Slide 1

Slide 1 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S U M M I T Breaking the Monolith using AWS Container Services M A P 0 0 4 Marek Kuczynski Bernard Grymonpon Sr. Solutions Architect Engineering Lead Amazon Web Services Showpad

Slide 2

Slide 2 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Modern application development Monolith Microservices Does everything Shared release pipeline Rigid scaling High impact of change Hard to adopt new technologies Does one thing Independent deployments Independent scaling Small impact of change Choice of technology

Slide 3

Slide 3 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Mobile client Client IoT A microservice architecture API Gateway Account DB Shipping DB Inventory DB Store Front Web App Account Lookup Shipment Query Inventory Query

Slide 4

Slide 4 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Recap: What is a container? Runtime Code Dependencies Single, immutable object Deploy your container anywhere Easy to update using Dockerfiles

Slide 5

Slide 5 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential At first there was Amazon EC2 Then Docker! EC2 Instance Containers Available since 2006 Available since 2013

Slide 6

Slide 6 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Containers have become the standard for how to ship and run your application in the cloud

Slide 7

Slide 7 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Manually downloading and launching containers by hand is inefficient and error prone

Slide 8

Slide 8 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential “Now launch 10 copies of my container distributed across three availability zones and connect them to this load balancer” “Here is a cluster of EC2 instances to use to run my applications”

Slide 9

Slide 9 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential EC2 based clusters require work! Patching and Upgrading OS, agents, etc. Scaling the number of instances in the cluster for optimal utilization according to the number of containers you need to run ECS Agent Docker Agent OS EC2 Instance

Slide 10

Slide 10 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential “Just launch 10 copies of my container distributed across three availability zones and connect them to this load balancer” X 10

Slide 11

Slide 11 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential AWS native container stack MANAGEMENT The API interface you use to launch applications Tracks application state and connects application to other resources like load balancers HOSTING Containers run on demand No capacity planning needed Automatically updated and patched infrastructure IMAGE REGISTRY Stores your docker container right there in the datacenter where you will run it

Slide 12

Slide 12 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Core concepts of AWS Fargate

Slide 13

Slide 13 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Version controlled description of your application: Image URL, CPU & Memory requirements, environment variables, etc register Task Definition create Cluster • Infrastructure Isolation boundary • IAM Permissions boundary run Task • A single running copy of your application container create Service Elastic Load Balancer • Maintain n running copies • Integrated with ELB • Crashed containers automatically replaced Fargate constructs

Slide 14

Slide 14 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Fargate task configurations 50 different CPU/Memory configurations to choose from CPU Memory 256 (.25 vCPU) 512MB, 1GB, 2GB 512 (.5 vCPU) 1GB, 2GB, 3GB, 4GB 1024 (1 vCPU) 2GB, 3GB, 4GB, 5GB, 6GB, 7GB, 8GB 2048 (2 vCPU) Between 4GB and 16GB in 1GB increments 4096 (4 vCPU) Between 8GB and 30GB in 1GB increments

Slide 15

Slide 15 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Configurable networking 172.31.0.0/16 Subnet 172.31.1.0/24 Internet Other Entities in VPC EC2 LB DB etc. Private IP 172.31.1.164 Explicit control for your containers networking: • Subnet placement, specific IP address ranges • Private IP address, possible to use public too • Security group to control traffic • Can use in combination with ELB or PrivateLink Under the hood: • AWS creates an Elastic Network Interface (ENI) • The ENI is allocated a private IP from your subnet and attached to the task • Optionally, you can also give it a public IP address if its in a public subnet with internet access ENI Fargate Task Public / 208.57.73.13 /

Slide 16

Slide 16 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential CloudWatch Logs Logs Tab in the Task Detail Page

Slide 17

Slide 17 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Access Management Cluster Permissions Application Permissions Task Housekeeping Permissions Cluster Fargate Task Cluster Permissions Control who can launch/describe tasks in your cluster Application Permissions Allows your application containers to access AWS resources securely Housekeeping Permissions Allows us to perform housekeeping activities around your task: • ECR Image Pull • Cloudwatch logs pushing • ENI creation • Register/Deregister targets into ELB

Slide 18

Slide 18 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Building a CI/CD pipeline for containers Developers AWS CodeCommit AWS CodePipeline AWS CodeBuild AWS CloudFormation Amazon ECS Amazon ECR

Slide 19

Slide 19 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Running Kubernetes on AWS

Slide 20

Slide 20 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Open source container management platform Helps you run containers at scale Gives you primitives for building modern applications What is Kubernetes? © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Slide 21

Slide 21 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Amazon Elastic Container Service for Kubernetes Managed Kubernetes on AWS Highly available Automated version upgrades Integration with other AWS services Etcd Master Managed Kubernetes control plane CloudTrail, CloudWatch, ELB, IAM, VPC, PrivateLink

