Movatterモバイル変換

Amazon EKS Hands-on WorkshopJeong, Young JoonKim, Sae HoYoo, Jae SeokKim, Kwang YoungJeong, Jun WooChoi, In Young

Pre-lab.Start the Workshop, Launch using eksctlYoo, Jae Seok

Recommendations• 영문이 불편하시다면 크롬 번역 기능이 괜찮습니다.• 터미널을 끄지 마세요.• 명령어는 검은 창 안에 있습니다. 복사 아이콘을 사용하세요.• Cleanup은 임의로 하지 마시고, 매뉴얼을 따라주세요.

Lab 1.Deploy the Example MicroservicesKim, Sae Ho

How do we make this work at scale?

We need to• start, stop, and monitor lots of containers running on lots of hosts• decide when and where to start or stop containers• control our hosts and monitor their status• manage rollouts of new code (containers) to our hosts• manage how traffic flows to containers and how requests are routed

Containers on HostsHost 1Host 2Host 3A host is a server – e.g. EC2 virtual machine.We run these hosts together as a cluster.Web AppTo start let’s run a 3 copies of our web appacross our cluster of EC2 hosts.3xOur simple example web application is alreadycontainerized.Cluster

Run n containersHost 1Host 2Host 3We define a deployment and set the replicasto 3 for our container.deploymentkubectlrep = 3

Scale up!Host 1Host 2Host 3Need more containers?Update the replication set!deploymentkubectlrep = 5The new containers are started on the cluster.

Untimely terminationHost 1Host 2Host 3Oh no! Our host has died!Replicationsetrep = 5Kubernetes notices only 3 of the 5containers are running and starts 2additional containers on the remaininghosts.

Containers IRLHost 1Host 2Host 3In production, we want to do more complexthings like,• Run a service to route traffic to a set ofrunning containers• Manage the deployment of containers toour cluster• Run multiple containers together andspecify how they run

Pods• Define how your containers should run• Allow you to run 1 to n containers togetherContainers in pods have• Shared IP space• Shared volumes• Shared scaling (you scale pods not individualcontainers)When containers are started on our cluster, theyare always part of a pod.(even if it’s a pod of 1)IPContainer AContainer B

ServicesOne of the ways traffic gets to your containers.• Internal IP addresses are assigned to each container• Services are connected to containersand use labels to reference which containersto route requests toIPIPIPServiceIP

DeploymentsIPIPIPServiceIPReplication setversion = 1count = 3DeploymentServices work with deployments to manageupdating or adding new pods.Let’s say we want to deploy a new version of ourweb app as a ‘canary’ and see how it handlestraffic.

DeploymentsIPIPIPServiceIPReplication setversion = 1count = 3The deployment creates a new replication setfor our new pod version.Replication setversion = 2count = 1IPDeployment

DeploymentsIPIPIPServiceIPReplication setversion = 1count = 3Only after the new pod returns a healthystatus to the service do we add more newpods and scale down the old.Replication setversion = 2count = 1IPDeploymentReplication setversion = 1count = 0Replication setversion = 2count = 3

Lab Architecturefrontend:3000backend:3000backend:3000ELBservicediscoveryhttp://ecsdemo-crystal.default.svc.cluster.local/crystalhttp://ecsdemo-nodejs.default.svc.cluster.local/:80:80:80

Lab Architecture$ kubectl get podNAME READY STATUS RESTARTS AGEecsdemo-crystal-844d84cb86-vkpmg 1/1 Running 0 4m57secsdemo-frontend-6df6d9bb9-nj2df 1/1 Running 0 26secsdemo-nodejs-6fdf964f5f-2ftdq 1/1 Running 0 5m38s$ kubectl get svcNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEecsdemo-crystal ClusterIP 10.100.56.118 <none> 80/TCP 4m49secsdemo-frontend LoadBalancer 10.100.63.140 a9efbe276d88611e99c5702f05f1a82d-1003952118.ap-northeast-2.elb.amazonaws.com 80:32268/TCP 5secsdemo-nodejs ClusterIP 10.100.48.163 <none> 80/TCP 5m31s

