SlideShare a Scribd company logo

Amazon EKS Deep Dive

Download as PPTX, PDF
A
Andrzej Komarnicki

Amazon EKS Architecture in detail including CNI/Networking, IAM, Provisioning, Shared Responsibility Model, Project Calico, Load Balancing, Logging/Metrics, CI/CD using AWS CodePipeline, CodeCommit, CodeBuild, Lambda, Amazon ECR and Parameter Store and finally the use of Spot Instances which could yield a savings of 70-90% versus conventional on-demand EC2 instances.

Software
1 of 42
AMAZON EKS DEEP DIVE ANDRZEJ KOMARNICKI – DEVOPS ARCHITECT
Kubernetes Version Kubernetes Patch Version Amazon EKS Platform Version Enabled Admission Controllers Release Notes 1.10 1.10.3 eks.2 ​Initializers, NamespaceLifecycle, Limit Ranger, ServiceAccount, DefaultStora geClass, ResourceQuota, DefaultToler ationSeconds, NodeRestriction, Muta tingAdmissionWebhook,ValidatingAd missionWebhook •Added support for Kubernetes aggregation layer. •Added support for Kubernetes Horizontal Pod Autoscaler (HPA). •Kubernetes Metrics Server 0.3.0 or greater is compatible with EKS platform version eks.2. 1.10 1.10.3 eks.1 ​Initializers, NamespaceLifecycle, Limit Ranger, ServiceAccount, DefaultStora geClass, ResourceQuota, DefaultToler ationSeconds,NodeRestriction Initial launch of Amazon EKS. Current and recent Amazon EKS platform versions are described in the table below:
EKS CUSTOMERS
EKS – KUBERNETES MASTERS
EKS ARCHITECTURE
Amazon EKS Shared Responsibility Model For Amazon EKS, AWS is responsible for the Kubernetes control plane, which includes the control plane nodes and etcd database. You assume responsibility and management of the following: • The security configuration of the data plane, including the configuration of the security groups that allow traffic to pass from the Amazon EKS control plane into the customer VPC • The configuration of the worker nodes and the containers themselves • The worker node guest operating system (including updates and security patches) • Other associated application software: • Setting up and managing network controls, such as firewall rules • Managing platform-level identity and access management, either with or in addition to IAM
EKS NETWORKING
CNI PLUGIN Any Kubernetes cluster on AWS • EKS • BYOK8s Daemonset deployment • kubectl create –f eks-cni.yaml
CNI INFRASTRUCTURE
VPC CNI NETWORKING INTERNALS
VPC CNI PLUGIN ARCHITECTURE
Kubernetes + AWS IAM • AWS native access management • In collaboration with Heptio • Kubectl and worker nodes • Works with Kubernetes RBAC IAM Auth Support == Upstream in 1.10 https://github.com/kubernetes-sigs/aws-iam-authenticator
IAM AUTHENTICATION + KUBECTL https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html
WORKER PROVISIONING
Load Balancing - Classic/NLB Amazon EKS supports the Network Load Balancer and the Classic Load Balancer through the Kubernetes service of type LoadBalancer. The configuration of your load balancer is controlled by annotations that are added to the manifest for your service. By default, Classic Load Balancers are used for LoadBalancer type services. To use the Network Load Balancer instead, apply the following annotation to your service: service.beta.kubernetes.io/aws-load-balancer-type: nlb
Load Balancing - ALB • CoreOS ALB Ingress Controller: Supported by AWS (in beta) • Exposes ALB functionality to Kubernetes via Ingress Resources • Layer 7 load balancing, supports content-based routing by host or path https://github.com/kubernetes-sigs/aws-alb-ingress-controller
The following diagram details the AWS components this controller creates. It also demonstrates the route ingress traffic takes from the ALB to the Kubernetes cluster.
Ingress Creation This section describes each step (circle) above. This example demonstrates satisfying 1 ingress resource. [1]: The controller watches for ingress events from the API server. When it finds ingress resources that satisfy its requirements, it begins the creation of AWS resources. [2]: An ALB (ELBv2) is created in AWS for the new ingress resource. This ALB can be internet-facing or internal. You can also specify the subnets it's created in using annotations. [3]: Target Groups are created in AWS for each unique Kubernetes service described in the ingress resource. [4]: Listeners are created for every port detailed in your ingress resource annotations. When no port is specified, sensible defaults (80 or 443) are used. Certificates may also be attached via annotations. [5]: Rules are created for each path specified in your ingress resource. This ensures traffic to a specific path is routed to the correct Kubernetes Service. Along with the above, the controller also... •deletes AWS components when ingress resources are removed from k8s. •modifies AWS components when ingress resources change in k8s. •assembles a list of existing ingress-related AWS components on start-up, allowing you to recover if the controller were to be restarted.
VISIBILITY THROUGHOUT YOUR KUBERNETES CLUSTER
LOG AGGREGATION IN CLOUDWATCH LOGS VIA FLUENTD https://github.com/kubernetes/charts/tree/master/incubator/fluentd-cloudwatch
METRICS
CI/CD for apps on Kubernetes - options Jenkins AWS CodePipeline, AWS CodeCommit, AWS CodeBuild AWS partners • GitLab • Shippable • CircleCI • Codeship
https://github.com/aws-samples/aws-kube-codesuite
Spot Instances Amazon EC2 Spot Instances are spare EC2 capacity that offer discounts of 70-90% over On- Demand prices. The Spot price is determined by term trends in supply and demand and the amount of On-Demand capacity on a particular instance size, family, Availability Zone, and AWS Region. If the available On-Demand capacity of a particular instance type is depleted, the Spot Instance is sent an interruption notice two minutes ahead to gracefully wrap up things. I recommend a diversified fleet of instances, with multiple instance types created by Spot Fleets or EC2 Fleets. You can use Spot Instances for various fault-tolerant and flexible applications. In a workload that uses container orchestration and management platforms like EKS or Amazon Elastic Container Service (Amazon ECS), the schedulers have built-in mechanisms to identify any pods or containers on these interrupted EC2 instances. The interrupted pods or containers are then replaced on other EC2 instances in the cluster.
Solution component Role in solution Code Deployment Cluster Autoscaler Scales EC2 instances in or out Open source K8s pod DaemonSet on On-Demand Instances Auto Scaling group Provisions Spot or On-Demand Instances AWS Via CloudFormation Spot Instance interrupt handler Sets K8s nodes to drain state, when the Spot Instance is interrupted Open source K8s pod DaemonSet on all K8s nodes with the label lifecycle=EC2Spot Solution architecture There are three goals to accomplish with this solution: 1. The cluster must scale automatically to match the demands of an application. 2. Optimize for cost by using Spot Instances. 3. The cluster must be resilient to Spot Instance interruptions. These goals are accomplished with the following components:
EKS Deep Dive Complete http://www.linkedin.com/in/andrzejkomarnicki/

