Upgrade to Pro — share decks privately, control downloads, hide ads and more …

oSC23 - Rancher integration with AWS services: ...

Dominik Wombacher
May 27, 2023
Technology
0
99

oSC23 - Rancher integration with AWS services: possibilities, challenges, outlook.

Rancher can deploy and manage your Kubernetes clusters on AWS EKS and EC2. But what about things like Authentication, Logging, Monitoring or Backup? I will give an overview of AWS services for these four pillars and talk about what’s already possible, which challenges some integrations might have and an outlook what’s planned. Learn more about how the integrations are working under the hood and which technologies and open-sources solutions are involved.

Presented at openSUSE Conference 2023:
https://events.opensuse.org/conferences/oSC23/program/proposals/4169

Dominik Wombacher

May 27, 2023
Tweet

More Decks by Dominik Wombacher

See All by Dominik Wombacher
oSC24 - NeuVector Integration into AWS CodePipeline CI and CD workflow
wombelix
0
51
oSC24 - Pagure CI integration with AWS CodePipeline
wombelix
0
55
oSC23 - (open)SUSE ALP prototype on AWS, experimental, but fun!
wombelix
0
110

Other Decks in Technology

See All in Technology
Classmethod AI Talks(CATs) #20 司会進行スライド(2025.04.10) / classmethod-ai-talks-aka-cats_moderator-slides_vol20_2025-04-10
shinyaa31
0
120
Enterprise AI in 2025?
pamelafox
0
150
Would you THINK such a demonstration interesting ?
shumpei3
1
130
Amazon S3 Tables + Amazon Athena / Apache Iceberg
okaru
0
230
”知のインストール”戦略:テキスト資産をAIの文脈理解に活かす
kworkdev
PRO
9
4.1k
AWSのマルチアカウント管理 ベストプラクティス最新版 2025 / Multi-Account management on AWS best practice 2025
ohmura
2
130
Amebaにおける Platform Engineeringの実践
kumorn5s
6
890
All You Need Is Kusa 〜Slackデータで始めるデータドリブン〜
jonnojun
0
140
ブラウザのレガシー・独自機能を愛でる-Firefoxの脆弱性4選- / Browser Crash Club #1
masatokinugawa
1
360
DuckDB MCPサーバーを使ってAWSコストを分析させてみた / AWS cost analysis with DuckDB MCP server
masahirokawahara
0
330
MCPを活用した検索システムの作り方/How to implement search systems with MCP #catalks
quiver
0
390
Micro Frontends: Necessity, Implementation, and Challenges
rainerhahnekamp
0
320

Featured

See All Featured
Mobile First: as difficult as doing things right
swwweet
223
9.6k
Reflections from 52 weeks, 52 projects
jeffersonlam
349
20k
Building Adaptive Systems
keathley
41
2.5k
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.7k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
Navigating Team Friction
lara
184
15k
Become a Pro
speakerdeck
PRO
27
5.3k
The Power of CSS Pseudo Elements
geoffreycrofte
75
5.7k
Visualization
eitanlees
146
16k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Stop Working from a Prison Cell
hatefulcrawdad
268
20k

Transcript

  1. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Rancher integration with AWS services Dominik Wombacher Sr. Partner Solutions Architect [email protected] Possibilities, challenges, outlook

  2. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Session Agenda Amazon Region Design Rancher on Amazon Elastic Kubernetes Service (EKS) Integration with AWS services Outlook Q&A 2

  3. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Amazon Region Design 3

  4. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. AWS Regions & Availability Zones 3 1 L A U N C H E D R E G I O N S / 9 9 A V A I L A B I L I T Y Z O N E S / 4 0 0 + E D G E L O C A T I O N S 4

  5. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. AWS Region Design H O W A M A Z O N D E F I N E S R E G I O N S A N D A V A I L A B I L I T Y Z O N E S 5 AZ AZ AZ AZ Transit Transit Datacenter Datacenter Datacenter

  6. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Rancher on Amazon EKS 6

  7. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Rancher on Amazon EKS Architecture 7

  8. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. 8 Quick fire quiz High-Available, production ready, Rancher on AWS How many steps? How long does it take?