Slide 22

Slide 22 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Community, contribution, choice

Slide 23

Slide 23 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential mycluster.eks.amazonaws.com Availability Zone 1 Availability Zone 2 Availability Zone 3 kubectl on your machine Amazon EKS architecture

Slide 24

Slide 24 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential VPC Kubernetes control plane Highly available and single tenant infrastructure Uses “native AWS” components, such as VPC networking and ELB integration AWS takes care of patching and maintenance of control plane NLB Amazon EKS Multiple Availability Zones Backend API Servers

Slide 25

Slide 25 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Provisioning EKS worker nodes on EC2 You can deploy EKS worker nodes as follows; • Through AWS CloudFormation stacks developed by AWS • Using the ”eksctl” tool; https://github.com/weaveworks/eksctl • Several third party integrations are available as well (Terraform, Pulumi, Rancher, etc.) Fargate support for EKS is coming later this year

Slide 26

Slide 26 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential AWS Identity and Access Management (IAM) Authentication kubectl 3) Authorizes AWS identity with RBAC K8s API 1) Passes AWS identity 2) Verifies AWS identity 4) K8s action allowed/denied

Slide 27

Slide 27 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Showpad – customer use case Bernard Grymonpon Engineering Lead Showpad

Slide 28

Slide 28 text

2011 Founded and signed our first customer 2016 2017 Showtime launch (now the biggest annual sales enablement conference in Europe) 2018 2013 Incorporated Showpad in US 2016 2018 Series C investment round (led by Insight Venture Partners ) Opening Chicago Office Leader in the Forrester Wave 2019 Platform release Welcome Learncore and Voicefox teams Our Story

Slide 29

Slide 29 text

90% YoY growth rate 1200+ Customers in 50+ countries 7 Locations 400 Employees $120M Funding Partners Ghent - London Chicago - Portland San Francisco Munich - Wroclaw 2019: +250 Employees Facts

Slide 30

Slide 30 text

Showpad ❤ Kubernetes Kubernetes v1.2 Production usage Prepare Staging Immutable Kubernetes Future ... April 2016 Summer 2016 Q1 2017 Q1 2019 +2500 containers 2018 2019-

Slide 31

Slide 31 text

EKS … but we don’t want to maintain every cluster ❤

Slide 32

Slide 32 text

Why? Allows us to focus on core Unifies tooling and procedures We can easily swap when needed

Slide 33

Slide 33 text

Spot nodes Nov 2018 ASG with multiple instance types • Mix instance types in a ASG • Mix spot & on-demand • Baselines for on-demand Perfect for (our) Kubernetes nodes

Slide 34

Slide 34 text

Kubernetes Spot Node lifecycle K8S requires additional node Spot node is added to the cluster We cordon / drain the node (2 minutes) ASG is increased Termination event triggers If needed, ASG is increased again Node is terminated

Slide 35

Slide 35 text

Why? Low engineering effort Cost reduction Chaos engineering

Slide 36

Slide 36 text

Monoscaler Monitors input channels (SQS, classic AMQP) Scaling defini:ons in the deployment Talks to Kubernetes API server to create addi:onal jobs

Slide 37

Slide 37 text

Why? Scale to zero One solution for cloud and legacy Control our scaling 100% Cost reduction

Slide 38

Slide 38 text

Thank you! Join our growth path www.showpad.com/careers

Slide 39

Slide 39 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential AWS container services landscape Management Deployment, scheduling, scaling, & management of containerized applications Hosting Where the containers run Amazon Elastic Container Service Amazon Elastic Container Service for Kubernetes Amazon EC2 AWS Fargate Image registry Container image repository Amazon Elastic Container Registry

Slide 40

Slide 40 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential New: AWS Cloud Map Service discovery for all your cloud resources Constantly monitor the health of every resource Dynamically update the location of each microservice Increase developer productivity Single registry for all app resources Define resources with user-friendly names Integration with Amazon container services AWS Fargate Amazon ECS Amazon EKS AWS Cloud Map

Slide 41

Slide 41 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential New: AWS App Mesh Observability & traffic control Easily export logs, metrics, and traces Client side traffic policies—circuit breaking, retries Routes for deployments Works across clusters and container services Amazon ECS Amazon EKS Kubernetes on EC2 AWS Fargate (coming soon!) AWS built and run No control plane to manage Ease of operations High scale

Slide 42

Slide 42 text

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Public container roadmap for ECR/ECS/EKS Take a look at https://github.com/aws/containers-roadmap/projects/1

Slide 43

Slide 43 text

Thank you! © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Marek Kuczynski Bernard Grymonpon Sr. Solutions Architect Engineering Lead Amazon Web Services Showpad @marekq @wonko_be [email protected] [email protected]

Slide 44

Slide 44 text

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Please complete the session survey.