WhaTap Labs, profile picture
Uploaded byWhaTap Labs
387 views

Cloud for Kubernetes : Session3

This document provides an overview of managing Kubernetes clusters on Amazon EKS. It discusses how to deploy Kubernetes clusters on AWS infrastructure using EKS, including networking, security, and integration with other AWS services. It also provides examples of common Kubernetes resource configurations and operations using EKS, such as setting up volumes, routing, auto-scaling, and monitoring.

Embed presentation

Downloaded 38 times
Amazon EKS로 시작하는 Kubernetes 2019-06-20
Kubernetes Container Orchestration
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 3 Kubernetes • Container Orchestration • Automated container deployment, scaling, and management • Kubernetes Cluster • Master, Node 로 구성된 단위 환경 • Kubernetes Objects • Pod, Service, Volume, Namespace • ReplicaSet, Deployment, StatefulSet, DaemonSet, Job • ConfigMap, Secret, Ingress https://kubernetes.io/, https://github.com/kubernetes/kubernetes
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 4 Kubernetes
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 5 Kubernetes on AWS • Network • VPC, Subnet, NAT Gateway, Security Groups • Instance • EC2: Master nodes, Worker nodes • Auto Scaling Group, Elastic Load Balancer • docker, kublet, kubeadm, etcd • Kubernetes Cluster • join to master
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 6 Kubernetes on AWS
Amazon EKS Amazon Elastic Container Service for Kubernetes
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 8 Amazon EKS • 출시 : 2018년 6월 8일 • 서울 : 2019년 1월 9일 https://github.com/aws/containers-roadmap/issues/37
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 9 Amazon EKS
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 10 Amazon EKS • AWS 관리형 쿠버네티스(K8S)의 원칙 EKS는 대규모 회사가 운영 수준의 작업 부하를 실행하는 플랫폼이다 EKS is a platform for enterprises to run production-grade workloads EKS는 순수 쿠버네티스 및 업스트림 경험을 유지한다 EKS provides a native and upstream Kubernetes experience EKS 고객이 다른 AWS 서비스를 사용할 때, 복잡하지 않고 매끄럽게 연계한다 If EKS customers want to use additional AWS services, the integrations are seamless and eliminate undifferentiated heavy lifting EKS 팀은 쿠버네티스 프로젝트에 적극적으로 기여한다 EKS team actively contributes to the Kubernetes project TenetsAmazon EKS E L A S T I C C O N TA I N E R S E R V I C E F O R K U B E R N E T E S
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 11 Amazon EKS 아키텍처 mycluster.eks.amazonaws.com EKS 워커노드 kubectl AZ 1 AZ 2 AZ 3 사용자의 AWS 계정 VPC
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 12 etcd (오토스케일링) Amazon EKS Control Plane • 고 가용성을 내재한 단일 테넌트 인프라스트럭처 • 전체 “순수 AWS” 서비스 • NLB를 활용한 부하분산 • 컨트롤 플레인 로그 (new) • API 서버, Audit, Controller Manager, Authenticator, Scheduler VPC NLB ELB Instances AZ-2AZ-1 AZ-3 API Server (오토스케일링) Instances
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 13 Amazon EKS Data Plane • 다양한 인스턴스 유형 및 가격정책 • M5, C5, P2, P3 GPU, Spot or Mixed • AI/ML용 Amazon EKS • EKS에 최적화된 GPU지원 AMI • EKS AMI 빌드 스크립트 • 워크로드 특성에 적합한 인스턴스 적용 Private subnet VPC AZ-1 AZ-2 AZ-3 Internal ELB Instances Instances Public subnet CLB or NLB or ALB Internet gateway Instances 사용자 AMI
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 14 Amazon EKS 보안 – 인증 & 권한 AWS Identity and Access Management (IAM) Amazon EKS • AWS Secret Manager • AWS KMS • AWS IAM 역할 & 정책 • K8S는 RBAC 사용 • Role & RoleBinding • ClusterRole & ClusterRoleBinding • AWS IAM Authenticator • IAM과 RBAC 연결 • K8S 보안 메커니즘 • Namespaces • Service accounts • User accounts
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 15 Amazon EKS IAM 인증 kubectl 3) AWS identity에 RBAC 권한 부여 K8s API 1) AWS identity 2) AWS identity 검증 4) K8S action 허용 또는 거부 AWS IAM 인증
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 16 Amazon EKS 네트워크 제어 • VPC 보안그룹 • VPC 서브넷 NACL • Pod레벨에서 네트워크 정책 구현 • 네트워크 세그먼테이션 • 테넌트 분리 • K8S의 네트워크 정책 • AWS 보안그룹과 유사함 • Selector 조건에 해당하는 POD에 선 택적으로 적용(레이블 활용) Amazon VPC Amazon EKS
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 17 Amazon EKS 네트워크 레이어 • K8S에 있는 3개의 IP 주소 계층: • K8S 클러스터 레벨 • K8S POD 레벨 • AWS VPC 계층 • Amazon VPC CNI for EKS 플러그인 • L-IPAM 데몬은 ENI에 IP 주소 연결/할당/관리 및 IP 주소 “웜 풀” 관리 • 호스트의 네트워크 연결 및 POD의 namespace에 올바른 인터페이스 추가를 관리 • ‘aws-node’ 데몬이 각 노드에 배포 • 노드의 Amazon EC2 인스턴스 유형에 맞춰 IP 주소들을 제공
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 18 Amazon VPC CNI 플러그인 ENI Secondary IPs: 10.0.0.1 10.0.0.2 10.0.0.1 10.0.0.2 ENI 10.0.0.20 10.0.0.22 Secondary IPs: 10.0.0.20 10.0.0.22 ec2.associateaddress() VPC Subnet – 10.0.0.0/24 Instance 1 Instance 2 VPC CNI CNI
How to Kubernetes Manage
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 20 Amazon EKS - aws-auth $ kubectl get configmap aws-auth –n kube-system –o yaml