  9. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. 9 5 Steps Rancher Setup from AWS Marketplace 20 Minutes

  10. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Rancher Setup from AWS Marketplace H I G H A V A I L A B L E , P R O D U C T I O N R E A D Y W I T H 5 S T E P S I N 2 0 M I N U T E S 10 IAM Role DNS Zone Marketplace EC2 SUSE Rancher Setup Rancher on Amazon EKS 1 2 3 4 5

  11. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Go ahead and install Rancher on AWS! 11 https://go.aws/3KDHL0X

  12. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Integration with AWS services 12

  13. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Rancher integration with AWS services 13

  14. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Terminology AWS IAM Role Policy EC2 Instance IAM Role AWS Access key W H A T W A S A G A I N A … 14

  15. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Terminology W H A T W A S A G A I N A A W S I A M R O L E A N D P O L I C Y ? 15 IAM Role IAM Permission policy IAM Trust relationship

  16. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Terminology W H A T W A S A G A I N A A W S A C C E S S K E Y A N D E C 2 I N S T A N C E I A M R O L E ? 16 S3 Bucket Role EC2 Instance Container 1 Container 2 Container 3 EC2 Instance IAM Role Long-term security credential AWS access key

  17. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. IAM Roles for Service Accounts (IRSA) AWS IAM Role associated to Kubernetes service account Available out-of-the-box on Amazon EKS Security best-practices Temporary credentials Least privilege principle Fully supported by AWS CLI and AWS SDK F I N E - G R A I N E D I A M R O L E S F O R K U B E R N E T E S S E R V I C E A C C O U N T S 17 AWS Identity and Access Management (IAM) AWS STS

  18. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. IAM Roles for Service Accounts (IRSA) F I N E - G R A I N E D I A M R O L E S F O R K U B E R N E T E S S E R V I C E A C C O U N T S 18

  19. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Backup Amazon S3 high available and resilient backup location Rancher provides the backup-restore-operator Backups can be scheduled and encrypted serviceAccount annotation During installation A U T O M A T E D B A C K U P S O F A L L R A N C H E R R E S O U R C E S 19 Amazon Simple Storage Service (Amazon S3)

  20. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Backup A U T O M A T E D B A C K U P S O F A L L R A N C H E R R E S O U R C E S 20

  21. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Logging AWS CloudWatch Central log location Helm chart rancher-logging Enhanced cloud provider logging Gathers EKS logs as well serviceAccount annotation need to be added after installation S I N G L E P A N E O F G L A S S F O R A L L C O N T A I N E R A N D A P P L I C A T I O N 21 Amazon CloudWatch

  22. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Logging Resources rancher-logging-root rancher-logging-eks S I N G L E P A N E O F G L A S S F O R A L L C O N T A I N E R A N D A P P L I C A T I O N 22

  23. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Authentication AWS Identity Center Single-Sign-On for hundreds of applications AWS Managed Microsoft AD Multi-AZ high availability Rancher includes provider for: LDAP, OAuth, OIDC, SAML C E N T R A L I Z E D U S E R M A N A G E M E N T A N D A U T H E N T I C A T I O N 23 AWS IAM Identity Center AWS Directory Service AWS Managed Microsoft AD

  24. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Authentication C E N T R A L I Z E D U S E R M A N A G E M E N T A N D A U T H E N T I C A T I O N 24

  25. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Monitoring Amazon Managed Grafana Amazon Managed Service for Prometheus Rancher Monitoring Provides Grafana, Alertmanager and Prometheus Based on kube-prometheus-stack Dedicated stack per Cluster I N S I G H T S A B O U T A L L E N V I R O N M E N T S 25 Amazon Managed Grafana Amazon Managed Service for Prometheus

  26. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Monitoring I N S I G H T S A B O U T A L L E N V I R O N M E N T S 26

  27. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Monitoring C E N T R A L I Z E D A C R O S S A L L E N V I R O N M E N T S 27

  28. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. State of AWS service integration 28

  29. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Outlook 29

  30. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. 30 Seamless integration out-of-the-box, easy to use

  31. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Goals AWS Reference Architectures Improved Rancher Documentation Officially supported AWS Authentication Provider IRSA for Rancher core components Centralized monitoring stack S E A M L E S S I N T E G R A T I O N B E T W E E N R A N C H E R A N D A W S S E R V I C E S 31

  32. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. Q&A Ask me anything! 32 https://pulse.buildon.aws/survey/LHLGI5JU Please provide Feedback

  33. © 2023, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Amazon Confidential and Trademark. © 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Confidential and Trademark. Thank you! Dominik Wombacher Sr. Partner Solutions Architect [email protected]