Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Exciting world of Amazon container services with AWS Fargate and Amazon EKS

169 views

Published on

With a mission to make containers the first class citizen in the cloud, AWS brings you a range of services to help run your containerized workloads. AWS Fargate is a compute engine for deploying and managing containers, which frees you from having to manage any of the underlying infrastructure. With AWS Fargate, you no longer have to provision, configure, scale, or update clusters of virtual machines to run containers. We also have Amazon Elastic Container Service for Kubernetes (Amazon EKS), which makes it easy to run Kubernetes on AWS at scale in production, without having to manage the Kubernetes control plane. In this session, learn how you can use AWS container services to deploy and manage your docker containers. Learn what we're doing to make AWS an even better place to run containers, and watch a live demonstration of AWS Fargate and Amazon EKS in action.

  • Be the first to comment

Exciting world of Amazon container services with AWS Fargate and Amazon EKS

  1. 1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Exciting world of Amazon Container services with AWS Fargate and Amazon EKS Subhrangshu| October 2018
  2. 2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Exciting world of Amazon Container services with AWS Fargate and Amazon EKS Subhrangshu | 12th October 2018
  3. 3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DAY ONE!
  4. 4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. BUILDING AN ECOSYSTEM
  5. 5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ENABLE FOCUS ON APPLICATIONS
  6. 6. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. INTRODUCING FARGATE!
  7. 7. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CHANGING COMPUTE CONSUMPTION MODEL No instances to manage Task native API Resource based pricing Simple, easy to use, powerful – and new consumption model =
  8. 8. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PRODUCTION WORKLOADS ON AWS AWS VPC networking mode Advanced task placement Deep integration with AWS platform ECS CLI…{ } Global footprint Powerful scheduling engines Auto scaling CloudWatch metrics Load balancers
  9. 9. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. EKS SUPPORT FOR FARGATE IN 2018
  10. 10. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. FARGATE: UNDER THE HOOD
  11. 11. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RUNNING CONTAINER
  12. 12. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. EC2 Instance TaskTask Task Task EC2 Instance TaskTask Task Task EC2 Instance TaskTask Task Task EC2 Instance TaskTask Task Task EC2 Instance TaskTask Task Task RUNNING CONTAINERS
  13. 13. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scheduling and Orchestration Cluster Manager Placement Engine RUNNING CONTAINERS AT SCALE WITH ECS Availability Zone #1 Availability Zone #2 Availability Zone #3
  14. 14. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ECS AMI Docker agent ECS agent ECSTaskECSTask ECSTaskECSTask EC2 Instance
  15. 15. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scheduling and Orchestration Cluster Manager Placement Engine ECS AMI Docker agent ECS agent EC2 Instance ECS AMI Docker agent ECS agent EC2 Instance ECS AMI Docker agent ECS agent EC2 Instance
  16. 16. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. FARGATE CONSTRUCTS
  17. 17. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Define application containers: Image URL, CPU & Memory requirements, etc. register Task Definition create Cluster • Infrastructure Isolation boundary • IAM Permissions boundary run Task • A running instantiation of a task definition • Use FARGATE launch type create Service Elastic Load Balancer • Maintain N running copies • Integrated with ELB • Unhealthy tasks automatically replaced CONSTRUCTS
  18. 18. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. TASK DEFINITION { "family": “scorekeep", "containerDefinitions": [ { "name":“scorekeep-frontend", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/fe" }, { "name":“scorekeep-api", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/api" } ] } Immutable, versioned document Identified by family:version Contains a list of up to 10 container definitions All containers are co-located on the same host Each container definition has: • A name • Image URL (ECR or Public Images) • And more…stay tuned! Task Definition Snippet
  19. 19. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. REGISTRY SUPPORT 3rd Party Private Repositories (coming soon!) Public Repositories supported Amazon Elastic Container Registry (ECR)
  20. 20. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. COMPUTE
  21. 21. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CPU & MEMORY SPECIFICATION { "family": "scorekeep", "cpu": "1 vCpu", "memory": "2 gb", "containerDefinitions": [ { "name":“scorekeep-frontend", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/fe“, "cpu": 256, "memoryReservation": 512 }, { "name":“scorekeep-api", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/api", "cpu": 768, "memoryReservation": 512 } ] } Units • CPU : cpu-units. 1 vCPU = 1024 cpu-units • Memory : MB Task Level Resources: • Total Cpu/Memory across all containers • Required fields • Billing axis Container Level Resources: • Defines sharing of task resources among containers • Optional fields Task Level Resources Container Level Resources Task Definition Snippet
