違いから見る Kubernetes #k8sjp / See Kubernetes through an Amazon ECS Lens

84907687e50c8ac2a09b02e0d1b36ab1?s=47 Tori
May 27, 2020
Technology
10
2.5k

違いから見る Kubernetes #k8sjp / See Kubernetes through an Amazon ECS Lens

Presented at Kubernetes Meetup Tokyo #31, (当日の録画?もいつかどこかに上がるのではないかと思います)

ECS Agent にアイコンが欲しいですイシューはこちら 👉 https://github.com/aws/containers-roadmap/issues/914

84907687e50c8ac2a09b02e0d1b36ab1?s=128

Tori

May 27, 2020
Tweet

More Decks by Tori

See All by Tori
84907687e50c8ac2a09b02e0d1b36ab1?s=48 toricls
40
13k
84907687e50c8ac2a09b02e0d1b36ab1?s=48 toricls
13
3.5k
84907687e50c8ac2a09b02e0d1b36ab1?s=48 toricls
4
430
84907687e50c8ac2a09b02e0d1b36ab1?s=48 toricls
21
5.4k
84907687e50c8ac2a09b02e0d1b36ab1?s=48 toricls
9
3.7k
84907687e50c8ac2a09b02e0d1b36ab1?s=48 toricls
0
1k
84907687e50c8ac2a09b02e0d1b36ab1?s=48 toricls
15
11k
84907687e50c8ac2a09b02e0d1b36ab1?s=48 toricls
2
5.8k
84907687e50c8ac2a09b02e0d1b36ab1?s=48 toricls
23
8.2k

Other Decks in Technology

See All in Technology
7c4b1ae16723b56facc7a8a8f95aa6ce?s=48 jmortega
1
140
8a84268593355816432ceaf78777d585?s=48 dena_tech
4
980
8a84268593355816432ceaf78777d585?s=48 dena_tech
0
430
C636093440dd4a8be6416e83cb980979?s=48 iselegant
0
110
53850955f15249a1a9dc49df6113e400?s=48 line_developers
0
200
53850955f15249a1a9dc49df6113e400?s=48 line_developers
1
390
6f8838b2708a87ccf1015030f16880ef?s=48 godel
0
160
Add4ea030be9e6aa7a319fc8c1b587c6?s=48 hashhub
2
1.8k
405fe9ab689473f267e2cfbd95f78c75?s=48 kyonmm
0
1k
5248c7e88d8a46c1754c6762fcab3c3a?s=48 jewelx12
4
1.1k
1bfc6e2ed04a895bb36f36b86828b689?s=48 110y
1
110
0102ef8594b9d3a74f45dfd5daa5ede4?s=48 yskmjp
0
190

Featured

See All Featured
3ab1249be442027903e1180025340b3f?s=48 reverentgeek
24
1.7k
1b75d89772b7eea1f6c89fbf362607d9?s=48 moore
125
21k
8ec1383b240b5ba15ffb9743fceb3c0e?s=48 philnash
4
270
5b9fe87ec1faa67a4599782930f45ec9?s=48 sstephenson
144
12k
C44e1f7e22c3f23cff7bc130871047ef?s=48 eileencodes
112
24k
245cee81a9c424266e5e401d844ea881?s=48 lara
590
60k
1519587b1a0febb658c36c94f6272b0d?s=48 roundedbygravity
241
20k
6804f1775cb4babfcc3851298566fbce?s=48 tanoku
85
8.4k
D36d2c1821af9249b69ff7f5ed60529b?s=48 tammielis
236
23k
D09fad3e36ae6841f54820be0e907f7a?s=48 rocio
155
11k
48c098b6579220a67a6ba949be6e4b5a?s=48 revolveconf
197
9.5k
5b6a2bd86ef643786a381a212e0ef2f1?s=48 geoffreycrofte
11
480

Transcript

  1. twitter.com/toricls 違いから⾒る Kubernetes Tori May. 27, 2020 - See Kubernetes

    through an Amazon ECS Lens - #k8sjp

  2. twitter.com/toricls ポジティブな Tori / Sr. Product Developer Advocate Containers Product,