Recommended

Introduction to Amazon EKS
Introduction to Amazon EKSIntroduction to Amazon EKS
Introduction to Amazon EKSAmazon Web Services
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon Web Services
 
Getting Started on Amazon EKS
Getting Started on Amazon EKSGetting Started on Amazon EKS
Getting Started on Amazon EKSMatthew Barlocker
 
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitKubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitAmazon Web Services
 
Kubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSKubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSAmazon Web Services
 
AWS Containers Day.pdf
AWS Containers Day.pdfAWS Containers Day.pdf
AWS Containers Day.pdfAmazon Web Services
 
EKS Workshop
EKS Workshop EKS Workshop
EKS WorkshopAWS Germany
 
K8s on AWS - Introducing Amazon EKS
K8s on AWS - Introducing Amazon EKSK8s on AWS - Introducing Amazon EKS
K8s on AWS - Introducing Amazon EKSAmazon Web Services
 

Recommended

Introduction to Amazon EKS
Introduction to Amazon EKSIntroduction to Amazon EKS
Introduction to Amazon EKSAmazon Web Services
 
Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon Web Services
 
Getting Started on Amazon EKS
Getting Started on Amazon EKSGetting Started on Amazon EKS
Getting Started on Amazon EKSMatthew Barlocker
 
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitKubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitAmazon Web Services
 
Kubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSKubernetes on AWS with Amazon EKS
Kubernetes on AWS with Amazon EKSAmazon Web Services
 
AWS Containers Day.pdf
AWS Containers Day.pdfAWS Containers Day.pdf
AWS Containers Day.pdfAmazon Web Services
 