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 21 HELM • Kubernetes Package Manager • Application 의 배포 / 버전 / 업그레이드를 관리 • Application 은 chart 라는 단위로 구성 • Chart 는 Kubernetes Resource 정의 묶음 • Tiller 가 Cluster 에 설치 되어 배포된 chart 의 버전을 관리 https://helm.sh/, https://github.com/helm/helm, https://github.com/helm/charts
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 22 HELM $ kubectl create serviceaccount tiller -n kube-system $ kubectl create clusterrolebinding cluster-admin:kube-system:tiller --clusterrole=cluster-admin --serviceaccount=kube-system:tiller $ helm init --upgrade --service-account=tiller ⎈ Happy Helming!⎈ $ helm list $ helm search package $ helm install package stable/packapge --values package.yaml
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 23 How to - Route • nginx-ingress https://github.com/helm/charts/tree/master/stable/nginx-ingress https://asset.opsnow.com/ https://metering.opsnow.com/ Ingress Controller service pod pod service pod pod Ingress asset.opsnow.com metering.opsnow.com
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 24 How to - Route $ vi nginx-ingress.yaml $ helm install nginx-ingress stable/nginx-ingress --values nginx-ingress.yaml controller: replicaCount: 2 config: use-forwarded-headers: "true" service: annotations: service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:ap-northeast-2:0000:certificate/0000-0000" service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http" service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "3600" targetPorts: http: http https: http
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 25 How to - Volume • AWS EBS
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 26 How to - Volume • AWS EBS
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 27 How to - Volume • AWS EFS
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 28 How to - Volume • AWS EFS
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 29 How to - Volume • efs-provisioner $ vi efs-provisioner.yaml $ helm install efs-provisioner stable/efs-provisioner --values efs-provisioner.yaml efsProvisioner: efsFileSystemId: efs-1234567890 awsRegion: ap-northeast-2 path: /shared provisionerName: seoul-dev-demo-eks/efs storageClass: name: efs isDefault: false gidAllocate: enabled: true gidMin: 40000 gidMax: 50000 reclaimPolicy: Retain
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 30 How to - Autoscale • Horizontal Pod Autoscaler Horizontal Pod Autoscaler Deployment ReplicaSet Pod Metrics aggregator Prometheus adapter Prometheus Metrics server cAdvisor kubelet Pod Pod
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 31 How to - Autoscale • metrics-server $ vi metics-server.yaml $ helm install metics-server stable/metics-server --values metics-server.yaml args: - --kubelet-insecure-tls - --kubelet-preferred-address-types=InternalIP,InternalDNS,ExternalDNS,ExternalIP,Hostname
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 32 How to - Autoscale • cluster-autoscaler $ vi cluster-autoscaler.yaml $ helm install cluster-autoscaler stable/cluster-autoscaler --values cluster-autoscaler.yaml autoDiscovery: enabled: true clusterName: seoul-dev-demo-eks awsRegion: ap-northeast-2 rbac: create: true
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 33 How to - Monitor • Prometheus
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 34 How to - Monitor • prometheus $ vi prometheus.yaml $ helm install prometheus stable/prometheus --values prometheus.yaml server: persistentVolume: enabled: true accessModes: - ReadWriteOnce size: 8Gi storageClass: "efs"
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 35 How to - Monitor • grafana $ vi grafana.yaml $ helm install grafana stable/grafana --values grafana.yaml adminUser: admin adminPassword: password ingress: enabled: true annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/force-ssl-redirect: "true" hosts: - grafana.demo.opsnow.com https://github.com/opsnow/kops-cui/blob/master/charts/monitor/grafana.yaml
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 36 How to - Monitor
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 37 How to - Monitor
Copyright © 2018 BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 38 How to - And.. • jenkins • sonatype-nexus • sonarqube • chartmuseum • docker-registry • datadog • newrelic-infrastructure • fluentd-elasticsearch • …
OpsNow를 소개합니다 고객의 요구에 기반한 복잡한 클라우드 운영이 가능합니다. OpsNow 개발은 계속 진화합니다. Pain-point #1 온프레미스와 복잡한 클라우드의 전반적인 운영 관리가 어렵습니다. 복잡한 운영 관리를 도와주는 SaaS 기반의 Public과 Private 솔루션을 제공합니다. Pain-point #2 수동 관리를 통해서는 업무생산성을 개선하기 어렵습니다. 완전 자동화를 통해 업무생산성을 향상시킵니다. Pain-point #3 시중의 솔루션을 사용해도 클라우드 비용 절감 효과가 제한적입니다. OpsNow 비용 최적화 모듈로 비용을 최대 80%까지 절감할 수 있습니다.
감사합니다.