    Amazon Web Services ❤ AWS Fargate & AWS Lambda toricls

  3. twitter.com/toricls Kubernetes and Amazon ECS

  4. twitter.com/toricls Kubernetes and Amazon ECS Initial Announcement 2014.6.7 2014.11.13 GA

    2015.7.21 (version 1.0) 2015.4.9 Developers(s) CNCF
 (originally developed by Google) AWS Amazon EKS
 (2017.11.29 Ann. / 2018.6.5 GA)

  5. twitter.com/toricls From 1,000 ft view • Amazon EKS • kubeadm

    • Kind • … } “create” Control-plane (master) Data-plane (workers) Agent Container
 Runtime (*) *) Amazon ECS Agent にはアイコンがないので… Containers Node Node

  6. twitter.com/toricls From 1,000 ft view • Amazon EKS • kubeadm

    • Kind • … } “create” Control-plane (master) Data-plane (workers) Agent Container
 Runtime Containers (*) *) Amazon ECS Agent にはアイコンがないので… Node Node “docker run” “docker run”

  7. twitter.com/toricls The Constructs

  8. twitter.com/toricls Menu Of the Day LB App ~ Keep app

    running with load balancer ~

  9. twitter.com/toricls in Kubernetes apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: hey-yo—ingress

    spec: rules: - http: paths: - path: /cooool backend: serviceName: cool-service servicePort: 80 apiVersion: v1 kind: Service metadata: name: cool-service labels: app: demo spec: ports: - targetPort: 8080 port: 80 protocol: TCP selector: app: i-am-cool apiVersion: apps/v1 kind: Deployment metadata: name: cool-deployment labels: app: i-am-cool spec: replicas: 3 template: metadata: labels: app: i-am-cool spec: containers: - name: super-duper-fantastic image: toricls/my-super-fantastic-app:v1 Ingress Service Deployment LB App

  10. twitter.com/toricls in Amazon ECS Type: AWS::ECS::Service Properties: Cluster: super-cluster TaskDefinition:

    cool-task:3 DesiredCount: 3 LoadBalancers: - TargetGroupArn: my-alb-arn ContainerPort: 8080 Type: AWS::ECS::TaskDefinition Properties: Family: cool-task ContainerDefinitions: - Name: super-duper-fantastic Image: toricls/my-super-fantastic-app:v1 Service Task Definition LB App

  11. twitter.com/toricls in Kubernetes and Amazon ECS apiVersion: networking.k8s.io/v1beta1 kind: Ingress

    metadata: name: hey-yo—ingress spec: rules: - http: paths: - path: /cooool backend: serviceName: cool-service servicePort: 80 apiVersion: v1 kind: Service metadata: name: cool-service labels: app: demo spec: ports: - targetPort: 8080 port: 80 protocol: TCP selector: app: i-am-cool apiVersion: apps/v1 kind: Deployment metadata: name: cool-deployment labels: app: i-am-cool spec: replicas: 3 template: metadata: labels: app: i-am-cool spec: containers: - name: super-duper-fantastic image: toricls/my-super-fantastic-app:v1 Ingress Service Deployment LB App Type: AWS::ECS::TaskDefinition Properties: Family: cool-task ContainerDefinitions: - Name: super-duper-fantastic Image: toricls/my-super-fantastic-app:v1 ECS Service Task Definition Type: AWS::ECS::Service Properties: Cluster: super-cluster TaskDefinition: cool-task:3 DesiredCount: 3 LoadBalancers: - TargetGroupArn: my-alb-arn ContainerPort: 8080

