Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Introduction to Amazon EKS - KubeCon 2018

Introduction to Amazon EKS @ KubeCon 2018

  • Login to see the comments

Introduction to Amazon EKS - KubeCon 2018

  1. 1. Introduction to Amazon EKS Brandon Chavis, Product Manager, Amazon EKS Arun Gupta, Principal Open Source Technologist, @arungupta
  2. 2. Elastic Container Service for Kubernetes
  3. 3. EKS • Manage masters • Highly available setup • Upgrades
  4. 4. 57%of Kubernetes workloads run on AWS today — Cloud Native Computing Foundation
  5. 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tenet 1 EKS is a platform for enterprises to run production-grade workloads
  6. 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tenet 2 EKS provides a native and upstream Kubernetes experience
  7. 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tenet 3 If EKS customers want to use additional AWS services, the integrations are seamless and eliminate undifferentiated heavy lifting
  8. 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tenet 4 EKS team actively contributes to the Kubernetes project
  9. 9. EKS Customers C r e a t e E K S c l u s t e r P r o v i s i o n w o r k e r n o d e s L a u n c h a d d - o n s L a u n c h w o r k l o a d s
  10. 10. EKS – Kubernetes masters C r e a t e H A m a s t e r s C e r t i f i c a t e m a n a g e m e n t I A M i n t e g r a t i o n S e t u p L BC r e a t e H A e t c d A u t o s c a l e C r e a t e c l u s t e r
  11. 11. mycluster.eks.amazonaws.com EKS Workers kubectl Amazon EKS AZ 1 AZ 2 AZ 3 Your AWS account
  12. 12. EKS Architecture
  13. 13. How do I provision EKS Worker Nodes?
  14. 14. Heptio IAM Authenticator https://github.com/heptio/authenticator An open source approach to integrating AWS IAM authentication with Kubernetes
  15. 15. Kubectl 3) Authorizes AWS Identity with RBAC K8s API 1) Passes AWS Identity 2) Verifies AWS Identity 4) K8s action allowed/denied AWS Auth IAM Authentication + Kubectl
  16. 16. IAM Auth Support == Upstream in 1.10
  17. 17. Native VPC networking with CNI plugin Pods have the same VPC address inside the pod as on the VPC Simple, secure networking Open source and on Github …{ } https://github.com/aws/amazon-vpc-cni-k8s
  18. 18. Nginx Pod Java Pod ENI Secondary IPs: 10.0.0.1 10.0.0.2 Veth IP: 10.0.0.1 Veth IP: 10.0.0.2 Nginx Pod Java Pod ENI Veth IP: 10.0.0.20 Veth IP: 10.0.0.22 Secondary IPs: 10.0.0.20 10.0.0.22 ec2.associateaddress() VPC Subnet – 10.0.0.0/24 Instance 1 Instance 2
  19. 19. EKS is Kubernetes Certified
  20. 20. Conformance Challenges: Workers Masters Kubernetes assumes a single network for workers and masters API Access Kubectl Exec/Logs
  21. 21. A different way: EKS Cross-Account Networking Workers Masters Customer VPC EKS VPC Network Load Balancer ENI API Access Kubectl Exec/Logs TLS Static IPs
  22. 22. EKS Cross-Account Networking: PKI and TLS EKS Worker EKS Master Kubelet Generates public/private keys Kubelet installs server cert Kubelet issues CSR Certificate rotation
  23. 23. Will $(thing) work on EKS?
  24. 24. Thank you! aws.amazon.com/eks

×