On Amazon (AWS)

Preview:

Citation preview

Kubernetes

Amazon (AWS)ECS | EKS | Fargate

Author & Cloud

Expert

Mamta JDocker & Kubernetes

Expert

Atul Kumar

On

Jobs: Kubernetes + AWS

2

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

⮚ Docker & Kubernetes on AWS: Overview ⮚ Monolithic vs Microservices⮚ VM vs Containers⮚ Docker Architecture ⮚ Container Images & Registry ⮚ ECR: Elastic Container Registry ⮚ Lab: ECR Setup & Push Image ⮚ ECS: Elastic Container Registry⮚ Kubernetes on Cloud⮚ K8S & EKS Architecture ⮚ Kubernetes Objects: Pods, Deployment, ReplicaSet, Service, Label

Topics Covered

3

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

⮚ Networking in K8S & EKS ⮚ Storage in K8S & EKS ⮚ Security in K8S & EKS ⮚ Labs EKS: Create Cluster, Deploy App, Ingress Load Balancer, Storage ⮚ CKA, CKAD & CKS Certification Program

Topics Covered

4

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

⮚ Lab I: Register for AWS Cloud ➢ Creating an account in AWS➢ AWS Console Walkthrough➢ Navigate: ECR Console

⮚ Lab II: Create & Configure Registry (ECR)➢ Create Ubuntu Machine➢ Install & Configure AWSCLI➢ Install & Configure Docker➢ Authenticate Docker to ECR➢ Download image from Docker Hub public repo➢ Tag & Push Image to ECR

⮚ Lab IIII: Create & Configure Registry (ECS)➢ Navigate to ECS Console ➢ Create ECS with Fargate

Labs: ECR, ECS, EKS, Fargate

5

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

⮚ Lab IV: Deploying Kubernetes Cluster with EKS➢ Access EKS Console ➢ Creating the EKS cluster ➢ Creating an EKS role➢ Creating a VPC for EKS

➢ Lab V: Launching Kubernetes worker nodes⮚ Lab VI: Deploy Application to EKS➢ Configuring AWS CLI on the local server to connect to EKS Cluster➢ Deploying sample application➢ Expose Application using Service

Hands-On Labs: Amazon EKS

6

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

⮚ Lab VII: Advance Routing with Ingress Controller➢ Deploy Ingress Controller using Helm Charts➢ Create Two Sample Applications➢ Create Ingress Route to expose both applications➢ Test Applications via Ingress Controller

⮚ Lab VIII: Dynamic provisioning of persistent volume using AWS EBS➢ Create Storage Class ➢ Install EBS Storage Driver➢ Deploying Sample Application using EBS Storage

Labs: EKS Networking / Storage

7

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

⮚ Lab IX: Create EKS Fargate Cluster⮚ Lab X: Create Fargate Profile⮚ Lab XI: Deploy Application on EKS Fargate Application⮚ Lab XII: Configure Application Load Balancer (ALB) as Ingress Controller⮚ Lab XIII: Test Application deployed on Fargate

Hands-On Labs: EKS Fargate

8

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Docker & Kubernetes

9

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Docker & Kubernetes on AWS

10

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Background

Evolution of Development & DeploymentApplication InfrastructureDeployment and PackagingApplication ArchitectureDevelopment Process

HostedVirtual ServersN-TierAgile

~ 2000

Plan

Release

Build

Code

Test

Operate

Monitor

Deply

DevOps Microservices Containers Cloud~ 2010

Now

Waterfall Monolithic Physical Server Datacenter~ 1980

~ 1990

12

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Evolution of Microservices

13

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Monolithic vs Microservices

14

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

VM vs Docker (Containers)

Hypervisor

Guest OS

Bins/Lib

Service A Service B

Guest OS

Bins/Lib

App 1

OS

Bins/Lib

Service A Service B

Bins/Lib

App 1

Containerization Platform

15

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

VM vs Docker (Containers)

16

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

The Evolution Of Containers

Container technology has come a long way from its chroots, starting with Google's exploration into

cgroups &

working up into widespread organizational adoption.

