Runtime Application OS Data Centers Networking Servers Application Storage Virtualization OS Laptop (Dev) Enterprise IT (Staging) Public Cloud (Production) Customer Managed Provider Managed Database Runtime Database Runtime Drivers Drivers

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Dev Staging Production

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Dev Staging Production US EU AP …

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Dev Staging Production US EU AP …

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. TW Local Dev

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. TW Local Dev TW US Staging

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. TW Local Dev TW US Staging AP … US EU Production

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Infrastructure as code

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. “Infrastructure-as-code (IaC) is the concept of writing code to represent your infrastructure requirements and using an IaC tool to apply those changes to your cloud/on-prem environment.”

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Create/change/destroy infrastructure resources such as compute, storage, networking components or platform services like database, Kubernetes cluster etc. • Deploy/update applications on top of the infrastructure. • Manage the configurations used by the applications. • Versioning infrastructure. The problems IaC tools can solve

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Terraform is the only tool to focus solely on creating, destroying and managing infrastructure components. You use the Hashicorp Configuration Language (HCL) to describe the infrastructure resources you need. • Provider • Provisioner • Modules • Plan phase • Apply phase Terraform

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. example

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. CLI / SDK / Console Region A Region B Region C ... Terraform CLI Region A Region B Region C ...

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. NGINX

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Vishwakarma

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Kubernetes solutions on AWS Kubespray RKE Kops Kube-aws Typhoon EKS CoreOS Tectonic LinuxKit Matchbox KubeNow Bootkube kubeadm-dind-cluster Minikube PKS Kubeadm KIND KRIB

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Challenges to build Kubrnetes

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Maintain all AWS resources(ex: EC2 instance, VPC). • Kubernetes node(worker) scalability. • Kubernetes components upgrade. • Logging and Monitoring. • Configuration management. Challenges to build Kubrnetes on AWS

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Network environment customize. • Align company compliance. • Audit. • Security. • Topology. • ... • Cost. • Clusters have different topology. • Want more specific features. Why build Kubernetes by ourselves?

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Vishwakarma can be used to create a Kubernetes cluster in AWS by leveraging HashiCorp Terraform and CoreOS. And there are two kind of Kubernetes master within vishwakarma, one leverages AWS EKS, the other one is ElastiKube (Self-Hosted). Vishwakarma hXps://github.com/getamis/vishwakarma

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. ElastiKube is a highly configurable Terraform module with building blocks. The motivation to build ElastiKube is that we need: • Robust and HA Kubernetes master nodes. • Pluggable HA worker nodes with different instance types. • Configurable Kubernetes resources during bootstrapping. • Standalone and HA etcd. • Use CoreOS Container Linux on all host machines. • Use Ignition for provisioning Container Linux. What's ElastiKube?

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Agility: The ability to easily and atomically update software is the only way to improve internet security. • Portability: Containers turn apps into integral units that can migrate easily between machines and between providers. • Security: Today’s VM-focused workflow ties the OS directly to the apps on the box. Moving dependencies out of the OS and into a container dramatically reduces complexity. • Make sure that all resources are IMMUTABLE! Why do we use CoreOS?

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Ignition is the utility used by CoreOS Container Linux, Fedora CoreOS, and RHEL CoreOS to manipulate disks during the initramfs. This includes partitioning disks, formatting partitions, writing files (regular files, systemd units, etc.), and configuring users. Ignition

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Live Demo

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. What’s Going On?

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Self-hosting Kubernetes

© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Fargate for EKS

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.

@k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Thank you! @k2r2bai © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Kyle Bai k2r2.bai@gmail.com