Slide 1
Slide 1 text
twitter.com/toricls
違いから⾒る Kubernetes
Tori
May. 27, 2020
- See Kubernetes through an Amazon ECS Lens -
#k8sjp
Slide 2
Slide 2 text
twitter.com/toricls
ポジティブな Tori /
Sr. Product Developer Advocate
Containers Product, Amazon Web Services
❤ AWS Fargate & AWS Lambda
toricls
Slide 3
Slide 3 text
twitter.com/toricls
Kubernetes and Amazon ECS
Slide 4
Slide 4 text
twitter.com/toricls
Kubernetes and
Amazon ECS
Initial Announcement 2014.6.7 2014.11.13
GA
2015.7.21
(version 1.0)
2015.4.9
Developers(s)
CNCF
(originally developed by Google)
AWS
Amazon EKS
(2017.11.29 Ann. / 2018.6.5 GA)
Slide 5
Slide 5 text
twitter.com/toricls
From 1,000 ft view
• Amazon EKS
• kubeadm
• Kind
• …
}
“create”
Control-plane
(master)
Data-plane
(workers)
Agent
Container
Runtime
(*)
*) Amazon ECS Agent にはアイコンがないので…
Containers
Node
Node
Slide 6
Slide 6 text
twitter.com/toricls
From 1,000 ft view
• Amazon EKS
• kubeadm
• Kind
• …
}
“create”
Control-plane
(master)
Data-plane
(workers)
Agent
Container
Runtime
Containers
(*)
*) Amazon ECS Agent にはアイコンがないので…
Node
Node
“docker run”
“docker run”
Slide 7
Slide 7 text
twitter.com/toricls
The Constructs
Slide 8
Slide 8 text
twitter.com/toricls
Menu Of the Day
LB App
~ Keep app running with load balancer ~
Slide 9
Slide 9 text
twitter.com/toricls
in
Kubernetes
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: hey-yo—ingress
spec:
rules:
- http:
paths:
- path: /cooool
backend:
serviceName: cool-service
servicePort: 80
apiVersion: v1
kind: Service
metadata:
name: cool-service
labels:
app: demo
spec:
ports:
- targetPort: 8080
port: 80
protocol: TCP
selector:
app: i-am-cool
apiVersion: apps/v1
kind: Deployment
metadata:
name: cool-deployment
labels:
app: i-am-cool
spec:
replicas: 3
template:
metadata:
labels:
app: i-am-cool
spec:
containers:
- name: super-duper-fantastic
image: toricls/my-super-fantastic-app:v1
Ingress Service Deployment
LB App
Slide 10
Slide 10 text
twitter.com/toricls
in
Amazon ECS
Type: AWS::ECS::Service
Properties:
Cluster: super-cluster
TaskDefinition: cool-task:3
DesiredCount: 3
LoadBalancers:
- TargetGroupArn: my-alb-arn
ContainerPort: 8080
Type: AWS::ECS::TaskDefinition
Properties:
Family: cool-task
ContainerDefinitions:
- Name: super-duper-fantastic
Image: toricls/my-super-fantastic-app:v1
Service Task Definition
LB App
Slide 11
Slide 11 text
twitter.com/toricls
in
Kubernetes and
Amazon ECS
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: hey-yo—ingress
spec:
rules:
- http:
paths:
- path: /cooool
backend:
serviceName: cool-service
servicePort: 80
apiVersion: v1
kind: Service
metadata:
name: cool-service
labels:
app: demo
spec:
ports:
- targetPort: 8080
port: 80
protocol: TCP
selector:
app: i-am-cool
apiVersion: apps/v1
kind: Deployment
metadata:
name: cool-deployment
labels:
app: i-am-cool
spec:
replicas: 3
template:
metadata:
labels:
app: i-am-cool
spec:
containers:
- name: super-duper-fantastic
image: toricls/my-super-fantastic-app:v1
Ingress Service Deployment
LB App
Type: AWS::ECS::TaskDefinition
Properties:
Family: cool-task
ContainerDefinitions:
- Name: super-duper-fantastic
Image: toricls/my-super-fantastic-app:v1
ECS Service Task Definition
Type: AWS::ECS::Service
Properties:
Cluster: super-cluster
TaskDefinition: cool-task:3
DesiredCount: 3
LoadBalancers:
- TargetGroupArn: my-alb-arn
ContainerPort: 8080
Slide 12
Slide 12 text
twitter.com/toricls
in
Kubernetes and
Amazon ECS
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: hey-yo—ingress
spec:
rules:
- http:
paths:
- path: /cooool
backend:
serviceName: cool-service
servicePort: 80
apiVersion: v1
kind: Service
metadata:
name: cool-service
labels:
app: demo
spec:
ports:
- targetPort: 8080
port: 80
protocol: TCP
selector:
app: i-am-cool
apiVersion: apps/v1
kind: Deployment
metadata:
name: cool-deployment
labels:
app: i-am-cool
spec:
replicas: 3
template:
metadata:
labels:
app: i-am-cool
spec:
containers:
- name: super-duper-fantastic
image: toricls/my-super-fantastic-app:v1
Ingress Service Deployment
LB App
Type: AWS::ECS::TaskDefinition
Properties:
Family: cool-task
ContainerDefinitions:
- Name: super-duper-fantastic
Image: toricls/my-super-fantastic-app:v1
ECS Service Task Definition
Type: AWS::ECS::Service
Properties:
Cluster: super-cluster
TaskDefinition: cool-task:3
DesiredCount: 3
LoadBalancers:
- TargetGroupArn: my-alb-arn
ContainerPort: 8080
Pod spec
Slide 13
Slide 13 text
twitter.com/toricls
in
Kubernetes and
Amazon ECS
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: hey-yo—ingress
spec:
rules:
- http:
paths:
- path: /cooool
backend:
serviceName: cool-service
servicePort: 80
apiVersion: v1
kind: Service
metadata:
name: cool-service
labels:
app: demo
spec:
ports:
- targetPort: 8080
port: 80
protocol: TCP
selector:
app: i-am-cool
apiVersion: apps/v1
kind: Deployment
metadata:
name: cool-deployment
labels:
app: i-am-cool
spec:
replicas: 3
template:
metadata:
labels:
app: i-am-cool
spec:
containers:
- name: super-duper-fantastic
image: toricls/my-super-fantastic-app:v1
Ingress Service Deployment
LB App
Type: AWS::ECS::TaskDefinition
Properties:
Family: cool-task
ContainerDefinitions:
- Name: super-duper-fantastic
Image: toricls/my-super-fantastic-app:v1
ECS Service Task Definition
Type: AWS::ECS::Service
Properties:
Cluster: super-cluster
TaskDefinition: cool-task:3
DesiredCount: 3
LoadBalancers:
- TargetGroupArn: my-alb-arn
ContainerPort: 8080
Slide 14
Slide 14 text
twitter.com/toricls
in
Kubernetes and
Amazon ECS
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: hey-yo—ingress
spec:
rules:
- http:
paths:
- path: /cooool
backend:
serviceName: cool-service
servicePort: 80
apiVersion: v1
kind: Service
metadata:
name: cool-service
labels:
app: demo
spec:
ports:
- targetPort: 8080
port: 80
protocol: TCP
selector:
app: i-am-cool
apiVersion: apps/v1
kind: Deployment
metadata:
name: cool-deployment
labels:
app: i-am-cool
spec:
replicas: 3
template:
metadata:
labels:
app: i-am-cool
spec:
containers:
- name: super-duper-fantastic
image: toricls/my-super-fantastic-app:v1
Ingress Service Deployment
LB App
Type: AWS::ECS::TaskDefinition
Properties:
Family: cool-task
ContainerDefinitions:
- Name: super-duper-fantastic
Image: toricls/my-super-fantastic-app:v1
ECS Service Task Definition
Type: AWS::ECS::Service
Properties:
Cluster: super-cluster
TaskDefinition: cool-task:3
DesiredCount: 3
LoadBalancers:
- TargetGroupArn: my-alb-arn
ContainerPort: 8080
ReplicaSet spec
Slide 15
Slide 15 text
twitter.com/toricls
in
Kubernetes and
Amazon ECS
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: hey-yo—ingress
spec:
rules:
- http:
paths:
- path: /cooool
backend:
serviceName: cool-service
servicePort: 80
apiVersion: v1
kind: Service
metadata:
name: cool-service
labels:
app: demo
spec:
ports:
- targetPort: 8080
port: 80
protocol: TCP
selector:
app: i-am-cool
apiVersion: apps/v1
kind: Deployment
metadata:
name: cool-deployment
labels:
app: i-am-cool
spec:
replicas: 3
template:
metadata:
labels:
app: i-am-cool
spec:
containers:
- name: super-duper-fantastic