Containerized App Market

18

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Thousands using Kubernetes

19

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

ECRElastic Container

Registry

Docker Architecture

21

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Docker Architecture

22

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Docker: Build & Run

23

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Container Images

24

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Container Registry

25

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Docker Hub

26

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

ECR: Elastic Container Registry

27

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

ECR: Elastic Container Registry

28

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

⮚ Lab I: Register for AWS Cloud ➢ Creating an account in AWS➢ AWS Console Walkthrough➢ Navigate: ECR Console

⮚ Lab II: Create & Configure Registry (ECR)➢ Create Ubuntu Machine➢ Install & Configure AWSCLI➢ Install & Configure Docker➢ Authenticate Docker to ECR➢ Download image from Docker Hub public repo➢ Tag & Push Image to ECR

Hands-On Labs: Amazon ECR

29

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

ECSElastic Container

Service

Docker Image & Container

31

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Docker Container #1

Docker Container #2

Docker Image

Docker Container #3

Docker Image & Container

32

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

ECS: Elastic Container Service

33

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Provision ECS

34

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Provision ECS

35

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

⮚ Lab IIII: Create & Configure Container Service (ECS)➢ Navigate to ECS Console ➢ Create ECS with Fargate

Hands-On Labs: Amazon ECS

36

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

KubernetesBasics

Container Orchestration

38

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

What is Kubernetes (K8S)

Image Courtesy: Microsoft

39

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Kubernetes Components

40

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Kubernetes Worker Nodes (Data Plane)

Kubernetes Master Nodes (Control Plane)

Kubernetes Architecture

41

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Kubernetes Worker Nodes (Data Plane)

Kubernetes Master Nodes (Control Plane)

Kubernetes Architecture

42

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Kubernetes Architecture

API Server

Controller Manager

Scheduler

etcd

Docker

Kubelet cAdvisorKube-proxy

Pod Pod Pod……..

……..

Docker

Kubelet cAdvisorKube-proxy

Pod Pod……..

Container Network Interface Plugin

Master Node

Worker Node Worker Node

Dev/Admin

Docker

43

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

API Server

Controller Manager

Scheduler

etcd

Master Node

Master Node Architecture

➢ API Server: Configures and validates data for api objects like pods, services. Its a front-end of control plane

➢ Scheduler: It decides where in the cluster the workloads are to be run

➢ etcd: Stores all cluster-related data

➢ Controller: Daemon that embeds core control loops that regulates system state via routine tasks

44

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

➢ kubelet: Primary node agent which performs various tasks like mounting volumes, running containers, etc. for pods assigned to the node

➢ kube-proxy: Provides service abstraction and connection forwarding

➢ Docker: Container engines for running containers

➢ cAdvisor: Provides container users an understanding of the resource usage and performance characteristics of their running containers

Docker

Kubelet cAdvisorKube-proxy

Pod Pod Pod…

…..

Worker Node

Worker Node Architecture

45

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Kubernetes Objects

46

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Kubernetes Objects

47

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Kubernetes Objects

48

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Pod & YAML

Worker Node

kubelet

Docker

Pod 1 Pod 2

C1 C1

C2

49

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Deployment

50

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Rolling Update

51

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Rollback

52

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Networking in K8S

53

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

KubernetesOn

Cloud

Kubernetes Adoption in Cloud

➢ AWS - EKS

➢ Microsoft Azure - AKS

➢ Google Cloud Platform - GKE

➢ Oracle Cloud - OKE

➢ Digital Ocean - DOKS

55

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Kubernetes Adoption in Cloud

56

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Why Kubernetes on AWS (StackRox)

57

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Trends Kubernetes in Cloud

Source: CNCF / Forbes

58

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Docker & Kubernetes on AWS

59

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

EKS: How It Works

60

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

ECS(Elastic Container Service)

EKS(Elastic Kubernetes Service)

Fargate(AWS Fargate Service)

Definition Container Orchestration, Created by AWS

Managed Kubernetes (Open Source) platform by AWS

Container on-demand

Cluster Creation Requires Requires Not Required

Control Plane Cost 0, pay for work nodes 144 $*, Pay for work nodes Pay for task based on CPU & Memory

Integration Deeper Integration with other AWS services

Actively working on Integrations Currently runs on ECS

Usecase Good for native container architecture

Easy to move on-prem Kubernetes to AWS EKS

Good for workload which runs on duration.

Docker & Kubernetes on AWS

61

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

AWS: Price Comparison

62

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Amazon

Elastic KubernetesService

Kubernetes: Master & Worker Node

Image Courtesy: Microsoft

64

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Benefits of EKS

Amazon EKS runs a single tenant Kubernetes ControlPlane for each Cluster

Control plane consists of at least two API servernodes and three etcd nodes that run across threeAvailability Zones within a Region

Amazon EKS Automatically Detects and ReplacesUnhealthy Control Plane Instances

65

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

EKS: Components

66

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

EKS: Control & Data Plane

67

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

EKS: Worker Node Options

68

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

EKS: Worker Node Options

69

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

EKS: Worker Node Options

70

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Control & Data Plane Communication

