違いから見る Kubernetes #k8sjp / See Kubernetes through an Amazon ECS Lens

twitter.com/toricls 違いから⾒る Kubernetes Tori May. 27, 2020 - See Kubernetes
through an Amazon ECS Lens - #k8sjp

twitter.com/toricls ポジティブな Tori / Sr. Product Developer Advocate Containers Product,
Amazon Web Services ❤ AWS Fargate & AWS Lambda toricls

twitter.com/toricls Kubernetes and Amazon ECS

twitter.com/toricls Kubernetes and Amazon ECS Initial Announcement 2014.6.7 2014.11.13 GA
2015.7.21 (version 1.0) 2015.4.9 Developers(s) CNCF  (originally developed by Google) AWS Amazon EKS  (2017.11.29 Ann. / 2018.6.5 GA)

twitter.com/toricls From 1,000 ft view • Amazon EKS • kubeadm
• Kind • … } “create” Control-plane (master) Data-plane (workers) Agent Container  Runtime (*) *) Amazon ECS Agent にはアイコンがないので… Containers Node Node

twitter.com/toricls From 1,000 ft view • Amazon EKS • kubeadm
• Kind • … } “create” Control-plane (master) Data-plane (workers) Agent Container  Runtime Containers (*) *) Amazon ECS Agent にはアイコンがないので… Node Node “docker run” “docker run”

twitter.com/toricls The Constructs

twitter.com/toricls Menu Of the Day LB App ~ Keep app
running with load balancer ~

twitter.com/toricls in Kubernetes apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: hey-yo—ingress
spec: rules: - http: paths: - path: /cooool backend: serviceName: cool-service servicePort: 80 apiVersion: v1 kind: Service metadata: name: cool-service labels: app: demo spec: ports: - targetPort: 8080 port: 80 protocol: TCP selector: app: i-am-cool apiVersion: apps/v1 kind: Deployment metadata: name: cool-deployment labels: app: i-am-cool spec: replicas: 3 template: metadata: labels: app: i-am-cool spec: containers: - name: super-duper-fantastic image: toricls/my-super-fantastic-app:v1 Ingress Service Deployment LB App

twitter.com/toricls in Amazon ECS Type: AWS::ECS::Service Properties: Cluster: super-cluster TaskDefinition:
cool-task:3 DesiredCount: 3 LoadBalancers: - TargetGroupArn: my-alb-arn ContainerPort: 8080 Type: AWS::ECS::TaskDefinition Properties: Family: cool-task ContainerDefinitions: - Name: super-duper-fantastic Image: toricls/my-super-fantastic-app:v1 Service Task Deﬁnition LB App

twitter.com/toricls in Kubernetes and Amazon ECS apiVersion: networking.k8s.io/v1beta1 kind: Ingress
metadata: name: hey-yo—ingress spec: rules: - http: paths: - path: /cooool backend: serviceName: cool-service servicePort: 80 apiVersion: v1 kind: Service metadata: name: cool-service labels: app: demo spec: ports: - targetPort: 8080 port: 80 protocol: TCP selector: app: i-am-cool apiVersion: apps/v1 kind: Deployment metadata: name: cool-deployment labels: app: i-am-cool spec: replicas: 3 template: metadata: labels: app: i-am-cool spec: containers: - name: super-duper-fantastic image: toricls/my-super-fantastic-app:v1 Ingress Service Deployment LB App Type: AWS::ECS::TaskDefinition Properties: Family: cool-task ContainerDefinitions: - Name: super-duper-fantastic Image: toricls/my-super-fantastic-app:v1 ECS Service Task Deﬁnition Type: AWS::ECS::Service Properties: Cluster: super-cluster TaskDefinition: cool-task:3 DesiredCount: 3 LoadBalancers: - TargetGroupArn: my-alb-arn ContainerPort: 8080

