SlideShare a Scribd company logo

Deep dive on Amazon Elastic Container Service for Kubernetes (Amazon EKS) - MAD303 - São Paulo AWS Summit

Amazon Web Services
Amazon Web Services

In this talk, we cover how to achieve operational excellence with Amazon EKS. We dive into the security and networking details needed to run a production-ready Kubernetes cluster.

1 of 50
Download to read offline
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Análise detalhada do Amazon Elastic Kubernetes Service Bruno Emer Arquiteto de Soluções AWS summit São Paulo M A D 3 0 3
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Agenda Gerenciamento do Amazon Elastic Kubernetes Service (Amazon EKS) Data Plane do Amazon EKS Rede e balanceamento de carga no Amazon EKS
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Arquitetura do Amazon EKS mycluster.eks.amazonaws.com EKS Workers Kubectl AZ 1 AZ 2 AZ 3 Sua conta AWS VPC
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Arquitetura Amazon EKS EKS VPCCustomer VPC Worker Nodes Kubernetes API calls Exec, Logs, Proxy Internet EKS-owned elastic network interface
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Gerenciamento do Kubernetes Altamente disponível em uma infraestrutura single tenant Todos os componentes “nativos da AWS” Sustentado por um Network Load Balancer VPC API Server ASG Etcd ASG NLB AZ-1 AZ-2 AZ-3 ELB Instances Instances
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Gerenciamento do Kubernetes Master Node Scheduler Controller Manager Cloud Controller Manager API Server etcd
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T apiVersion: v1 kind: Pod metadata: creationTimestamp: null labels: component: kube-apiserver tier: control-plane name: kube-apiserver namespace: kube-system spec: containers: # Admission plugins # - Recomended admission plugins - https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#is-there-a- recommended-set-of-admission-controllers-to-use # We enable NodeRestriction to limit kubelet access to resources - command: - /bin/sh - -c - /usr/local/bin/kube-apiserver --enable-admission- plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds,NodeRestriction --advertise-address=INTERNAL_IP --allow-privileged=true --anonymous-auth=true --authorization-mode=Node,RBAC --authentication-token-webhook-cache-ttl=AUTHN_TOKEN_CACHE_TTL_DURATION --authentication-token-webhook-config-file=/etc/kubernetes/authenticator/apiserver-webhook-kubeconfig.yaml --bind-address=0.0.0.0 --cloud-provider=aws
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Pergunta? O que acontece quando eu rodo ‘kubectl create –f pods.yaml’?
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T 1) Passa a identidade da AWS Autenticação com IAM Kubectl 3) Autoriza a identidade com RBAC K8s API 2) Verifica a identidade da AWS 4) Ação do K8’s autorizadas/canceladas
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Gerenciamento do Kubernetes Master Node Scheduler Controller Manager Cloud Controller Manager API Server etcd Kubectl
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T API Server Kubectl Servidor de API do Kubernetes Autorização Webhook RBACaws-iam- authenticator Autenticação Controles de admissão Mutating Webhook Validation Webhook
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T # [...] users: - name: aws user: exec: apiVersion: client.authentication.k8s.io/v1alpha1 command: aws-iam-authenticator args: - "token" - "-i" - "CLUSTER_ID" - "-r" - "ROLE_ARN” # Certificado/chave de cliente não é necessária aqui!
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Autorização e autenticação do Cluster • Usuário ou regra IAM que cria o cluster do Amazon EKS possui privilégios de admin • Esse {“super”} usuario/role pode adicionar usuários ou roles` IAM e configurar permissões RBAC • Para adicionar, configure o aws-auth Configmap kubectl edit -n kube-system configmap/aws-auth
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. apiVersion: v1 data: mapRoles: | - rolearn: arn:aws:iam::555555555555:role/devel-worker-nodes-NodeInstanceRole-74RF4UBDUKL6 username: system:node:{{EC2PrivateDNSName}} groups: - system:bootstrappers - system:nodes mapUsers: | - userarn: arn:aws:iam::555555555555:user/admin username: admin groups: - system:masters - userarn: arn:aws:iam::555555555555:user/john username: john groups: - pod-admin # k8s RBAC group
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T O que nós vamos cobrir: • Arquitetura do Data Plane • Customizando o worker node • Customização de AMI • Opções de Bootstrap • Upgrades no Amazon EKS • IAM Roles para pods
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Arquitetura do Amazon EKS EKS VPCCustomer VPC Worker Nodes EKS-owned elastic network interface Kubernetes API calls Exec, Logs, Proxy Internet
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Worker Node kube-dnsKubelet aws- node Container runtime Data Plane do Amazon EKS Control Plane API kube- proxy
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Amazon EKS AMI Build Scripts https://github.com/awslabs/amazon-eks-ami
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AMI do Amazon EKS otimizada com suporte a GPU
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Setup do worker node – Bootstrapping /etc/eks/bootstrap.sh <nome-cluster> [options] Utiliza o UserData para configurar recursos do Sistema e configurações extra do kubelet Reserve recursos computacionais para daemons (Kubelet, container runtime) e limites para Pod eviction
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Versões suportadas: 1.13.7, 1.12.6, 1.11.8 Amazon EKS suporta até 3 versões de Kubernetes por vez ”Depreciação” previne a criação de novos clusters em versões antigas Versões do Kubernetes
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Versão da plataforma Amazon EKS As revisões da versão da plataforma representam alterações de configuração do servidor de API ou patches do Kubernetes Versões da plataforma são incrementadas somente dentro de uma versão do Kubernetes
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Atualizações de versão do K8s no Amazon EKS Nova API UpdateClusterVersion – suporta atualizações da versão do Kubernetes “in place” Introduz um objeto de "update" na API do EKS APIs ListUpdates e DescribeUpdate para prover visibilidade sobre o status de um determinado update
