8KMiles presentation on Amazon AWS Cloud computing infrastructure
On Amazon (AWS)
Transcript of On Amazon (AWS)
Kubernetes
Amazon (AWS)ECS | EKS | Fargate
Author & Cloud
Expert
Mamta JDocker & Kubernetes
Expert
Atul Kumar
On
Jobs: Kubernetes + AWS
2
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
⮚ Docker & Kubernetes on AWS: Overview ⮚ Monolithic vs Microservices⮚ VM vs Containers⮚ Docker Architecture ⮚ Container Images & Registry ⮚ ECR: Elastic Container Registry ⮚ Lab: ECR Setup & Push Image ⮚ ECS: Elastic Container Registry⮚ Kubernetes on Cloud⮚ K8S & EKS Architecture ⮚ Kubernetes Objects: Pods, Deployment, ReplicaSet, Service, Label
Topics Covered
3
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
⮚ Networking in K8S & EKS ⮚ Storage in K8S & EKS ⮚ Security in K8S & EKS ⮚ Labs EKS: Create Cluster, Deploy App, Ingress Load Balancer, Storage ⮚ CKA, CKAD & CKS Certification Program
Topics Covered
4
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
⮚ Lab I: Register for AWS Cloud ➢ Creating an account in AWS➢ AWS Console Walkthrough➢ Navigate: ECR Console
⮚ Lab II: Create & Configure Registry (ECR)➢ Create Ubuntu Machine➢ Install & Configure AWSCLI➢ Install & Configure Docker➢ Authenticate Docker to ECR➢ Download image from Docker Hub public repo➢ Tag & Push Image to ECR
⮚ Lab IIII: Create & Configure Registry (ECS)➢ Navigate to ECS Console ➢ Create ECS with Fargate
Labs: ECR, ECS, EKS, Fargate
5
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
⮚ Lab IV: Deploying Kubernetes Cluster with EKS➢ Access EKS Console ➢ Creating the EKS cluster ➢ Creating an EKS role➢ Creating a VPC for EKS
➢ Lab V: Launching Kubernetes worker nodes⮚ Lab VI: Deploy Application to EKS➢ Configuring AWS CLI on the local server to connect to EKS Cluster➢ Deploying sample application➢ Expose Application using Service
Hands-On Labs: Amazon EKS
6
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
⮚ Lab VII: Advance Routing with Ingress Controller➢ Deploy Ingress Controller using Helm Charts➢ Create Two Sample Applications➢ Create Ingress Route to expose both applications➢ Test Applications via Ingress Controller
⮚ Lab VIII: Dynamic provisioning of persistent volume using AWS EBS➢ Create Storage Class ➢ Install EBS Storage Driver➢ Deploying Sample Application using EBS Storage
Labs: EKS Networking / Storage
7
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
⮚ Lab IX: Create EKS Fargate Cluster⮚ Lab X: Create Fargate Profile⮚ Lab XI: Deploy Application on EKS Fargate Application⮚ Lab XII: Configure Application Load Balancer (ALB) as Ingress Controller⮚ Lab XIII: Test Application deployed on Fargate
Hands-On Labs: EKS Fargate
8
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Docker & Kubernetes
9
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Docker & Kubernetes on AWS
10
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Background
Evolution of Development & DeploymentApplication InfrastructureDeployment and PackagingApplication ArchitectureDevelopment Process
HostedVirtual ServersN-TierAgile
~ 2000
Plan
Release
Build
Code
Test
Operate
Monitor
Deply
DevOps Microservices Containers Cloud~ 2010
Now
Waterfall Monolithic Physical Server Datacenter~ 1980
~ 1990
12
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Evolution of Microservices
13
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Monolithic vs Microservices
14
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
VM vs Docker (Containers)
Hypervisor
Guest OS
Bins/Lib
Service A Service B
Guest OS
Bins/Lib
App 1
OS
Bins/Lib
Service A Service B
Bins/Lib
App 1
Containerization Platform
15
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
VM vs Docker (Containers)
16
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
The Evolution Of Containers
Container technology has come a long way from its chroots, starting with Google's exploration into
cgroups &
working up into widespread organizational adoption.
