Scribd
Upload
149 views36 pages

Amazon EKS

This document provides an overview of Amazon Elastic Container Service for Kubernetes (Amazon EKS). It discusses how Amazon EKS provides enterprises with a production-grade Kubernetes platform, a native upstream Kubernetes experience, and seamless integration with other AWS services. The document also summarizes key Amazon EKS features like managed Kubernetes control planes, native VPC networking, IAM authentication for Kubernetes, and network security policies with Calico.

Uploaded by

dushantha maduranga
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
149 views36 pages

Amazon EKS

This document provides an overview of Amazon Elastic Container Service for Kubernetes (Amazon EKS). It discusses how Amazon EKS provides enterprises with a production-grade Kubernetes platform, a native upstream Kubernetes experience, and seamless integration with other AWS services. The document also summarizes key Amazon EKS features like managed Kubernetes control planes, native VPC networking, IAM authentication for Kubernetes, and network security policies with Calico.

Uploaded by

dushantha maduranga
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 36

企业转型分论坛

Introduction to Amazon Elastic


Container Service for Kubernetes
(Amazon EKS)
Arun Gupta, @arungupta
Principal Open Source Technologist, AWS

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
Speaker Intro

• ~1.5 years at AWS


• Principal Open Source Technologist
• Cloud Native Computing Foundation
Board representative for Amazon
• Author, runner, world traveler
• arungupta on twitter/slack

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
51%
of Kubernetes runs on
AWS today
— Cloud Native Computing Foundation

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
Kubernetes on AWS

3x Kubernetes masters for HA

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
Kubernetes Controller

API Controller Cloud


server manager controller

Scheduler KubeDNS Add-ons

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
Controller Controller Controller

Etcd Etcd Etcd

Availability Availability Availability


Zone 1 Zone 2 Zone 3

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
Controller Controller Controller

Etcd Etcd Etcd

Availability Availability Availability


Zone 1 Zone 2 Zone 3

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
“Run Kubernetes for me.”

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
“Give us an upstream experience.”

“Please don’t fork.”

“Make sure it’s compatible”

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
A M A Z O N E L A S T I C C O N TA I N E R S E R V I C E F O R K U B E R N E T E S
(Amazon EKS)

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
Tenet 1
EKS is a platform for enterprises
to run production-grade workloads

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
Tenet 2
EKS provides a native and
upstream Kubernetes experience

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
Tenet 3
If EKS customers want to use additional
AWS services, the integrations are seamless
and eliminate undifferentiated heavy lifting

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
Tenet 4
EKS team actively contributes
to the Kubernetes project

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
AWS Managed

Controller Controller Controller

Etcd Etcd Etcd

Customer Account

Availability Availability Availability


Zone 1 Zone 2 Zone 3

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
Amazon EKS

Kubectl mycluster.eks.amazonaws.com

AZ 1 AZ 2 AZ 3

EKS Workers

Your AWS account

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
https://github.com/awslabs/amazon-eks-ami

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
AWS IAM Authenticator
https://github.com/kubernetes-sigs/aws-iam-authenticator

An open source approach to integrating


AWS IAM authentication with Kubernetes

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
IAM Authentication + Kubectl

1) Passes AWS Identity

2) Verifies AWS Identity

Kubectl K8s API AWS Auth


4) K8s action
allowed/denied

3) Authorizes AWS Identity with RBAC

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
{…}

Pods have the same VPC


Native VPC networking Open source and
address inside the pod Simple, secure networking
with CNI plugin on Github
as on the VPC

https://github.com/aws/amazon-vpc-cni-k8s
© 2018, Amazon Web Services, Inc. or its affiliates. All rights
reserved.
ec2.associateaddress()

ENI

Secondary IPs:
10.0.0.20
10.0.0.22 Nginx Pod
Nginx Pod
Veth IP: 10.0.0.20
Veth IP: 10.0.0.1

Secondary IPs:
Java Pod 10.0.0.1
Java Pod
Veth IP: 10.0.0.2 10.0.0.2
Veth IP: 10.0.0.22

Instance 1 ENI Instance 2

VPC Subnet – 10.0.0.0/24

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
Kubernetes Network Calico is the leading Open source, active
Commercial support
Policies enforce network implementation of the development (>100
available from Tigera
security rules network policy API contributors)

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
S TA G E “TENANT” FINE-GRAINED
COMPLIANCE
S E PA R AT I O N S E PA R AT I O N FIREWALLS

Isolate dev, test, and prod E.g., typically use namespaces Reduce attack surface within E.g., PCI, HIPAA
for different teams within microservice-based applications
a company—but without
network policy, they are
not network isolated

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
Master access and visibility

AWS
CloudTrail

Amazon
CloudWatch

Master

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
Kubernetes Upgrades

Upgrade Strategy: “On-Demand Updates”

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
Kubernetes Upgrades

Version Version
1.10 1.9.2 1.9.1 1.9

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights
reserved.
Auto Scaling - Application

• Horizontal Pod Autoscaler – scales pods in response


to K8s generated metrics (CPU)

• Has support for custom metrics

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
Auto Scaling – Cluster

• Two options: Native Auto Scaling, K8s Cluster Auto


Scaler

• Cluster Autoscaler is reactive

• AWS Auto Scaling Groups work as usual

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
Will $(thing) work on Amazon EKS

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
Amazon EKS is Kubernetes Certified

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
Amazon EKS and Open Source

• Packer scripts: https://github.com/awslabs/amazon-eks-ami


• CNI plugin: https://github.com/aws/amazon-vpc-cni-k8s
• AWS IAM authenticator: https://github.com/kubernetes-sigs/aws-iam-
authenticator
• eksctl: Create EKS cluster with one CLI
• SIG AWS
• ALB Ingress controller: https://github.com/kubernetes-sigs/aws-alb-ingress-
controller
• AWS Encryption Provider: https://github.com/kubernetes-sigs/aws-encryption-
provider

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
Customers adopting Amazon EKS

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
Customer adopting EKS

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
Demo

Demo 操作演示

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.
Thank you!

© 2018, Amazon Web Services, Inc. or its affiliates. All rights


reserved.

You might also like