  12. twitter.com/toricls in Kubernetes and Amazon ECS apiVersion: networking.k8s.io/v1beta1 kind: Ingress

    metadata: name: hey-yo—ingress spec: rules: - http: paths: - path: /cooool backend: serviceName: cool-service servicePort: 80 apiVersion: v1 kind: Service metadata: name: cool-service labels: app: demo spec: ports: - targetPort: 8080 port: 80 protocol: TCP selector: app: i-am-cool apiVersion: apps/v1 kind: Deployment metadata: name: cool-deployment labels: app: i-am-cool spec: replicas: 3 template: metadata: labels: app: i-am-cool spec: containers: - name: super-duper-fantastic image: toricls/my-super-fantastic-app:v1 Ingress Service Deployment LB App Type: AWS::ECS::TaskDefinition Properties: Family: cool-task ContainerDefinitions: - Name: super-duper-fantastic Image: toricls/my-super-fantastic-app:v1 ECS Service Task Definition Type: AWS::ECS::Service Properties: Cluster: super-cluster TaskDefinition: cool-task:3 DesiredCount: 3 LoadBalancers: - TargetGroupArn: my-alb-arn ContainerPort: 8080 Pod spec

  13. twitter.com/toricls in Kubernetes and Amazon ECS apiVersion: networking.k8s.io/v1beta1 kind: Ingress

    metadata: name: hey-yo—ingress spec: rules: - http: paths: - path: /cooool backend: serviceName: cool-service servicePort: 80 apiVersion: v1 kind: Service metadata: name: cool-service labels: app: demo spec: ports: - targetPort: 8080 port: 80 protocol: TCP selector: app: i-am-cool apiVersion: apps/v1 kind: Deployment metadata: name: cool-deployment labels: app: i-am-cool spec: replicas: 3 template: metadata: labels: app: i-am-cool spec: containers: - name: super-duper-fantastic image: toricls/my-super-fantastic-app:v1 Ingress Service Deployment LB App Type: AWS::ECS::TaskDefinition Properties: Family: cool-task ContainerDefinitions: - Name: super-duper-fantastic Image: toricls/my-super-fantastic-app:v1 ECS Service Task Definition Type: AWS::ECS::Service Properties: Cluster: super-cluster TaskDefinition: cool-task:3 DesiredCount: 3 LoadBalancers: - TargetGroupArn: my-alb-arn ContainerPort: 8080

  14. twitter.com/toricls in Kubernetes and Amazon ECS apiVersion: networking.k8s.io/v1beta1 kind: Ingress

    metadata: name: hey-yo—ingress spec: rules: - http: paths: - path: /cooool backend: serviceName: cool-service servicePort: 80 apiVersion: v1 kind: Service metadata: name: cool-service labels: app: demo spec: ports: - targetPort: 8080 port: 80 protocol: TCP selector: app: i-am-cool apiVersion: apps/v1 kind: Deployment metadata: name: cool-deployment labels: app: i-am-cool spec: replicas: 3 template: metadata: labels: app: i-am-cool spec: containers: - name: super-duper-fantastic image: toricls/my-super-fantastic-app:v1 Ingress Service Deployment LB App Type: AWS::ECS::TaskDefinition Properties: Family: cool-task ContainerDefinitions: - Name: super-duper-fantastic Image: toricls/my-super-fantastic-app:v1 ECS Service Task Definition Type: AWS::ECS::Service Properties: Cluster: super-cluster TaskDefinition: cool-task:3 DesiredCount: 3 LoadBalancers: - TargetGroupArn: my-alb-arn ContainerPort: 8080 ReplicaSet spec

  15. twitter.com/toricls in Kubernetes and Amazon ECS apiVersion: networking.k8s.io/v1beta1 kind: Ingress

    metadata: name: hey-yo—ingress spec: rules: - http: paths: - path: /cooool backend: serviceName: cool-service servicePort: 80 apiVersion: v1 kind: Service metadata: name: cool-service labels: app: demo spec: ports: - targetPort: 8080 port: 80 protocol: TCP selector: app: i-am-cool apiVersion: apps/v1 kind: Deployment metadata: name: cool-deployment labels: app: i-am-cool spec: replicas: 3 template: metadata: labels: app: i-am-cool spec: containers: - name: super-duper-fantastic image: toricls/my-super-fantastic-app:v1 Ingress Service Deployment LB App Type: AWS::ECS::TaskDefinition Properties: Family: cool-task ContainerDefinitions: - Name: super-duper-fantastic Image: toricls/my-super-fantastic-app:v1 ECS Service Task Definition Type: AWS::ECS::Service Properties: Cluster: super-cluster TaskDefinition: cool-task:3 DesiredCount: 3 LoadBalancers: - TargetGroupArn: my-alb-arn ContainerPort: 8080