metadata: name: hey-yo—ingress spec: rules: - http: paths: - path: /cooool backend: serviceName: cool-service servicePort: 80 apiVersion: v1 kind: Service metadata: name: cool-service labels: app: demo spec: ports: - targetPort: 8080 port: 80 protocol: TCP selector: app: i-am-cool apiVersion: apps/v1 kind: Deployment metadata: name: cool-deployment labels: app: i-am-cool spec: replicas: 3 template: metadata: labels: app: i-am-cool spec: containers: - name: super-duper-fantastic image: toricls/my-super-fantastic-app:v1 Ingress Service Deployment LB App Type: AWS::ECS::TaskDefinition Properties: Family: cool-task ContainerDefinitions: - Name: super-duper-fantastic Image: toricls/my-super-fantastic-app:v1 ECS Service Task Deﬁnition Type: AWS::ECS::Service Properties: Cluster: super-cluster TaskDefinition: cool-task:3 DesiredCount: 3 LoadBalancers: - TargetGroupArn: my-alb-arn ContainerPort: 8080 Pod spec

metadata: name: hey-yo—ingress spec: rules: - http: paths: - path: /cooool backend: serviceName: cool-service servicePort: 80 apiVersion: v1 kind: Service metadata: name: cool-service labels: app: demo spec: ports: - targetPort: 8080 port: 80 protocol: TCP selector: app: i-am-cool apiVersion: apps/v1 kind: Deployment metadata: name: cool-deployment labels: app: i-am-cool spec: replicas: 3 template: metadata: labels: app: i-am-cool spec: containers: - name: super-duper-fantastic image: toricls/my-super-fantastic-app:v1 Ingress Service Deployment LB App Type: AWS::ECS::TaskDefinition Properties: Family: cool-task ContainerDefinitions: - Name: super-duper-fantastic Image: toricls/my-super-fantastic-app:v1 ECS Service Task Deﬁnition Type: AWS::ECS::Service Properties: Cluster: super-cluster TaskDefinition: cool-task:3 DesiredCount: 3 LoadBalancers: - TargetGroupArn: my-alb-arn ContainerPort: 8080 ReplicaSet spec

metadata: name: hey-yo—ingress spec: rules: - http: paths: - path: /cooool backend: serviceName: cool-service servicePort: 80 apiVersion: v1 kind: Service metadata: name: cool-service labels: app: demo spec: ports: - targetPort: 8080 port: 80 protocol: TCP selector: app: i-am-cool apiVersion: apps/v1 kind: Deployment metadata: name: cool-deployment labels: app: i-am-cool spec: replicas: 3 template: metadata: labels: app: i-am-cool spec: containers: - name: super-duper-fantastic image: toricls/my-super-fantastic-app:v1 Ingress Service Deployment LB App Type: AWS::ECS::TaskDefinition Properties: Family: cool-task ContainerDefinitions: - Name: super-duper-fantastic Image: toricls/my-super-fantastic-app:v1 ECS Service Task Deﬁnition Type: AWS::ECS::Service Properties: Cluster: super-cluster TaskDefinition: cool-task:3 DesiredCount: 3 LoadBalancers: - TargetGroupArn: my-alb-arn ContainerPort: 8080 これは？

twitter.com/toricls in Amazon ECS LB App How to route `paths`?
Application Load Balancer (L7 LB) Listener(s) Listener Rule(s) Target Group Target Group Target Group path: /yay Default route path: /cooool ECS Service (containers) ＼EC2 !!／ルーティングの世界コンテナの世界仮想マシンの世界関数の世界＼Lambda !!／