image: toricls/my-super-fantastic-app:v1
Ingress Service Deployment
LB App
Type: AWS::ECS::TaskDefinition
Properties:
Family: cool-task
ContainerDefinitions:
- Name: super-duper-fantastic
Image: toricls/my-super-fantastic-app:v1
ECS Service Task Definition
Type: AWS::ECS::Service
Properties:
Cluster: super-cluster
TaskDefinition: cool-task:3
DesiredCount: 3
LoadBalancers:
- TargetGroupArn: my-alb-arn
ContainerPort: 8080
Slide 16
Slide 16 text
twitter.com/toricls
in
Kubernetes and
Amazon ECS
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: hey-yo—ingress
spec:
rules:
- http:
paths:
- path: /cooool
backend:
serviceName: cool-service
servicePort: 80
apiVersion: v1
kind: Service
metadata:
name: cool-service
labels:
app: demo
spec:
ports:
- targetPort: 8080
port: 80
protocol: TCP
selector:
app: i-am-cool
apiVersion: apps/v1
kind: Deployment
metadata:
name: cool-deployment
labels:
app: i-am-cool
spec:
replicas: 3
template:
metadata:
labels:
app: i-am-cool
spec:
containers:
- name: super-duper-fantastic
image: toricls/my-super-fantastic-app:v1
Ingress Service Deployment
LB App
Type: AWS::ECS::TaskDefinition
Properties:
Family: cool-task
ContainerDefinitions:
- Name: super-duper-fantastic
Image: toricls/my-super-fantastic-app:v1
ECS Service Task Definition
Type: AWS::ECS::Service
Properties:
Cluster: super-cluster
TaskDefinition: cool-task:3
DesiredCount: 3
LoadBalancers:
- TargetGroupArn: my-alb-arn
ContainerPort: 8080
Slide 17
Slide 17 text
twitter.com/toricls
in
Kubernetes and
Amazon ECS
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: hey-yo—ingress
spec:
rules:
- http:
paths:
- path: /cooool
backend:
serviceName: cool-service
servicePort: 80
apiVersion: v1
kind: Service
metadata:
name: cool-service
labels:
app: demo
spec:
ports:
- targetPort: 8080
port: 80
protocol: TCP
selector:
app: i-am-cool
apiVersion: apps/v1
kind: Deployment
metadata:
name: cool-deployment
labels:
app: i-am-cool
spec:
replicas: 3
template:
metadata:
labels:
app: i-am-cool
spec:
containers:
- name: super-duper-fantastic
image: toricls/my-super-fantastic-app:v1
Ingress Service Deployment
LB App
Type: AWS::ECS::TaskDefinition
Properties:
Family: cool-task
ContainerDefinitions:
- Name: super-duper-fantastic
Image: toricls/my-super-fantastic-app:v1
ECS Service Task Definition
Type: AWS::ECS::Service
Properties:
Cluster: super-cluster
TaskDefinition: cool-task:3
DesiredCount: 3
LoadBalancers:
- TargetGroupArn: my-alb-arn
ContainerPort: 8080
Slide 18
Slide 18 text
twitter.com/toricls
in
Kubernetes and
Amazon ECS
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: hey-yo—ingress
spec:
rules:
- http:
paths:
- path: /cooool
backend:
serviceName: cool-service
servicePort: 80
apiVersion: v1
kind: Service
metadata:
name: cool-service
labels:
app: demo
spec:
ports:
- targetPort: 8080
port: 80
protocol: TCP
selector:
app: i-am-cool
apiVersion: apps/v1
kind: Deployment
metadata:
name: cool-deployment
labels:
app: i-am-cool
spec:
replicas: 3
template:
metadata:
labels:
app: i-am-cool
spec:
containers:
- name: super-duper-fantastic
image: toricls/my-super-fantastic-app:v1
Ingress Service Deployment
LB App
Type: AWS::ECS::TaskDefinition
Properties:
Family: cool-task
ContainerDefinitions:
- Name: super-duper-fantastic
Image: toricls/my-super-fantastic-app:v1
ECS Service Task Definition
Type: AWS::ECS::Service
Properties:
Cluster: super-cluster
TaskDefinition: cool-task:3
DesiredCount: 3
LoadBalancers:
- TargetGroupArn: my-alb-arn
ContainerPort: 8080
これは?