  22. 22. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. TASK CPU MEMORY CONFIGURATIONS 50 different CPU/Memory configurations to choose from CPU Memory 256 (.25 vCPU) 512MB, 1GB, 2GB 512 (.5 vCPU) 1GB, 2GB, 3GB, 4GB 1024 (1 vCPU) 2GB, 3GB, 4GB, 5GB, 6GB, 7GB, 8GB 2048 (2 vCPU) Between 4GB and 16GB in 1GB increments 4096 (4 vCPU) Between 8GB and 30GB in 1GB increments
  23. 23. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PRICING Per-second billing. 1 minute minimum Pay for what you provision Billed for Task level CPU and Memory
  24. 24. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. NETWORKING
  25. 25. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VPC INTEGRATION 172.31.0.0/16 Subnet 172.31.1.0/24 Internet Other Entities in VPC EC2 LB DB etc. Private IP 172.31.1.164 Launch your Fargate Tasks into subnets Under the hood : • We create an Elastic Network Interface (ENI) • The ENI is allocated a private IP from your subnet • The ENI is attached to your task • Your task now has a private IP from your subnet! You can assign public IPs to your tasks Configure security groups to control inbound & outbound traffic ENI Fargate TaskPublic / 208.57.73.13 /
  26. 26. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. VPC CONFIGURATION { "family": "scorekeep", "cpu": "1 vCpu", "memory": "2 gb", "networkMode": "awsvpc", "containerDefinitions": [ { "name":“scorekeep-frontend", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/fe", "cpu": 256, "memoryReservation": 512 }, { "name":“scorekeep-api", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/api", "cpu": 768, "memoryReservation": 512 } ] } $ aws ecs run-task ... -- task-definition scorekeep:1 -- network-configuration “awsvpcConfiguration = { subnets=[subnet1-id, subnet2-id], securityGroups=[sg-id] }” Enables ENI creation & attachment to Task Run Task Task Definition
  27. 27. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. INTERNET ACCESS The Task ENI is used for all inbound & outbound network traffic to and from your task It is also used for: • Image Pull (from ECR or a public repository) • Pushing logs to Cloudwatch These endpoints need to be reachable via your task ENI Two common modes of setup: • Private with no inbound internet traffic, but allows outbound internet access • Public task with both inbound and outbound internet access
  28. 28. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PRIVATE TASK SETUP Public subnet Private subnet Fargate TaskENI Private IP 172.31.1.164 NAT Gateway Public EIP 34.214.162.237 Internet Gateway 172.31.0.0/16 172.31.2.0/24 172.31.1.0/24 Destination Target 172.31.0.0/16 local 0.0.0.0/0 NAT Gateway Destination Target 172.31.0.0/16 local 0.0.0.0/0 Internet Gateway Route Tables Internet Attach Internet Gateway to VPC Setup a Public Subnet with • Route to Internet Gateway • NAT Gateway Setup Private Subnet with • Fargate Task • Route to NAT Gateway Security Group to allow outbound traffic Type Port Destination All Traffic ALL 0.0.0.0/0 Outbound Security Group Rules
  29. 29. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Outbound Inbound PUBLIC TASK SETUP Public subnet Fargate Task Public IP 54.191.135.66 Internet Gateway 172.31.0.0/16 172.31.2.0/24 Destination Target 172.31.0.0/16 local 0.0.0.0/0 Internet Gateway Route Table Internet ENI $ aws ecs run-task ... -- network-configuration “awsvpcConfiguration = { subnets=[public-subnet], securityGroups=[sg-id], }” Launch the task into a Public subnet Give it a public IP address Security Group to allow the expected inbound traffic Type Port Source HTTP 8080 0.0.0.0/0 Inbound Security Group Rule Type Port Destination All Traffic ALL 0.0.0.0/0 Outbound Security Group Rules assignPublicIp=ENABLED Run Task
  30. 30. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ELB CONFIGURATION { "family": "scorekeep", "cpu": "1 vCpu", "memory": "2 gb", "networkMode": “awsvpc“, "containerDefinitions": [ { "name":“scorekeep-frontend", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/fe", "cpu": 256, "memoryReservation": 512, "portMappings": [ { "containerPort": 8080 } ] }, { "name":“scorekeep-api", "image":"xxx.dkr.ecr.us-east-1.amazonaws.com/api", "cpu": 768, "memoryReservation": 512, "portMappings": [ { "containerPort": 5000 } ] } ] } $ aws ecs create-service ... -- task-definition scorekeep:1 -- network-configuration “awsvpcConfiguration = { subnets=[subnet-id], securityGroups=[sg-id] }” -- load-balancers “[ { "targetGroupArn": “<insert arn>", "containerName": “scorekeep-frontend", "containerPort": 8080 } ]” Create Service Task Definition
  31. 31. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. INTERNET FACING ELB VPC SETUP Public subnet Private subnet Fargate TaskENI Private IP 172.31.1.164 :8080 ALB Public IP 208.57.73.13 :80 172.31.0.0/16 172.31.2.0/24 172.31.1.0/24 Internet Task in private subnet with private IP ALB in public subnet with public IP Make sure the AZs of the two subnets match ALB security group to allow inbound traffic from internet Task security group to allow inbound traffic from the ALB’s security group Task Security GroupALB Security Group Type Port Source HTTP 80 0.0.0.0/0 Inbound Rule Type Port Source Custom TCP 8080 ALB Security Group Inbound Rule us-east-1a us-east-1a
