On Amazon (AWS)

Kubernetes

Amazon (AWS)ECS | EKS | Fargate

Author & Cloud

Expert

Mamta JDocker & Kubernetes

Expert

Atul Kumar

On

Jobs: Kubernetes + AWS

2

https://k21academy.com/dockerkubernetes © Copyright 2021 | K21 Academy | All Rights Reserved

⮚ Docker & Kubernetes on AWS: Overview ⮚ Monolithic vs Microservices⮚ VM vs Containers⮚ Docker Architecture ⮚ Container Images & Registry ⮚ ECR: Elastic Container Registry ⮚ Lab: ECR Setup & Push Image ⮚ ECS: Elastic Container Registry⮚ Kubernetes on Cloud⮚ K8S & EKS Architecture ⮚ Kubernetes Objects: Pods, Deployment, ReplicaSet, Service, Label

Topics Covered

3


⮚ Networking in K8S & EKS ⮚ Storage in K8S & EKS ⮚ Security in K8S & EKS ⮚ Labs EKS: Create Cluster, Deploy App, Ingress Load Balancer, Storage ⮚ CKA, CKAD & CKS Certification Program

Topics Covered

4


⮚ Lab I: Register for AWS Cloud ➢ Creating an account in AWS➢ AWS Console Walkthrough➢ Navigate: ECR Console

⮚ Lab II: Create & Configure Registry (ECR)➢ Create Ubuntu Machine➢ Install & Configure AWSCLI➢ Install & Configure Docker➢ Authenticate Docker to ECR➢ Download image from Docker Hub public repo➢ Tag & Push Image to ECR

⮚ Lab IIII: Create & Configure Registry (ECS)➢ Navigate to ECS Console ➢ Create ECS with Fargate

Labs: ECR, ECS, EKS, Fargate

5


⮚ Lab IV: Deploying Kubernetes Cluster with EKS➢ Access EKS Console ➢ Creating the EKS cluster ➢ Creating an EKS role➢ Creating a VPC for EKS

➢ Lab V: Launching Kubernetes worker nodes⮚ Lab VI: Deploy Application to EKS➢ Configuring AWS CLI on the local server to connect to EKS Cluster➢ Deploying sample application➢ Expose Application using Service

Hands-On Labs: Amazon EKS

6


⮚ Lab VII: Advance Routing with Ingress Controller➢ Deploy Ingress Controller using Helm Charts➢ Create Two Sample Applications➢ Create Ingress Route to expose both applications➢ Test Applications via Ingress Controller

⮚ Lab VIII: Dynamic provisioning of persistent volume using AWS EBS➢ Create Storage Class ➢ Install EBS Storage Driver➢ Deploying Sample Application using EBS Storage

Labs: EKS Networking / Storage

7


⮚ Lab IX: Create EKS Fargate Cluster⮚ Lab X: Create Fargate Profile⮚ Lab XI: Deploy Application on EKS Fargate Application⮚ Lab XII: Configure Application Load Balancer (ALB) as Ingress Controller⮚ Lab XIII: Test Application deployed on Fargate

Hands-On Labs: EKS Fargate

8


Docker & Kubernetes

9


Docker & Kubernetes on AWS

10


Background

Evolution of Development & DeploymentApplication InfrastructureDeployment and PackagingApplication ArchitectureDevelopment Process

HostedVirtual ServersN-TierAgile

~ 2000

Plan

Release

Build

Code

Test

Operate

Monitor

Deply

DevOps Microservices Containers Cloud~ 2010

Now

Waterfall Monolithic Physical Server Datacenter~ 1980

~ 1990

12


Evolution of Microservices

13


Monolithic vs Microservices

14


VM vs Docker (Containers)

Hypervisor

Guest OS

Bins/Lib

Service A Service B

Guest OS

Bins/Lib

App 1

OS

Bins/Lib

Service A Service B

Bins/Lib

App 1

Containerization Platform

15


VM vs Docker (Containers)

16


The Evolution Of Containers

Container technology has come a long way from its chroots, starting with Google's exploration into

cgroups &

working up into widespread organizational adoption.