  16. twitter.com/toricls in Kubernetes and Amazon ECS apiVersion: networking.k8s.io/v1beta1 kind: Ingress

    metadata: name: hey-yo—ingress spec: rules: - http: paths: - path: /cooool backend: serviceName: cool-service servicePort: 80 apiVersion: v1 kind: Service metadata: name: cool-service labels: app: demo spec: ports: - targetPort: 8080 port: 80 protocol: TCP selector: app: i-am-cool apiVersion: apps/v1 kind: Deployment metadata: name: cool-deployment labels: app: i-am-cool spec: replicas: 3 template: metadata: labels: app: i-am-cool spec: containers: - name: super-duper-fantastic image: toricls/my-super-fantastic-app:v1 Ingress Service Deployment LB App Type: AWS::ECS::TaskDefinition Properties: Family: cool-task ContainerDefinitions: - Name: super-duper-fantastic Image: toricls/my-super-fantastic-app:v1 ECS Service Task Definition Type: AWS::ECS::Service Properties: Cluster: super-cluster TaskDefinition: cool-task:3 DesiredCount: 3 LoadBalancers: - TargetGroupArn: my-alb-arn ContainerPort: 8080

  17. twitter.com/toricls in Kubernetes and Amazon ECS apiVersion: networking.k8s.io/v1beta1 kind: Ingress

    metadata: name: hey-yo—ingress spec: rules: - http: paths: - path: /cooool backend: serviceName: cool-service servicePort: 80 apiVersion: v1 kind: Service metadata: name: cool-service labels: app: demo spec: ports: - targetPort: 8080 port: 80 protocol: TCP selector: app: i-am-cool apiVersion: apps/v1 kind: Deployment metadata: name: cool-deployment labels: app: i-am-cool spec: replicas: 3 template: metadata: labels: app: i-am-cool spec: containers: - name: super-duper-fantastic image: toricls/my-super-fantastic-app:v1 Ingress Service Deployment LB App Type: AWS::ECS::TaskDefinition Properties: Family: cool-task ContainerDefinitions: - Name: super-duper-fantastic Image: toricls/my-super-fantastic-app:v1 ECS Service Task Definition Type: AWS::ECS::Service Properties: Cluster: super-cluster TaskDefinition: cool-task:3 DesiredCount: 3 LoadBalancers: - TargetGroupArn: my-alb-arn ContainerPort: 8080

  18. twitter.com/toricls in Kubernetes and Amazon ECS apiVersion: networking.k8s.io/v1beta1 kind: Ingress

    metadata: name: hey-yo—ingress spec: rules: - http: paths: - path: /cooool backend: serviceName: cool-service servicePort: 80 apiVersion: v1 kind: Service metadata: name: cool-service labels: app: demo spec: ports: - targetPort: 8080 port: 80 protocol: TCP selector: app: i-am-cool apiVersion: apps/v1 kind: Deployment metadata: name: cool-deployment labels: app: i-am-cool spec: replicas: 3 template: metadata: labels: app: i-am-cool spec: containers: - name: super-duper-fantastic image: toricls/my-super-fantastic-app:v1 Ingress Service Deployment LB App Type: AWS::ECS::TaskDefinition Properties: Family: cool-task ContainerDefinitions: - Name: super-duper-fantastic Image: toricls/my-super-fantastic-app:v1 ECS Service Task Definition Type: AWS::ECS::Service Properties: Cluster: super-cluster TaskDefinition: cool-task:3 DesiredCount: 3 LoadBalancers: - TargetGroupArn: my-alb-arn ContainerPort: 8080 これは?