EKS Workshop
EKS Workshop EKS Workshop
EKS WorkshopAWS Germany
 
K8s on AWS - Introducing Amazon EKS
K8s on AWS - Introducing Amazon EKSK8s on AWS - Introducing Amazon EKS
K8s on AWS - Introducing Amazon EKSAmazon Web Services
 
Deep dive - AWS Fargate
Deep dive - AWS FargateDeep dive - AWS Fargate
Deep dive - AWS FargateAmazon Web Services
 
Eks and fargate
Eks and fargateEks and fargate
Eks and fargateAsaf Abres
 
Amazon EKS: Getting Started
Amazon EKS: Getting StartedAmazon EKS: Getting Started
Amazon EKS: Getting StartedTanya Seno
 
Containers on AWS: An Introduction
Containers on AWS: An IntroductionContainers on AWS: An Introduction
Containers on AWS: An IntroductionAmazon Web Services
 
K8s on AWS: Introducing Amazon EKS
K8s on AWS: Introducing Amazon EKSK8s on AWS: Introducing Amazon EKS
K8s on AWS: Introducing Amazon EKSAmazon Web Services
 
AWS ECS vs EKS
AWS ECS vs EKSAWS ECS vs EKS
AWS ECS vs EKSNorberto Enomoto
 
CI/CD on AWS
CI/CD on AWSCI/CD on AWS
CI/CD on AWSAmazon Web Services
 
Running Kubernetes in hybrid environments with AWS (EKS Distro & EKS Anywhere...
Running Kubernetes in hybrid environments with AWS (EKS Distro & EKS Anywhere...Running Kubernetes in hybrid environments with AWS (EKS Distro & EKS Anywhere...
Running Kubernetes in hybrid environments with AWS (EKS Distro & EKS Anywhere...Amazon Web Services Korea
 
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAmazon Web Services
 
20190410 AWS Black Belt Online Seminar Amazon Elastic Container Service for K...
20190410 AWS Black Belt Online Seminar Amazon Elastic Container Service for K...20190410 AWS Black Belt Online Seminar Amazon Elastic Container Service for K...
20190410 AWS Black Belt Online Seminar Amazon Elastic Container Service for K...Amazon Web Services Japan
 
Deploying your first application with Kubernetes
Deploying your first application with KubernetesDeploying your first application with Kubernetes
Deploying your first application with KubernetesOVHcloud
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAmazon Web Services
 
AWS 상의 컨테이너 서비스 소개 ECS, EKS - 이종립 / Principle Enterprise Evangelist @베스핀글로벌
AWS 상의 컨테이너 서비스 소개 ECS, EKS - 이종립 / Principle Enterprise Evangelist @베스핀글로벌AWS 상의 컨테이너 서비스 소개 ECS, EKS - 이종립 / Principle Enterprise Evangelist @베스핀글로벌
AWS 상의 컨테이너 서비스 소개 ECS, EKS - 이종립 / Principle Enterprise Evangelist @베스핀글로벌BESPIN GLOBAL
 
Introducing AWS Fargate
Introducing AWS FargateIntroducing AWS Fargate
Introducing AWS FargateAmazon Web Services
 
컨테이너 및 서버리스를 위한 효율적인 CI/CD 아키텍처 구성하기 - 현창훈 데브옵스 엔지니어, Flex / 송주영 데브옵스 엔지니어, W...
컨테이너 및 서버리스를 위한 효율적인 CI/CD 아키텍처 구성하기 - 현창훈 데브옵스 엔지니어, Flex / 송주영 데브옵스 엔지니어, W...컨테이너 및 서버리스를 위한 효율적인 CI/CD 아키텍처 구성하기 - 현창훈 데브옵스 엔지니어, Flex / 송주영 데브옵스 엔지니어, W...
컨테이너 및 서버리스를 위한 효율적인 CI/CD 아키텍처 구성하기 - 현창훈 데브옵스 엔지니어, Flex / 송주영 데브옵스 엔지니어, W...Amazon Web Services Korea
 
Running Kubernetes on AWS
Running Kubernetes on AWSRunning Kubernetes on AWS
Running Kubernetes on AWSAmazon Web Services
 
데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...
데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...
데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...Amazon Web Services Korea
 
Kubernetes/ EKS - 김광영 (AWS 솔루션즈 아키텍트)
Kubernetes/ EKS - 김광영 (AWS 솔루션즈 아키텍트)Kubernetes/ EKS - 김광영 (AWS 솔루션즈 아키텍트)
Kubernetes/ EKS - 김광영 (AWS 솔루션즈 아키텍트)Amazon Web Services Korea
 