Containerized App Market
18
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Thousands using Kubernetes
19
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
ECRElastic Container
Registry
Docker Architecture
21
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Docker Architecture
22
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Docker: Build & Run
23
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Container Images
24
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Container Registry
25
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Docker Hub
26
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
ECR: Elastic Container Registry
27
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
ECR: Elastic Container Registry
28
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
⮚ Lab I: Register for AWS Cloud ➢ Creating an account in AWS➢ AWS Console Walkthrough➢ Navigate: ECR Console
⮚ Lab II: Create & Configure Registry (ECR)➢ Create Ubuntu Machine➢ Install & Configure AWSCLI➢ Install & Configure Docker➢ Authenticate Docker to ECR➢ Download image from Docker Hub public repo➢ Tag & Push Image to ECR
Hands-On Labs: Amazon ECR
29
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
ECSElastic Container
Service
Docker Image & Container
31
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Docker Container #1
Docker Container #2
Docker Image
Docker Container #3
Docker Image & Container
32
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
ECS: Elastic Container Service
33
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Provision ECS
34
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Provision ECS
35
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
⮚ Lab IIII: Create & Configure Container Service (ECS)➢ Navigate to ECS Console ➢ Create ECS with Fargate
Hands-On Labs: Amazon ECS
36
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
KubernetesBasics
Container Orchestration
38
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
What is Kubernetes (K8S)
Image Courtesy: Microsoft
39
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Kubernetes Components
40
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Kubernetes Worker Nodes (Data Plane)
Kubernetes Master Nodes (Control Plane)
Kubernetes Architecture
41
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Kubernetes Worker Nodes (Data Plane)
Kubernetes Master Nodes (Control Plane)
Kubernetes Architecture
42
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Kubernetes Architecture
API Server
Controller Manager
Scheduler
etcd
Docker
Kubelet cAdvisorKube-proxy
Pod Pod Pod……..
……..
Docker
Kubelet cAdvisorKube-proxy
Pod Pod……..
Container Network Interface Plugin
Master Node
Worker Node Worker Node
Dev/Admin
Docker
43
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
API Server
Controller Manager
Scheduler
etcd
Master Node
Master Node Architecture
➢ API Server: Configures and validates data for api objects like pods, services. Its a front-end of control plane
➢ Scheduler: It decides where in the cluster the workloads are to be run
➢ etcd: Stores all cluster-related data
➢ Controller: Daemon that embeds core control loops that regulates system state via routine tasks
44
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
➢ kubelet: Primary node agent which performs various tasks like mounting volumes, running containers, etc. for pods assigned to the node
➢ kube-proxy: Provides service abstraction and connection forwarding
➢ Docker: Container engines for running containers
➢ cAdvisor: Provides container users an understanding of the resource usage and performance characteristics of their running containers
Docker
Kubelet cAdvisorKube-proxy
Pod Pod Pod…
…..
Worker Node
Worker Node Architecture
45
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Kubernetes Objects
46
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Kubernetes Objects
47
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Kubernetes Objects
48
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Pod & YAML
Worker Node
kubelet
Docker
Pod 1 Pod 2
C1 C1
C2
49
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Deployment
50
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Rolling Update
51
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Rollback
52
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Networking in K8S
53
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
KubernetesOn
Cloud
Kubernetes Adoption in Cloud
➢ AWS - EKS
➢ Microsoft Azure - AKS
➢ Google Cloud Platform - GKE
➢ Oracle Cloud - OKE
➢ Digital Ocean - DOKS
55
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Kubernetes Adoption in Cloud
56
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Why Kubernetes on AWS (StackRox)
57
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Trends Kubernetes in Cloud
Source: CNCF / Forbes
58
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Docker & Kubernetes on AWS
59
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
EKS: How It Works
60
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
ECS(Elastic Container Service)
EKS(Elastic Kubernetes Service)
Fargate(AWS Fargate Service)
Definition Container Orchestration, Created by AWS
Managed Kubernetes (Open Source) platform by AWS
Container on-demand
Cluster Creation Requires Requires Not Required
Control Plane Cost 0, pay for work nodes 144 $*, Pay for work nodes Pay for task based on CPU & Memory
Integration Deeper Integration with other AWS services
Actively working on Integrations Currently runs on ECS
Usecase Good for native container architecture
Easy to move on-prem Kubernetes to AWS EKS
Good for workload which runs on duration.
