SlideShare a Scribd company logo

Builders' Day- Mastering Kubernetes on AWS

Amazon Web Services LATAM
Amazon Web Services LATAM

The document discusses running Kubernetes on AWS. It begins with an agenda on Kubernetes, AWS, and mastering Kubernetes. It then provides examples of running containers locally and considerations for moving workloads to production. It discusses Kubernetes networking concepts and how the AWS VPC CNI plugin handles IP allocation. It also covers different Kubernetes service types like NodePort, LoadBalancer, ExternalName and Ingress resources. The document shares an example of implementing logging with EFK and discusses Snap's use of Amazon EKS to move to a microservices architecture.

1 of 45
Downloaded 20 times
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Martin Dominguez Solutions Architect AWS Mastering Kubernetes on AWS
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda • Kubernetes • AWS • Mastering
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. $ vi Dockerfile $ docker build -t mykillerapp:0.0.1 . $ docker run -it mykillerapp:0.0.1 Running containers in development is easy…
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Moving to production: data plane Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS AZ 1 AZ 2 AZ 3
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Moving to production: control plane etcd etcdetcd Master Master Master Availability zone 1 Availability zone 2 Availability zone 1
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Yup. This is hard. - Lucas Käldström, volunteer ambassador for the Cloud Native Computing Foundation
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. “Run Kubernetes for me.” 51% of Kubernetes workloads run on AWS today — Cloud Native Computing Foundation
“Give us an upstream experience.” “Please don’t fork.” “Make sure it’s compatible”
Amazon EKS is Kubernetes Certified
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon EKS mycluster.eks.amazonaws.com EKS Workers Kubectl AZ 1 AZ 2 AZ 3 VPC
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cross account Kubernetes EKS VPCCustomer VPC Worker Nodes EKS-Owned ENI Kubernetes API calls Exec, Logs, Proxy Internet
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. • All the pods can communicate with each other directly without NAT • All the nodes can communicate with all pods (and vice versa) without NAT • The IP that a pod sees itself as is the same IP that others see it as The three rules of Kubernetes networking…
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS VPC CNI plugin ENI Secondary IPs: 10.0.0.1 10.0.0.2 10.0.0.1 10.0.0.2 ENI 10.0.0.20 10.0.0.22 Secondary IPs: 10.0.0.20 10.0.0.22 ec2.associateaddress() VPC Subnet – 10.0.0.0/24 Instance 1 Instance 2 VPC
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS VPC CNI plugin – understanding IP allocation • primary CIDR range è RFC 1918 addresses è 10/8, 172.16/12, 192.168/16 Used in EKS for: • Pods • Cross-account ENIs for (masters à workers) communication (exec, logs, proxy etc.) • Internal Kubernetes services network (10.100/16 or 172.20/16 – chosen based on your VPC range) Setup: • EKS cluster creation è provide list of subnets (in at least 2 AZs!) è tagging
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS VPC CNI plugin – understanding IP allocation • secondary CIDR ranges (new!) è non-RFC 1918 address blocks (100.64.0.0/10 and 198.19.0.0/16) Used in Amazon EKS for: • Pods only How? • Amazon EKS custom network config è enable è create ENIConfig CRD è annotate nodes CNI 1.2.1+
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Exposes the service on a cluster-internal IP • Only reachable from within the cluster • Access possible via kube-proxy • Useful for debugging services, connecting from your laptop or displaying internal dashboards Kubernetes ServiceType: ClusterIP
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Kubernetes ServiceType: NodePort • Exposes the service on each Node’s IP at a static port. • Routes to a ClusterIP service, which is automatically created. • from outside the cluster: <NodeIP>:<NodePort> • 1 service per port • Uses ports 30000-32767
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Exposes the service externally using a cloud provider’s load balancer. • NodePort and ClusterIP services (to which LB will route) automatically created. • Each service exposed with a LoadBalancer (ELB or NLB) will get its own IP address • Exposes L4 (TCP) or L7 (HTTP) services Kubernetes ServiceType: LoadBalancer
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Service load balancer: NLB apiVersion: v1 kind: Service metadata: name: nginx namespace: default labels: app: nginx annotations: service.beta.kubernetes.io/aws-load-balancer-type: "nlb" spec: externalTrafficPolicy: Local ports: - name: http port: 80 protocol: TCP targetPort: 80 selector: app: nginx type: LoadBalancer
