理山
Uploaded by理弘 山崎
2,425 views

JAWS-UG コンテナ支部 #19

転職会議SRE meets EKS

Embed presentation

Download to read offline
స৬ձٞSRE meets EKS
 స৬ձٞͷӡ༻ͰಘΒΕͨEKSͷ஌‫ݟ‬Λେެ։
 
 JAWS-UGίϯςφࢧ෦ #19 ‫ࣜג‬ձࣾϦϒηϯε స৬ձٞࣄ‫ۀ‬෦ SRE ࢁ㟒 ཧ߂ a.k.a ͔͍ͨͳ͔ (@katainaka0503)
ΞδΣϯμ
ΞδΣϯμ • ࣗ‫঺ݾ‬հ • EKSԽҎલͷస৬ձٞͷECS‫ج‬൫ͷ՝୊ • EKSҠߦΛͲ͏ਐΊ͔ͨ • స৬ձٞͷEKS‫ج‬൫ • ECS/EKSͷϝϦσϝ • ·ͱΊ
ࣗ‫঺ݾ‬հ
ࣗ‫঺ݾ‬հ • ࢁ㟒ཧ߂ a.k.a ͔͍ͨͳ͔ • @katainaka0503 (Twitter, GitHub) • ‫ࣜג‬ձࣾϦϒηϯε స৬ձٞࣄ‫ۀ‬෦ SREνʔϜ
స৬ձٞ ೔ຊ࠷େ‫ڃ‬ͷస৬৘ใαΠτ ࢓ࣄ୳͠ʹ͓͚Δ৘ใͷඇରশੑΛͳ͘͠ɺస৬ʹ͓͚ΔϛεϚονΛղফ͢Δ͜ͱͰ ΑΓଟ͘ͷਓ͕ೲಘͰ͖Δస৬Λ࣮‫͖Ͱݱ‬ΔΑ͏ͳαΠτΛ໨ࢦ͍ͯ͠·͢ɻ స৬ձٞͰ͸ɺ‫ͳʹؾ‬Δձࣾͷ‫ޱ‬ίϛ৘ใΛ‫ݟ‬Δ͜ͱ͸΋ͪΖΜɺ‫ٻ‬ਓ‫΁ۀا‬ͷԠื΋ՄೳͰ͢ɻ
EKSԽҎલͷస৬ձٞͷECS‫ج‬൫ͷ՝୊
EKSԽҎલͷస৬ձٞͷECS‫ج‬൫ͷ՝୊ • SRE͕͍ͳ͍ͱ৽͍͠αʔϏεΛσϓϩΠͰ͖ͳ͍ • ECSͷσϓϩΠπʔϧ͕ಠࣗ • ECSɾEC2ɾLambdaͰ࡞ΒΕͨγεςϜ͕ࠞࡏ • ΫϨσϯγϟϧͷѻ͍ํ͕ηΩϡϦςΟ্໰୊͕͋Δ • ౳ʑ
EKSҠߦΛͲ͏ਐΊ͔ͨ
ํ਑ • ϚΠΫϩαʔϏε͝ͱʹॱ࣍ECS͔ΒEKSʹ੾Γସ͑Δ • ‫׬‬ᘳͳΫϥελΛ͍͖ͳΓ࡞ΔͷͰ͸ͳ͘ɺ
 ϑΣʔζΛ੾ͬͯॱ൪ʹΫϥελͷ‫׬‬੒౓ΛߴΊ͍ͯ͘ • ։ൃऀ΁ͷ஌ࣝҠసΛ࠷ॏࢹ͢Δ
ϚΠΫϩαʔϏε͝ͱͷ੾Γସ͑ • ϚΠΫϩαʔϏε͝ͱʹ੾Γସ͑Δ͜ͱͰো֐൒‫ܘ‬Λ࠷খԽ • ALB + ECSΛࢦ͍ͯ͠ΔRoute53ͷϨίʔυΛ
 ExternalDNS഑ԼʹҠ͠Route53Ͱ੾Γସ͑ • ੾Γ໭͠͸Route53ϨίʔυΛ΋ͱʹ໭͢
ϑΣʔζΛ෼͚ͯ઴ਐతʹ͢͢ΊΔ • EKSҠߦ࡞‫ۀ‬ͷશମ૾Λఆٛ͠ɺ