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Atualizando os worker nodes Duas opções: 1) Crie um novo node group com a útima AMI do Amazon EKS >> remova os nodes antigos >> termine o antigo template do CFN 2) Simplesmente atualize a AMI no template do CFN; a política de replacement "rolling" terminará os nodes antigos (Downside: todas as aplicações são finalizadas)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T IAM Roles para pods
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T https://github.com/aws/containers-roadmap/issues/23 Solução proposta pela AWS Faça uso dos Kubernetes TokenRequestProjection Tokens para assumir uma regra de IAM Precisa de Kubernetes v1.11 & ultimos SDKs AWS Suporte para o AWS CloudTrail no lançamento Em Breve IAM Roles para pods
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Passo 1: crie uma IAM Role { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": ["s3:ListBucket"], "Resource": ["arn:aws:s3:::bucket-name"] }, { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject" ], "Resource": ["arn:aws:s3:::bucket-name/*"] } ] } IAM Roles para pods
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Passo 2: Associe a IAM role na conta de serviço aws eks associate-role --role-arn arn:aws:iam::123456789012:role/s3-bucket- readwrite-role --cluster-name my-cluster --namespace default --service-account my-serviceaccount Nota: Nome do cluster é necessário mas namespace e conta de serviço é opcional IAM Roles para pods
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Passo 3: Crie uma conta de serviço e associe a um pod apiVersion: v1 kind: Pod metadata: name: my-pod namespace: default spec: serviceAccountName: my-serviceaccount ... --- IAM Roles para pods
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T apiVersion: v1 kind: ServiceAccount metadata: name: my-serviceaccount namespace: default annotations: "eks.amazonaws.com/assume-role": "arn:aws:iam::123456789012:role/s3- bucket-readwrite-role" IAM Roles para pods Passo 3: Crie uma conta de serviço e associe a um pod
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T O que vamos cobrir: • VPC CNI plugin • Custom networking • Load balancing – Classic Load Balancer, Network Load Balancer, Application Load Balancer
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Amazon VPC CNI Plugin ENI Secondary IPs: 10.0.0.1 10.0.0.2 10.0.0.1 10.0.0.2 ENI 10.0.0.20 10.0.0.22 Secondary IPs: 10.0.0.20 10.0.0.22 ec2.associateaddress() VPC Subnet – 10.0.0.0/24 Instance 1 Instance 2 VPC
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Range CIDR primario endereço RFC 1918  10/8, 172.16/12, 192.168/16 Usado no Amazon EKS para: • Pods • ENIs para (masters  workers) cominicação (exec, logs, proxy etc.) • Rede interna dos serviços do Kubernetes (10.100/16 or 172.20/16 – chosen based on your VPC range) Setup: • Criação do cluster EKS  forneça uma lista de subnets (no mínimo de 2 Availability Zone!)  tagging Amazon VPC CNI plugin – entendendo a alocação de IPs
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T EKS Advanced VPC Networking – subnet pública Pod 10.1.0.5 VPC Public Subnet– 10.1.0.0/24 EKS Node Public IP – 54.1.2.3 Secondary IP: 10.1.0.5 SNAT Ativo (EXTERNALSNAT = false) CNI performs SNAT: 10.1.0.5 <-> 54.1.2.3 “The internet” Return traffic to 54.1.2.3 EKS Worker Internet gateway VPC
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T EKS Advanced VPC Networking – subnet privada EKS Node Primary IP: 10.1.0.2 Secondary IP: 10.1.0.5 Internet gateway SNAT Desativado (EXTERNALSNAT = true) Pod traffic sent from 10.1.0.5 Return Traffic to 54.1.2.3 VPC Public Subnet– 10.1.1.0/24 VPC NAT gateway Public IP: 54.1.2.3 External Device performs SNAT: 10.1.0.5 <-> 54.1.2.3 EKS Worker Pod 10.1.0.5 “The internet” VPC Private Subnet– 10.1.0.0/24
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T EKS Advanced VPC Networking – VPN/Direct Connect VPC Private Subnet– 10.1.0.0/24s EKS Node Primary IP: 10.1.0.2 Secondary IP: 10.1.0.5 SNAT Desativado (EXTERNALSNAT = true) Pod traffic sent from 10.1.0.5 Return Traffic to 10.1.0.5 VPC private gateway (VGW) Not doing SNAT: 10.1.0.5 <-> 192.168.10.5 VPC EKS Worker Pod 10.1.0.5 On premises Corporate data center 192.168.0.0
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Ranges CIDR secundários (novo!)  blocos de endereço non-RFC 1918 (100.64.0.0/10 and 198.19.0.0/16) Usado no Amazon EKS para: • Somente pods Como? • Configuração de rede custom do Amazon EKS habilite  crie o ENIConfig CRD  anote os nodes CNI 1.2.1+ Amazon VPC CNI plugin – entendendo a alocação de IPs
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T EKS Advanced VPC Networking – CIDRs secundários VPC Private Subnet– 10.1.0.0/24, 100.64.0.0/24 EKS Node Primary IP: 10.1.0.2 Secondary IP: 100.64.0.10 Pod traffic sent from 100.64.0.10 Return Traffic to 100.64.0.10 VPC private gateway (VGW) VPC EKS Worker Pod 100.64.0.10 On premises Corporate data center 10.1.0.0
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Load Balancing Os três tipos Elastic Load Balancers são suportados (ELB, ALB, NLB) NLB e CLB são suportados pelo Kubernetes Service type=LoadBalancer Suporte a Load Balancers internos e externos
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Load Balancing Quer usar um load balancer interno? Use a notação: service.beta.kubernetes.io/aws-load-balancer- internal: 0.0.0.0/0 Quer usar o NLB? Use a notação: service.beta.kubernetes.io/aws-load-balancer- type: nlb
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T ALB Ingress Controller Production-Ready (versão 1.0) Suportado pelo time do Amazon EKS Desenvolvimento Open Source: https://github.com/kubernetes-sigs/aws-alb-ingress- controller Clientes estão usando em produção!
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Controle de entrada do ELB AWS Resources Kubernetes Cluster Node Node Kubernetes API Server ALB Ingress Controller Node HTTP ListenerHTTPS Listener Rule: /cheesesRule: /charcuterie TargetGroup: Green (IP Mode) TargetGroup: Blue (Instance Mode) NodePort NodePort
Obrigado! S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Bruno Emer Arquiteto de Soluções AWS
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. “Por favor, responda a pesquisa ao final da sessão no app. Ao finalizar a pesquisa, passe no Help Desk e retire seu brinde!”

