[AWS Container Service] Getting Started with Kubernetes on AWS

© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Build with Containers
Seoul, South Korea

Your presenters
Omar Lari,
Container Service
• Held engineering and leaderships roles at various
silicon valley startups, enterprise organization and
consulting firms
• 3 years at AWS – Solutions Architect specializing in
container adoption and container services business
development

Excited to be in South Korea!
• My first time here
• Suggestions for food, sights and soju drinking tips
are welcome J

Today’s Agenda
09:30 Welcome
09:35 Building with Kubernetes on AWS
10:20 Amazon EKS Hands-On Lab
12:45 Lunch
13:15 Partner Presentation
13:45 Building with Fargate and Amazon ECS
14:30 Fargate Hands-On Lab
16:30 Closing Discussion
17:00 End

Important information
• Bathrooms
• Slides will be provided after the event via slideshare
• You will receive a survey after the event in your email. It only
takes 3 minutes to complete! Let us know how we did and what to
improve.

Containers on AWS

AWS Container Services Landscape
MANAGEMENT
Deployment, Scheduling, Scaling &
Management of containerized
applications
HOSTING
Where the containers run
Amazon Elastic
Container Service
Amazon Elastic
Container Service
for Kubernetes
Amazon EC2 AWS Fargate
Higher Level Services
Application Management
Amazon Elastic
Container Registry
Compute
Spot Instance GPU Instance

Omar Lari, Container Services
March 4th, 2019
Kubernetes on AWS
Open source container management

Agenda
• Why containers?
• What is Kubernetes?
• Key concepts
• Running Kubernetes on AWS
• Demonstration

Why containers? FizzBuzz!

Application environment components
Runtime Engine Code
Dependencies Configuration

Local Laptop Staging / QA Production On-Premises
Different environments

Local Laptop Staging / QA Production On-Prem
It worked on my machine, why not in
prod?
v6.0.0 v7.0.0 v4.0.0 v7.0.0

Containers to the rescue
Runtime Engine
Code
Dependencies

Docker
Lightweight container virtualization platform.
Tools to manage and deploy your applications.
Licensed under the Apache 2.0 license.
First released March 2013
Built by Docker, Inc.

Docker Image
Read only image that is used as a
template to launch a container.
Start from base images that have
your dependencies, add your custom
code.
Docker file for easy, reproducible
builds.
bootfs
kernel
Base image
Image
Image
W
ritable
Container
add
ngix
add
nodejs
U
buntu
References
parent
image

Local Laptop Staging / QA Production On-Prem
Four environments, same container

Container Implementation
Server (Host)
Hypervisor
Guest OS
Bins/Libs
App 2
Guest OS
Bins/Libs
App 3
Guest OS
Bins/Libs
App 1
Server (Host)
Hypervisor
Guest OS
App 2
Guest OS
App 3
Guest OS
App 1
Guest OS / Docker Engine
Bins/Libs Bins/LibsBins/Libs
Server (Host)
Operating System (OS)
Guest OS Guest OSGuest OS Libraries
App 1, 2, 3
Bare Metal Virtual Machine Containers

But how do we make this work at scale?

We need to
• start, stop, and monitor lots of containers running on
lots of hosts
• decide when and where to start or stop containers
• control our hosts and monitor their status
• manage rollouts of new code (containers) to our hosts
• manage how traffic flows to containers and how
requests are routed

aka ‘k8s’

AWS Container Services Landscape
MANAGEMENT
Deployment, Scheduling,
Scaling & Management
HOSTING
Amazon EC2
IMAGE REGISTRY
Container Image Repository

Open source container
management platform
Helps you run
containers at scale
Gives you primitives
for building
modern applications
What is Kubernetes?

Containers on Hosts
A host is a server – e.g. EC2 virtual machine.
We run these hosts together as a cluster.
Web App
To start let’s run a 3 copies of our web
app across our cluster of EC2 hosts.
3x
Our simple example web application is
already containerized.

Run n containers
We define a deployment and set the replicas
to 3 for our container.