metadata: name: hey-yo—ingress spec: rules: - http: paths: - path: /cooool backend: serviceName: cool-service servicePort: 80 apiVersion: v1 kind: Service metadata: name: cool-service labels: app: demo spec: ports: - targetPort: 8080 port: 80 protocol: TCP selector: app: i-am-cool apiVersion: apps/v1 kind: Deployment metadata: name: cool-deployment labels: app: i-am-cool spec: replicas: 3 template: metadata: labels: app: i-am-cool spec: containers: - name: super-duper-fantastic image: toricls/my-super-fantastic-app:v1 Ingress Service Deployment LB App Type: AWS::ECS::TaskDefinition Properties: Family: cool-task ContainerDefinitions: - Name: super-duper-fantastic Image: toricls/my-super-fantastic-app:v1 ECS Service Task Deﬁnition Type: AWS::ECS::Service Properties: Cluster: super-cluster TaskDefinition: cool-task:3 DesiredCount: 3 LoadBalancers: - TargetGroupArn: my-alb-arn ContainerPort: 8080 これは？

twitter.com/toricls Where is “Cluster”? • Amazon EKS • kubeadm •
Kind • … } “create” Control-plane (master) Data-plane (workers) (*) *) Amazon ECS Agent にはアイコンがないので… Node x N Node x N

metadata: name: hey-yo—ingress spec: rules: - http: paths: - path: /cooool backend: serviceName: cool-service servicePort: 80 apiVersion: v1 kind: Service metadata: name: cool-service labels: app: demo spec: ports: - targetPort: 8080 port: 80 protocol: TCP selector: app: i-am-cool apiVersion: apps/v1 kind: Deployment metadata: name: cool-deployment labels: app: i-am-cool spec: replicas: 3 template: metadata: labels: app: i-am-cool spec: containers: - name: super-duper-fantastic image: toricls/my-super-fantastic-app:v1 Ingress Service Deployment LB App Type: AWS::ECS::TaskDefinition Properties: Family: cool-task ContainerDefinitions: - Name: super-duper-fantastic Image: toricls/my-super-fantastic-app:v1 ECS Service Task Deﬁnition Type: AWS::ECS::Service Properties: Cluster: super-cluster TaskDefinition: cool-task:3 DesiredCount: 3 LoadBalancers: - TargetGroupArn: my-alb-arn ContainerPort: 8080 ?? ]

twitter.com/toricls in Amazon ECS LB App Task Deﬁnition is immutable
and it has “Revisions”

twitter.com/toricls Example GitOps Flow in Kubernetes and Amazon ECS App
Repo  (w/ Dockerfile) Code changes git push CI process docker push Image Registry Manifests Repo  (w/ manifests) update manifests, create pull request CD process kubectl apply App Repo  (w/ Dockerfile, w/ Task-def.) Code changes git push CI process docker push Image Registry Manifests Repo  (w/ Service-def.) update definition files, create pull request CD process aws ecs update-service (タスク定義は CI 処理理で ECS 側に登録済みなので CD 処理理には不不要) ECS API register task-def

twitter.com/toricls App Logging in Kubernetes and Amazon ECS ▶ ログの収集はノードレベル・クラスタレベルの意思決定/オペレーション
▶ DaemonSet によってログ収集エージェントをノード群に展開 ▶ Docker ログドライバー(*) をサポートしないという⽅向性 ▶ ログの収集をアプリケーションレベルで意思決定/オペレーションすることがあり得る ▶ Docker ログドライバー機能をタスク定義から設定する ▶ アプリケーションごとにログの送付先が異なるケースが想定されている ▶ 2018.06 に追加されたデーモンスケジューラー機能を使ってログ収集エージェントを配布する⽅式も選択可能ではある *) https://docs.docker.com/conﬁg/containers/logging/conﬁgure/

twitter.com/toricls Lots of Fun Diffs in Kubernetes and Amazon ECS
▶ Kubernetes Jobs ▶ ECS では Step Functions という別サービスと ECS タスクを組み合わせて実現する ▶ Kubernetes CronJobs ▶ ECS では EventBridge + Step Functions + ECS タスクの組み合わせ ▶ ECS タスク - Container Dependency ▶ Kubernetes では initContainers を利⽤したり ▶ コンテナライフサイクルフック(preStop とか)を組み合わせ ▶ Kubernetes 1.19(?) の containers.lifecycle.type: SideCar に期待… ▶ Kubernetes Admission Controllers ▶ ECS でこれにピッタリと該当する機能/やり⽅は存在しない気がする

twitter.com/toricls AWS Container Services - Public Roadmap https://github.com/aws/containers-roadmap/projects/1

twitter.com/toricls Thank you :)