Kubernetes #1 intro
Kubernetes #1 introKubernetes #1 intro
Kubernetes #1 introTerry Cho
 
DevOps and AWS
DevOps and AWSDevOps and AWS
DevOps and AWSShiva Narayanaswamy
 
EKS New features - Re:invent 2022 recap at AWSUGNL Benelux
EKS New features - Re:invent 2022 recap at AWSUGNL BeneluxEKS New features - Re:invent 2022 recap at AWSUGNL Benelux
EKS New features - Re:invent 2022 recap at AWSUGNL BeneluxMasoom Tulsiani
 
aks_training_document_Azure_kuberne.pptx
aks_training_document_Azure_kuberne.pptxaks_training_document_Azure_kuberne.pptx
aks_training_document_Azure_kuberne.pptxWaseemShare
 

More Related Content

What's hot

Eks and fargate
Eks and fargateEks and fargate
Eks and fargateAsaf Abres
 
Amazon EKS: Getting Started
Amazon EKS: Getting StartedAmazon EKS: Getting Started
Amazon EKS: Getting StartedTanya Seno
 
Containers on AWS: An Introduction
Containers on AWS: An IntroductionContainers on AWS: An Introduction
Containers on AWS: An IntroductionAmazon Web Services
 
K8s on AWS: Introducing Amazon EKS
K8s on AWS: Introducing Amazon EKSK8s on AWS: Introducing Amazon EKS
K8s on AWS: Introducing Amazon EKSAmazon Web Services
 
Running Kubernetes in hybrid environments with AWS (EKS Distro & EKS Anywhere...
Running Kubernetes in hybrid environments with AWS (EKS Distro & EKS Anywhere...Running Kubernetes in hybrid environments with AWS (EKS Distro & EKS Anywhere...
Running Kubernetes in hybrid environments with AWS (EKS Distro & EKS Anywhere...Amazon Web Services Korea
 
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAmazon Web Services
 
20190410 AWS Black Belt Online Seminar Amazon Elastic Container Service for K...
20190410 AWS Black Belt Online Seminar Amazon Elastic Container Service for K...20190410 AWS Black Belt Online Seminar Amazon Elastic Container Service for K...
20190410 AWS Black Belt Online Seminar Amazon Elastic Container Service for K...Amazon Web Services Japan
 
Deploying your first application with Kubernetes
Deploying your first application with KubernetesDeploying your first application with Kubernetes
Deploying your first application with KubernetesOVHcloud
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAmazon Web Services
 
AWS 상의 컨테이너 서비스 소개 ECS, EKS - 이종립 / Principle Enterprise Evangelist @베스핀글로벌
AWS 상의 컨테이너 서비스 소개 ECS, EKS - 이종립 / Principle Enterprise Evangelist @베스핀글로벌AWS 상의 컨테이너 서비스 소개 ECS, EKS - 이종립 / Principle Enterprise Evangelist @베스핀글로벌
AWS 상의 컨테이너 서비스 소개 ECS, EKS - 이종립 / Principle Enterprise Evangelist @베스핀글로벌BESPIN GLOBAL
 
컨테이너 및 서버리스를 위한 효율적인 CI/CD 아키텍처 구성하기 - 현창훈 데브옵스 엔지니어, Flex / 송주영 데브옵스 엔지니어, W...
컨테이너 및 서버리스를 위한 효율적인 CI/CD 아키텍처 구성하기 - 현창훈 데브옵스 엔지니어, Flex / 송주영 데브옵스 엔지니어, W...컨테이너 및 서버리스를 위한 효율적인 CI/CD 아키텍처 구성하기 - 현창훈 데브옵스 엔지니어, Flex / 송주영 데브옵스 엔지니어, W...
컨테이너 및 서버리스를 위한 효율적인 CI/CD 아키텍처 구성하기 - 현창훈 데브옵스 엔지니어, Flex / 송주영 데브옵스 엔지니어, W...Amazon Web Services Korea
 
데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...
데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...
데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...Amazon Web Services Korea
 