More Related Content

PDF
Cloud for Kubernetes : Session4
byWhaTap Labs
 
PDF
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...
byJosef Adersberger
 
PDF
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
bySlideTeam
 
PPTX
Securing and Automating Kubernetes with Kyverno
bySaim Safder
 
PDF
Multitenancy on EKS
byIan Crosby
 
PDF
Kubernetes Architecture with Components
byAjeet Singh
 
PPTX
Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...
byDavide Benvegnù
 
KEY
OpenStack Report
byyoshihisa sakamoto
 
Cloud for Kubernetes : Session4
byWhaTap Labs
 
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...
byJosef Adersberger
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
bySlideTeam
 
Securing and Automating Kubernetes with Kyverno
bySaim Safder
 
Multitenancy on EKS
byIan Crosby
 
Kubernetes Architecture with Components
byAjeet Singh
 
Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...
byDavide Benvegnù
 
OpenStack Report
byyoshihisa sakamoto
 

What's hot

PDF
OpenStack Architected Like AWS (and GCP)
byRandy Bias
 
PDF
Kubernetes Forum Seoul 2019: Re-architecting Data Platform with Kubernetes
bySeungYong Oh
 
PDF
Best Practices with Azure Kubernetes Services
byQAware GmbH
 
PDF
Virtualized Containers - How Good is it - Ananth - Siemens - CC18
byCodeOps Technologies LLP
 
PDF
오픈소스 네트워킹
byJames Ahn
 
PPTX
Building Cloud Native Applications Using Spring Boot and Spring Cloud
byGeekNightHyderabad
 
PPTX
Making sense of containers, docker and Kubernetes on Azure.
byNills Franssens
 
PDF
AWS-compared-to-OpenStack
byJonathan Gershater
 
PDF
GitOps with Amazon EKS Anywhere by Dan Budris
byWeaveworks
 
PDF
Containers and security
bysriram_rajan
 
PDF
Evolve or Fall Behind: Driving Transformation with Containers - Sai Vennam - ...
byCodeOps Technologies LLP
 
PPTX
Why Kubernetes on Azure
byMicrosoft Tech Community
 
PPTX
Microservice deployment using docker image on azure kubernetes service
byAbhishek Sahu
 
PDF
Vault の Google Cloud KMS Secrets Engine (HashiTalks:japan 2020/7/3)
byNorikoSato7
 