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Service load balancer: NLB • NLB supports forwarding the client’s IP through to the node • .spec.externalTrafficPolicy = Local è client ip passed to pod • Nodes with no matching pods will be removed by specified NLB’s health check .spec.healthCheckNodePort • Use DaemonSet or pod anti-affinity to verify even traffic split
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Maps: service => CNAME(externalName field) • No proxying • Accessing my-service works in the same way as other Services • redirection happens at the DNS level (rather than via proxying or forwarding) kind: Service apiVersion: v1 metadata: name: my-service namespace: prod spec: type: ExternalName externalName: my.database.example.com Kubernetes ServiceType: ExternalName
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. • exposes HTTP/HTTPS routes to services within the cluster • Many implementations: ALB, Nginx, F5, HAProxy etc • Default Service Type: ClusterIP Kubernetes Ingress Object
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. ALB Ingress Controller AWS Resources Kubernetes Cluster Node Node Kubernetes API Server ALB Ingress Controller Node HTTP ListenerHTTPS Listener Rule: /cheesesRule: /charcuterie TargetGroup: Green (IP Mode) TargetGroup: Blue (Instance Mode) NodePort NodePort
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Implementing logging with EFK fluentd is an open source data collector providing a unified logging layer elasticsearch is a distributed, RESTful search and analytics engine kibana lets you visualize your Elasticsearch data
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Implementing logging with EFK - DIY EKS Worker pod fluentd daemonset
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Implementing logging with EFK - DIY EKS Worker pod fluentd daemonset
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Customer Story: Snap
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Snap’s Approach to Infrastructure Goals Flexibility Security Availability / Performance Cost Reduction Minimize operational work
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Technical State of Snap 2016 Small number of large monolithic applications Projects slowed due to inflexibility Infrastructure started to be the long pole
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Technical State of Snap 2016 (cont.) Organizational boundaries also got in the way Work was single threaded through central teams New product teams were not happy with the constraints
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Technical State of Snap 2016 (cont.) Regionalization was impossible in our old architecture Performance matters a lot Stuck with “the way things have always been done” Teams couldn’t “spin up their service in a new region”
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Service-oriented architectures We had seen the value of microservices in other organizations Solve a smaller problem in the best way possible Separates data, responsibilities (security) Organizational division Scaling tied to usage But what is the best approach to SOA?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Portability Our strategy has always been to use the best of breed Containers were obvious. Orchestration is half the battle Let a vendor do that for us.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Kubernetes Amazon EKS Still highly portable Less operations – managed control plane (and more management coming) Run it ourselves? Most portability But a lot of complexity And a lot of operational work Solves a lot of the problems of managing a large set of services + =
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon EKS at Snap 2018 6 services in production today 2019 30-50 services in production by end of 2019 End State Several hundred services on EKS Multi-region Different policies on redundancy based on service
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon EKS at Snap Production services at scale on EKS 7,500 cores 250,000 transactions per second High density pod to node ratio in a secure service mesh 2019 – Global regionalization
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. EKS Cluster Standard Architecture Kubernetes Pod Envoy Proxy Application Service AuthN/Z Logs Metrics
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Results Saved a lot of money Containers and Amazon EKS give us a lot of flexibility to adopt new technologies Envoy is one example, but we expect to continue to reap this benefit Performance improvements Amazon EKS is already widely adopted at Snap
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Next Steps Continue the march Service by service API by API Optimize regionalization
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Recap Kubernetes and AWS • 51% of Kubernetes workloads run on AWS • Amazon EKS is Kubernetes Certified Kubernetes Networking • The three rules of Kubernetes networking • CNI plugin • Kubernetes ServiceTypes Kubernetes Security • Pod permissions to an AWS service Kubernetes Logging • Implementing logging with EFK
Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Martin Dominguez mrtdom@amazon.com @mp_dominguez
Ad