Slide 19
Slide 19 text
twitter.com/toricls
in
Amazon ECS
LB App
How to route `paths`?
Application Load Balancer
(L7 LB)
Listener(s) Listener Rule(s)
Target Group
Target Group
Target Group
path: /yay
Default route
path: /cooool
ECS Service
(containers)
\EC2 !!/
ルーティングの世界 コンテナの世界
仮想マシンの世界
関数の世界
\Lambda !!/
Slide 20
Slide 20 text
twitter.com/toricls
in
Kubernetes and
Amazon ECS
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: hey-yo—ingress
spec:
rules:
- http:
paths:
- path: /cooool
backend:
serviceName: cool-service
servicePort: 80
apiVersion: v1
kind: Service
metadata:
name: cool-service
labels:
app: demo
spec:
ports:
- targetPort: 8080
port: 80
protocol: TCP
selector:
app: i-am-cool
apiVersion: apps/v1
kind: Deployment
metadata:
name: cool-deployment
labels:
app: i-am-cool
spec:
replicas: 3
template:
metadata:
labels:
app: i-am-cool
spec:
containers:
- name: super-duper-fantastic
image: toricls/my-super-fantastic-app:v1
Ingress Service Deployment
LB App
Type: AWS::ECS::TaskDefinition
Properties:
Family: cool-task
ContainerDefinitions:
- Name: super-duper-fantastic
Image: toricls/my-super-fantastic-app:v1
ECS Service Task Definition
Type: AWS::ECS::Service
Properties:
Cluster: super-cluster
TaskDefinition: cool-task:3
DesiredCount: 3
LoadBalancers:
- TargetGroupArn: my-alb-arn
ContainerPort: 8080
Slide 21
Slide 21 text
twitter.com/toricls
in
Kubernetes and
Amazon ECS
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: hey-yo—ingress
spec:
rules:
- http:
paths:
- path: /cooool
backend:
serviceName: cool-service
servicePort: 80
apiVersion: v1
kind: Service
metadata:
name: cool-service
labels:
app: demo
spec:
ports:
- targetPort: 8080
port: 80
protocol: TCP
selector:
app: i-am-cool
apiVersion: apps/v1
kind: Deployment
metadata:
name: cool-deployment
labels:
app: i-am-cool
spec:
replicas: 3
template:
metadata:
labels:
app: i-am-cool
spec:
containers:
- name: super-duper-fantastic
image: toricls/my-super-fantastic-app:v1
Ingress Service Deployment
LB App
Type: AWS::ECS::TaskDefinition
Properties:
Family: cool-task
ContainerDefinitions:
- Name: super-duper-fantastic
Image: toricls/my-super-fantastic-app:v1
ECS Service Task Definition
Type: AWS::ECS::Service
Properties:
Cluster: super-cluster
TaskDefinition: cool-task:3
DesiredCount: 3
LoadBalancers:
- TargetGroupArn: my-alb-arn
ContainerPort: 8080
これは?
Slide 22
Slide 22 text
twitter.com/toricls
Where is “Cluster”?