PPTX
CloudStack 4.1, 4.2 and beyond
byChip Childers
 
PDF
Stateless and Stateful Services in Kubernetes - Mohit Saxena - Citrix - CC18
byCodeOps Technologies LLP
 
PDF
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
byJames Anderson
 
PDF
Extending Kubernetes
byJohannes Rudolph
 
PPTX
Autoscaling in Kubernetes
byHrishikesh Deodhar
 
ODP
Hybris install telco accelerators on aws-ec2
byVenugopal Gummadala
 
OpenStack Architected Like AWS (and GCP)
byRandy Bias
 
Kubernetes Forum Seoul 2019: Re-architecting Data Platform with Kubernetes
bySeungYong Oh
 
Best Practices with Azure Kubernetes Services
byQAware GmbH
 
Virtualized Containers - How Good is it - Ananth - Siemens - CC18
byCodeOps Technologies LLP
 
오픈소스 네트워킹
byJames Ahn
 
Building Cloud Native Applications Using Spring Boot and Spring Cloud
byGeekNightHyderabad
 
Making sense of containers, docker and Kubernetes on Azure.
byNills Franssens
 
AWS-compared-to-OpenStack
byJonathan Gershater
 
GitOps with Amazon EKS Anywhere by Dan Budris
byWeaveworks
 
Containers and security
bysriram_rajan
 
Evolve or Fall Behind: Driving Transformation with Containers - Sai Vennam - ...
byCodeOps Technologies LLP
 
Why Kubernetes on Azure
byMicrosoft Tech Community
 
Microservice deployment using docker image on azure kubernetes service
byAbhishek Sahu
 
Vault の Google Cloud KMS Secrets Engine (HashiTalks:japan 2020/7/3)
byNorikoSato7
 
CloudStack 4.1, 4.2 and beyond
byChip Childers
 
Stateless and Stateful Services in Kubernetes - Mohit Saxena - Citrix - CC18
byCodeOps Technologies LLP
 
GDG Cloud Southlake #9 Secure Cloud Networking - Beyond Cloud Boundaries
byJames Anderson
 
Extending Kubernetes
byJohannes Rudolph
 
Autoscaling in Kubernetes
byHrishikesh Deodhar
 
Hybris install telco accelerators on aws-ec2
byVenugopal Gummadala
 

Similar to Cloud for Kubernetes : Session3

PDF
Aws container webinar day 1
byHoseokSeo7
 
PDF
AWS에서 Kubernetes 실전 활용하기::유병우::AWS Summit Seoul 2018
byAmazon Web Services Korea
 
PPTX
Eks.introduce.v2
bySeok-joon Yun
 
PDF
AWS Builders Online Series | 컨테이너, AWS에서 날개를 달다 - 유재석, AWS 솔루션즈 아키텍트
byAmazon Web Services Korea
 
PDF
컨테이너 및 서버리스를 위한 효율적인 CI/CD 아키텍처 구성하기 - 현창훈 데브옵스 엔지니어, Flex / 송주영 데브옵스 엔지니어, W...
byAmazon Web Services Korea
 
PDF
[AWS Dev Day] 앱 현대화 | DevOps 개발자가 되기 위한 쿠버네티스 핵심 활용 예제 알아보기 - 정영준 AWS 솔루션즈 아키...
byAmazon Web Services Korea
 
PDF
Open stack and k8s(v4)
byH K Yoon
 
PDF
Prometheus on EKS
byJo Hoon
 
PPTX
k8s
byWonjun Hwang
 
PPTX
Running kubernetes with amazon eks
byyanaisama
 
PPTX
AWS 기반 Docker, Kubernetes
by정빈 권
 
PDF
Docker kubernetes fundamental(pod_service)_190307
byInhye Park
 
PDF
KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019
byAmazon Web Services Korea
 
PDF
Introduction to EKS (AWS User Group Slovakia)
byVladimir Simek
 
PDF
AWS 고객사를 위한 ‘AWS 컨테이너 교육’ - 유재석, AWS 솔루션즈 아키텍트
byAmazon Web Services Korea
 
PPTX
Amazon Elastic Container Service for Kubernetes (Amazon EKS) I AWS Dev Day 2018
byAWS Germany
 