Recommended

Armazenamento em Amazon Web Service para Setor Publico
Armazenamento em Amazon Web Service para Setor Publico Armazenamento em Amazon Web Service para Setor Publico
Armazenamento em Amazon Web Service para Setor Publico
Amazon Web Services LATAM
 
Builders' Day - Building Data Lakes for Analytics On AWS LC
Builders' Day - Building Data Lakes for Analytics On AWS LCBuilders' Day - Building Data Lakes for Analytics On AWS LC
Builders' Day - Building Data Lakes for Analytics On AWS LC
Amazon Web Services LATAM
 
Builders' Day - What's New on EC2
Builders' Day - What's New on EC2Builders' Day - What's New on EC2
Builders' Day - What's New on EC2
Amazon Web Services LATAM
 
Builders Day' - Databases on AWS: The Right Tool for The Right Job
Builders Day' - Databases on AWS: The Right Tool for The Right JobBuilders Day' - Databases on AWS: The Right Tool for The Right Job
Builders Day' - Databases on AWS: The Right Tool for The Right Job
Amazon Web Services LATAM
 
EKS Workshop
EKS Workshop EKS Workshop
EKS Workshop
AWS Germany
 
More Containers Less Operations
More Containers Less OperationsMore Containers Less Operations
More Containers Less Operations
Donnie Prakoso
 
Introduction to Serverless computing and AWS Lambda - Floor28
Introduction to Serverless computing and AWS Lambda - Floor28Introduction to Serverless computing and AWS Lambda - Floor28
Introduction to Serverless computing and AWS Lambda - Floor28
Boaz Ziniman
 
Amazon Elastic Container Service for Kubernetes (Amazon EKS) I AWS Dev Day 2018
Amazon Elastic Container Service for Kubernetes (Amazon EKS) I AWS Dev Day 2018Amazon Elastic Container Service for Kubernetes (Amazon EKS) I AWS Dev Day 2018
Amazon Elastic Container Service for Kubernetes (Amazon EKS) I AWS Dev Day 2018
AWS Germany
 
Introduction to Serverless Computing - OOP Munich
Introduction to Serverless Computing - OOP Munich Introduction to Serverless Computing - OOP Munich
Introduction to Serverless Computing - OOP Munich
Boaz Ziniman
 
[AWS Container Service] Introducing AWS Fargate
[AWS Container Service] Introducing AWS Fargate[AWS Container Service] Introducing AWS Fargate
[AWS Container Service] Introducing AWS Fargate
Amazon Web Services Korea
 
게임 고객사를 위한 ‘AWS 컨테이너 교육’ 자료 - 유재석 솔루션즈 아키텍트, AWS :: Gaming Immersion Day 201...
게임 고객사를 위한 ‘AWS 컨테이너 교육’ 자료 - 유재석 솔루션즈 아키텍트, AWS :: Gaming Immersion Day 201...게임 고객사를 위한 ‘AWS 컨테이너 교육’ 자료 - 유재석 솔루션즈 아키텍트, AWS :: Gaming Immersion Day 201...
게임 고객사를 위한 ‘AWS 컨테이너 교육’ 자료 - 유재석 솔루션즈 아키텍트, AWS :: Gaming Immersion Day 201...
Amazon Web Services Korea
 
Deep Dive on Amazon Elastic Container Service (ECS) I AWS Dev Day 2018
Deep Dive on Amazon Elastic Container Service (ECS) I AWS Dev Day 2018Deep Dive on Amazon Elastic Container Service (ECS) I AWS Dev Day 2018
Deep Dive on Amazon Elastic Container Service (ECS) I AWS Dev Day 2018
AWS Germany
 
[AWS Container Service] Getting Started with Kubernetes on AWS
[AWS Container Service] Getting Started with Kubernetes on AWS[AWS Container Service] Getting Started with Kubernetes on AWS
[AWS Container Service] Getting Started with Kubernetes on AWS
Amazon Web Services Korea
 
Modern Applications Development on AWS
Modern Applications Development on AWSModern Applications Development on AWS
Modern Applications Development on AWS
Boaz Ziniman
 
Building Modern Applications on AWS.pptx
Building Modern Applications on AWS.pptxBuilding Modern Applications on AWS.pptx
Building Modern Applications on AWS.pptx
Nelson Kimathi
 
CMP376 - Another Week, Another Million Containers on Amazon EC2
CMP376 - Another Week, Another Million Containers on Amazon EC2CMP376 - Another Week, Another Million Containers on Amazon EC2
CMP376 - Another Week, Another Million Containers on Amazon EC2
aspyker
 
AWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvemAWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvem
Amazon Web Services LATAM
 
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e BackupAWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
Amazon Web Services LATAM
 
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
Amazon Web Services LATAM
 
AWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvemAWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvem
Amazon Web Services LATAM
 
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e BackupAWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
Amazon Web Services LATAM
 
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
Amazon Web Services LATAM
 
Automatice el proceso de entrega con CI/CD en AWS
Automatice el proceso de entrega con CI/CD en AWSAutomatice el proceso de entrega con CI/CD en AWS
Automatice el proceso de entrega con CI/CD en AWS
Amazon Web Services LATAM
 
Automatize seu processo de entrega de software com CI/CD na AWS
Automatize seu processo de entrega de software com CI/CD na AWSAutomatize seu processo de entrega de software com CI/CD na AWS
Automatize seu processo de entrega de software com CI/CD na AWS
Amazon Web Services LATAM
 