Kubernetes/ EKS - 김광영 (AWS 솔루션즈 아키텍트)
Kubernetes/ EKS - 김광영 (AWS 솔루션즈 아키텍트)Kubernetes/ EKS - 김광영 (AWS 솔루션즈 아키텍트)
Kubernetes/ EKS - 김광영 (AWS 솔루션즈 아키텍트)Amazon Web Services Korea
 
Kubernetes #1 intro
Kubernetes #1 introKubernetes #1 intro
Kubernetes #1 introTerry Cho
 

What's hot (20)

Deep dive - AWS Fargate
Deep dive - AWS FargateDeep dive - AWS Fargate
Deep dive - AWS Fargate
 
Eks and fargate
Eks and fargateEks and fargate
Eks and fargate
 
Amazon EKS: Getting Started
Amazon EKS: Getting StartedAmazon EKS: Getting Started
Amazon EKS: Getting Started
 
Containers on AWS: An Introduction
Containers on AWS: An IntroductionContainers on AWS: An Introduction
Containers on AWS: An Introduction
 
K8s on AWS: Introducing Amazon EKS
K8s on AWS: Introducing Amazon EKSK8s on AWS: Introducing Amazon EKS
K8s on AWS: Introducing Amazon EKS
 
AWS ECS vs EKS
AWS ECS vs EKSAWS ECS vs EKS
AWS ECS vs EKS
 
CI/CD on AWS
CI/CD on AWSCI/CD on AWS
CI/CD on AWS
 
Running Kubernetes in hybrid environments with AWS (EKS Distro & EKS Anywhere...
Running Kubernetes in hybrid environments with AWS (EKS Distro & EKS Anywhere...Running Kubernetes in hybrid environments with AWS (EKS Distro & EKS Anywhere...
Running Kubernetes in hybrid environments with AWS (EKS Distro & EKS Anywhere...
 
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
 
20190410 AWS Black Belt Online Seminar Amazon Elastic Container Service for K...
20190410 AWS Black Belt Online Seminar Amazon Elastic Container Service for K...20190410 AWS Black Belt Online Seminar Amazon Elastic Container Service for K...
20190410 AWS Black Belt Online Seminar Amazon Elastic Container Service for K...
 
Deploying your first application with Kubernetes
Deploying your first application with KubernetesDeploying your first application with Kubernetes
Deploying your first application with Kubernetes
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design Patterns
 
AWS 상의 컨테이너 서비스 소개 ECS, EKS - 이종립 / Principle Enterprise Evangelist @베스핀글로벌
AWS 상의 컨테이너 서비스 소개 ECS, EKS - 이종립 / Principle Enterprise Evangelist @베스핀글로벌AWS 상의 컨테이너 서비스 소개 ECS, EKS - 이종립 / Principle Enterprise Evangelist @베스핀글로벌
AWS 상의 컨테이너 서비스 소개 ECS, EKS - 이종립 / Principle Enterprise Evangelist @베스핀글로벌
 
Introducing AWS Fargate
Introducing AWS FargateIntroducing AWS Fargate
Introducing AWS Fargate
 
컨테이너 및 서버리스를 위한 효율적인 CI/CD 아키텍처 구성하기 - 현창훈 데브옵스 엔지니어, Flex / 송주영 데브옵스 엔지니어, W...
컨테이너 및 서버리스를 위한 효율적인 CI/CD 아키텍처 구성하기 - 현창훈 데브옵스 엔지니어, Flex / 송주영 데브옵스 엔지니어, W...컨테이너 및 서버리스를 위한 효율적인 CI/CD 아키텍처 구성하기 - 현창훈 데브옵스 엔지니어, Flex / 송주영 데브옵스 엔지니어, W...
컨테이너 및 서버리스를 위한 효율적인 CI/CD 아키텍처 구성하기 - 현창훈 데브옵스 엔지니어, Flex / 송주영 데브옵스 엔지니어, W...
 
Running Kubernetes on AWS
Running Kubernetes on AWSRunning Kubernetes on AWS
Running Kubernetes on AWS
 
데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...
데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...
데브옵스 엔지니어를 위한 신규 운영 서비스 - 김필중, AWS 개발 전문 솔루션즈 아키텍트 / 김현민, 메가존클라우드 솔루션즈 아키텍트 :...
 