PDF
Mastering Kubernetes on AWS - Tel Aviv Summit
byArun Gupta
 
PDF
Kubernetes internals (Kubernetes 해부하기)
byDongHyeon Kim
 
PDF
Amazon Container Services – 유재석 (AWS 솔루션즈 아키텍트)
byAmazon Web Services Korea
 
PDF
AWS Container Services – 유재석 (AWS 솔루션즈 아키텍트)
byAmazon Web Services Korea
 
Aws container webinar day 1
byHoseokSeo7
 
AWS에서 Kubernetes 실전 활용하기::유병우::AWS Summit Seoul 2018
byAmazon Web Services Korea
 
Eks.introduce.v2
bySeok-joon Yun
 
AWS Builders Online Series | 컨테이너, AWS에서 날개를 달다 - 유재석, AWS 솔루션즈 아키텍트
byAmazon Web Services Korea
 
컨테이너 및 서버리스를 위한 효율적인 CI/CD 아키텍처 구성하기 - 현창훈 데브옵스 엔지니어, Flex / 송주영 데브옵스 엔지니어, W...
byAmazon Web Services Korea
 
[AWS Dev Day] 앱 현대화 | DevOps 개발자가 되기 위한 쿠버네티스 핵심 활용 예제 알아보기 - 정영준 AWS 솔루션즈 아키...
byAmazon Web Services Korea
 
Open stack and k8s(v4)
byH K Yoon
 
Prometheus on EKS
byJo Hoon
 
k8s
byWonjun Hwang
 
Running kubernetes with amazon eks
byyanaisama
 
AWS 기반 Docker, Kubernetes
by정빈 권
 
Docker kubernetes fundamental(pod_service)_190307
byInhye Park
 
KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019
byAmazon Web Services Korea
 
Introduction to EKS (AWS User Group Slovakia)
byVladimir Simek
 
AWS 고객사를 위한 ‘AWS 컨테이너 교육’ - 유재석, AWS 솔루션즈 아키텍트
byAmazon Web Services Korea
 
Amazon Elastic Container Service for Kubernetes (Amazon EKS) I AWS Dev Day 2018
byAWS Germany
 