Cómo empezar con Amazon EKS
Cómo empezar con Amazon EKSCómo empezar con Amazon EKS
Cómo empezar con Amazon EKS
Amazon Web Services LATAM
 
Como começar com Amazon EKS
Como começar com Amazon EKSComo começar com Amazon EKS
Como começar com Amazon EKS
Amazon Web Services LATAM
 
Ransomware: como recuperar os seus dados na nuvem AWS
Ransomware: como recuperar os seus dados na nuvem AWSRansomware: como recuperar os seus dados na nuvem AWS
Ransomware: como recuperar os seus dados na nuvem AWS
Amazon Web Services LATAM
 
Ransomware: cómo recuperar sus datos en la nube de AWS
Ransomware: cómo recuperar sus datos en la nube de AWSRansomware: cómo recuperar sus datos en la nube de AWS
Ransomware: cómo recuperar sus datos en la nube de AWS
Amazon Web Services LATAM
 
Ransomware: Estratégias de Mitigação
Ransomware: Estratégias de MitigaçãoRansomware: Estratégias de Mitigação
Ransomware: Estratégias de Mitigação
Amazon Web Services LATAM
 
Ransomware: Estratégias de Mitigación
Ransomware: Estratégias de MitigaciónRansomware: Estratégias de Mitigación
Ransomware: Estratégias de Mitigación
Amazon Web Services LATAM
 
Ad

More Related Content

Similar to Builders' Day- Mastering Kubernetes on AWS (8)

Introduction to Serverless Computing - OOP Munich
Introduction to Serverless Computing - OOP Munich Introduction to Serverless Computing - OOP Munich
Introduction to Serverless Computing - OOP Munich
Boaz Ziniman
 
[AWS Container Service] Introducing AWS Fargate
[AWS Container Service] Introducing AWS Fargate[AWS Container Service] Introducing AWS Fargate
[AWS Container Service] Introducing AWS Fargate
Amazon Web Services Korea
 
게임 고객사를 위한 ‘AWS 컨테이너 교육’ 자료 - 유재석 솔루션즈 아키텍트, AWS :: Gaming Immersion Day 201...
게임 고객사를 위한 ‘AWS 컨테이너 교육’ 자료 - 유재석 솔루션즈 아키텍트, AWS :: Gaming Immersion Day 201...게임 고객사를 위한 ‘AWS 컨테이너 교육’ 자료 - 유재석 솔루션즈 아키텍트, AWS :: Gaming Immersion Day 201...
게임 고객사를 위한 ‘AWS 컨테이너 교육’ 자료 - 유재석 솔루션즈 아키텍트, AWS :: Gaming Immersion Day 201...
Amazon Web Services Korea
 
Deep Dive on Amazon Elastic Container Service (ECS) I AWS Dev Day 2018
Deep Dive on Amazon Elastic Container Service (ECS) I AWS Dev Day 2018Deep Dive on Amazon Elastic Container Service (ECS) I AWS Dev Day 2018
Deep Dive on Amazon Elastic Container Service (ECS) I AWS Dev Day 2018
AWS Germany
 
[AWS Container Service] Getting Started with Kubernetes on AWS
[AWS Container Service] Getting Started with Kubernetes on AWS[AWS Container Service] Getting Started with Kubernetes on AWS
[AWS Container Service] Getting Started with Kubernetes on AWS
Amazon Web Services Korea
 
Modern Applications Development on AWS
Modern Applications Development on AWSModern Applications Development on AWS
Modern Applications Development on AWS
Boaz Ziniman
 
Building Modern Applications on AWS.pptx
Building Modern Applications on AWS.pptxBuilding Modern Applications on AWS.pptx
Building Modern Applications on AWS.pptx
Nelson Kimathi
 
CMP376 - Another Week, Another Million Containers on Amazon EC2
CMP376 - Another Week, Another Million Containers on Amazon EC2CMP376 - Another Week, Another Million Containers on Amazon EC2
CMP376 - Another Week, Another Million Containers on Amazon EC2
aspyker
 
Introduction to Serverless Computing - OOP Munich
Introduction to Serverless Computing - OOP Munich Introduction to Serverless Computing - OOP Munich
Introduction to Serverless Computing - OOP Munich
Boaz Ziniman
 
[AWS Container Service] Introducing AWS Fargate
[AWS Container Service] Introducing AWS Fargate[AWS Container Service] Introducing AWS Fargate
[AWS Container Service] Introducing AWS Fargate
Amazon Web Services Korea
 