Recommended

AWS networking fundamentals - SVC211 - São Paulo AWS Summit
AWS networking fundamentals - SVC211 - São Paulo AWS SummitAWS networking fundamentals - SVC211 - São Paulo AWS Summit
AWS networking fundamentals - SVC211 - São Paulo AWS SummitAmazon Web Services
 
Expert tips for successful Kubernetes deployments on AWS - MAD305 - São Paulo...
Expert tips for successful Kubernetes deployments on AWS - MAD305 - São Paulo...Expert tips for successful Kubernetes deployments on AWS - MAD305 - São Paulo...
Expert tips for successful Kubernetes deployments on AWS - MAD305 - São Paulo...Amazon Web Services
 
CI/CD best practices for building modern applications - MAD310 - New York AWS...
CI/CD best practices for building modern applications - MAD310 - New York AWS...CI/CD best practices for building modern applications - MAD310 - New York AWS...
CI/CD best practices for building modern applications - MAD310 - New York AWS...Amazon Web Services
 
Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...
Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...
Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...Amazon Web Services
 
AWS Fargate deep dive - MAD303 - Chicago AWS Summit
AWS Fargate deep dive - MAD303 - Chicago AWS SummitAWS Fargate deep dive - MAD303 - Chicago AWS Summit
AWS Fargate deep dive - MAD303 - Chicago AWS SummitAmazon Web Services
 
Webinar AI&ML
Webinar AI&MLWebinar AI&ML
Webinar AI&MLAmazon Web Services LATAM
 
AWSome Day Brasil - Março 2020
AWSome Day Brasil - Março 2020AWSome Day Brasil - Março 2020
AWSome Day Brasil - Março 2020Amazon Web Services LATAM
 
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdf
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdfWhat's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdf
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdfAmazon Web Services
 

Recommended

AWS networking fundamentals - SVC211 - São Paulo AWS Summit
AWS networking fundamentals - SVC211 - São Paulo AWS SummitAWS networking fundamentals - SVC211 - São Paulo AWS Summit
AWS networking fundamentals - SVC211 - São Paulo AWS SummitAmazon Web Services
 
Expert tips for successful Kubernetes deployments on AWS - MAD305 - São Paulo...
Expert tips for successful Kubernetes deployments on AWS - MAD305 - São Paulo...Expert tips for successful Kubernetes deployments on AWS - MAD305 - São Paulo...
Expert tips for successful Kubernetes deployments on AWS - MAD305 - São Paulo...Amazon Web Services
 
CI/CD best practices for building modern applications - MAD310 - New York AWS...
CI/CD best practices for building modern applications - MAD310 - New York AWS...CI/CD best practices for building modern applications - MAD310 - New York AWS...
CI/CD best practices for building modern applications - MAD310 - New York AWS...Amazon Web Services
 
Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...
Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...
Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...Amazon Web Services
 
AWS Fargate deep dive - MAD303 - Chicago AWS Summit
AWS Fargate deep dive - MAD303 - Chicago AWS SummitAWS Fargate deep dive - MAD303 - Chicago AWS Summit
AWS Fargate deep dive - MAD303 - Chicago AWS SummitAmazon Web Services
 
Webinar AI&ML
Webinar AI&MLWebinar AI&ML
Webinar AI&MLAmazon Web Services LATAM
 
AWSome Day Brasil - Março 2020
AWSome Day Brasil - Março 2020AWSome Day Brasil - Março 2020
AWSome Day Brasil - Março 2020Amazon Web Services LATAM
 
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdf
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdfWhat's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdf
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdfAmazon Web Services
 
Twelve-Factor serverless applications - MAD311 - Chicago AWS Summit
Twelve-Factor serverless applications - MAD311 - Chicago AWS SummitTwelve-Factor serverless applications - MAD311 - Chicago AWS Summit
Twelve-Factor serverless applications - MAD311 - Chicago AWS SummitAmazon Web Services
 
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...Amazon Web Services
 
Storing data long term with Amazon S3 Glacier Deep Archive - STG302 - Chicago...
Storing data long term with Amazon S3 Glacier Deep Archive - STG302 - Chicago...Storing data long term with Amazon S3 Glacier Deep Archive - STG302 - Chicago...
Storing data long term with Amazon S3 Glacier Deep Archive - STG302 - Chicago...Amazon Web Services
 
Video anomaly detection using Amazon SageMaker, AWS DeepLens, & AWS IoT Green...
Video anomaly detection using Amazon SageMaker, AWS DeepLens, & AWS IoT Green...Video anomaly detection using Amazon SageMaker, AWS DeepLens, & AWS IoT Green...
Video anomaly detection using Amazon SageMaker, AWS DeepLens, & AWS IoT Green...Amazon Web Services
 
如何成功的完成混合雲遷移專案
如何成功的完成混合雲遷移專案如何成功的完成混合雲遷移專案
如何成功的完成混合雲遷移專案Amazon Web Services
 
.NET on AWS
.NET on AWS.NET on AWS
.NET on AWSAmazon Web Services
 
Optimize your Machine Learning workloads | AWS Summit Tel Aviv 2019
Optimize your Machine Learning workloads | AWS Summit Tel Aviv 2019Optimize your Machine Learning workloads | AWS Summit Tel Aviv 2019
Optimize your Machine Learning workloads | AWS Summit Tel Aviv 2019AWS Summits
 
AWS Fargate deep dive - MAD303 - New York AWS Summit
AWS Fargate deep dive - MAD303 - New York AWS SummitAWS Fargate deep dive - MAD303 - New York AWS Summit
AWS Fargate deep dive - MAD303 - New York AWS SummitAmazon Web Services
 
Perfecting the Media Workflow Experience on AWS - Ben Masek, 월드와이드 미디어 사업개발 헤...
Perfecting the Media Workflow Experience on AWS - Ben Masek, 월드와이드 미디어 사업개발 헤...Perfecting the Media Workflow Experience on AWS - Ben Masek, 월드와이드 미디어 사업개발 헤...
Perfecting the Media Workflow Experience on AWS - Ben Masek, 월드와이드 미디어 사업개발 헤...Amazon Web Services Korea
 
Developing Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS Summit
Developing Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS SummitDeveloping Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS Summit
Developing Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS SummitAmazon Web Services
 
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...Amazon Web Services
 
Improve operations with AWS Systems Manager OpsCenter - SVC310 - New York AWS...
Improve operations with AWS Systems Manager OpsCenter - SVC310 - New York AWS...Improve operations with AWS Systems Manager OpsCenter - SVC310 - New York AWS...
Improve operations with AWS Systems Manager OpsCenter - SVC310 - New York AWS...Amazon Web Services
 
從業人員指南-如何像技術專家一樣守護您的雲端安全
從業人員指南-如何像技術專家一樣守護您的雲端安全從業人員指南-如何像技術專家一樣守護您的雲端安全
從業人員指南-如何像技術專家一樣守護您的雲端安全Amazon Web Services
 
Best Practices for Migrating your Microsoft Workloads to AWS
Best Practices for Migrating your Microsoft Workloads to AWSBest Practices for Migrating your Microsoft Workloads to AWS
Best Practices for Migrating your Microsoft Workloads to AWSAmazon Web Services
 
Pro-Tips-for-Builders-on-AWS
Pro-Tips-for-Builders-on-AWSPro-Tips-for-Builders-on-AWS
Pro-Tips-for-Builders-on-AWSAmazon Web Services
 
Serverless Functions Deep Dive
Serverless Functions Deep DiveServerless Functions Deep Dive
Serverless Functions Deep DiveAmazon Web Services
 
Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...
Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...
Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...Amazon Web Services
 
Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...
Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...
Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...Amazon Web Services
 
Scalable serverless architectures using event-driven design - MAD301 - Atlant...
Scalable serverless architectures using event-driven design - MAD301 - Atlant...Scalable serverless architectures using event-driven design - MAD301 - Atlant...
Scalable serverless architectures using event-driven design - MAD301 - Atlant...Amazon Web Services
 