Mastering Kubernetes on AWS - Tel Aviv Summit
byArun Gupta
 
Kubernetes internals (Kubernetes 해부하기)
byDongHyeon Kim
 
Amazon Container Services – 유재석 (AWS 솔루션즈 아키텍트)
byAmazon Web Services Korea
 
AWS Container Services – 유재석 (AWS 솔루션즈 아키텍트)
byAmazon Web Services Korea
 

More from WhaTap Labs

PDF
[WhaTap DevOps Day] 세션 5 : 금융 Public 클라우드/ Devops 구축 여정
byWhaTap Labs
 
PDF
[WhaTap DevOps Day] 세션 2 : 성장하는 엔지니어 학습 문화
byWhaTap Labs
 
PDF
[WhaTap DevOps Day] 세션 1 : Observability Practice on AWS
byWhaTap Labs
 
PDF
[WhaTap DevOps Day] 세션 6 : 와탭랩스 DevOps 이야기
byWhaTap Labs
 
PDF
[WhaTap DevOps Day] 세션 3 : 클라우드와 개발자, 모놀리틱부터 오케스트레이션까지
byWhaTap Labs
 
PDF
[WhaTap DevOps Day] 세션 4 : 롯데ON MSA 모니터링 최적화 사례
byWhaTap Labs
 
PDF
Cloud for Kubernetes : Session5
byWhaTap Labs
 
PDF
Cloud for Kubernetes : Session2
byWhaTap Labs
 
PDF
Cloud for Kubernetes : Session1
byWhaTap Labs
 
PPTX
스타트업 개발자가 알아야할 서비스 운영지식
byWhaTap Labs
 
PPTX
장애 분석 절차 (서영일)
byWhaTap Labs
 
PPTX
DB 모니터링 신규 & 개선 기능 (박명규)
byWhaTap Labs
 
PPTX
프로세스 모니터링 (남형석)
byWhaTap Labs
 
PPTX
DB Monitoring 개념 및 활용 (박명규)
byWhaTap Labs
 
PPTX
Application Monitoring 신규 기능 소개 (서영일)
byWhaTap Labs
 
PPTX
스택 분석 활용 사례 (송재진)
byWhaTap Labs
 
[WhaTap DevOps Day] 세션 5 : 금융 Public 클라우드/ Devops 구축 여정
byWhaTap Labs
 
[WhaTap DevOps Day] 세션 2 : 성장하는 엔지니어 학습 문화
byWhaTap Labs
 
[WhaTap DevOps Day] 세션 1 : Observability Practice on AWS
byWhaTap Labs
 
[WhaTap DevOps Day] 세션 6 : 와탭랩스 DevOps 이야기
byWhaTap Labs
 
[WhaTap DevOps Day] 세션 3 : 클라우드와 개발자, 모놀리틱부터 오케스트레이션까지
byWhaTap Labs
 
[WhaTap DevOps Day] 세션 4 : 롯데ON MSA 모니터링 최적화 사례
byWhaTap Labs
 
Cloud for Kubernetes : Session5
byWhaTap Labs
 
Cloud for Kubernetes : Session2
byWhaTap Labs
 
Cloud for Kubernetes : Session1
byWhaTap Labs
 
스타트업 개발자가 알아야할 서비스 운영지식
byWhaTap Labs
 
장애 분석 절차 (서영일)
byWhaTap Labs
 
DB 모니터링 신규 & 개선 기능 (박명규)
byWhaTap Labs
 
프로세스 모니터링 (남형석)
byWhaTap Labs
 
DB Monitoring 개념 및 활용 (박명규)
byWhaTap Labs
 
Application Monitoring 신규 기능 소개 (서영일)
byWhaTap Labs
 
스택 분석 활용 사례 (송재진)
byWhaTap Labs
 

Recently uploaded

PDF
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
PDF
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PDF
Generative AI in UiPath: Mastering the Generative Extractor for Intelligent D...
byDianaGray10
 
PDF
Greetings All Students Update 3 by Mia Corp
by©LDMMIA, ©Reiki Yoga
 
PDF
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
PDF
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
PDF
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PDF
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
PDF
AI Technology important knowledge ......
byutkarshj2007
 
PDF
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
PDF
December Patch Tuesday
byIvanti
 
PDF
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
PPTX
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
Generative AI in UiPath: Mastering the Generative Extractor for Intelligent D...
byDianaGray10
 
Greetings All Students Update 3 by Mia Corp
by©LDMMIA, ©Reiki Yoga
 
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
AI Technology important knowledge ......
byutkarshj2007
 
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
December Patch Tuesday
byIvanti
 
