This document discusses using Kubernetes on AWS and provides tips across three main topics: designing clusters, installation, and operations. For design, it recommends automating as much as possible, properly sizing clusters based on network and server capacities, and using permissions and tags to control access. For installation, it discusses using multiple AWS accounts for access control and tools like Kops to deploy and manage clusters. For operations, it discusses using AWS services for databases and logging instead of running them on Kubernetes, and considerations for custom registries and secrets. The overall message is how to leverage AWS services while deploying and managing Kubernetes clusters at scale.

1. KUBERNETES ON AWS
GONE WILD
CHRISTIAN JANTZ - CODE.TALKS 2017

2. Teaching companies how to
combine agile, open source,
cloud and lean thinking to stay
relevant.
Also trying to show people that
hiring DevOps Engineers is not
an answer for digitalisation.
CALL ME CHRIS

3. WHO IS ALREADY DOING IT?

4. THREE MAIN TOPICS
• Design your cluster(s)
• Installation
• Operations
Three things per topic

5. DESIGN YOUR
CLUSTER(S)

6. AUTOMATED VS. MANUAL
• People rarely document
• Manual works once
• Except you save it as AMI or use ansible, puppet, chef
• Dev clusters can be simple
• Production should ONLY be sized differently
Automate as much as possible

7. SIZE YOUR CLUSTER
• Servers have capacities
• Consider network capacity
• Servers cost money
• AWS offers different types, pick the best
• One AZ is not fault-tolerant
• Think redundant!
Cause big is not always good

8. PERMISSIONS ON AWS
• Use personalised accounts
• Use server roles
• Use tags to control access to clusters
• Automate everything
• Success is when no admin ever accesses AWS
Let’s talk about compliance

9. INSTALLATION

10. MULTI-ACCOUNT
• One account is easy
• Accounts help you manage access
• Developers can get access to AWS
• S3, kops and multi account are complex
• Centralize cluster management
• Jenkins, Bamboo, you name it
To make controlling & compliance love you

11. KUBE-UP & COPS
• kube-up.sh is a good start
• But updating is a pain
• Kops is even better
• But it controls it all

12. NETWORKING
• Kops takes part of your VPC
• Keeping kube-up.sh setups compatible
• Kubernetes reserves IP’s
• Use another VPC and network range for DB’s
• Consider your shared resources
• Don’t overlap your networks
Mind your IP‘s and VPC‘s

13. OPERATIONS

14. DATABASES
• It is possible
• Just not a good idea
• Updates your responsibility
• State can be lost
• AWS services are too cheap to ignore
Some put them in containers

15. LOGGING
• Use built-in ELK stack
• Persistence not guaranteed
• Attach to AWS ElasticSearch Service
• Deploy your own fluentd daemonset
Know what is going on

16. CUSTOM REGISTRIES
• Add them manually
• Destroys autoscaling functionality
• Mind the timeout
• Think about permissions
• Kubernetes talks to AWS
• Custom secrets are possible
Not everything is supposed to be public

17. YOU CAN DO K8S IN ALL CLOUD ENVIRONMENTS
THIS TALK WAS FOCUSSED ON EXPERIENCES
WITH AWS

18. THOUGHT OPS TODAY?

20. THANK YOU!
CHRIS@SAFEWRD.COM
@CHRISZ_