Containerized App Market

18


Thousands using Kubernetes

19


ECRElastic Container

Registry

Docker Architecture

21


Docker Architecture

22


Docker: Build & Run

23


Container Images

24


Container Registry

25


Docker Hub

26


ECR: Elastic Container Registry

27


ECR: Elastic Container Registry

28


⮚ Lab I: Register for AWS Cloud ➢ Creating an account in AWS➢ AWS Console Walkthrough➢ Navigate: ECR Console

⮚ Lab II: Create & Configure Registry (ECR)➢ Create Ubuntu Machine➢ Install & Configure AWSCLI➢ Install & Configure Docker➢ Authenticate Docker to ECR➢ Download image from Docker Hub public repo➢ Tag & Push Image to ECR

Hands-On Labs: Amazon ECR

29


ECSElastic Container

Service

Docker Image & Container

31


Docker Container #1

Docker Container #2

Docker Image

Docker Container #3

Docker Image & Container

32


ECS: Elastic Container Service

33


Provision ECS

34


Provision ECS

35


⮚ Lab IIII: Create & Configure Container Service (ECS)➢ Navigate to ECS Console ➢ Create ECS with Fargate

Hands-On Labs: Amazon ECS

36


KubernetesBasics

Container Orchestration

38


What is Kubernetes (K8S)

Image Courtesy: Microsoft

39


Kubernetes Components

40


Kubernetes Worker Nodes (Data Plane)

Kubernetes Master Nodes (Control Plane)

Kubernetes Architecture

41


Kubernetes Worker Nodes (Data Plane)

Kubernetes Master Nodes (Control Plane)


42



API Server

Controller Manager

Scheduler

etcd

Docker

Kubelet cAdvisorKube-proxy

Pod Pod Pod……..

……..

Docker


Pod Pod……..

Container Network Interface Plugin

Master Node

Worker Node Worker Node

Dev/Admin

Docker

43


API Server

Controller Manager

Scheduler

etcd

Master Node

Master Node Architecture

➢ API Server: Configures and validates data for api objects like pods, services. Its a front-end of control plane

➢ Scheduler: It decides where in the cluster the workloads are to be run

➢ etcd: Stores all cluster-related data

➢ Controller: Daemon that embeds core control loops that regulates system state via routine tasks

44


➢ kubelet: Primary node agent which performs various tasks like mounting volumes, running containers, etc. for pods assigned to the node

➢ kube-proxy: Provides service abstraction and connection forwarding

➢ Docker: Container engines for running containers

➢ cAdvisor: Provides container users an understanding of the resource usage and performance characteristics of their running containers

Docker


Pod Pod Pod…

…..

Worker Node

Worker Node Architecture

45


Kubernetes Objects

46


Kubernetes Objects

47


Kubernetes Objects

48


Pod & YAML

Worker Node

kubelet

Docker

Pod 1 Pod 2

C1 C1

C2

49


Deployment

50


Rolling Update

51


Rollback

52


Networking in K8S

53


KubernetesOn

Cloud

Kubernetes Adoption in Cloud

➢ AWS - EKS

➢ Microsoft Azure - AKS

➢ Google Cloud Platform - GKE

➢ Oracle Cloud - OKE

➢ Digital Ocean - DOKS

55


Kubernetes Adoption in Cloud

56


Why Kubernetes on AWS (StackRox)

57


Trends Kubernetes in Cloud

Source: CNCF / Forbes

58



59


EKS: How It Works

60


ECS(Elastic Container Service)

EKS(Elastic Kubernetes Service)

Fargate(AWS Fargate Service)

Definition Container Orchestration, Created by AWS

Managed Kubernetes (Open Source) platform by AWS

Container on-demand

Cluster Creation Requires Requires Not Required

Control Plane Cost 0, pay for work nodes 144 $*, Pay for work nodes Pay for task based on CPU & Memory

Integration Deeper Integration with other AWS services

Actively working on Integrations Currently runs on ECS

Usecase Good for native container architecture

Easy to move on-prem Kubernetes to AWS EKS

Good for workload which runs on duration.