Lab ArchitectureI, [2019-09-17T03:26:03.072922 #1] INFO -- : Started GET "/" for 192.168.233.51 at 2019-09-17 03:26:03 +0000I, [2019-09-17T03:26:03.075543 #1] INFO -- : Processing by ApplicationController#index as HTMLI, [2019-09-17T03:26:03.081943 #1] INFO -- : uri port is 80I, [2019-09-17T03:26:03.081977 #1] INFO -- : expanded http://ecsdemo-nodejs.default.svc.cluster.local/ to http://ecsdemo-nodejs.default.svc.cluster.local/I, [2019-09-17T03:26:03.089166 #1] INFO -- : uri port is 80I, [2019-09-17T03:26:03.089197 #1] INFO -- : expanded http://ecsdemo-nodejs.default.svc.cluster.local/ to http://ecsdemo-nodejs.default.svc.cluster.local/I, [2019-09-17T03:26:03.092048 #1] INFO -- : uri port is 80I, [2019-09-17T03:26:03.092078 #1] INFO -- : expanded http://ecsdemo-nodejs.default.svc.cluster.local/ to http://ecsdemo-nodejs.default.svc.cluster.local/I, [2019-09-17T03:26:03.121076 #1] INFO -- : uri port is 80I, [2019-09-17T03:26:03.121120 #1] INFO -- : expanded http://ecsdemo-crystal.default.svc.cluster.local/crystal to http://ecsdemo-crystal.default.svc.cluster.local/crystalI, [2019-09-17T03:26:03.128501 #1] INFO -- : uri port is 80I, [2019-09-17T03:26:03.128538 #1] INFO -- : expanded http://ecsdemo-crystal.default.svc.cluster.local/crystal to http://ecsdemo-crystal.default.svc.cluster.local/crystalI, [2019-09-17T03:26:03.135349 #1] INFO -- : uri port is 80I, [2019-09-17T03:26:03.135382 #1] INFO -- : expanded http://ecsdemo-crystal.default.svc.cluster.local/crystal to http://ecsdemo-crystal.default.svc.cluster.local/crystalI, [2019-09-17T03:26:03.146138 #1] INFO -- : Rendered application/index.html.erb within layouts/application (2.5ms)I, [2019-09-17T03:26:03.146535 #1] INFO -- : Completed 200 OK in 71ms (Views: 6.3ms | ActiveRecord: 0.0ms)

Lab 2.Logging with Elasticsearch, Fluentdand KibanaChoi, In Young

Amazon EKS LoggingWorkerWorkerMasterWorkerWorkerMasterAuto ScalinggroupAZ1EKS Cluster RegionAZ2Auto Scaling groupCloudWatchLogsElasticsearchKibanaFluentdDaemonSetKubectl logsElasticsearch (index),Fluentd (store), andKibana (visualize)

Fluentd – Data collectorFluentdPODSDaemonsetsHealth & Performance Monitoring• App Containers, Pods, System, Nodes• Kubernetes Events, Unavailable pods• Application Logs & Metrics• System Logs & Metrics• Cluster Capacity, Performance, Network Traffic• Adhoc Analysis & Troubleshooting

Elasticsearch – Build for search and analysisNatural languageBoolean queriesRelevanceText searchHigh-volume ingestNear real timeDistributed storageStreamingTime-based visualizationsNestable statisticsTime series toolsAnalysis0010110100101110001011110011000000110001001100100011001100110100001101010011

Amazon Elasticsearch ServiceAmazon Elasticsearch Service is afully managed service that makesit easy to deploy, manage, andscale Elasticsearch and Kibana

Benefits of Amazon Elasticsearch ServiceTightly Integrated withOther AWS ServicesSeamless data ingestion, security,auditing and orchestrationSupports Open-SourceAPIs and ToolsDrop-in replacement with no needto learn new APIs or skillsEasy to UseDeploy a production-readyElasticsearch cluster in minutesScalableResize your cluster with a fewclicks or a single API callSecureDeploy into your VPC and restrictaccess using security groups andIAM policiesHighly AvailableReplicate across AvailabilityZones, with monitoring andautomated self-healing