A tale of two customers - Simplified data protection with Veeam, N2WS & AWS -...
A tale of two customers - Simplified data protection with Veeam, N2WS & AWS -...A tale of two customers - Simplified data protection with Veeam, N2WS & AWS -...
A tale of two customers - Simplified data protection with Veeam, N2WS & AWS -...Amazon Web Services
 
AWS Summit Singapore 2019 | Microsoft DevOps on AWS
AWS Summit Singapore 2019 | Microsoft DevOps on AWSAWS Summit Singapore 2019 | Microsoft DevOps on AWS
AWS Summit Singapore 2019 | Microsoft DevOps on AWSAWS Summits
 
Modernizing applications with Amazon EKS - MAD304 - Santa Clara AWS Summit.pdf
Modernizing applications with Amazon EKS - MAD304 - Santa Clara AWS Summit.pdfModernizing applications with Amazon EKS - MAD304 - Santa Clara AWS Summit.pdf
Modernizing applications with Amazon EKS - MAD304 - Santa Clara AWS Summit.pdfAmazon Web Services
 

More Related Content

What's hot

Twelve-Factor serverless applications - MAD311 - Chicago AWS Summit
Twelve-Factor serverless applications - MAD311 - Chicago AWS SummitTwelve-Factor serverless applications - MAD311 - Chicago AWS Summit
Twelve-Factor serverless applications - MAD311 - Chicago AWS SummitAmazon Web Services
 
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...Amazon Web Services
 
Storing data long term with Amazon S3 Glacier Deep Archive - STG302 - Chicago...
Storing data long term with Amazon S3 Glacier Deep Archive - STG302 - Chicago...Storing data long term with Amazon S3 Glacier Deep Archive - STG302 - Chicago...
Storing data long term with Amazon S3 Glacier Deep Archive - STG302 - Chicago...Amazon Web Services
 
Video anomaly detection using Amazon SageMaker, AWS DeepLens, & AWS IoT Green...
Video anomaly detection using Amazon SageMaker, AWS DeepLens, & AWS IoT Green...Video anomaly detection using Amazon SageMaker, AWS DeepLens, & AWS IoT Green...
Video anomaly detection using Amazon SageMaker, AWS DeepLens, & AWS IoT Green...Amazon Web Services
 
如何成功的完成混合雲遷移專案
如何成功的完成混合雲遷移專案如何成功的完成混合雲遷移專案
如何成功的完成混合雲遷移專案Amazon Web Services
 
Optimize your Machine Learning workloads | AWS Summit Tel Aviv 2019
Optimize your Machine Learning workloads | AWS Summit Tel Aviv 2019Optimize your Machine Learning workloads | AWS Summit Tel Aviv 2019
Optimize your Machine Learning workloads | AWS Summit Tel Aviv 2019AWS Summits
 
AWS Fargate deep dive - MAD303 - New York AWS Summit
AWS Fargate deep dive - MAD303 - New York AWS SummitAWS Fargate deep dive - MAD303 - New York AWS Summit
AWS Fargate deep dive - MAD303 - New York AWS SummitAmazon Web Services
 
Perfecting the Media Workflow Experience on AWS - Ben Masek, 월드와이드 미디어 사업개발 헤...
Perfecting the Media Workflow Experience on AWS - Ben Masek, 월드와이드 미디어 사업개발 헤...Perfecting the Media Workflow Experience on AWS - Ben Masek, 월드와이드 미디어 사업개발 헤...
Perfecting the Media Workflow Experience on AWS - Ben Masek, 월드와이드 미디어 사업개발 헤...Amazon Web Services Korea
 
Developing Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS Summit
Developing Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS SummitDeveloping Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS Summit
Developing Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS SummitAmazon Web Services
 
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...Amazon Web Services
 
Improve operations with AWS Systems Manager OpsCenter - SVC310 - New York AWS...
Improve operations with AWS Systems Manager OpsCenter - SVC310 - New York AWS...Improve operations with AWS Systems Manager OpsCenter - SVC310 - New York AWS...
Improve operations with AWS Systems Manager OpsCenter - SVC310 - New York AWS...Amazon Web Services
 
從業人員指南-如何像技術專家一樣守護您的雲端安全
從業人員指南-如何像技術專家一樣守護您的雲端安全從業人員指南-如何像技術專家一樣守護您的雲端安全
從業人員指南-如何像技術專家一樣守護您的雲端安全Amazon Web Services
 
Best Practices for Migrating your Microsoft Workloads to AWS
Best Practices for Migrating your Microsoft Workloads to AWSBest Practices for Migrating your Microsoft Workloads to AWS
Best Practices for Migrating your Microsoft Workloads to AWSAmazon Web Services
 
Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...
Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...
Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...Amazon Web Services
 
Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...
Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...
Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...Amazon Web Services
 
Scalable serverless architectures using event-driven design - MAD301 - Atlant...
Scalable serverless architectures using event-driven design - MAD301 - Atlant...Scalable serverless architectures using event-driven design - MAD301 - Atlant...
Scalable serverless architectures using event-driven design - MAD301 - Atlant...Amazon Web Services
 
A tale of two customers - Simplified data protection with Veeam, N2WS & AWS -...
A tale of two customers - Simplified data protection with Veeam, N2WS & AWS -...A tale of two customers - Simplified data protection with Veeam, N2WS & AWS -...
A tale of two customers - Simplified data protection with Veeam, N2WS & AWS -...Amazon Web Services
 

What's hot (20)

Twelve-Factor serverless applications - MAD311 - Chicago AWS Summit
Twelve-Factor serverless applications - MAD311 - Chicago AWS SummitTwelve-Factor serverless applications - MAD311 - Chicago AWS Summit
Twelve-Factor serverless applications - MAD311 - Chicago AWS Summit
 
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...
Accelerating your cloud migration with VMware Cloud on AWS - CMP205 - Chicago...
 
Storing data long term with Amazon S3 Glacier Deep Archive - STG302 - Chicago...
Storing data long term with Amazon S3 Glacier Deep Archive - STG302 - Chicago...Storing data long term with Amazon S3 Glacier Deep Archive - STG302 - Chicago...
Storing data long term with Amazon S3 Glacier Deep Archive - STG302 - Chicago...
 
Video anomaly detection using Amazon SageMaker, AWS DeepLens, & AWS IoT Green...
Video anomaly detection using Amazon SageMaker, AWS DeepLens, & AWS IoT Green...Video anomaly detection using Amazon SageMaker, AWS DeepLens, & AWS IoT Green...
Video anomaly detection using Amazon SageMaker, AWS DeepLens, & AWS IoT Green...
 