 ϑΣʔζΛ෼͚ͯண࣮ʹਐΊΔ • KubernetesΤίγεςϜͷ๲େͳબ୒ࢶʹѹ౗͞Ε
 Ҡߦ͕ਐ·ͳ͘ͳΔ͜ͱΛ๷͙ • ϑΣʔζ͝ͱʹ࠷௿‫ݶ‬ຬ͍ͨͯ͠Δ΂͖ঢ়ଶΛҙࣝ͠ͳ͕Β
 ண࣮ʹEKS‫ج‬൫ߏஙΛਐΊͨ
։ൃऀ΁ͷ஌ࣝҠస • ΞϓϦέʔγϣϯ։ൃऀΛର৅ʹͨ͠ษ‫ڧ‬ձΛ։࠵ • ࿅श໰୊ΛଟΊʹ࣮͠ࡍʹखΛಈ͔ͯ͠΋Β͑ΔΑ͏ʹ • Ϟϒϓϩάϥϛϯά‫Ͱࣜܗ‬SREࢦಋͷ‫ݩ‬ɺ
 ࣮ࡍʹ։ൃ͍ͯ͠ΔϚΠΫϩαʔϏεΛEKSԽ • ษ‫ڧ‬ձͰͷ஌ࣝΛ࣮ࡍͷ‫ۀ‬຿ͱ઀ଓ͢Δ
స৬ձٞͷEKS‫ج‬൫
CI/CD
CI/CD • FluxΛ࠾༻ • GitOpsʹΑΔCI/CDΛ࣮‫ݱ‬ • KubernetesϦϙδτϦͷઃఆ಺༰ΛGitHubͱಉ‫ظ‬ • ৽͍͠ΠϝʔδΛσϓϩΠͨ͠ΒGitHubʹΠϝʔδΛॻ͖໭͢ • νϟοτϘοτͱ࿈‫ͨ͠ܞ‬ϒϥϯνσϓϩΠͷ੔උ
CI/CD • ৽͍͠ΠϝʔδͷλάͰεςʔδϯάΛࣗಈͰߋ৽ • ಛఆͷϒϥϯν͔Β࡞ΒΕͨΠϝʔδΛ
 ChatOpsͰεςʔδϯάʹσϓϩΠ • ຊ൪ʹChatOpsͰ৽͍͠ΠϝʔδΛσϓϩΠ
ิ଍: ͳͥFluxΛબΜ͔ͩ • ʮYAMLͷߋ৽ʯͱʮ৽͍͠ΠϝʔδͷσϓϩΠʯͷ
 ̎ͭͷϢʔεέʔεͷ྆ํʹରԠͰ͖ΔͨΊ • ৽͍͠ΠϝʔδͷσϓϩΠʹ‫͍ڧ‬πʔϧ͕͋·Γͳͦ͞͏ͩͬͨ • fluxctlΛ࢖͏ͱಛఆϒϥϯνͷΠϝʔδΛΞυϗοΫʹσϓϩΠ͢Δ͜ͱʹ΋ରԠͰ͖Δ • ‫ݸ‬ਓతʹɺࠓ͔Β૊Έ௚͢ͳΒArgoCDʹ͸ArgoCD Image Updater͕͋ͬͨΓɺ
 PipeCD౳΋༗๬ͦ͏ͳͨΊFlux͸બ͹ͳ͍͔΋ • ҆ఆͨ͠GUI͕͋Δͷ͸
 ։ൃऀʹ೔ৗతʹKubernetesΫϥελΛ৮ͬͯ΋Β͏্Ͱ͸ັྗత
‫ࢹ؂‬ɾϩά
‫ࢹ؂‬ • DatadogͰ‫ࢹ؂‬ • Deployment΍CronJobͷঢ়ଶΛ‫ࢹ؂‬ • AWS Load Balancer Controller౳ɺΧελϜγεςϜίϯϙʔ ωϯτ΋ϝτϦΫεΛ‫ࢹ؂‬ • յΕͨઃఆΛσϓϩΠͨ͠ΒଈΞϥʔτ
ϩά • Grafana LokiΛ࢖༻ • S3Λσʔλอଘઌʹ͢Δ • CloudWatch Logs΍Datadog Logsʹൺ΂ͯ஋ஈ͕͍҆ • Podͷϝλσʔλ(ϥϕϧ౳)͔Βϩάʹϝλσʔλ෇༩
ࣗಈεέʔϦϯά