  19. twitter.com/toricls in Amazon ECS LB App How to route `paths`?

    Application Load Balancer (L7 LB) Listener(s) Listener Rule(s) Target Group Target Group Target Group path: /yay Default route path: /cooool ECS Service (containers) \EC2 !!/ ルーティングの世界 コンテナの世界 仮想マシンの世界 関数の世界 \Lambda !!/

  20. twitter.com/toricls in Kubernetes and Amazon ECS apiVersion: networking.k8s.io/v1beta1 kind: Ingress

    metadata: name: hey-yo—ingress spec: rules: - http: paths: - path: /cooool backend: serviceName: cool-service servicePort: 80 apiVersion: v1 kind: Service metadata: name: cool-service labels: app: demo spec: ports: - targetPort: 8080 port: 80 protocol: TCP selector: app: i-am-cool apiVersion: apps/v1 kind: Deployment metadata: name: cool-deployment labels: app: i-am-cool spec: replicas: 3 template: metadata: labels: app: i-am-cool spec: containers: - name: super-duper-fantastic image: toricls/my-super-fantastic-app:v1 Ingress Service Deployment LB App Type: AWS::ECS::TaskDefinition Properties: Family: cool-task ContainerDefinitions: - Name: super-duper-fantastic Image: toricls/my-super-fantastic-app:v1 ECS Service Task Definition Type: AWS::ECS::Service Properties: Cluster: super-cluster TaskDefinition: cool-task:3 DesiredCount: 3 LoadBalancers: - TargetGroupArn: my-alb-arn ContainerPort: 8080

  21. twitter.com/toricls in Kubernetes and Amazon ECS apiVersion: networking.k8s.io/v1beta1 kind: Ingress

    metadata: name: hey-yo—ingress spec: rules: - http: paths: - path: /cooool backend: serviceName: cool-service servicePort: 80 apiVersion: v1 kind: Service metadata: name: cool-service labels: app: demo spec: ports: - targetPort: 8080 port: 80 protocol: TCP selector: app: i-am-cool apiVersion: apps/v1 kind: Deployment metadata: name: cool-deployment labels: app: i-am-cool spec: replicas: 3 template: metadata: labels: app: i-am-cool spec: containers: - name: super-duper-fantastic image: toricls/my-super-fantastic-app:v1 Ingress Service Deployment LB App Type: AWS::ECS::TaskDefinition Properties: Family: cool-task ContainerDefinitions: - Name: super-duper-fantastic Image: toricls/my-super-fantastic-app:v1 ECS Service Task Definition Type: AWS::ECS::Service Properties: Cluster: super-cluster TaskDefinition: cool-task:3 DesiredCount: 3 LoadBalancers: - TargetGroupArn: my-alb-arn ContainerPort: 8080 これは?

  22. twitter.com/toricls Where is “Cluster”? • Amazon EKS • kubeadm •

    Kind • … } “create” Control-plane (master) Data-plane (workers) (*) *) Amazon ECS Agent にはアイコンがないので… Node x N Node x N

  23. twitter.com/toricls in Kubernetes and Amazon ECS apiVersion: networking.k8s.io/v1beta1 kind: Ingress

    metadata: name: hey-yo—ingress spec: rules: - http: paths: - path: /cooool backend: serviceName: cool-service servicePort: 80 apiVersion: v1 kind: Service metadata: name: cool-service labels: app: demo spec: ports: - targetPort: 8080 port: 80 protocol: TCP selector: app: i-am-cool apiVersion: apps/v1 kind: Deployment metadata: name: cool-deployment labels: app: i-am-cool spec: replicas: 3 template: metadata: labels: app: i-am-cool spec: containers: - name: super-duper-fantastic image: toricls/my-super-fantastic-app:v1 Ingress Service Deployment LB App Type: AWS::ECS::TaskDefinition Properties: Family: cool-task ContainerDefinitions: - Name: super-duper-fantastic Image: toricls/my-super-fantastic-app:v1 ECS Service Task Definition Type: AWS::ECS::Service Properties: Cluster: super-cluster TaskDefinition: cool-task:3 DesiredCount: 3 LoadBalancers: - TargetGroupArn: my-alb-arn ContainerPort: 8080