如何成功的完成混合雲遷移專案
如何成功的完成混合雲遷移專案如何成功的完成混合雲遷移專案
如何成功的完成混合雲遷移專案
 
.NET on AWS
.NET on AWS.NET on AWS
.NET on AWS
 
Optimize your Machine Learning workloads | AWS Summit Tel Aviv 2019
Optimize your Machine Learning workloads | AWS Summit Tel Aviv 2019Optimize your Machine Learning workloads | AWS Summit Tel Aviv 2019
Optimize your Machine Learning workloads | AWS Summit Tel Aviv 2019
 
AWS Fargate deep dive - MAD303 - New York AWS Summit
AWS Fargate deep dive - MAD303 - New York AWS SummitAWS Fargate deep dive - MAD303 - New York AWS Summit
AWS Fargate deep dive - MAD303 - New York AWS Summit
 
Perfecting the Media Workflow Experience on AWS - Ben Masek, 월드와이드 미디어 사업개발 헤...
Perfecting the Media Workflow Experience on AWS - Ben Masek, 월드와이드 미디어 사업개발 헤...Perfecting the Media Workflow Experience on AWS - Ben Masek, 월드와이드 미디어 사업개발 헤...
Perfecting the Media Workflow Experience on AWS - Ben Masek, 월드와이드 미디어 사업개발 헤...
 
Developing Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS Summit
Developing Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS SummitDeveloping Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS Summit
Developing Intelligent Robots with AWS RoboMaker - SVC205 - Anaheim AWS Summit
 
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
 
Improve operations with AWS Systems Manager OpsCenter - SVC310 - New York AWS...
Improve operations with AWS Systems Manager OpsCenter - SVC310 - New York AWS...Improve operations with AWS Systems Manager OpsCenter - SVC310 - New York AWS...
Improve operations with AWS Systems Manager OpsCenter - SVC310 - New York AWS...
 
從業人員指南-如何像技術專家一樣守護您的雲端安全
從業人員指南-如何像技術專家一樣守護您的雲端安全從業人員指南-如何像技術專家一樣守護您的雲端安全
從業人員指南-如何像技術專家一樣守護您的雲端安全
 
Best Practices for Migrating your Microsoft Workloads to AWS
Best Practices for Migrating your Microsoft Workloads to AWSBest Practices for Migrating your Microsoft Workloads to AWS
Best Practices for Migrating your Microsoft Workloads to AWS
 
Pro-Tips-for-Builders-on-AWS
Pro-Tips-for-Builders-on-AWSPro-Tips-for-Builders-on-AWS
Pro-Tips-for-Builders-on-AWS
 
Serverless Functions Deep Dive
Serverless Functions Deep DiveServerless Functions Deep Dive
Serverless Functions Deep Dive
 
Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...
Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...
Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...
 
Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...
Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...
Introduction to AWS OutIntroduction to AWS Outposts - CMP203 - Chicago AWS Su...
 
Scalable serverless architectures using event-driven design - MAD301 - Atlant...
Scalable serverless architectures using event-driven design - MAD301 - Atlant...Scalable serverless architectures using event-driven design - MAD301 - Atlant...
Scalable serverless architectures using event-driven design - MAD301 - Atlant...
 
A tale of two customers - Simplified data protection with Veeam, N2WS & AWS -...
A tale of two customers - Simplified data protection with Veeam, N2WS & AWS -...A tale of two customers - Simplified data protection with Veeam, N2WS & AWS -...
A tale of two customers - Simplified data protection with Veeam, N2WS & AWS -...
 

Similar to Deep dive on Amazon Elastic Container Service for Kubernetes (Amazon EKS) - MAD303 - São Paulo AWS Summit

AWS Summit Singapore 2019 | Microsoft DevOps on AWS
AWS Summit Singapore 2019 | Microsoft DevOps on AWSAWS Summit Singapore 2019 | Microsoft DevOps on AWS
AWS Summit Singapore 2019 | Microsoft DevOps on AWSAWS Summits
 
Modernizing applications with Amazon EKS - MAD304 - Santa Clara AWS Summit.pdf
Modernizing applications with Amazon EKS - MAD304 - Santa Clara AWS Summit.pdfModernizing applications with Amazon EKS - MAD304 - Santa Clara AWS Summit.pdf
Modernizing applications with Amazon EKS - MAD304 - Santa Clara AWS Summit.pdfAmazon Web Services
 
Modernizing legacy applications with Amazon EKS - MAD301 - Chicago AWS Summit
Modernizing legacy applications with Amazon EKS - MAD301 - Chicago AWS SummitModernizing legacy applications with Amazon EKS - MAD301 - Chicago AWS Summit
Modernizing legacy applications with Amazon EKS - MAD301 - Chicago AWS SummitAmazon Web Services
 
Running kubernetes with amazon eks
Running kubernetes with amazon eksRunning kubernetes with amazon eks
Running kubernetes with amazon eksyanaisama
 
Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...Amazon Web Services
 
Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018
Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018
Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018Amazon Web Services
 
Fast-Track Your Application Modernisation Journey with Containers - AWS Summi...
Fast-Track Your Application Modernisation Journey with Containers - AWS Summi...Fast-Track Your Application Modernisation Journey with Containers - AWS Summi...
Fast-Track Your Application Modernisation Journey with Containers - AWS Summi...Amazon Web Services
 
Amazon Elastic Container Service for Kubernetes (Amazon EKS)
Amazon Elastic Container Service for Kubernetes (Amazon EKS)Amazon Elastic Container Service for Kubernetes (Amazon EKS)
Amazon Elastic Container Service for Kubernetes (Amazon EKS)Amazon Web Services
 
Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019
Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019 Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019
Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019 Amazon Web Services
 
AWS Summit London 2019 - Containers on AWS
AWS Summit London 2019 - Containers on AWSAWS Summit London 2019 - Containers on AWS
AWS Summit London 2019 - Containers on AWSMassimo Ferre'
 
AWS Builders Online Series | 컨테이너, AWS에서 날개를 달다 - 유재석, AWS 솔루션즈 아키텍트
AWS Builders Online Series | 컨테이너, AWS에서 날개를 달다 - 유재석, AWS 솔루션즈 아키텍트AWS Builders Online Series | 컨테이너, AWS에서 날개를 달다 - 유재석, AWS 솔루션즈 아키텍트
AWS Builders Online Series | 컨테이너, AWS에서 날개를 달다 - 유재석, AWS 솔루션즈 아키텍트Amazon Web Services Korea
 
Modern Applications Web Day | Container Workloads on AWS
Modern Applications Web Day | Container Workloads on AWSModern Applications Web Day | Container Workloads on AWS
Modern Applications Web Day | Container Workloads on AWSAWS Germany
 
Executando Kubernetes com Amazon EKS - DEV303 - Sao Paulo Summit
Executando Kubernetes com Amazon EKS - DEV303 - Sao Paulo SummitExecutando Kubernetes com Amazon EKS - DEV303 - Sao Paulo Summit
Executando Kubernetes com Amazon EKS - DEV303 - Sao Paulo SummitAmazon Web Services
 