게임 고객사를 위한 ‘AWS 컨테이너 교육’ 자료 - 유재석 솔루션즈 아키텍트, AWS :: Gaming Immersion Day 201...
게임 고객사를 위한 ‘AWS 컨테이너 교육’ 자료 - 유재석 솔루션즈 아키텍트, AWS :: Gaming Immersion Day 201...게임 고객사를 위한 ‘AWS 컨테이너 교육’ 자료 - 유재석 솔루션즈 아키텍트, AWS :: Gaming Immersion Day 201...
게임 고객사를 위한 ‘AWS 컨테이너 교육’ 자료 - 유재석 솔루션즈 아키텍트, AWS :: Gaming Immersion Day 201...
Amazon Web Services Korea
 
Deep Dive on Amazon Elastic Container Service (ECS) I AWS Dev Day 2018
Deep Dive on Amazon Elastic Container Service (ECS) I AWS Dev Day 2018Deep Dive on Amazon Elastic Container Service (ECS) I AWS Dev Day 2018
Deep Dive on Amazon Elastic Container Service (ECS) I AWS Dev Day 2018
AWS Germany
 
[AWS Container Service] Getting Started with Kubernetes on AWS
[AWS Container Service] Getting Started with Kubernetes on AWS[AWS Container Service] Getting Started with Kubernetes on AWS
[AWS Container Service] Getting Started with Kubernetes on AWS
Amazon Web Services Korea
 
Modern Applications Development on AWS
Modern Applications Development on AWSModern Applications Development on AWS
Modern Applications Development on AWS
Boaz Ziniman
 
Building Modern Applications on AWS.pptx
Building Modern Applications on AWS.pptxBuilding Modern Applications on AWS.pptx
Building Modern Applications on AWS.pptx
Nelson Kimathi
 
CMP376 - Another Week, Another Million Containers on Amazon EC2
CMP376 - Another Week, Another Million Containers on Amazon EC2CMP376 - Another Week, Another Million Containers on Amazon EC2
CMP376 - Another Week, Another Million Containers on Amazon EC2
aspyker
 

More from Amazon Web Services LATAM (20)

AWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvemAWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvem
Amazon Web Services LATAM
 
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e BackupAWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
Amazon Web Services LATAM
 
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
Amazon Web Services LATAM
 
AWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvemAWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvem
Amazon Web Services LATAM
 
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e BackupAWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
Amazon Web Services LATAM
 
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
Amazon Web Services LATAM
 
Automatice el proceso de entrega con CI/CD en AWS
Automatice el proceso de entrega con CI/CD en AWSAutomatice el proceso de entrega con CI/CD en AWS
Automatice el proceso de entrega con CI/CD en AWS
Amazon Web Services LATAM
 
Automatize seu processo de entrega de software com CI/CD na AWS
Automatize seu processo de entrega de software com CI/CD na AWSAutomatize seu processo de entrega de software com CI/CD na AWS
Automatize seu processo de entrega de software com CI/CD na AWS
Amazon Web Services LATAM
 
Cómo empezar con Amazon EKS
Cómo empezar con Amazon EKSCómo empezar con Amazon EKS
Cómo empezar con Amazon EKS
Amazon Web Services LATAM
 
Como começar com Amazon EKS
Como começar com Amazon EKSComo começar com Amazon EKS
Como começar com Amazon EKS
Amazon Web Services LATAM
 
Ransomware: como recuperar os seus dados na nuvem AWS
Ransomware: como recuperar os seus dados na nuvem AWSRansomware: como recuperar os seus dados na nuvem AWS
Ransomware: como recuperar os seus dados na nuvem AWS
Amazon Web Services LATAM
 
Ransomware: cómo recuperar sus datos en la nube de AWS
Ransomware: cómo recuperar sus datos en la nube de AWSRansomware: cómo recuperar sus datos en la nube de AWS
Ransomware: cómo recuperar sus datos en la nube de AWS
Amazon Web Services LATAM
 
Ransomware: Estratégias de Mitigação
Ransomware: Estratégias de MitigaçãoRansomware: Estratégias de Mitigação
Ransomware: Estratégias de Mitigação
Amazon Web Services LATAM
 
Ransomware: Estratégias de Mitigación
Ransomware: Estratégias de MitigaciónRansomware: Estratégias de Mitigación
Ransomware: Estratégias de Mitigación
Amazon Web Services LATAM
 
Aprenda a migrar y transferir datos al usar la nube de AWS
Aprenda a migrar y transferir datos al usar la nube de AWSAprenda a migrar y transferir datos al usar la nube de AWS
Aprenda a migrar y transferir datos al usar la nube de AWS
Amazon Web Services LATAM
 