Kubernetes/ EKS - 김광영 (AWS 솔루션즈 아키텍트)
Kubernetes/ EKS - 김광영 (AWS 솔루션즈 아키텍트)Kubernetes/ EKS - 김광영 (AWS 솔루션즈 아키텍트)
Kubernetes/ EKS - 김광영 (AWS 솔루션즈 아키텍트)
 
Kubernetes #1 intro
Kubernetes #1 introKubernetes #1 intro
Kubernetes #1 intro
 
DevOps and AWS
DevOps and AWSDevOps and AWS
DevOps and AWS
 

Similar to Amazon EKS Deep Dive

EKS New features - Re:invent 2022 recap at AWSUGNL Benelux
EKS New features - Re:invent 2022 recap at AWSUGNL BeneluxEKS New features - Re:invent 2022 recap at AWSUGNL Benelux
EKS New features - Re:invent 2022 recap at AWSUGNL BeneluxMasoom Tulsiani
 
aks_training_document_Azure_kuberne.pptx
aks_training_document_Azure_kuberne.pptxaks_training_document_Azure_kuberne.pptx
aks_training_document_Azure_kuberne.pptxWaseemShare
 
Meetup CNCF Torino - Amazon EKS March 29th 2019
Meetup CNCF Torino - Amazon EKS March 29th 2019 Meetup CNCF Torino - Amazon EKS March 29th 2019
Meetup CNCF Torino - Amazon EKS March 29th 2019 Massimo Ferre'
 
Docker clusters on AWS with Amazon ECS and Kubernetes
Docker clusters on AWS with Amazon ECS and KubernetesDocker clusters on AWS with Amazon ECS and Kubernetes
Docker clusters on AWS with Amazon ECS and KubernetesJulien SIMON
 
Aws container webinar day 1
Aws container webinar day 1Aws container webinar day 1
Aws container webinar day 1HoseokSeo7
 
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECSWeaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECSWeaveworks
 
February 2016 Webinar Series - EC2 Container Service Deep Dive
February 2016 Webinar Series - EC2 Container Service Deep Dive February 2016 Webinar Series - EC2 Container Service Deep Dive
February 2016 Webinar Series - EC2 Container Service Deep Dive Amazon Web Services
 
Running containers in AWS
Running containers in AWSRunning containers in AWS
Running containers in AWSAndrewMay59
 
Elastic Kubernetes Services (EKS)
Elastic Kubernetes Services (EKS)Elastic Kubernetes Services (EKS)
Elastic Kubernetes Services (EKS)sriram_rajan
 
Deploying a Kubernetes App with Amazon EKS
Deploying a Kubernetes App with Amazon EKSDeploying a Kubernetes App with Amazon EKS
Deploying a Kubernetes App with Amazon EKSLaura Frank Tacho
 
Building a Kubernetes App with Amazon EKS
Building a Kubernetes App with Amazon EKSBuilding a Kubernetes App with Amazon EKS
Building a Kubernetes App with Amazon EKSDevOps.com
 
AWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul Maddox
AWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul MaddoxAWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul Maddox
AWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul MaddoxAWS Riyadh User Group
 
Running kubernetes with amazon eks
Running kubernetes with amazon eksRunning kubernetes with amazon eks
Running kubernetes with amazon eksyanaisama
 

Similar to Amazon EKS Deep Dive (20)

EKS New features - Re:invent 2022 recap at AWSUGNL Benelux
EKS New features - Re:invent 2022 recap at AWSUGNL BeneluxEKS New features - Re:invent 2022 recap at AWSUGNL Benelux
EKS New features - Re:invent 2022 recap at AWSUGNL Benelux
 
aks_training_document_Azure_kuberne.pptx
aks_training_document_Azure_kuberne.pptxaks_training_document_Azure_kuberne.pptx
aks_training_document_Azure_kuberne.pptx
 
應用開發新思維
應用開發新思維應用開發新思維
應用開發新思維
 
Meetup CNCF Torino - Amazon EKS March 29th 2019
Meetup CNCF Torino - Amazon EKS March 29th 2019 Meetup CNCF Torino - Amazon EKS March 29th 2019
Meetup CNCF Torino - Amazon EKS March 29th 2019
 
Docker clusters on AWS with Amazon ECS and Kubernetes
Docker clusters on AWS with Amazon ECS and KubernetesDocker clusters on AWS with Amazon ECS and Kubernetes
Docker clusters on AWS with Amazon ECS and Kubernetes
 
Aws container webinar day 1
Aws container webinar day 1Aws container webinar day 1
Aws container webinar day 1
 