  24. twitter.com/toricls in Kubernetes and Amazon ECS apiVersion: networking.k8s.io/v1beta1 kind: Ingress

    metadata: name: hey-yo—ingress spec: rules: - http: paths: - path: /cooool backend: serviceName: cool-service servicePort: 80 apiVersion: v1 kind: Service metadata: name: cool-service labels: app: demo spec: ports: - targetPort: 8080 port: 80 protocol: TCP selector: app: i-am-cool apiVersion: apps/v1 kind: Deployment metadata: name: cool-deployment labels: app: i-am-cool spec: replicas: 3 template: metadata: labels: app: i-am-cool spec: containers: - name: super-duper-fantastic image: toricls/my-super-fantastic-app:v1 Ingress Service Deployment LB App Type: AWS::ECS::TaskDefinition Properties: Family: cool-task ContainerDefinitions: - Name: super-duper-fantastic Image: toricls/my-super-fantastic-app:v1 ECS Service Task Definition Type: AWS::ECS::Service Properties: Cluster: super-cluster TaskDefinition: cool-task:3 DesiredCount: 3 LoadBalancers: - TargetGroupArn: my-alb-arn ContainerPort: 8080 ?? ]

  25. twitter.com/toricls in Amazon ECS LB App Task Definition is immutable

    and it has “Revisions”

  26. twitter.com/toricls Example GitOps Flow in Kubernetes and Amazon ECS App

    Repo
 (w/ Dockerfile) Code changes git push CI process docker push Image Registry Manifests Repo
 (w/ manifests) update manifests, create pull request CD process kubectl apply App Repo
 (w/ Dockerfile, w/ Task-def.) Code changes git push CI process docker push Image Registry Manifests Repo
 (w/ Service-def.) update definition files, create pull request CD process aws ecs update-service (タスク定義は CI 処理理で ECS 側に登録済みなので CD 処理理には不不要) ECS API register task-def

  27. twitter.com/toricls App Logging in Kubernetes and Amazon ECS ▶ ログの収集はノードレベル・クラスタレベルの意思決定/オペレーション

    ▶ DaemonSet によってログ収集エージェントをノード群に展開 ▶ Docker ログドライバー(*) をサポートしないという⽅向性 ▶ ログの収集をアプリケーションレベルで意思決定/オペレーションすることがあり得る ▶ Docker ログドライバー機能をタスク定義から設定する ▶ アプリケーションごとにログの送付先が異なるケースが想定されている ▶ 2018.06 に追加されたデーモンスケジューラー機能を使ってログ収集エージェントを配布する⽅式も選択可能ではある *) https://docs.docker.com/config/containers/logging/configure/

  28. twitter.com/toricls Lots of Fun Diffs in Kubernetes and Amazon ECS

    ▶ Kubernetes Jobs ▶ ECS では Step Functions という別サービスと ECS タスクを組み合わせて実現する ▶ Kubernetes CronJobs ▶ ECS では EventBridge + Step Functions + ECS タスクの組み合わせ ▶ ECS タスク - Container Dependency ▶ Kubernetes では initContainers を利⽤したり ▶ コンテナライフサイクルフック(preStop とか)を組み合わせ ▶ Kubernetes 1.19(?) の containers.lifecycle.type: SideCar に期待… ▶ Kubernetes Admission Controllers ▶ ECS でこれにピッタリと該当する機能/やり⽅は存在しない気がする

  29. twitter.com/toricls AWS Container Services - Public Roadmap https://github.com/aws/containers-roadmap/projects/1

  30. twitter.com/toricls AWS Container Services - Public Roadmap https://github.com/aws/containers-roadmap/projects/1

  31. twitter.com/toricls Thank you :)