From Code to a running container | AWS Summit Tel Aviv 2019
From Code to a running container | AWS Summit Tel Aviv 2019From Code to a running container | AWS Summit Tel Aviv 2019
From Code to a running container | AWS Summit Tel Aviv 2019Amazon Web Services
 
From Code to a running container | AWS Summit Tel Aviv 2019
From Code to a running container | AWS Summit Tel Aviv 2019From Code to a running container | AWS Summit Tel Aviv 2019
From Code to a running container | AWS Summit Tel Aviv 2019AWS Summits
 
[Games on AWS 2019] AWS 입문자를 위한 초단기 레벨업 트랙 | AWS 레벨업 하기! : 컨테이너 - 김세호 AWS 솔루션...
[Games on AWS 2019] AWS 입문자를 위한 초단기 레벨업 트랙 | AWS 레벨업 하기! : 컨테이너 - 김세호 AWS 솔루션...[Games on AWS 2019] AWS 입문자를 위한 초단기 레벨업 트랙 | AWS 레벨업 하기! : 컨테이너 - 김세호 AWS 솔루션...
[Games on AWS 2019] AWS 입문자를 위한 초단기 레벨업 트랙 | AWS 레벨업 하기! : 컨테이너 - 김세호 AWS 솔루션...Amazon Web Services Korea
 
使用 Amazon EKS 打造高效的服務架構設計
使用 Amazon EKS 打造高效的服務架構設計使用 Amazon EKS 打造高效的服務架構設計
使用 Amazon EKS 打造高效的服務架構設計Amazon Web Services
 
How Qantas is Scaling Cloud Operations with AWS Systems Manager - AWS Summit ...
How Qantas is Scaling Cloud Operations with AWS Systems Manager - AWS Summit ...How Qantas is Scaling Cloud Operations with AWS Systems Manager - AWS Summit ...
How Qantas is Scaling Cloud Operations with AWS Systems Manager - AWS Summit ...Amazon Web Services
 
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitKubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitAmazon Web Services
 

Similar to Deep dive on Amazon Elastic Container Service for Kubernetes (Amazon EKS) - MAD303 - São Paulo AWS Summit (20)

AWS Summit Singapore 2019 | Microsoft DevOps on AWS
AWS Summit Singapore 2019 | Microsoft DevOps on AWSAWS Summit Singapore 2019 | Microsoft DevOps on AWS
AWS Summit Singapore 2019 | Microsoft DevOps on AWS
 
Modernizing applications with Amazon EKS - MAD304 - Santa Clara AWS Summit.pdf
Modernizing applications with Amazon EKS - MAD304 - Santa Clara AWS Summit.pdfModernizing applications with Amazon EKS - MAD304 - Santa Clara AWS Summit.pdf
Modernizing applications with Amazon EKS - MAD304 - Santa Clara AWS Summit.pdf
 
Modernizing legacy applications with Amazon EKS - MAD301 - Chicago AWS Summit
Modernizing legacy applications with Amazon EKS - MAD301 - Chicago AWS SummitModernizing legacy applications with Amazon EKS - MAD301 - Chicago AWS Summit
Modernizing legacy applications with Amazon EKS - MAD301 - Chicago AWS Summit
 
Running kubernetes with amazon eks
Running kubernetes with amazon eksRunning kubernetes with amazon eks
Running kubernetes with amazon eks
 
Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...Architecting security and governance through policy guardrails in Amazon EKS ...
Architecting security and governance through policy guardrails in Amazon EKS ...
 
Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018
Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018
Running Kubernetes Across Multiple AWS Accounts (CON409) - AWS re:Invent 2018
 
Fast-Track Your Application Modernisation Journey with Containers - AWS Summi...
Fast-Track Your Application Modernisation Journey with Containers - AWS Summi...Fast-Track Your Application Modernisation Journey with Containers - AWS Summi...
Fast-Track Your Application Modernisation Journey with Containers - AWS Summi...
 
Introduction to Amazon EKS
Introduction to Amazon EKSIntroduction to Amazon EKS
Introduction to Amazon EKS
 
Amazon Elastic Container Service for Kubernetes (Amazon EKS)
Amazon Elastic Container Service for Kubernetes (Amazon EKS)Amazon Elastic Container Service for Kubernetes (Amazon EKS)
Amazon Elastic Container Service for Kubernetes (Amazon EKS)
 
Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019
Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019 Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019
Audibility in Kubernetes with Amazon EKS - GRC302 - AWS re:Inforce 2019
 
AWS Summit London 2019 - Containers on AWS
AWS Summit London 2019 - Containers on AWSAWS Summit London 2019 - Containers on AWS
AWS Summit London 2019 - Containers on AWS
 
AWS Builders Online Series | 컨테이너, AWS에서 날개를 달다 - 유재석, AWS 솔루션즈 아키텍트
AWS Builders Online Series | 컨테이너, AWS에서 날개를 달다 - 유재석, AWS 솔루션즈 아키텍트AWS Builders Online Series | 컨테이너, AWS에서 날개를 달다 - 유재석, AWS 솔루션즈 아키텍트
AWS Builders Online Series | 컨테이너, AWS에서 날개를 달다 - 유재석, AWS 솔루션즈 아키텍트
 
Modern Applications Web Day | Container Workloads on AWS
Modern Applications Web Day | Container Workloads on AWSModern Applications Web Day | Container Workloads on AWS
Modern Applications Web Day | Container Workloads on AWS
 
Executando Kubernetes com Amazon EKS - DEV303 - Sao Paulo Summit
Executando Kubernetes com Amazon EKS - DEV303 - Sao Paulo SummitExecutando Kubernetes com Amazon EKS - DEV303 - Sao Paulo Summit
Executando Kubernetes com Amazon EKS - DEV303 - Sao Paulo Summit
 
From Code to a running container | AWS Summit Tel Aviv 2019
From Code to a running container | AWS Summit Tel Aviv 2019From Code to a running container | AWS Summit Tel Aviv 2019
From Code to a running container | AWS Summit Tel Aviv 2019
 
From Code to a running container | AWS Summit Tel Aviv 2019
From Code to a running container | AWS Summit Tel Aviv 2019From Code to a running container | AWS Summit Tel Aviv 2019
From Code to a running container | AWS Summit Tel Aviv 2019
 
[Games on AWS 2019] AWS 입문자를 위한 초단기 레벨업 트랙 | AWS 레벨업 하기! : 컨테이너 - 김세호 AWS 솔루션...
[Games on AWS 2019] AWS 입문자를 위한 초단기 레벨업 트랙 | AWS 레벨업 하기! : 컨테이너 - 김세호 AWS 솔루션...[Games on AWS 2019] AWS 입문자를 위한 초단기 레벨업 트랙 | AWS 레벨업 하기! : 컨테이너 - 김세호 AWS 솔루션...
[Games on AWS 2019] AWS 입문자를 위한 초단기 레벨업 트랙 | AWS 레벨업 하기! : 컨테이너 - 김세호 AWS 솔루션...
 