Aprenda como migrar e transferir dados ao utilizar a nuvem da AWS
Aprenda como migrar e transferir dados ao utilizar a nuvem da AWSAprenda como migrar e transferir dados ao utilizar a nuvem da AWS
Aprenda como migrar e transferir dados ao utilizar a nuvem da AWS
Amazon Web Services LATAM
 
Cómo mover a un almacenamiento de archivos administrados
Cómo mover a un almacenamiento de archivos administradosCómo mover a un almacenamiento de archivos administrados
Cómo mover a un almacenamiento de archivos administrados
Amazon Web Services LATAM
 
Simplifique su BI con AWS
Simplifique su BI con AWSSimplifique su BI con AWS
Simplifique su BI con AWS
Amazon Web Services LATAM
 
Simplifique o seu BI com a AWS
Simplifique o seu BI com a AWSSimplifique o seu BI com a AWS
Simplifique o seu BI com a AWS
Amazon Web Services LATAM
 
Os benefícios de migrar seus workloads de Big Data para a AWS
Os benefícios de migrar seus workloads de Big Data para a AWSOs benefícios de migrar seus workloads de Big Data para a AWS
Os benefícios de migrar seus workloads de Big Data para a AWS
Amazon Web Services LATAM
 
AWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvemAWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvem
Amazon Web Services LATAM
 
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e BackupAWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
Amazon Web Services LATAM
 
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
Amazon Web Services LATAM
 
AWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvemAWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvem
Amazon Web Services LATAM
 
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e BackupAWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
Amazon Web Services LATAM
 
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
Amazon Web Services LATAM
 
Automatice el proceso de entrega con CI/CD en AWS
Automatice el proceso de entrega con CI/CD en AWSAutomatice el proceso de entrega con CI/CD en AWS
Automatice el proceso de entrega con CI/CD en AWS
Amazon Web Services LATAM
 
Automatize seu processo de entrega de software com CI/CD na AWS
Automatize seu processo de entrega de software com CI/CD na AWSAutomatize seu processo de entrega de software com CI/CD na AWS
Automatize seu processo de entrega de software com CI/CD na AWS
Amazon Web Services LATAM
 
Cómo empezar con Amazon EKS
Cómo empezar con Amazon EKSCómo empezar con Amazon EKS
Cómo empezar con Amazon EKS
Amazon Web Services LATAM
 
Como começar com Amazon EKS
Como começar com Amazon EKSComo começar com Amazon EKS
Como começar com Amazon EKS
Amazon Web Services LATAM
 
Ransomware: como recuperar os seus dados na nuvem AWS
Ransomware: como recuperar os seus dados na nuvem AWSRansomware: como recuperar os seus dados na nuvem AWS
Ransomware: como recuperar os seus dados na nuvem AWS
Amazon Web Services LATAM
 
Ransomware: cómo recuperar sus datos en la nube de AWS
Ransomware: cómo recuperar sus datos en la nube de AWSRansomware: cómo recuperar sus datos en la nube de AWS
Ransomware: cómo recuperar sus datos en la nube de AWS
Amazon Web Services LATAM
 
Ransomware: Estratégias de Mitigação
Ransomware: Estratégias de MitigaçãoRansomware: Estratégias de Mitigação
Ransomware: Estratégias de Mitigação
Amazon Web Services LATAM
 
Ransomware: Estratégias de Mitigación
Ransomware: Estratégias de MitigaciónRansomware: Estratégias de Mitigación
Ransomware: Estratégias de Mitigación
Amazon Web Services LATAM
 
Aprenda a migrar y transferir datos al usar la nube de AWS
Aprenda a migrar y transferir datos al usar la nube de AWSAprenda a migrar y transferir datos al usar la nube de AWS
Aprenda a migrar y transferir datos al usar la nube de AWS
Amazon Web Services LATAM
 
Aprenda como migrar e transferir dados ao utilizar a nuvem da AWS
Aprenda como migrar e transferir dados ao utilizar a nuvem da AWSAprenda como migrar e transferir dados ao utilizar a nuvem da AWS
Aprenda como migrar e transferir dados ao utilizar a nuvem da AWS
Amazon Web Services LATAM
 
Cómo mover a un almacenamiento de archivos administrados
Cómo mover a un almacenamiento de archivos administradosCómo mover a un almacenamiento de archivos administrados
Cómo mover a un almacenamiento de archivos administrados
Amazon Web Services LATAM
 