71

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

High Level

72

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Amazon EKS

73

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

EKS Architecture

74

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

EKS Architecture

75

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

EKS Architecture

76

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

EKS: AWS Elastic Kubernetes Service

77

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Amazon EKS Workflow

78

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

⮚ Lab IV: Deploying Kubernetes Cluster with EKS➢ Access EKS Console ➢ Creating the EKS cluster ➢ Creating an EKS role➢ Creating a VPC for EKS

➢ Lab V: Launching Kubernetes worker nodes⮚ Lab VI: Deploy Application to EKS➢ Configuring AWS CLI on the local server to connect to EKS Cluster➢ Deploying sample application➢ Expose Application using Service

Hands-On Labs: Amazon EKS

79

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

EKSNetworking

Kubernetes Networking

⮚ Kubernetes networking addresses➢ Container to Container communication with-in Pod➢ Pod to Pod communication with-in K8S Cluster➢ Pod to Service communication with-in K8S Cluster➢ Outside (Internet) to Pod communication using Service

⮚ K8S dictates following requirement ➢ All Pods can talk to each other without NAT➢ All Nodes can talk to Pods without NAT ➢ IP that a pod sees itself is same IP that other Pods see it as

⮚ Every Pod in K8S gets its own IP Address⮚ Ingress: Internet Traffic to K8S ➢ Service Load Balancer (Layer 4) ➢ Ingress Controller (Layer 7)

81

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

OSI Model & Ingress Controller (ALB)

Image Courtesy: Kevin Sookocheff

82

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

ALB Ingress Controller

83

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Service in K8S

84

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Service Types in K8S

Image Courtesy: Microsoft

85

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Service Types in K8S

86

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

EKS Networking

87

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Pod Networking

88

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

External to Pod: SNAT Enabled

89

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

External to Pod: SNAT Disabled

90

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

ALB: EKS Ingress Controller

91

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

⮚ Lab VII: Advance Routing with Ingress Controller➢ Deploy Ingress Controller using Helm Charts➢ Create Two Sample Applications➢ Create Ingress Route to expose both applications➢ Test Applications via Ingress Controller

Hands-On Labs: Amazon EKS

92

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

EKSStorage

2 GB 5 GB 20 GB 50 GB 100 GB

Persistent Volume

Cluster

Persistent Volume Claim

Claim

C

1

Cluster Admin

Provisioning

Developers

Binding

Using

Lifecycle of a Volume & Claim

94

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

EKS Storage: EBS & EFS

95

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Persistent Volume Claim

Image Courtesy: Microsoft

96

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

⮚ Lab VIII: Dynamic provisioning of persistent volume using AWS EBS➢ Create Storage Class ➢ Install EBS Storage Driver➢ Deploying Sample Application using EBS Storage

Hands-On Labs: EKS Storage

97

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

EKSSecurity

EKS Security: IAM

99

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Who ? What ?

RoleRole

Binding

Service-Account

Group

User

Some Resources

Other Resources

Allow

access

Don’t allow

access

Role & Role Binding

100

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

IAM Roles for Service Account

101

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

EKS Authentication

102

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

EKS Security: Network

103

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

EKS Security: Network

104

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

K8s Network Policy

Image Courtesy: theithollow.com

105

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

K8s Network Policy

106

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

FargateECS | EKS

Worker Node: EC2 vs Fargate

108

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Fargate: Serverless ECS/EKS

109

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Fargate Profile

110

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Fargate Profile

111

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Fargate

112

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

⮚ Lab IX: Create EKS Fargate Cluster⮚ Lab X: Create Fargate Profile⮚ Lab XI: Deploy Application on EKS Fargate Application⮚ Lab XII: Deploy Application Load Balancer (ALB) as Ingress Controller⮚ Lab XIII: Test Application deployed on Fargate

Hands-On Labs: EKS Fargate

113

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

EKSManagement

EKS Management

115

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

EKS (K8S) Dashboard

116

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

EKS / ECS

With Other Services

EKS on Outpost

118

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

EKS: CloudWatch & ELB

119

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

ECS/EKS with API Gateway

120

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

ECS: CI/CD

121

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

ECS Batch Processing

122

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

EKS: Workload & Image Scanning

123

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Certifications

K8S Certifications

125

https://k21academy.com/kubernetes02 © Copyright 2021 | K21 Academy | All Rights Reserved

Job Opportunity

Jobs: Kubernetes + AWS

127

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Job: USA & UK

128

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Job: UK

129

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Job: India

130

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

Results to Inspire You…

131

https://k21academy.com/kubernetes02 © Copyright 2021 | K21 Academy | All Rights Reserved

Recommended