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECSWeaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
 
February 2016 Webinar Series - EC2 Container Service Deep Dive
February 2016 Webinar Series - EC2 Container Service Deep Dive February 2016 Webinar Series - EC2 Container Service Deep Dive
February 2016 Webinar Series - EC2 Container Service Deep Dive
 
Introduzione ad Amazon EKS
Introduzione ad Amazon EKSIntroduzione ad Amazon EKS
Introduzione ad Amazon EKS
 
ECS and ECR deep dive
ECS and ECR deep diveECS and ECR deep dive
ECS and ECR deep dive
 
Introduzione ad Amazon EKS
Introduzione ad Amazon EKSIntroduzione ad Amazon EKS
Introduzione ad Amazon EKS
 
Running containers in AWS
Running containers in AWSRunning containers in AWS
Running containers in AWS
 
A quick introduction to AKS
A quick introduction to AKSA quick introduction to AKS
A quick introduction to AKS
 
Elastic Kubernetes Services (EKS)
Elastic Kubernetes Services (EKS)Elastic Kubernetes Services (EKS)
Elastic Kubernetes Services (EKS)
 
Deploying a Kubernetes App with Amazon EKS
Deploying a Kubernetes App with Amazon EKSDeploying a Kubernetes App with Amazon EKS
Deploying a Kubernetes App with Amazon EKS
 
Building a Kubernetes App with Amazon EKS
Building a Kubernetes App with Amazon EKSBuilding a Kubernetes App with Amazon EKS
Building a Kubernetes App with Amazon EKS
 
Amazon ECS Deep Dive
Amazon ECS Deep DiveAmazon ECS Deep Dive
Amazon ECS Deep Dive
 
AWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul Maddox
AWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul MaddoxAWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul Maddox
AWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul Maddox
 
Advanced Container Security
Advanced Container Security Advanced Container Security
Advanced Container Security
 
Running kubernetes with amazon eks
Running kubernetes with amazon eksRunning kubernetes with amazon eks
Running kubernetes with amazon eks
 

Recently uploaded

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceanilsa9823
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 

Recently uploaded (20)