Kibana – Dashboard for Kubernetes• Open Source Visualization tool builtfor Elasticsearch• Real-time dashboards• Build dashboards for Redis,Kubernetes, System metrics

Lab ArchitectureAWS CloudAvailability Zone 1Auto ScalinggroupAvailability Zone 2Auto Scalinggroup

Lab 3.Monitoring using Prometheusand GrafanaYoo, Jae Seok

AWS CloudWatch Container Insights

Prometheus & GrafanaMonitoring and alerting solutionTime series databasePromQLMetric analytics & visualization solutionVisualizing time series data

Lab ArchitectureAmazon EBSrometheus

Lab 4.CI/CD - GitOps with Weave FluxKim, Kwang Young

Release process stagesSource Build Test Production• Integration testswith othersystems• Load testing• UI tests• Security testing• Check-in sourcecode such as .javafiles• Peer review newcode• Compile code• Unit tests• Style checkers• Create containerimages andfunctiondeploymentpackages• Deployment toproductionenvironments• Monitor code inproduction toquickly detecterrors• Check-in sourcecode such as .javafiles• Peer review newcode• Compile code• Unit tests• Style checkers• Create containerimages andfunctiondeploymentpackages• Integration testswith othersystems• Load testing• UI tests• Security testing

Release process stagesSource Build Test Production

AWS Developer ToolsSource Build Test Deploy MonitorAWS CodeBuild +third partySoftware release stepsAWS CodeCommit AWS CodeBuild AWS CodeDeployAWS CodePipelineAWSCodeStarAWS X-RayAmazonCloudWatch

Approaches to modern application development• Accelerate the delivery of new, high-quality services with CI/CD• Simplify environment management with serverless technologies• Reduce the impact of code changes with microservice architectures• Automate operations by modeling applications and infrastructure as code• Gain insight across resources and applications by enabling observability• Protect customers and the business with end-to-end security and compliance

Effects of CI/CDSource: 2018 DORA State of DevOps reportDeployment frequency Weekly–monthly Hourly–dailyChange lead time 1–6 months 1–7 daysChange failure rate 46%–60% 0%–15%48% ofsoftwareteams

CodePipeline• Continuous delivery service for fast and reliable application updates• Model and visualize your software release process• Builds, tests, and deploys your code every time there is a code change• Integrates with third-party tools and AWS

CodeBuild• Fully managed build service that compiles sourcecode, runs tests, and produces software packages• Scales continuously and processes multiple buildsconcurrently• No build servers to manage• Pay by the minute, only for the computeresources you use• Monitor builds through CloudWatch Events

CodeBuild• Each build runs in a new Docker container fora consistent, immutable environment• Docker and AWS Command Line Interface (AWS CLI) are installed in every official CodeBuild image• Provide custom build environments suited to yourneeds through the use of Docker images

Elastic Container Registry• Fully managed private Docker Registry• Supports Docker Registry HTTP API V2• Scalable, available, durable architecture• Secure: encrypt at rest, control access with IAM• Manage image lifecycle• Integrated with other AWS services• Supports Immutable Image Tags

Benefis of GitopsAutomated delivery pipelines roll out changes to your infrastructurewhen changes are made to Git. But the idea of GitOps goes further thanthat – it uses tools to compare the actual production state of your wholeapplication with what’s under source control and then it tells you whenyour cluster doesn’t match the real worldIncreased ProductivityEnhanced Developer ExperienceImproved StabilityHigher ReliabilityConsistency and StandardizationStronger Security Guarantees

Lab 5.Calico or KubeflowJeong YoungJoon

IntroductionNetwork architecture is one of the more complicated aspects of many Kubernetes installations. The Kubernetes networking model itself demandscertain network features but allows for some flexibility regarding the implementation. As a result, various projects have been released to address specific environments and requirements.

BackgroundContainer networking is the mechanism through which containers can optionally connect to other containers, the host, and outside networks like the internet.For example Docker can configure the following networks for a container by default:• none: Adds the container to a container-specific network stack with noconnectivity.• host: Adds the container to the host machine’s network stack, with no isolation.• default bridge: The default networking mode. Each container can connect withone another by IP address.• custom bridge: User-defined bridge networks with additional flexibility, isolation,and convenience features.