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 

Cloud for Kubernetes : Session3

  • 1.
    Amazon EKS로 시작하는Kubernetes 2019-06-20
  • 2.
  • 3.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 3 Kubernetes • Container Orchestration • Automated container deployment, scaling, and management • Kubernetes Cluster • Master, Node 로 구성된 단위 환경 • Kubernetes Objects • Pod, Service, Volume, Namespace • ReplicaSet, Deployment, StatefulSet, DaemonSet, Job • ConfigMap, Secret, Ingress https://kubernetes.io/, https://github.com/kubernetes/kubernetes
  • 4.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 4 Kubernetes
  • 5.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 5 Kubernetes on AWS • Network • VPC, Subnet, NAT Gateway, Security Groups • Instance • EC2: Master nodes, Worker nodes • Auto Scaling Group, Elastic Load Balancer • docker, kublet, kubeadm, etcd • Kubernetes Cluster • join to master
  • 6.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 6 Kubernetes on AWS
  • 7.
    Amazon EKS Amazon ElasticContainer Service for Kubernetes
  • 8.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 8 Amazon EKS • 출시 : 2018년 6월 8일 • 서울 : 2019년 1월 9일 https://github.com/aws/containers-roadmap/issues/37
  • 9.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 9 Amazon EKS
  • 10.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 10 Amazon EKS • AWS 관리형 쿠버네티스(K8S)의 원칙 EKS는 대규모 회사가 운영 수준의 작업 부하를 실행하는 플랫폼이다 EKS is a platform for enterprises to run production-grade workloads EKS는 순수 쿠버네티스 및 업스트림 경험을 유지한다 EKS provides a native and upstream Kubernetes experience EKS 고객이 다른 AWS 서비스를 사용할 때, 복잡하지 않고 매끄럽게 연계한다 If EKS customers want to use additional AWS services, the integrations are seamless and eliminate undifferentiated heavy lifting EKS 팀은 쿠버네티스 프로젝트에 적극적으로 기여한다 EKS team actively contributes to the Kubernetes project TenetsAmazon EKS E L A S T I C C O N TA I N E R S E R V I C E F O R K U B E R N E T E S
  • 11.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 11 Amazon EKS 아키텍처 mycluster.eks.amazonaws.com EKS 워커노드 kubectl AZ 1 AZ 2 AZ 3 사용자의 AWS 계정 VPC
  • 12.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 12 etcd (오토스케일링) Amazon EKS Control Plane • 고 가용성을 내재한 단일 테넌트 인프라스트럭처 • 전체 “순수 AWS” 서비스 • NLB를 활용한 부하분산 • 컨트롤 플레인 로그 (new) • API 서버, Audit, Controller Manager, Authenticator, Scheduler VPC NLB ELB Instances AZ-2AZ-1 AZ-3 API Server (오토스케일링) Instances
  • 13.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 13 Amazon EKS Data Plane • 다양한 인스턴스 유형 및 가격정책 • M5, C5, P2, P3 GPU, Spot or Mixed • AI/ML용 Amazon EKS • EKS에 최적화된 GPU지원 AMI • EKS AMI 빌드 스크립트 • 워크로드 특성에 적합한 인스턴스 적용 Private subnet VPC AZ-1 AZ-2 AZ-3 Internal ELB Instances Instances Public subnet CLB or NLB or ALB Internet gateway Instances 사용자 AMI
  • 14.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 14 Amazon EKS 보안 – 인증 & 권한 AWS Identity and Access Management (IAM) Amazon EKS • AWS Secret Manager • AWS KMS • AWS IAM 역할 & 정책 • K8S는 RBAC 사용 • Role & RoleBinding • ClusterRole & ClusterRoleBinding • AWS IAM Authenticator • IAM과 RBAC 연결 • K8S 보안 메커니즘 • Namespaces • Service accounts • User accounts
  • 15.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 15 Amazon EKS IAM 인증 kubectl 3) AWS identity에 RBAC 권한 부여 K8s API 1) AWS identity 2) AWS identity 검증 4) K8S action 허용 또는 거부 AWS IAM 인증
  • 16.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 16 Amazon EKS 네트워크 제어 • VPC 보안그룹 • VPC 서브넷 NACL • Pod레벨에서 네트워크 정책 구현 • 네트워크 세그먼테이션 • 테넌트 분리 • K8S의 네트워크 정책 • AWS 보안그룹과 유사함 • Selector 조건에 해당하는 POD에 선 택적으로 적용(레이블 활용) Amazon VPC Amazon EKS
  • 17.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 17 Amazon EKS 네트워크 레이어 • K8S에 있는 3개의 IP 주소 계층: • K8S 클러스터 레벨 • K8S POD 레벨 • AWS VPC 계층 • Amazon VPC CNI for EKS 플러그인 • L-IPAM 데몬은 ENI에 IP 주소 연결/할당/관리 및 IP 주소 “웜 풀” 관리 • 호스트의 네트워크 연결 및 POD의 namespace에 올바른 인터페이스 추가를 관리 • ‘aws-node’ 데몬이 각 노드에 배포 • 노드의 Amazon EC2 인스턴스 유형에 맞춰 IP 주소들을 제공
  • 18.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 18 Amazon VPC CNI 플러그인 ENI Secondary IPs: 10.0.0.1 10.0.0.2 10.0.0.1 10.0.0.2 ENI 10.0.0.20 10.0.0.22 Secondary IPs: 10.0.0.20 10.0.0.22 ec2.associateaddress() VPC Subnet – 10.0.0.0/24 Instance 1 Instance 2 VPC CNI CNI
  • 19.
  • 20.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 20 Amazon EKS - aws-auth $ kubectl get configmap aws-auth –n kube-system –o yaml
  • 21.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 21 HELM • Kubernetes Package Manager • Application 의 배포 / 버전 / 업그레이드를 관리 • Application 은 chart 라는 단위로 구성 • Chart 는 Kubernetes Resource 정의 묶음 • Tiller 가 Cluster 에 설치 되어 배포된 chart 의 버전을 관리 https://helm.sh/, https://github.com/helm/helm, https://github.com/helm/charts
