© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Breaking the Monolith using AWS Container Services M A P 0 0 4 Marek Kuczynski Bernard Grymonpon Sr. Solutions Architect Engineering Lead Amazon Web Services Showpad

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Modern application development Monolith Microservices Does everything Shared release pipeline Rigid scaling High impact of change Hard to adopt new technologies Does one thing Independent deployments Independent scaling Small impact of change Choice of technology

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Mobile client Client IoT A microservice architecture API Gateway Account DB Shipping DB Inventory DB Store Front Web App Account Lookup Shipment Query Inventory Query

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Recap: What is a container? Runtime Code Dependencies Single, immutable object Deploy your container anywhere Easy to update using Dockerfiles

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential At first there was Amazon EC2 Then Docker! EC2 Instance Containers Available since 2006 Available since 2013

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Containers have become the standard for how to ship and run your application in the cloud

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Manually downloading and launching containers by hand is inefficient and error prone

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential “Now launch 10 copies of my container distributed across three availability zones and connect them to this load balancer” “Here is a cluster of EC2 instances to use to run my applications”

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EC2 based clusters require work! Patching and Upgrading OS, agents, etc. Scaling the number of instances in the cluster for optimal utilization according to the number of containers you need to run ECS Agent Docker Agent OS EC2 Instance

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential “Just launch 10 copies of my container distributed across three availability zones and connect them to this load balancer” X 10

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential AWS native container stack MANAGEMENT The API interface you use to launch applications Tracks application state and connects application to other resources like load balancers HOSTING Containers run on demand No capacity planning needed Automatically updated and patched infrastructure IMAGE REGISTRY Stores your docker container right there in the datacenter where you will run it

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Core concepts of AWS Fargate

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Version controlled description of your application: Image URL, CPU & Memory requirements, environment variables, etc register Task Definition create Cluster • Infrastructure Isolation boundary • IAM Permissions boundary run Task • A single running copy of your application container create Service Elastic Load Balancer • Maintain n running copies • Integrated with ELB • Crashed containers automatically replaced Fargate constructs

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Fargate task configurations 50 different CPU/Memory configurations to choose from CPU Memory 256 (.25 vCPU) 512MB, 1GB, 2GB 512 (.5 vCPU) 1GB, 2GB, 3GB, 4GB 1024 (1 vCPU) 2GB, 3GB, 4GB, 5GB, 6GB, 7GB, 8GB 2048 (2 vCPU) Between 4GB and 16GB in 1GB increments 4096 (4 vCPU) Between 8GB and 30GB in 1GB increments

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Configurable networking 172.31.0.0/16 Subnet 172.31.1.0/24 Internet Other Entities in VPC EC2 LB DB etc. Private IP 172.31.1.164 Explicit control for your containers networking: • Subnet placement, specific IP address ranges • Private IP address, possible to use public too • Security group to control traffic • Can use in combination with ELB or PrivateLink Under the hood: • AWS creates an Elastic Network Interface (ENI) • The ENI is allocated a private IP from your subnet and attached to the task • Optionally, you can also give it a public IP address if its in a public subnet with internet access ENI Fargate Task Public / 208.57.73.13 /

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential CloudWatch Logs Logs Tab in the Task Detail Page

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Access Management Cluster Permissions Application Permissions Task Housekeeping Permissions Cluster Fargate Task Cluster Permissions Control who can launch/describe tasks in your cluster Application Permissions Allows your application containers to access AWS resources securely Housekeeping Permissions Allows us to perform housekeeping activities around your task: • ECR Image Pull • Cloudwatch logs pushing • ENI creation • Register/Deregister targets into ELB

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Building a CI/CD pipeline for containers Developers AWS CodeCommit AWS CodePipeline AWS CodeBuild AWS CloudFormation Amazon ECS Amazon ECR

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Running Kubernetes on AWS

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Open source container management platform Helps you run containers at scale Gives you primitives for building modern applications What is Kubernetes? © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Amazon Elastic Container Service for Kubernetes Managed Kubernetes on AWS Highly available Automated version upgrades Integration with other AWS services Etcd Master Managed Kubernetes control plane CloudTrail, CloudWatch, ELB, IAM, VPC, PrivateLink