Docker & Kubernetes on AWS
61
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
AWS: Price Comparison
62
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Amazon
Elastic KubernetesService
Kubernetes: Master & Worker Node
Image Courtesy: Microsoft
64
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Benefits of EKS
Amazon EKS runs a single tenant Kubernetes ControlPlane for each Cluster
Control plane consists of at least two API servernodes and three etcd nodes that run across threeAvailability Zones within a Region
Amazon EKS Automatically Detects and ReplacesUnhealthy Control Plane Instances
65
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
EKS: Components
66
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
EKS: Control & Data Plane
67
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
EKS: Worker Node Options
68
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
EKS: Worker Node Options
69
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
EKS: Worker Node Options
70
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Control & Data Plane Communication
71
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
High Level
72
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Amazon EKS
73
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
EKS Architecture
74
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
EKS Architecture
75
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
EKS Architecture
76
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
EKS: AWS Elastic Kubernetes Service
77
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Amazon EKS Workflow
78
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
⮚ Lab IV: Deploying Kubernetes Cluster with EKS➢ Access EKS Console ➢ Creating the EKS cluster ➢ Creating an EKS role➢ Creating a VPC for EKS
➢ Lab V: Launching Kubernetes worker nodes⮚ Lab VI: Deploy Application to EKS➢ Configuring AWS CLI on the local server to connect to EKS Cluster➢ Deploying sample application➢ Expose Application using Service
Hands-On Labs: Amazon EKS
79
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
EKSNetworking
Kubernetes Networking
⮚ Kubernetes networking addresses➢ Container to Container communication with-in Pod➢ Pod to Pod communication with-in K8S Cluster➢ Pod to Service communication with-in K8S Cluster➢ Outside (Internet) to Pod communication using Service
⮚ K8S dictates following requirement ➢ All Pods can talk to each other without NAT➢ All Nodes can talk to Pods without NAT ➢ IP that a pod sees itself is same IP that other Pods see it as
⮚ Every Pod in K8S gets its own IP Address⮚ Ingress: Internet Traffic to K8S ➢ Service Load Balancer (Layer 4) ➢ Ingress Controller (Layer 7)
81
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
OSI Model & Ingress Controller (ALB)
Image Courtesy: Kevin Sookocheff
82
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
ALB Ingress Controller
83
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Service in K8S
84
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Service Types in K8S
Image Courtesy: Microsoft
85
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Service Types in K8S
86
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
EKS Networking
87
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Pod Networking
88
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
External to Pod: SNAT Enabled
89
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
External to Pod: SNAT Disabled
90
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
ALB: EKS Ingress Controller
91
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
⮚ Lab VII: Advance Routing with Ingress Controller➢ Deploy Ingress Controller using Helm Charts➢ Create Two Sample Applications➢ Create Ingress Route to expose both applications➢ Test Applications via Ingress Controller
Hands-On Labs: Amazon EKS
92
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
EKSStorage
2 GB 5 GB 20 GB 50 GB 100 GB
Persistent Volume
Cluster
Persistent Volume Claim
Claim
C
1
Cluster Admin
Provisioning
Developers
Binding
Using
Lifecycle of a Volume & Claim
94
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
EKS Storage: EBS & EFS
95
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Persistent Volume Claim
Image Courtesy: Microsoft
96
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
⮚ Lab VIII: Dynamic provisioning of persistent volume using AWS EBS➢ Create Storage Class ➢ Install EBS Storage Driver➢ Deploying Sample Application using EBS Storage
Hands-On Labs: EKS Storage
97
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
EKSSecurity
EKS Security: IAM
99
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Who ? What ?
RoleRole
Binding
Service-Account
Group
User
Some Resources
Other Resources
Allow
access
Don’t allow
access
Role & Role Binding
100
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
IAM Roles for Service Account
101
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
EKS Authentication
102
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
EKS Security: Network
103
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
EKS Security: Network
104
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
K8s Network Policy
Image Courtesy: theithollow.com
105
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
K8s Network Policy
106
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
FargateECS | EKS
Worker Node: EC2 vs Fargate
108
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Fargate: Serverless ECS/EKS
109
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Fargate Profile
110
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Fargate Profile
111
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Fargate
112
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
⮚ Lab IX: Create EKS Fargate Cluster⮚ Lab X: Create Fargate Profile⮚ Lab XI: Deploy Application on EKS Fargate Application⮚ Lab XII: Deploy Application Load Balancer (ALB) as Ingress Controller⮚ Lab XIII: Test Application deployed on Fargate
Hands-On Labs: EKS Fargate
113
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
EKSManagement
EKS Management
115
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
EKS (K8S) Dashboard
116
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
EKS / ECS
With Other Services
EKS on Outpost
118
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
EKS: CloudWatch & ELB
119
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
ECS/EKS with API Gateway
120
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
ECS: CI/CD
121
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
ECS Batch Processing
122
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
EKS: Workload & Image Scanning
123
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Certifications
K8S Certifications
125
https://k21academy.com/kubernetes02 © Copyright 2021 | K21 Academy | All Rights Reserved
Job Opportunity
Jobs: Kubernetes + AWS
127
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Job: USA & UK
128
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Job: UK
129
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Job: India
130
https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved
Results to Inspire You…
131
https://k21academy.com/kubernetes02 © Copyright 2021 | K21 Academy | All Rights Reserved