  • 22.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 22 HELM $ kubectl create serviceaccount tiller -n kube-system $ kubectl create clusterrolebinding cluster-admin:kube-system:tiller --clusterrole=cluster-admin --serviceaccount=kube-system:tiller $ helm init --upgrade --service-account=tiller ⎈ Happy Helming!⎈ $ helm list $ helm search package $ helm install package stable/packapge --values package.yaml
  • 23.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 23 How to - Route • nginx-ingress https://github.com/helm/charts/tree/master/stable/nginx-ingress https://asset.opsnow.com/ https://metering.opsnow.com/ Ingress Controller service pod pod service pod pod Ingress asset.opsnow.com metering.opsnow.com
  • 24.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 24 How to - Route $ vi nginx-ingress.yaml $ helm install nginx-ingress stable/nginx-ingress --values nginx-ingress.yaml controller: replicaCount: 2 config: use-forwarded-headers: "true" service: annotations: service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:ap-northeast-2:0000:certificate/0000-0000" service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https" service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http" service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "3600" targetPorts: http: http https: http
  • 25.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 25 How to - Volume • AWS EBS
  • 26.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 26 How to - Volume • AWS EBS
  • 27.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 27 How to - Volume • AWS EFS
  • 28.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 28 How to - Volume • AWS EFS
  • 29.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 29 How to - Volume • efs-provisioner $ vi efs-provisioner.yaml $ helm install efs-provisioner stable/efs-provisioner --values efs-provisioner.yaml efsProvisioner: efsFileSystemId: efs-1234567890 awsRegion: ap-northeast-2 path: /shared provisionerName: seoul-dev-demo-eks/efs storageClass: name: efs isDefault: false gidAllocate: enabled: true gidMin: 40000 gidMax: 50000 reclaimPolicy: Retain
  • 30.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 30 How to - Autoscale • Horizontal Pod Autoscaler Horizontal Pod Autoscaler Deployment ReplicaSet Pod Metrics aggregator Prometheus adapter Prometheus Metrics server cAdvisor kubelet Pod Pod
  • 31.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 31 How to - Autoscale • metrics-server $ vi metics-server.yaml $ helm install metics-server stable/metics-server --values metics-server.yaml args: - --kubelet-insecure-tls - --kubelet-preferred-address-types=InternalIP,InternalDNS,ExternalDNS,ExternalIP,Hostname
  • 32.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 32 How to - Autoscale • cluster-autoscaler $ vi cluster-autoscaler.yaml $ helm install cluster-autoscaler stable/cluster-autoscaler --values cluster-autoscaler.yaml autoDiscovery: enabled: true clusterName: seoul-dev-demo-eks awsRegion: ap-northeast-2 rbac: create: true
  • 33.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 33 How to - Monitor • Prometheus
  • 34.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 34 How to - Monitor • prometheus $ vi prometheus.yaml $ helm install prometheus stable/prometheus --values prometheus.yaml server: persistentVolume: enabled: true accessModes: - ReadWriteOnce size: 8Gi storageClass: "efs"
  • 35.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 35 How to - Monitor • grafana $ vi grafana.yaml $ helm install grafana stable/grafana --values grafana.yaml adminUser: admin adminPassword: password ingress: enabled: true annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/force-ssl-redirect: "true" hosts: - grafana.demo.opsnow.com https://github.com/opsnow/kops-cui/blob/master/charts/monitor/grafana.yaml
  • 36.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 36 How to - Monitor
  • 37.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 37 How to - Monitor
  • 38.
    Copyright © 2018BESPIN GLOBAL, Inc. All rights reserved | Confidential http://www.bespinglobal.com 38 How to - And.. • jenkins • sonatype-nexus • sonarqube • chartmuseum • docker-registry • datadog • newrelic-infrastructure • fluentd-elasticsearch • …
  • 39.
    OpsNow를 소개합니다 고객의 요구에기반한 복잡한 클라우드 운영이 가능합니다. OpsNow 개발은 계속 진화합니다. Pain-point #1 온프레미스와 복잡한 클라우드의 전반적인 운영 관리가 어렵습니다. 복잡한 운영 관리를 도와주는 SaaS 기반의 Public과 Private 솔루션을 제공합니다. Pain-point #2 수동 관리를 통해서는 업무생산성을 개선하기 어렵습니다. 완전 자동화를 통해 업무생산성을 향상시킵니다. Pain-point #3 시중의 솔루션을 사용해도 클라우드 비용 절감 효과가 제한적입니다. OpsNow 비용 최적화 모듈로 비용을 최대 80%까지 절감할 수 있습니다.
  • 40.