Native VPC networkingwith CNI pluginPods have the same VPCaddress inside the podas on the VPCSimple, securenetworkingOpen source andon Github…{ }

CNI InfrastructureR u n t i m eN e t w o r kp l u g i nN e t w o r kc o n f i g u r a t i o n

Nginx PodJava PodENISecondary IPs:10.0.0.110.0.0.2Veth IP: 10.0.0.1Veth IP: 10.0.0.2Nginx PodJava PodENIVeth IP: 10.0.0.20Veth IP: 10.0.0.22Secondary IPs:10.0.0.2010.0.0.22ec2.associateaddress()VPC Subnet – 10.0.0.0/24Instance 1 Instance 2

VPC CNI networking internalsK u b e l e tV P C C N Ip l u g i n1 . C N I A d d / D e l e t eE C 2E N I E N I E N IP o d P o d P o d P o dV P CN e t w o r k.........0 . C r e a t e E N I2 . S e t u p v e t h

VPC CNI plugin architectureK u b e l e tV P C C N Ip l u g i nN e t w o r k l o c a lc o n t r o l p l a n eE N I s /S e c o n d a r y I P sC N I A d d / D e l e t eg R P CE C 2

Packet flow : pod - to - podE C 2Default namespacePod namespaceveth vethMain RTE C 2Default namespacePod namespacevethRouteTableMain RTENI RTvethVPCfabricENI RTRouteTable

Packet flow : pod - to externalE C 2Default namespacePod namespacevethRoute TableMain RTENI RTvethExternalNetworkIPTables

Lab 6.Service Mesh with App MeshJeong, Jun Woo

Introducing AWS App MeshService mesh for AWSObservability and traffic controlEasily export logs, metrics, and tracesClient-side traffic policies—circuit breaking, retriesRoutes for deploymentsWorks across clusters and container servicesAmazon ECSAmazon EKSKubernetes on EC2AWS built and runManaged control planeProduction-grade

App Mesh uses Envoy proxyOSS project managed by CNCFStarted at Lyft in 2016Wide community support, numerous integrationsStable and production-proven

AWS App Mesh configures every proxyMicroserviceProxy

Easily deliver configuration and receive dataInfraOperatorApplicationDeveloper MetricsIntentMicroserviceProxy

Why AWS App MeshLibraries or application code vs. meshOverall - migrate to microservices safer and fasterReduce work requiredby developersProvide operationalcontrols decoupledfrom application logicUse any languageor platformSimplify visibility,troubleshooting, anddeployments

Traffic controlsRouting optionsService discoveryRetriesTimeoutsError-code recognitionRouting controlsAccessQuotasRate limitsWeights

Application observability+ othersUniversal metricscollection fora wide range ofmonitoring tools

App Mesh ConstructsMeshVirtual nodeVirtual router and routesVirtual serviceCreate and manage these in AppMesh API, CLI, SDK, orAWS Management ConsoleProxiesServicesService discoveryConfigure and run proxies andservices on Amazon ECS, Fargate,Amazon EKS, Amazon EC2Service discovery withAWS Cloud Map

Mesh – [sample_app]Virtual routerHTTP routeTargets:Prefix: /BB’Virtualnode AServicediscoveryListener Backends Virtualnode BServicediscoveryListener BackendsVirtualnode B’ServicediscoveryListener BackendsBBB’B’AConnecting microservices

Lab Procedures1. Create the k8s app1) Clone the Repo2) Create DJ App3) Test DJ App2. Create the App Mesh Components1) Creating the Injector Controller2) Define the Injector Targets3) Adding the CRDs3. Porting DJ to App Mesh1) Create the Mesh2) Create the Virtual Nodes3) Create the Virtual Services4) Testing the App Mesh

Create the App Mesh Components

여러분의 피드백을 기다립니다!#AWSDEVDAYSEOUL

Movatterモバイル変換

Change Language

[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵

Embed presentation

Recommended

More Related Content

What's hot

Similar to [AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵

More from Amazon Web Services Korea

Recently uploaded

[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