Simplifique su BI con AWS
Simplifique su BI con AWSSimplifique su BI con AWS
Simplifique su BI con AWS
Amazon Web Services LATAM
 
Simplifique o seu BI com a AWS
Simplifique o seu BI com a AWSSimplifique o seu BI com a AWS
Simplifique o seu BI com a AWS
Amazon Web Services LATAM
 
Os benefícios de migrar seus workloads de Big Data para a AWS
Os benefícios de migrar seus workloads de Big Data para a AWSOs benefícios de migrar seus workloads de Big Data para a AWS
Os benefícios de migrar seus workloads de Big Data para a AWS
Amazon Web Services LATAM
 
Ad

Recently uploaded (20)

AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Aqusag Technologies
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdfComplete Guide to Advanced Logistics Management Software in Riyadh.pdf
Complete Guide to Advanced Logistics Management Software in Riyadh.pdf
Software Company
 
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-UmgebungenHCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
HCL Nomad Web – Best Practices und Verwaltung von Multiuser-Umgebungen
panagenda
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.Greenhouse_Monitoring_Presentation.pptx.
Greenhouse_Monitoring_Presentation.pptx.
hpbmnnxrvb
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Aqusag Technologies
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Ad

Builders' Day- Mastering Kubernetes on AWS

  • 1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda • Kubernetes • AWS • Mastering
  • 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. $ vi Dockerfile $ docker build -t mykillerapp:0.0.1 . $ docker run -it mykillerapp:0.0.1 Running containers in development is easy…
  • 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Moving to production: data plane Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS AZ 1 AZ 2 AZ 3
  • 6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Moving to production: control plane etcd etcdetcd Master Master Master Availability zone 1 Availability zone 2 Availability zone 1
  • 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Yup. This is hard. - Lucas Käldström, volunteer ambassador for the Cloud Native Computing Foundation
  • 8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. “Run Kubernetes for me.” 51% of Kubernetes workloads run on AWS today — Cloud Native Computing Foundation
  • 9. “Give us an upstream experience.” “Please don’t fork.” “Make sure it’s compatible”
  • 10. Amazon EKS is Kubernetes Certified
  • 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon EKS mycluster.eks.amazonaws.com EKS Workers Kubectl AZ 1 AZ 2 AZ 3 VPC
  • 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cross account Kubernetes EKS VPCCustomer VPC Worker Nodes EKS-Owned ENI Kubernetes API calls Exec, Logs, Proxy Internet
  • 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. • All the pods can communicate with each other directly without NAT • All the nodes can communicate with all pods (and vice versa) without NAT • The IP that a pod sees itself as is the same IP that others see it as The three rules of Kubernetes networking…
  • 15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS VPC CNI plugin ENI Secondary IPs: 10.0.0.1 10.0.0.2 10.0.0.1 10.0.0.2 ENI 10.0.0.20 10.0.0.22 Secondary IPs: 10.0.0.20 10.0.0.22 ec2.associateaddress() VPC Subnet – 10.0.0.0/24 Instance 1 Instance 2 VPC
  • 16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS VPC CNI plugin – understanding IP allocation • primary CIDR range è RFC 1918 addresses è 10/8, 172.16/12, 192.168/16 Used in EKS for: • Pods • Cross-account ENIs for (masters à workers) communication (exec, logs, proxy etc.) • Internal Kubernetes services network (10.100/16 or 172.20/16 – chosen based on your VPC range) Setup: • EKS cluster creation è provide list of subnets (in at least 2 AZs!) è tagging
  • 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS VPC CNI plugin – understanding IP allocation • secondary CIDR ranges (new!) è non-RFC 1918 address blocks (100.64.0.0/10 and 198.19.0.0/16) Used in Amazon EKS for: • Pods only How? • Amazon EKS custom network config è enable è create ENIConfig CRD è annotate nodes CNI 1.2.1+
  • 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Exposes the service on a cluster-internal IP • Only reachable from within the cluster • Access possible via kube-proxy • Useful for debugging services, connecting from your laptop or displaying internal dashboards Kubernetes ServiceType: ClusterIP
  • 20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Kubernetes ServiceType: NodePort • Exposes the service on each Node’s IP at a static port. • Routes to a ClusterIP service, which is automatically created. • from outside the cluster: <NodeIP>:<NodePort> • 1 service per port • Uses ports 30000-32767
  • 21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Exposes the service externally using a cloud provider’s load balancer. • NodePort and ClusterIP services (to which LB will route) automatically created. • Each service exposed with a LoadBalancer (ELB or NLB) will get its own IP address • Exposes L4 (TCP) or L7 (HTTP) services Kubernetes ServiceType: LoadBalancer
  • 22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Service load balancer: NLB apiVersion: v1 kind: Service metadata: name: nginx namespace: default labels: app: nginx annotations: service.beta.kubernetes.io/aws-load-balancer-type: "nlb" spec: externalTrafficPolicy: Local ports: - name: http port: 80 protocol: TCP targetPort: 80 selector: app: nginx type: LoadBalancer