ࣗಈεέʔϦϯά • Cluster AutoscalerͰϊʔυΛࣗಈͰ૿‫ݮ‬ • Horizontal Pod AutoscalerͰPodΛࣗಈͰ૿‫ݮ‬
ͦͷଞ
ͦͷଞ • ΫϨσϯγϟϧ؅ཧ: SealedSecret • SealedSecretͷ伴ͷόοΫΞοϓ: Velero • ConfigMap, SealedSecretߋ৽࣌ͷrestart: Reloader • όονॲཧ: Argo Workflow • AWSͷϦιʔε؅ཧ: External DNS, AWS Load Balancer Controller
ECS/EKSϝϦσϝ
EKSͰ΋ECSͰ΋ͰͰ͖Δ͜ͱ
ECSͰ΋EKSͰ΋Ͱ͖Δ͜ͱ • ίϯςφΦʔέετϨʔγϣϯʹඞཁͳ‫ػ‬ೳͷ΄ͱΜͲ • Fargateͷར༻ • ίϯςφʹೖͬͯσόοά • ECS Exec • αʔϏεϝογϡͷར༻
EKSͷϝϦοτ
EKSͷϝϦοτ • γϯϓϧͳίϯϙʔωϯτΛ૊Έ߹Θͤͯ‫ج‬൫Λθϩ͔Β࡞Δͷʹ޲͘ • ʢ࣭ͷߴ͍‫ج‬൫͕࡞ΕΕ͹ʣ
 ΞϓϦέʔγϣϯ։ൃऀཱ͕ࣗͯ͠৽αʔϏεͷσϓϩΠʹऔΓ૊ΊΔ • ͨͩ͠ɺ૊Έ߹ΘͤΔίϯϙʔωϯτ͕૿͑Δͨͼ
 ‫ࢹ؂‬΍ΞοϓάϨʔυͷର৅͕૿͑Δ͜ͱ͸ҙࣝ͢΂͖ • KubernetesΤίγεςϜͷࢿ࢈Λར༻Մೳ • GitOpsͷ࣮‫ݱ‬ͷ༰қ͞
స৬ձٞͰ‫ڗ‬ड͍ͯ͠ΔϝϦοτͷྫ • ։ൃऀϑϨϯυϦʔͳUXͷπʔϧͷͨΊɺ
 ஌ࣝҠసΛ͔ͬ͠Γߦ͑͹ΞϓϦέʔγϣϯ։ൃऀ͕ࣗ཯తʹಈ͖΍͍͢ • ArgoΛ࢖༻ͯ͠όονॲཧؒͷґଘؔ܎Λ੔ཧ͢Δ࡞‫
͕ۀ‬ ΞϓϦέʔγϣϯ։ൃऀओಋͰਐߦத • GitOpsʹΑΔӡ༻ίετͷ௿‫ݮ‬ • PRҰൃͰϝϯςφϯεϞʔυʹ
ECSͷϝϦοτ
ECSͷϝϦοτ • ඞཁे෼ͳίϯςφ‫ج‬൫Λ͔ΜͨΜʹߏஙͰ͖Δ • Copilot౳ͷศརͳσϓϩΠπʔϧ͕͋Δ • ΞοϓάϨʔυ͕ࣗಈ • Ϋϥελࣗମ͸ແྉ
EKSͰ‫ؾ‬Λ͚ͭΔ͜ͱ
PodΛ҆શʹऴྃ͢Δ • ΞϓϦέʔγϣϯΛSIGTERMड৴࣌ʹऴྃ͢ΔΑ͏ʹ࣮૷
 (ECSͰ΋΍Δ΂͖) • τϥϑΟοΫΛड͚෇͚ΔPodͷpreStopϑοΫͰsleep͢Δ • Service͔ΒͷΤϯυϙΠϯτͷআ֎ͱPodͷऴྃॲཧ͸ඇಉ‫Ͱظ‬ਐ ΉͨΊɺService͔ΒͷΤϯυϙΠϯτͷআ֎͕࣮֬ʹऴΘ͔ͬͯΒ PodͷऴྃॲཧΛ͢͢ΊΔ