Scale up!
Need more containers?
Update the replication set!
The new containers are started on the cluster.

Untimely termination
Oh no! Our host has died!
Kubernetes notices only 3 of the 5
containers are running and starts 2
additional containers on the remaining
hosts.

Containers IRL
In production, we want to do more complex
things like,
• Run a service to route traffic to a set of
running containers
• Manage the deployment of containers to
our cluster
• Run multiple containers together and
specify how they run

Pods
• Define how your containers should run
• Allow you to run 1 to n containers together
Containers in pods have
• Shared IP space
• Shared volumes
• Shared scaling (you scale pods not
individual containers)
When containers are started on our cluster,
they are always part of a pod.
(even if it’s a pod of 1)
Container A
Container B

Services
One of the ways traffic gets to your pods.
• Internal IP addresses are assigned to each pod
• Services are connected to pods
and use labels to reference which pod
to route requests to
containers.
container
containers
containers

Deployments
Services work with deployments to manage
updating or adding new pods.
Let’s say we want to deploy a new version of our
web app as a ‘canary’ and see how it handles
traffic.

Deployments
The deployment creates a new replication set
for our new pod version.

Deployments
Only after the new pod returns a healthy
status to the service do we add more new
pods and scale down the old.

Running Kubernetes on AWS

51%of Kubernetes workloads
run on AWS today
— Cloud Native Computing Foundation

Elastic Container Service for Kubernetes
Managed K8s control plane — highly available API server and etcd nodes
aws eks create-cluster
--name <>
--role-arn <>
--resources-vpc-config <>
...
Bring your own EC2 worker nodes
Core tenets
• Platform for enterprises to run production-grade workloads
• Provides a native and upstream Kubernetes experience – Kubernetes certified
• Seamless integration with AWS services
• Actively contributes to the Kubernetes project
APIs

eksctl – eks the easy way
CLI to provision and managed your EKS cluster
apiVersion: eksctl.io/v1alpha4
kind: ClusterConfig
metadata:
name: demo
region: ap-northeast-2
version: '1.11’
nodeGroups:
...
Quickly get started without worrying about VPC, IAM and Node design
eksctl create cluster
Or define a config file for more detailed configuration control
eksctl create cluster –f config.yaml

EKS Customers
C r e a t e E K S c l u s t e r
P r o v i s i o n w o r k e r n o d e s
L a u n c h a d d - o n s
L a u n c h w o r k l o a d s

EKS – Kubernetes control plane
C r e a t e c l u s t e r
C r e a t e H A c o n t r o l
p l a n e
I A M i n t e g r a t i o n
C e r t i f i c a t e
m a n a g e m e n t
S e t u p L B

EC2 Worker
Nodes
EKS
Control
Plane
Customer VPC EKS VPC
Network Load
Balancer
ENI
API Access
Kubectl
Exec/Logs
TLS
Static IPs
ENI Attachment
Autoscaling Group
EKS Architecture

Native VPC networking
with CNI plugin
Pods have the same VPC
address inside the pod
as on the VPC
Simple, secure
networking
Open source and
on GitHub
…{ }
https://github.com/aws/amazon-vpc-cni-k8s
Container Networking Interface (CNI)

VPC CNI plugin
• Bridge between the K8s land – AWS VPC
• AWS Routable IPs
• Thin layer – no performance impact
• Pod IP ENI secondary IP

AWS IAM Authenticator for Kubernetes
• AWS native access management
• Built in collaboration with Heptio
• Kubectl and worker nodes
• Works with Kubernetes Role-Based Authentication (RBAC)

IAM roles for Kubectl

Tracing

CICD for Kubernetes Apps

CI/CD of apps on Kubernetes—choices

Jenkins

EKS Deployment Pipeline

Questions?

Start at https://eksworkshop.com

[AWS Container Service] Getting Started with Kubernetes on AWS

More Related Content

What's hot (20)

Similar to [AWS Container Service] Getting Started with Kubernetes on AWS (8)

More from Amazon Web Services Korea (20)

Recently uploaded (20)

[AWS Container Service] Getting Started with Kubernetes on AWS