使用 Amazon EKS 打造高效的服務架構設計
使用 Amazon EKS 打造高效的服務架構設計使用 Amazon EKS 打造高效的服務架構設計
使用 Amazon EKS 打造高效的服務架構設計
 
How Qantas is Scaling Cloud Operations with AWS Systems Manager - AWS Summit ...
How Qantas is Scaling Cloud Operations with AWS Systems Manager - AWS Summit ...How Qantas is Scaling Cloud Operations with AWS Systems Manager - AWS Summit ...
How Qantas is Scaling Cloud Operations with AWS Systems Manager - AWS Summit ...
 
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitKubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Deep dive on Amazon Elastic Container Service for Kubernetes (Amazon EKS) - MAD303 - São Paulo AWS Summit

  • 1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Análise detalhada do Amazon Elastic Kubernetes Service Bruno Emer Arquiteto de Soluções AWS summit São Paulo M A D 3 0 3
  • 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Agenda Gerenciamento do Amazon Elastic Kubernetes Service (Amazon EKS) Data Plane do Amazon EKS Rede e balanceamento de carga no Amazon EKS
  • 3. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Arquitetura do Amazon EKS mycluster.eks.amazonaws.com EKS Workers Kubectl AZ 1 AZ 2 AZ 3 Sua conta AWS VPC
  • 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Arquitetura Amazon EKS EKS VPCCustomer VPC Worker Nodes Kubernetes API calls Exec, Logs, Proxy Internet EKS-owned elastic network interface
  • 6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Gerenciamento do Kubernetes Altamente disponível em uma infraestrutura single tenant Todos os componentes “nativos da AWS” Sustentado por um Network Load Balancer VPC API Server ASG Etcd ASG NLB AZ-1 AZ-2 AZ-3 ELB Instances Instances
  • 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Gerenciamento do Kubernetes Master Node Scheduler Controller Manager Cloud Controller Manager API Server etcd
  • 8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T apiVersion: v1 kind: Pod metadata: creationTimestamp: null labels: component: kube-apiserver tier: control-plane name: kube-apiserver namespace: kube-system spec: containers: # Admission plugins # - Recomended admission plugins - https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#is-there-a- recommended-set-of-admission-controllers-to-use # We enable NodeRestriction to limit kubelet access to resources - command: - /bin/sh - -c - /usr/local/bin/kube-apiserver --enable-admission- plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds,NodeRestriction --advertise-address=INTERNAL_IP --allow-privileged=true --anonymous-auth=true --authorization-mode=Node,RBAC --authentication-token-webhook-cache-ttl=AUTHN_TOKEN_CACHE_TTL_DURATION --authentication-token-webhook-config-file=/etc/kubernetes/authenticator/apiserver-webhook-kubeconfig.yaml --bind-address=0.0.0.0 --cloud-provider=aws
  • 9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Pergunta? O que acontece quando eu rodo ‘kubectl create –f pods.yaml’?
  • 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T 1) Passa a identidade da AWS Autenticação com IAM Kubectl 3) Autoriza a identidade com RBAC K8s API 2) Verifica a identidade da AWS 4) Ação do K8’s autorizadas/canceladas
  • 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Gerenciamento do Kubernetes Master Node Scheduler Controller Manager Cloud Controller Manager API Server etcd Kubectl
  • 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T API Server Kubectl Servidor de API do Kubernetes Autorização Webhook RBACaws-iam- authenticator Autenticação Controles de admissão Mutating Webhook Validation Webhook
  • 13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T # [...] users: - name: aws user: exec: apiVersion: client.authentication.k8s.io/v1alpha1 command: aws-iam-authenticator args: - "token" - "-i" - "CLUSTER_ID" - "-r" - "ROLE_ARN” # Certificado/chave de cliente não é necessária aqui!
  • 14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Autorização e autenticação do Cluster • Usuário ou regra IAM que cria o cluster do Amazon EKS possui privilégios de admin • Esse {“super”} usuario/role pode adicionar usuários ou roles` IAM e configurar permissões RBAC • Para adicionar, configure o aws-auth Configmap kubectl edit -n kube-system configmap/aws-auth
  • 15. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. apiVersion: v1 data: mapRoles: | - rolearn: arn:aws:iam::555555555555:role/devel-worker-nodes-NodeInstanceRole-74RF4UBDUKL6 username: system:node:{{EC2PrivateDNSName}} groups: - system:bootstrappers - system:nodes mapUsers: | - userarn: arn:aws:iam::555555555555:user/admin username: admin groups: - system:masters - userarn: arn:aws:iam::555555555555:user/john username: john groups: - pod-admin # k8s RBAC group
  • 16. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T O que nós vamos cobrir: • Arquitetura do Data Plane • Customizando o worker node • Customização de AMI • Opções de Bootstrap • Upgrades no Amazon EKS • IAM Roles para pods
  • 18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Arquitetura do Amazon EKS EKS VPCCustomer VPC Worker Nodes EKS-owned elastic network interface Kubernetes API calls Exec, Logs, Proxy Internet
  • 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Worker Node kube-dnsKubelet aws- node Container runtime Data Plane do Amazon EKS Control Plane API kube- proxy
  • 20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Amazon EKS AMI Build Scripts https://github.com/awslabs/amazon-eks-ami
  • 21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AMI do Amazon EKS otimizada com suporte a GPU
  • 22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Setup do worker node – Bootstrapping /etc/eks/bootstrap.sh <nome-cluster> [options] Utiliza o UserData para configurar recursos do Sistema e configurações extra do kubelet Reserve recursos computacionais para daemons (Kubelet, container runtime) e limites para Pod eviction
  • 23. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Versões suportadas: 1.13.7, 1.12.6, 1.11.8 Amazon EKS suporta até 3 versões de Kubernetes por vez ”Depreciação” previne a criação de novos clusters em versões antigas Versões do Kubernetes
  • 25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
  • 26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Versão da plataforma Amazon EKS As revisões da versão da plataforma representam alterações de configuração do servidor de API ou patches do Kubernetes Versões da plataforma são incrementadas somente dentro de uma versão do Kubernetes
  • 27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
  • 28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Atualizações de versão do K8s no Amazon EKS Nova API UpdateClusterVersion – suporta atualizações da versão do Kubernetes “in place” Introduz um objeto de "update" na API do EKS APIs ListUpdates e DescribeUpdate para prover visibilidade sobre o status de um determinado update