• Amazon EKS
• kubeadm
• Kind
• …
}
“create”
Control-plane
(master)
Data-plane
(workers)
(*)
*) Amazon ECS Agent にはアイコンがないので…
Node x N
Node x N
Slide 23
Slide 23 text
twitter.com/toricls
in
Kubernetes and
Amazon ECS
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: hey-yo—ingress
spec:
rules:
- http:
paths:
- path: /cooool
backend:
serviceName: cool-service
servicePort: 80
apiVersion: v1
kind: Service
metadata:
name: cool-service
labels:
app: demo
spec:
ports:
- targetPort: 8080
port: 80
protocol: TCP
selector:
app: i-am-cool
apiVersion: apps/v1
kind: Deployment
metadata:
name: cool-deployment
labels:
app: i-am-cool
spec:
replicas: 3
template:
metadata:
labels:
app: i-am-cool
spec:
containers:
- name: super-duper-fantastic
image: toricls/my-super-fantastic-app:v1
Ingress Service Deployment
LB App
Type: AWS::ECS::TaskDefinition
Properties:
Family: cool-task
ContainerDefinitions:
- Name: super-duper-fantastic
Image: toricls/my-super-fantastic-app:v1
ECS Service Task Definition
Type: AWS::ECS::Service
Properties:
Cluster: super-cluster
TaskDefinition: cool-task:3
DesiredCount: 3
LoadBalancers:
- TargetGroupArn: my-alb-arn
ContainerPort: 8080
Slide 24
Slide 24 text
twitter.com/toricls
in
Kubernetes and
Amazon ECS
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: hey-yo—ingress
spec:
rules:
- http:
paths:
- path: /cooool
backend:
serviceName: cool-service
servicePort: 80
apiVersion: v1
kind: Service
metadata:
name: cool-service
labels:
app: demo
spec:
ports:
- targetPort: 8080
port: 80
protocol: TCP
selector:
app: i-am-cool
apiVersion: apps/v1
kind: Deployment
metadata:
name: cool-deployment
labels:
app: i-am-cool
spec:
replicas: 3
template:
metadata:
labels:
app: i-am-cool
spec:
containers:
- name: super-duper-fantastic
image: toricls/my-super-fantastic-app:v1
Ingress Service Deployment
LB App
Type: AWS::ECS::TaskDefinition
Properties:
Family: cool-task
ContainerDefinitions:
- Name: super-duper-fantastic
Image: toricls/my-super-fantastic-app:v1
ECS Service Task Definition
Type: AWS::ECS::Service
Properties:
Cluster: super-cluster
TaskDefinition: cool-task:3
DesiredCount: 3
LoadBalancers:
- TargetGroupArn: my-alb-arn
ContainerPort: 8080
??
]
Slide 25
Slide 25 text
twitter.com/toricls
in
Amazon ECS
LB App
Task Definition is immutable and it has “Revisions”
Slide 26
Slide 26 text
twitter.com/toricls
Example GitOps Flow in
Kubernetes and
Amazon ECS
App Repo
(w/ Dockerfile)
Code changes
git push
CI process
docker push Image
Registry
Manifests Repo
(w/ manifests)
update manifests,
create pull request
CD process
kubectl apply
App Repo
(w/ Dockerfile, w/ Task-def.)
Code changes
git push
CI process
docker push Image
Registry
Manifests Repo
(w/ Service-def.)
update definition files,
create pull request
CD process
aws ecs update-service
(タスク定義は CI 処理理で ECS 側に登録済みなので
CD 処理理には不不要)
ECS API
register task-def
Slide 27
Slide 27 text
twitter.com/toricls
App Logging in
Kubernetes and
Amazon ECS
▶ ログの収集はノードレベル・クラスタレベルの意思決定/オペレーション
▶ DaemonSet によってログ収集エージェントをノード群に展開
▶ Docker ログドライバー(*)
をサポートしないという⽅向性
▶ ログの収集をアプリケーションレベルで意思決定/オペレーションすることがあり得る
▶ Docker ログドライバー機能をタスク定義から設定する
▶ アプリケーションごとにログの送付先が異なるケースが想定されている
▶ 2018.06 に追加されたデーモンスケジューラー機能を使ってログ収集エージェントを配布する⽅式も選択可能ではある
*) https://docs.docker.com/config/containers/logging/configure/
Slide 28
Slide 28 text
twitter.com/toricls
Lots of
Fun Diffs in
Kubernetes and
Amazon ECS
▶ Kubernetes Jobs
▶ ECS では Step Functions という別サービスと ECS タスクを組み合わせて実現する
▶ Kubernetes CronJobs
▶ ECS では EventBridge + Step Functions + ECS タスクの組み合わせ
▶ ECS タスク - Container Dependency
▶ Kubernetes では initContainers を利⽤したり
▶ コンテナライフサイクルフック(preStop とか)を組み合わせ
▶ Kubernetes 1.19(?) の containers.lifecycle.type: SideCar に期待…
▶ Kubernetes Admission Controllers
▶ ECS でこれにピッタリと該当する機能/やり⽅は存在しない気がする
Slide 29
Slide 29 text
twitter.com/toricls
AWS Container Services - Public Roadmap
https://github.com/aws/containers-roadmap/projects/1
Slide 30
Slide 30 text
twitter.com/toricls
AWS Container Services - Public Roadmap
https://github.com/aws/containers-roadmap/projects/1
Slide 31
Slide 31 text
twitter.com/toricls
Thank you :)