  32. 32. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RUNNING FARGATE CONTAINERS WITH ECS
  33. 33. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RUNNING FARGATE CONTAINERS WITH ECS Use ECS APIs to launch Fargate Containers Easy migration – Run Fargate and EC2 launch type tasks in the same cluster Same Task Definition schema
  34. 34. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. FARGATE USE CASES
  35. 35. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. MICROSERVICES
  36. 36. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. BATCH JOBS
  37. 37. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. MIGRATION TO THE CLOUD
  38. 38. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  39. 39. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Open source container management platform Helps you run containers at scale Gives you primitives for building modern applications What is Kubernetes? © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  40. 40. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. WHY DEVELOPERS LOVE KUBERNETES © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  41. 41. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  42. 42. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why developers love Kubernetes Kubernetes can be run anywhere O N - P R E M I S E S C L O U D © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  43. 43. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why developers love Kubernetes A single extensible API S C A L E P E R F O R M A N C E B R E A D T H
  44. 44. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cloud-Native Applications M I C R O S E R V I C E T O O L I N G N AT I V E A P P L I C AT I O N S
  45. 45. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. But where you run K8s matters Q U A L I T Y O F T H E C L O U D P L AT F O R M Q U A L I T Y O F T H E A P P L I C AT I O N S Y O U R U S E R S
  46. 46. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 57% of Kubernetes workloads run on AWS today —CNCF survey
  47. 47. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 3x Kubernetes Master Nodes (for HA) Kubernetes on AWS
  48. 48. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. API Server Cloud Controller Controller Manager Scheduler Add-onsKubeDNS Kubernetes Master
  49. 49. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Availability Zone 1 etcd Master etcd Master etcd Master Availability Zone 2 Availability Zone 3
  50. 50. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Availability Zone 1 etcd Master etcd Master Availability Zone 2 Availability Zone 3 etcd Master
  51. 51. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Make AWS the BEST PLACE to run ANY containerized applications © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  52. 52. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. “Run Kubernetes for me.”
  53. 53. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. “Native AWS Integrations.”
  54. 54. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ”An Open Source Kubernetes Experience.”
  55. 55. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. E L A S T I C C O N TA I N E R S E RV I C E F O R K U B E R N E T E S (EKS)
  56. 56. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Tenet 1 EKS is a platform for enterprises to run production-grade workloads © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  57. 57. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Tenet 2 © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  58. 58. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Tenet 3 © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  59. 59. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Tenet 4 © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  60. 60. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Availability Zone 1 etcd Master etcd Master Availability Zone 2 Availability Zone 3 etcd Master
  61. 61. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. mycluster.eks.amazonaws.com Availability Zone 1 Availability Zone 2 Availability Zone 3 kubectl
  62. 62. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DEMO
  63. 63. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  64. 64. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  65. 65. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  66. 66. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Heptio IAM Authenticator An open source approach to integrating AWS IAM authentication with Kubernetes
  67. 67. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. kubectl 3) Authorizes AWS Identity with RBAC K8s API 1) Passes AWS Identity 2) Verifies AWS Identity 4) K8s action allowed/denied AWS Auth
  68. 68. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Summary • New customer expectations are rapidly driving the need for more agility • Containers, as part of a larger DevOps strategy, helps realize these goals • AWS provides the best experience with the broadest offerings in the journey to modern Cloud Native Applications. • Stay on top of the latest Containers news: a. https://aws.amazon.com/containers/new/ b. https://aws.amazon.com/new/#compute-services
  69. 69. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you

×