This document contains a summary of Keisuke Nishitani's presentation on AWS Fargate and Amazon ECS for Kubernetes. Some key points include: - Keisuke Nishitani is a Specialist Solutions Architect at Amazon Web Services Japan K.K. - The presentation covered introductions to AWS Fargate and Amazon Elastic Container Service (ECS) for Kubernetes, including how they work and their features. - Fargate allows running containers without having to provision and manage servers, and offers scaling of compute resources on a per-task basis. ECS for Kubernetes provides fully-managed Kubernetes control plane services.

1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Keisuke Nishitani (@Keisuke69)
Senior Specialist SA Amazon Web Services Japan K.K.
24 Jul, 2018
【AWS Black Belt Online Seminar】
Introduction to AWS Fargate and
Amazon Elastic Container Service for Kubernetes

2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
•

4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Who am I ?
Keisuke Nishitani
Specialist Solutions Architect
Amazon Web Service Japan K.K
@Keisuke69 Keisuke69 Keisuke69 Keisuke69Keisuke69x

5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

6. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

7. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

8. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
?

9. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

10. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

11. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•

12. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•

13. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•

14. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
•

15. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Server
Guest OS
Bins/Libs Bins/Libs
App2App1

16. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS

17. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS
Server
Guest
OS

18. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

19. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

20. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Linux & Windows

21. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

22. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

23. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

24. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

25. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Scheduling and Orchestration
Cluster Manager Placement Engine
ECS
AMI
Docker
agent
ECS
agent
EC2 Instance
ECS
AMI
Docker
agent
ECS
agent
EC2 Instance
ECS
AMI
Docker
agent
ECS
agent
EC2 Instance

26. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

27. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
{
”cpu": “1 vCPU”,
”memory": “2 gb”,
"networkMode": ”AWSVPC",
"compatibilities": [”FARGATE",
”EC2"],
"placementConstraints": [],
"containerDefinitions": [
{
<snip>…....
•
Task
Level
Resources

28. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
CPU Memory
256 (.25 vCPU) 512MB, 1GB, 2GB
512 (.5 vCPU) 1GB to 4GB (1GB )
1024 (1 vCPU) 2GB to 8GB (1GB )
2048 (2 vCPU) 4GB to 16GB (1GB )
4096 (4 vCPU) 8GB to 30GB (1GB )

29. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

30. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
•
•
•
•
•

31. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

32. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

33. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•

34. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
•
•

35. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•

36. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

37. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
PROD Cluster Infrastructure
DEV Cluster Infrastructure
BETA Cluster Infrastructure
QA Cluster Infrastructure
Web Web
Shopping
Cart
Shopping
Cart
Notifications NotificationsWeb
Shopping
Cart NotificationsWeb
Shopping
Cart
Shopping
Cart
Notifications NotificationsWeb Web
PROD CLUSTER BETA CLUSTER
DEV CLUSTER QA CLUSTER

38. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Cluster
Permissions
Application
Permissions
Task
Housekeeping
Permissions
Cluster
Fargate Task
Cluster Permissions:
誰がタスクを実行/参照できるか？
Application (Task) Permissions:
アプリケーションがアクセス可能なAWSリソースはどれか？
Housekeeping Permissions:
ECSに操作を許可したいパーミッションは何か？
e.g.
• ECR Image Pull
• CloudWatch Logs pushing
• ENI creation
• Register/Deregister targets into ELB

39. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

40. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

41. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•

42. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

43. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
•

44. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
•

45. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

46. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•

47. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•
CPUTraffic
DesiredCount
Time
100%
0%
50%
10%
20%
30%
40%
60%
70%
80%
90%
5
30
10
15
20
25
Target CPU Utilization DesiredCount

48. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Service
•
•
•
•
Amazon EC2
Service
Resource
buffer
(+~15%)

49. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
99.99%
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

50. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

51. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

52. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

53. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

54. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
57%of Kubernetes workloads
run on AWS today
—CNCF survey

55. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
3x Kubernetes masters for HA

56. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
API
server
Cloud
controller
Controller
manager
Scheduler Add-onsKubeDNS

57. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Availability
Zone 1
Etcd
Master
Etcd
Master
Etcd
Master
Availability
Zone 2
Availability
Zone 3

58. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Availability
Zone 1
Etcd
Master
Etcd
Master
Availability
Zone 2
Availability
Zone 3
Etcd
Master

59. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
“Run Kubernetes for me.”

60. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
“Native AWS Integrations.”

61. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
”An Open Source Kubernetes Experience.”

62. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

63. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

64. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Availability
Zone 1
Etcd
Master
Etcd
Master
Availability
Zone 2
Availability
Zone 3
Etcd
Master

65. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
mycluster.eks.amazonaws.com
Availability
Zone 1
Availability
Zone 2
Availability
Zone 3
Kubectl

66. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

67. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

68. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

69. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
APIAPIAPIAPI
EKS

70. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
aws eks create-cluster –cluster-name reinvent2017 –desired-master-version
1.7.1 –role-arn arn:aws:iam::account-id:role/role-name

71. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
HTTP/1.1 200 Content-type:
application/json
{ "cluster":
{
"clusterName": "string",
"createdAt": number,
"currentMasterVersion": "string",
"desiredMasterVersion": "string",
"masterEndpoint": "string",
"roleArn": "string",
"status": "string",
"statusMessage": "string"
}
}
aws eks create-cluster

72. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
aws eks describe-cluster –cluster-name reinvent2017

73. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
HTTP/1.1 200 Content-type:
application/json
{ "cluster":
{ "clusterName": "string",
"createdAt": number,
"currentMasterVersion": "string",
"desiredMasterVersion": "string",
"masterEndpoint": "string",
"roleArn": "string",
"status": "string",
"statusMessage": "string" }
}
aws eks describe-cluster –cluster-name reinvent2017

74. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
aws eks list-clusters

75. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
HTTP/1.1 200
Content-type: application/json
{
"clusterArns": [ "string" ],
"nextToken": "string"
}
aws eks list-clusters

76. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
aws eks delete-cluster –cluster-name
reinvent2017

77. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
HTTP/1.1 200 Content-type:
application/json
{ "cluster":
{ "clusterName": "string",
"createdAt": number,
"currentMasterVersion": "string",
"desiredMasterVersion": "string",
"masterEndpoint": "string",
"roleArn": "string",
"status": "string",
"statusMessage": "string" }
}
aws eks delete-cluster –cluster-name reinvent2017

78. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

79. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

80. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

81. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

82. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

83. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

84. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Native VPC networking
with CNI plugin
Pods have the same VPC
address inside the pod
as on the VPC
Simple, secure networking
Open source and
on Github
…{ }

85. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

86. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•

87. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
K u b e l e t
V P C C N I
p l u g i n
1 . C N I A d d / D e l e t e
E C 2
E N I E N I E N I
P o d P o d P o d P o d
V P C
N e t w o r k
.........
0 . C r e a t e E N I
2 . S e t u p v e t h

88. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
K u b e l e t
V P C C N I
p l u g i n
N e t w o r k l o c a l
c o n t r o l
p l a n e ( L o c a l - I P A M )
E N I s /
S e c o n d a r y I P s
C N I A d d / D e l e t e
g R P C
E C 2

89. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
E C 2
Default namespace
Pod namespace
veth vethMain RT
E C 2
Default namespace
Pod namespace
veth
Route
Table
Main RT
ENI RT
veth
VPC
fabric
ENI RT
Route
Table

90. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
E C 2
Default namespace
Pod namespace
veth
Route
Table
Main RT
ENI RT
veth
External
Network
IPTables

91. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

92. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

93. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•

94. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

95. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Kubernetes Network
Policies enforce network
security rules
Calico is the leading
implementation of the
network policy API
Open source, active
development (>100
contributors)
Commercial support
available from Tigera

96. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

97. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

98. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
kubectl
AWS RBAC
k8s API
AWS
AWS
k8s
AWS Auth

99. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

100. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Kubernetes Worker Pool (EC2)
Amazon CloudWatch
Logs
Fluentd Fluentd Fluentd
https://github.com/fluent/fluentd-kubernetes-daemonset

101. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Metrics

102. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•

103. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

104. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

105. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
•
•
•