STSͷϦʔδϣφϧΤϯυϙΠϯτΛ࢖͏ • EKSͷIAM Role for Service AccountsͰ͸
 IAMͷ‫ݶݖ‬ΛಘΔͨΊʹk8sͷID TokenΛ
 AWSͷҰ࣌ΫϨσϯγϟϧʹҾ͖‫͍ͯ͑׵‬Δ (STS:AssumeRoleWithWebIdentity) • https://b.hatena.ne.jp/entry/s/ katainaka0503.hatenablog.com/entry/2019/12/07/091737
STSͷϦʔδϣφϧΤϯυϙΠϯτΛ࢖͏ • STS͕ϦʔδϣφϧΤϯυϙΠϯτΛ࢖༻͍ͯ͠ͳ͍ͱ
 τʔΫϯͷߋ৽࣌ʹϨΠςϯγ͕‫
૿ٸ‬
STSͷϦʔδϣφϧΤϯυϙΠϯτΛ࢖͏ • Pod͔ΒAWS SDKΛ࢖͏৔߹ɺ
 STSͷϦʔδϣφϧΤϯυϙΠϯτΛ࢖͏ઃఆΛೖΕΔ͜ͱ • `AWS_STS_REGIONAL_ENDPOINTS=regional` • SDKʹΑͬͯ͸σϑΥϧτͰ
 ϦʔδϣφϧΤϯυϙΠϯτʹ઀ଓ
γεςϜίϯϙʔωϯτͷ‫ࢹ؂‬ • AWS Load Balancer Controller΍ExternalDNS౳͸
 ઃఆແ͠Ͱ͸‫ͨͬޡ‬ઃఆ౳ʹΑΔॲཧͷࣦഊͷ‫ࢹ؂‬Λߦ͑ͳ͍ • ʮYAMLΛमਖ਼ͨ͠΋ͷͷຊ൪‫ʹڥ؀‬ΤϥʔͰద༻͞Ε͍ͯͳ͔ͬͨʂʯ
 ͱ͍͏έʔε͕ൃੜ͢ΔՄೳੑ • AWS Load Balancer Controllerͷ৔߹ɺ
 KubernetesʹIngress͓Αͼannotationͱͯ͠ઃఆ஋Λొ࿥ => ίϯτϩʔϥ͕ղऍ ͯ͠ALBͷઃఆΛมߋͱ͍͏ྲྀΕͳͷͰɺ
 ొ࿥࣌ʹෆਖ਼ͳ஋͕஄͔Εʹ͍͘͜ͱʹ஫໨
γεςϜίϯϙʔωϯτͷ‫ࢹ؂‬ • γεςϜίϯϙʔωϯτͷPrometheusΤϯυϙΠϯτ౳͔Β
 ϝτϦΫεΛऔಘ͠ɺΤϥʔൃੜ࣌ʹ͸௨஌͕ඈͿΑ͏ʹ • Datadogͷ৔߹ Autodiscoveryͱ͍͏‫ػ‬ೳ͕࢖͑ΔͷͰγες ϜίϯϙʔωϯτͷPodʹΞϊςʔγϣϯΛ෇͚Δ͚ͩͰϝτ ϦΫε͕औಘͰ͖Δ
·ͱΊ
·ͱΊ • EKSΫϥελΛߏங͢Δͷʹ͸࿑ྗ͕͔͔Δ͕ɺ
 ΍Γ͖ͬͨͱ͖ͷϝϦοτ͸େ͖͍ • γεςϜͷੑ࣭΍։ൃ૊৫ͷঢ়‫͔گ‬ΒECS͔EKS͔Λ൑அ͢Δ • EKSԽΑΓ΋ઌʹ෼ࢄτϨʔγϯά౳ “͋ͨΓ·͑” Λ੔͑Δ
 ͱ͍͏ઓུ͸‫ݸ‬ਓతʹΞϦ