  • 23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Service load balancer: NLB • NLB supports forwarding the client’s IP through to the node • .spec.externalTrafficPolicy = Local è client ip passed to pod • Nodes with no matching pods will be removed by specified NLB’s health check .spec.healthCheckNodePort • Use DaemonSet or pod anti-affinity to verify even traffic split
  • 24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Maps: service => CNAME(externalName field) • No proxying • Accessing my-service works in the same way as other Services • redirection happens at the DNS level (rather than via proxying or forwarding) kind: Service apiVersion: v1 metadata: name: my-service namespace: prod spec: type: ExternalName externalName: my.database.example.com Kubernetes ServiceType: ExternalName
  • 25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. • exposes HTTP/HTTPS routes to services within the cluster • Many implementations: ALB, Nginx, F5, HAProxy etc • Default Service Type: ClusterIP Kubernetes Ingress Object
  • 26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. ALB Ingress Controller AWS Resources Kubernetes Cluster Node Node Kubernetes API Server ALB Ingress Controller Node HTTP ListenerHTTPS Listener Rule: /cheesesRule: /charcuterie TargetGroup: Green (IP Mode) TargetGroup: Blue (Instance Mode) NodePort NodePort
  • 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Implementing logging with EFK fluentd is an open source data collector providing a unified logging layer elasticsearch is a distributed, RESTful search and analytics engine kibana lets you visualize your Elasticsearch data
  • 29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Implementing logging with EFK - DIY EKS Worker pod fluentd daemonset
  • 30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Implementing logging with EFK - DIY EKS Worker pod fluentd daemonset
  • 31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Customer Story: Snap
  • 32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Snap’s Approach to Infrastructure Goals Flexibility Security Availability / Performance Cost Reduction Minimize operational work
  • 33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Technical State of Snap 2016 Small number of large monolithic applications Projects slowed due to inflexibility Infrastructure started to be the long pole
  • 34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Technical State of Snap 2016 (cont.) Organizational boundaries also got in the way Work was single threaded through central teams New product teams were not happy with the constraints
  • 35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Technical State of Snap 2016 (cont.) Regionalization was impossible in our old architecture Performance matters a lot Stuck with “the way things have always been done” Teams couldn’t “spin up their service in a new region”
  • 36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Service-oriented architectures We had seen the value of microservices in other organizations Solve a smaller problem in the best way possible Separates data, responsibilities (security) Organizational division Scaling tied to usage But what is the best approach to SOA?
  • 37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Portability Our strategy has always been to use the best of breed Containers were obvious. Orchestration is half the battle Let a vendor do that for us.
  • 38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Kubernetes Amazon EKS Still highly portable Less operations – managed control plane (and more management coming) Run it ourselves? Most portability But a lot of complexity And a lot of operational work Solves a lot of the problems of managing a large set of services + =
  • 39. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon EKS at Snap 2018 6 services in production today 2019 30-50 services in production by end of 2019 End State Several hundred services on EKS Multi-region Different policies on redundancy based on service
  • 40. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon EKS at Snap Production services at scale on EKS 7,500 cores 250,000 transactions per second High density pod to node ratio in a secure service mesh 2019 – Global regionalization
  • 41. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. EKS Cluster Standard Architecture Kubernetes Pod Envoy Proxy Application Service AuthN/Z Logs Metrics
  • 42. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Results Saved a lot of money Containers and Amazon EKS give us a lot of flexibility to adopt new technologies Envoy is one example, but we expect to continue to reap this benefit Performance improvements Amazon EKS is already widely adopted at Snap
  • 43. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Next Steps Continue the march Service by service API by API Optimize regionalization
  • 44. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Recap Kubernetes and AWS • 51% of Kubernetes workloads run on AWS • Amazon EKS is Kubernetes Certified Kubernetes Networking • The three rules of Kubernetes networking • CNI plugin • Kubernetes ServiceTypes Kubernetes Security • Pod permissions to an AWS service Kubernetes Logging • Implementing logging with EFK
  • 45. Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Martin Dominguez [email protected] @mp_dominguez