  • 29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Atualizando os worker nodes Duas opções: 1) Crie um novo node group com a útima AMI do Amazon EKS >> remova os nodes antigos >> termine o antigo template do CFN 2) Simplesmente atualize a AMI no template do CFN; a política de replacement "rolling" terminará os nodes antigos (Downside: todas as aplicações são finalizadas)
  • 30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T IAM Roles para pods
  • 31. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T https://github.com/aws/containers-roadmap/issues/23 Solução proposta pela AWS Faça uso dos Kubernetes TokenRequestProjection Tokens para assumir uma regra de IAM Precisa de Kubernetes v1.11 & ultimos SDKs AWS Suporte para o AWS CloudTrail no lançamento Em Breve IAM Roles para pods
  • 32. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Passo 1: crie uma IAM Role { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": ["s3:ListBucket"], "Resource": ["arn:aws:s3:::bucket-name"] }, { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject" ], "Resource": ["arn:aws:s3:::bucket-name/*"] } ] } IAM Roles para pods
  • 33. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Passo 2: Associe a IAM role na conta de serviço aws eks associate-role --role-arn arn:aws:iam::123456789012:role/s3-bucket- readwrite-role --cluster-name my-cluster --namespace default --service-account my-serviceaccount Nota: Nome do cluster é necessário mas namespace e conta de serviço é opcional IAM Roles para pods
  • 34. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Passo 3: Crie uma conta de serviço e associe a um pod apiVersion: v1 kind: Pod metadata: name: my-pod namespace: default spec: serviceAccountName: my-serviceaccount ... --- IAM Roles para pods
  • 35. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T apiVersion: v1 kind: ServiceAccount metadata: name: my-serviceaccount namespace: default annotations: "eks.amazonaws.com/assume-role": "arn:aws:iam::123456789012:role/s3- bucket-readwrite-role" IAM Roles para pods Passo 3: Crie uma conta de serviço e associe a um pod
  • 36. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 37. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T O que vamos cobrir: • VPC CNI plugin • Custom networking • Load balancing – Classic Load Balancer, Network Load Balancer, Application Load Balancer
  • 38. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Amazon VPC CNI Plugin ENI Secondary IPs: 10.0.0.1 10.0.0.2 10.0.0.1 10.0.0.2 ENI 10.0.0.20 10.0.0.22 Secondary IPs: 10.0.0.20 10.0.0.22 ec2.associateaddress() VPC Subnet – 10.0.0.0/24 Instance 1 Instance 2 VPC
  • 39. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Range CIDR primario endereço RFC 1918  10/8, 172.16/12, 192.168/16 Usado no Amazon EKS para: • Pods • ENIs para (masters  workers) cominicação (exec, logs, proxy etc.) • Rede interna dos serviços do Kubernetes (10.100/16 or 172.20/16 – chosen based on your VPC range) Setup: • Criação do cluster EKS  forneça uma lista de subnets (no mínimo de 2 Availability Zone!)  tagging Amazon VPC CNI plugin – entendendo a alocação de IPs
  • 40. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T EKS Advanced VPC Networking – subnet pública Pod 10.1.0.5 VPC Public Subnet– 10.1.0.0/24 EKS Node Public IP – 54.1.2.3 Secondary IP: 10.1.0.5 SNAT Ativo (EXTERNALSNAT = false) CNI performs SNAT: 10.1.0.5 <-> 54.1.2.3 “The internet” Return traffic to 54.1.2.3 EKS Worker Internet gateway VPC
  • 41. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T EKS Advanced VPC Networking – subnet privada EKS Node Primary IP: 10.1.0.2 Secondary IP: 10.1.0.5 Internet gateway SNAT Desativado (EXTERNALSNAT = true) Pod traffic sent from 10.1.0.5 Return Traffic to 54.1.2.3 VPC Public Subnet– 10.1.1.0/24 VPC NAT gateway Public IP: 54.1.2.3 External Device performs SNAT: 10.1.0.5 <-> 54.1.2.3 EKS Worker Pod 10.1.0.5 “The internet” VPC Private Subnet– 10.1.0.0/24
  • 42. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T EKS Advanced VPC Networking – VPN/Direct Connect VPC Private Subnet– 10.1.0.0/24s EKS Node Primary IP: 10.1.0.2 Secondary IP: 10.1.0.5 SNAT Desativado (EXTERNALSNAT = true) Pod traffic sent from 10.1.0.5 Return Traffic to 10.1.0.5 VPC private gateway (VGW) Not doing SNAT: 10.1.0.5 <-> 192.168.10.5 VPC EKS Worker Pod 10.1.0.5 On premises Corporate data center 192.168.0.0
  • 43. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Ranges CIDR secundários (novo!)  blocos de endereço non-RFC 1918 (100.64.0.0/10 and 198.19.0.0/16) Usado no Amazon EKS para: • Somente pods Como? • Configuração de rede custom do Amazon EKS habilite  crie o ENIConfig CRD  anote os nodes CNI 1.2.1+ Amazon VPC CNI plugin – entendendo a alocação de IPs
  • 44. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T EKS Advanced VPC Networking – CIDRs secundários VPC Private Subnet– 10.1.0.0/24, 100.64.0.0/24 EKS Node Primary IP: 10.1.0.2 Secondary IP: 100.64.0.10 Pod traffic sent from 100.64.0.10 Return Traffic to 100.64.0.10 VPC private gateway (VGW) VPC EKS Worker Pod 100.64.0.10 On premises Corporate data center 10.1.0.0
  • 45. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Load Balancing Os três tipos Elastic Load Balancers são suportados (ELB, ALB, NLB) NLB e CLB são suportados pelo Kubernetes Service type=LoadBalancer Suporte a Load Balancers internos e externos
  • 46. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Load Balancing Quer usar um load balancer interno? Use a notação: service.beta.kubernetes.io/aws-load-balancer- internal: 0.0.0.0/0 Quer usar o NLB? Use a notação: service.beta.kubernetes.io/aws-load-balancer- type: nlb
  • 47. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T ALB Ingress Controller Production-Ready (versão 1.0) Suportado pelo time do Amazon EKS Desenvolvimento Open Source: https://github.com/kubernetes-sigs/aws-alb-ingress- controller Clientes estão usando em produção!
  • 48. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Controle de entrada do ELB AWS Resources Kubernetes Cluster Node Node Kubernetes API Server ALB Ingress Controller Node HTTP ListenerHTTPS Listener Rule: /cheesesRule: /charcuterie TargetGroup: Green (IP Mode) TargetGroup: Blue (Instance Mode) NodePort NodePort
  • 49. Obrigado! S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Bruno Emer Arquiteto de Soluções AWS
  • 50. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. “Por favor, responda a pesquisa ao final da sessão no app. Ao finalizar a pesquisa, passe no Help Desk e retire seu brinde!”