More Related Content

PDF
Storytelling For The Web: Integrate Storytelling in your Design Process
byChiara Aliotta
 
PDF
2024 Trend Updates: What Really Works In SEO & Content Marketing
bySearch Engine Journal
 
PDF
転職会議のEKS移行
by理弘 山崎
 
PDF
データサイエンティスト協会 木曜勉強会#01 『Pythonによるデータ分析および最適化』
byThe Japan DataScientist Society
 
PDF
ReactとSeleniumの幸せな関係
byAkira Kuratani
 
PDF
Amazon EKS上の開発体験を最大化するプレビュー環境の作り方
by理弘 山崎
 
PDF
Atlantisで実現するTerraformのGitOps
by理弘 山崎
 
PDF
「監視」でつくる安全なCI/CD環境
by理弘 山崎
 
Storytelling For The Web: Integrate Storytelling in your Design Process
byChiara Aliotta
 
2024 Trend Updates: What Really Works In SEO & Content Marketing
bySearch Engine Journal
 
転職会議のEKS移行
by理弘 山崎
 
データサイエンティスト協会 木曜勉強会#01 『Pythonによるデータ分析および最適化』
byThe Japan DataScientist Society
 
ReactとSeleniumの幸せな関係
byAkira Kuratani
 
Amazon EKS上の開発体験を最大化するプレビュー環境の作り方
by理弘 山崎
 
Atlantisで実現するTerraformのGitOps
by理弘 山崎
 
「監視」でつくる安全なCI/CD環境
by理弘 山崎
 

Featured

PDF
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
byOECD Directorate for Financial and Enterprise Affairs
 
PDF
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
bySocialHRCamp
 
PDF
2024 State of Marketing Report – by Hubspot
byMarius Sescu
 
PDF
Everything You Need To Know About ChatGPT
byExpeed Software
 
PDF
Product Design Trends in 2024 | Teenage Engineerings
byPixeldarts
 
PDF
How Race, Age and Gender Shape Attitudes Towards Mental Health
byThinkNow
 
PDF
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
bymarketingartwork
 
PDF
Skeleton Culture Code
bySkeleton Technologies
 
PDF
PEPSICO Presentation to CAGNY Conference Feb 2024
byNeil Kimberley
 
PDF
Content Methodology: A Best Practices Report (Webinar)
bycontently
 
PPTX
How to Prepare For a Successful Job Search for 2024
byAlbert Qian
 
PDF
Social Media Marketing Trends 2024 // The Global Indie Insights
byKurio // The Social Media Age(ncy)
 
PDF
Trends In Paid Search: Navigating The Digital Landscape In 2024
bySearch Engine Journal
 
PDF
5 Public speaking tips from TED - Visualized summary
bySpeakerHub
 
PDF
ChatGPT and the Future of Work - Clark Boyd
byClark Boyd
 
PDF
Getting into the tech field. what next
byTessa Mero
 
PDF
Google's Just Not That Into You: Understanding Core Updates & Search Intent
byLily Ray
 
PDF
How to have difficult conversations
byRajiv Jayarajah, MAppComm, ACC
 
PDF
Introduction to Data Science
byChristy Abraham Joy
 
PDF
Time Management & Productivity - Best Practices
byVit Horky
 
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
byOECD Directorate for Financial and Enterprise Affairs
 
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
bySocialHRCamp
 
2024 State of Marketing Report – by Hubspot
byMarius Sescu
 
Everything You Need To Know About ChatGPT
byExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
byPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
byThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
bymarketingartwork
 
Skeleton Culture Code
bySkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
byNeil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
bycontently
 
How to Prepare For a Successful Job Search for 2024
byAlbert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
byKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
bySearch Engine Journal
 
5 Public speaking tips from TED - Visualized summary
bySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
byClark Boyd
 
Getting into the tech field. what next
byTessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
byLily Ray
 
How to have difficult conversations
byRajiv Jayarajah, MAppComm, ACC
 
Introduction to Data Science
byChristy Abraham Joy
 
Time Management & Productivity - Best Practices
byVit Horky
 

JAWS-UG コンテナ支部 #19