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Community, contribution, choice

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential mycluster.eks.amazonaws.com Availability Zone 1 Availability Zone 2 Availability Zone 3 kubectl on your machine Amazon EKS architecture

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential VPC Kubernetes control plane Highly available and single tenant infrastructure Uses “native AWS” components, such as VPC networking and ELB integration AWS takes care of patching and maintenance of control plane NLB Amazon EKS Multiple Availability Zones Backend API Servers

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Provisioning EKS worker nodes on EC2 You can deploy EKS worker nodes as follows; • Through AWS CloudFormation stacks developed by AWS • Using the ”eksctl” tool; https://github.com/weaveworks/eksctl • Several third party integrations are available as well (Terraform, Pulumi, Rancher, etc.) Fargate support for EKS is coming later this year

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential AWS Identity and Access Management (IAM) Authentication kubectl 3) Authorizes AWS identity with RBAC K8s API 1) Passes AWS identity 2) Verifies AWS identity 4) K8s action allowed/denied

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Showpad – customer use case Bernard Grymonpon Engineering Lead Showpad

2011 Founded and signed our first customer 2016 2017 Showtime launch (now the biggest annual sales enablement conference in Europe) 2018 2013 Incorporated Showpad in US 2016 2018 Series C investment round (led by Insight Venture Partners ) Opening Chicago Office Leader in the Forrester Wave 2019 Platform release Welcome Learncore and Voicefox teams Our Story

90% YoY growth rate 1200+ Customers in 50+ countries 7 Locations 400 Employees $120M Funding Partners Ghent - London Chicago - Portland San Francisco Munich - Wroclaw 2019: +250 Employees Facts

Showpad ❤ Kubernetes Kubernetes v1.2 Production usage Prepare Staging Immutable Kubernetes Future ... April 2016 Summer 2016 Q1 2017 Q1 2019 +2500 containers 2018 2019-

EKS … but we don’t want to maintain every cluster ❤

Why? Allows us to focus on core Unifies tooling and procedures We can easily swap when needed

Spot nodes Nov 2018 ASG with multiple instance types • Mix instance types in a ASG • Mix spot & on-demand • Baselines for on-demand Perfect for (our) Kubernetes nodes

Kubernetes Spot Node lifecycle K8S requires additional node Spot node is added to the cluster We cordon / drain the node (2 minutes) ASG is increased Termination event triggers If needed, ASG is increased again Node is terminated

Why? Low engineering effort Cost reduction Chaos engineering

Monoscaler Monitors input channels (SQS, classic AMQP) Scaling defini:ons in the deployment Talks to Kubernetes API server to create addi:onal jobs

Why? Scale to zero One solution for cloud and legacy Control our scaling 100% Cost reduction

Thank you! Join our growth path www.showpad.com/careers

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential AWS container services landscape Management Deployment, scheduling, scaling, & management of containerized applications Hosting Where the containers run Amazon Elastic Container Service Amazon Elastic Container Service for Kubernetes Amazon EC2 AWS Fargate Image registry Container image repository Amazon Elastic Container Registry

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential New: AWS Cloud Map Service discovery for all your cloud resources Constantly monitor the health of every resource Dynamically update the location of each microservice Increase developer productivity Single registry for all app resources Define resources with user-friendly names Integration with Amazon container services AWS Fargate Amazon ECS Amazon EKS AWS Cloud Map

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential New: AWS App Mesh Observability & traffic control Easily export logs, metrics, and traces Client side traffic policies—circuit breaking, retries Routes for deployments Works across clusters and container services Amazon ECS Amazon EKS Kubernetes on EC2 AWS Fargate (coming soon!) AWS built and run No control plane to manage Ease of operations High scale

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Public container roadmap for ECR/ECS/EKS Take a look at https://github.com/aws/containers-roadmap/projects/1

Thank you! © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Marek Kuczynski Bernard Grymonpon Sr. Solutions Architect Engineering Lead Amazon Web Services Showpad @marekq @wonko_be [email protected] [email protected]

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Please complete the session survey.