違いから見る Kubernetes #k8sjp / See Kubernetes through an Amazon ECS Lens

違いから見る Kubernetes #k8sjp / See Kubernetes through an Amazon ECS Lens

Tori

More Decks by Tori

Other Decks in Technology

Featured

Transcript

twitter.com/toricls 違いから⾒る Kubernetes Tori May. 27, 2020 - See Kubernetes

twitter.com/toricls ポジティブな Tori / Sr. Product Developer Advocate Containers Product,

twitter.com/toricls Kubernetes and Amazon ECS

twitter.com/toricls Kubernetes and Amazon ECS Initial Announcement 2014.6.7 2014.11.13 GA

twitter.com/toricls From 1,000 ft view • Amazon EKS • kubeadm

twitter.com/toricls From 1,000 ft view • Amazon EKS • kubeadm

twitter.com/toricls The Constructs

twitter.com/toricls Menu Of the Day LB App ~ Keep app

twitter.com/toricls in Kubernetes apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: hey-yo—ingress

twitter.com/toricls in Amazon ECS Type: AWS::ECS::Service Properties: Cluster: super-cluster TaskDefinition:

twitter.com/toricls in Kubernetes and Amazon ECS apiVersion: networking.k8s.io/v1beta1 kind: Ingress

twitter.com/toricls in Kubernetes and Amazon ECS apiVersion: networking.k8s.io/v1beta1 kind: Ingress

twitter.com/toricls in Kubernetes and Amazon ECS apiVersion: networking.k8s.io/v1beta1 kind: Ingress

twitter.com/toricls in Kubernetes and Amazon ECS apiVersion: networking.k8s.io/v1beta1 kind: Ingress

twitter.com/toricls in Kubernetes and Amazon ECS apiVersion: networking.k8s.io/v1beta1 kind: Ingress

twitter.com/toricls in Kubernetes and Amazon ECS apiVersion: networking.k8s.io/v1beta1 kind: Ingress

twitter.com/toricls in Kubernetes and Amazon ECS apiVersion: networking.k8s.io/v1beta1 kind: Ingress

twitter.com/toricls in Kubernetes and Amazon ECS apiVersion: networking.k8s.io/v1beta1 kind: Ingress

twitter.com/toricls in Amazon ECS LB App How to route `paths`?

twitter.com/toricls in Kubernetes and Amazon ECS apiVersion: networking.k8s.io/v1beta1 kind: Ingress

twitter.com/toricls in Kubernetes and Amazon ECS apiVersion: networking.k8s.io/v1beta1 kind: Ingress

twitter.com/toricls Where is “Cluster”? • Amazon EKS • kubeadm •

twitter.com/toricls in Kubernetes and Amazon ECS apiVersion: networking.k8s.io/v1beta1 kind: Ingress

twitter.com/toricls in Kubernetes and Amazon ECS apiVersion: networking.k8s.io/v1beta1 kind: Ingress

twitter.com/toricls in Amazon ECS LB App Task Deﬁnition is immutable

twitter.com/toricls Example GitOps Flow in Kubernetes and Amazon ECS App

twitter.com/toricls App Logging in Kubernetes and Amazon ECS ▶ ログの収集はノードレベル・クラスタレベルの意思決定/オペレーション

twitter.com/toricls Lots of Fun Diffs in Kubernetes and Amazon ECS

twitter.com/toricls AWS Container Services - Public Roadmap https://github.com/aws/containers-roadmap/projects/1

twitter.com/toricls AWS Container Services - Public Roadmap https://github.com/aws/containers-roadmap/projects/1

twitter.com/toricls Thank you :)