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 

Amazon EKS Deep Dive

  • 1. AMAZON EKS DEEP DIVE ANDRZEJ KOMARNICKI – DEVOPS ARCHITECT
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14. Kubernetes Version Kubernetes Patch Version Amazon EKS Platform Version Enabled Admission Controllers Release Notes 1.10 1.10.3 eks.2 ​Initializers, NamespaceLifecycle, Limit Ranger, ServiceAccount, DefaultStora geClass, ResourceQuota, DefaultToler ationSeconds, NodeRestriction, Muta tingAdmissionWebhook,ValidatingAd missionWebhook •Added support for Kubernetes aggregation layer. •Added support for Kubernetes Horizontal Pod Autoscaler (HPA). •Kubernetes Metrics Server 0.3.0 or greater is compatible with EKS platform version eks.2. 1.10 1.10.3 eks.1 ​Initializers, NamespaceLifecycle, Limit Ranger, ServiceAccount, DefaultStora geClass, ResourceQuota, DefaultToler ationSeconds,NodeRestriction Initial launch of Amazon EKS. Current and recent Amazon EKS platform versions are described in the table below:
  • 18. Amazon EKS Shared Responsibility Model For Amazon EKS, AWS is responsible for the Kubernetes control plane, which includes the control plane nodes and etcd database. You assume responsibility and management of the following: • The security configuration of the data plane, including the configuration of the security groups that allow traffic to pass from the Amazon EKS control plane into the customer VPC • The configuration of the worker nodes and the containers themselves • The worker node guest operating system (including updates and security patches) • Other associated application software: • Setting up and managing network controls, such as firewall rules • Managing platform-level identity and access management, either with or in addition to IAM
  • 20.
  • 21. CNI PLUGIN Any Kubernetes cluster on AWS • EKS • BYOK8s Daemonset deployment • kubectl create –f eks-cni.yaml
  • 23. VPC CNI NETWORKING INTERNALS
  • 24. VPC CNI PLUGIN ARCHITECTURE
  • 25.
  • 26.
  • 27. Kubernetes + AWS IAM • AWS native access management • In collaboration with Heptio • Kubectl and worker nodes • Works with Kubernetes RBAC IAM Auth Support == Upstream in 1.10 https://github.com/kubernetes-sigs/aws-iam-authenticator
  • 28. IAM AUTHENTICATION + KUBECTL https://docs.aws.amazon.com/eks/latest/userguide/add-user-role.html
  • 30. Load Balancing - Classic/NLB Amazon EKS supports the Network Load Balancer and the Classic Load Balancer through the Kubernetes service of type LoadBalancer. The configuration of your load balancer is controlled by annotations that are added to the manifest for your service. By default, Classic Load Balancers are used for LoadBalancer type services. To use the Network Load Balancer instead, apply the following annotation to your service: service.beta.kubernetes.io/aws-load-balancer-type: nlb
  • 31. Load Balancing - ALB • CoreOS ALB Ingress Controller: Supported by AWS (in beta) • Exposes ALB functionality to Kubernetes via Ingress Resources • Layer 7 load balancing, supports content-based routing by host or path https://github.com/kubernetes-sigs/aws-alb-ingress-controller
  • 32. The following diagram details the AWS components this controller creates. It also demonstrates the route ingress traffic takes from the ALB to the Kubernetes cluster.
  • 33. Ingress Creation This section describes each step (circle) above. This example demonstrates satisfying 1 ingress resource. [1]: The controller watches for ingress events from the API server. When it finds ingress resources that satisfy its requirements, it begins the creation of AWS resources. [2]: An ALB (ELBv2) is created in AWS for the new ingress resource. This ALB can be internet-facing or internal. You can also specify the subnets it's created in using annotations. [3]: Target Groups are created in AWS for each unique Kubernetes service described in the ingress resource. [4]: Listeners are created for every port detailed in your ingress resource annotations. When no port is specified, sensible defaults (80 or 443) are used. Certificates may also be attached via annotations. [5]: Rules are created for each path specified in your ingress resource. This ensures traffic to a specific path is routed to the correct Kubernetes Service. Along with the above, the controller also... •deletes AWS components when ingress resources are removed from k8s. •modifies AWS components when ingress resources change in k8s. •assembles a list of existing ingress-related AWS components on start-up, allowing you to recover if the controller were to be restarted.
  • 34. VISIBILITY THROUGHOUT YOUR KUBERNETES CLUSTER
  • 35. LOG AGGREGATION IN CLOUDWATCH LOGS VIA FLUENTD https://github.com/kubernetes/charts/tree/master/incubator/fluentd-cloudwatch
  • 37. CI/CD for apps on Kubernetes - options Jenkins AWS CodePipeline, AWS CodeCommit, AWS CodeBuild AWS partners • GitLab • Shippable • CircleCI • Codeship
  • 39. Spot Instances Amazon EC2 Spot Instances are spare EC2 capacity that offer discounts of 70-90% over On- Demand prices. The Spot price is determined by term trends in supply and demand and the amount of On-Demand capacity on a particular instance size, family, Availability Zone, and AWS Region. If the available On-Demand capacity of a particular instance type is depleted, the Spot Instance is sent an interruption notice two minutes ahead to gracefully wrap up things. I recommend a diversified fleet of instances, with multiple instance types created by Spot Fleets or EC2 Fleets. You can use Spot Instances for various fault-tolerant and flexible applications. In a workload that uses container orchestration and management platforms like EKS or Amazon Elastic Container Service (Amazon ECS), the schedulers have built-in mechanisms to identify any pods or containers on these interrupted EC2 instances. The interrupted pods or containers are then replaced on other EC2 instances in the cluster.
  • 40. Solution component Role in solution Code Deployment Cluster Autoscaler Scales EC2 instances in or out Open source K8s pod DaemonSet on On-Demand Instances Auto Scaling group Provisions Spot or On-Demand Instances AWS Via CloudFormation Spot Instance interrupt handler Sets K8s nodes to drain state, when the Spot Instance is interrupted Open source K8s pod DaemonSet on all K8s nodes with the label lifecycle=EC2Spot Solution architecture There are three goals to accomplish with this solution: 1. The cluster must scale automatically to match the demands of an application. 2. Optimize for cost by using Spot Instances. 3. The cluster must be resilient to Spot Instance interruptions. These goals are accomplished with the following components:
  • 41.
  • 42. EKS Deep Dive Complete http://www.linkedin.com/in/andrzejkomarnicki/