61


AWS: Price Comparison

62


Amazon

Elastic KubernetesService

Kubernetes: Master & Worker Node


64


Benefits of EKS

Amazon EKS runs a single tenant Kubernetes ControlPlane for each Cluster

Control plane consists of at least two API servernodes and three etcd nodes that run across threeAvailability Zones within a Region

Amazon EKS Automatically Detects and ReplacesUnhealthy Control Plane Instances

65


EKS: Components

66


EKS: Control & Data Plane

67


EKS: Worker Node Options

68



69



70


Control & Data Plane Communication

71


High Level

72


Amazon EKS

73


EKS Architecture

74


EKS Architecture

75


EKS Architecture

76


EKS: AWS Elastic Kubernetes Service

77


Amazon EKS Workflow

78


⮚ Lab IV: Deploying Kubernetes Cluster with EKS➢ Access EKS Console ➢ Creating the EKS cluster ➢ Creating an EKS role➢ Creating a VPC for EKS

➢ Lab V: Launching Kubernetes worker nodes⮚ Lab VI: Deploy Application to EKS➢ Configuring AWS CLI on the local server to connect to EKS Cluster➢ Deploying sample application➢ Expose Application using Service


79


EKSNetworking

Kubernetes Networking

⮚ Kubernetes networking addresses➢ Container to Container communication with-in Pod➢ Pod to Pod communication with-in K8S Cluster➢ Pod to Service communication with-in K8S Cluster➢ Outside (Internet) to Pod communication using Service

⮚ K8S dictates following requirement ➢ All Pods can talk to each other without NAT➢ All Nodes can talk to Pods without NAT ➢ IP that a pod sees itself is same IP that other Pods see it as

⮚ Every Pod in K8S gets its own IP Address⮚ Ingress: Internet Traffic to K8S ➢ Service Load Balancer (Layer 4) ➢ Ingress Controller (Layer 7)

81


OSI Model & Ingress Controller (ALB)

Image Courtesy: Kevin Sookocheff

82


ALB Ingress Controller

83


Service in K8S

84


Service Types in K8S


85


Service Types in K8S

86


EKS Networking

87


Pod Networking

88


External to Pod: SNAT Enabled

89


External to Pod: SNAT Disabled

90


ALB: EKS Ingress Controller

91


⮚ Lab VII: Advance Routing with Ingress Controller➢ Deploy Ingress Controller using Helm Charts➢ Create Two Sample Applications➢ Create Ingress Route to expose both applications➢ Test Applications via Ingress Controller


92


EKSStorage

2 GB 5 GB 20 GB 50 GB 100 GB

Persistent Volume

Cluster

Persistent Volume Claim

Claim

C

1

Cluster Admin

Provisioning

Developers

Binding

Using

Lifecycle of a Volume & Claim

94


EKS Storage: EBS & EFS

95


Persistent Volume Claim


96


⮚ Lab VIII: Dynamic provisioning of persistent volume using AWS EBS➢ Create Storage Class ➢ Install EBS Storage Driver➢ Deploying Sample Application using EBS Storage

Hands-On Labs: EKS Storage

97


EKSSecurity

EKS Security: IAM

99


Who ? What ?

RoleRole

Binding

Service-Account

Group

User

Some Resources

Other Resources

Allow

access

Don’t allow

access

Role & Role Binding

100


IAM Roles for Service Account

101


EKS Authentication

102


EKS Security: Network

103


EKS Security: Network

104


K8s Network Policy

Image Courtesy: theithollow.com

105


K8s Network Policy

106


FargateECS | EKS

Worker Node: EC2 vs Fargate

108


Fargate: Serverless ECS/EKS

109


Fargate Profile

110


Fargate Profile

111


Fargate

112


⮚ Lab IX: Create EKS Fargate Cluster⮚ Lab X: Create Fargate Profile⮚ Lab XI: Deploy Application on EKS Fargate Application⮚ Lab XII: Deploy Application Load Balancer (ALB) as Ingress Controller⮚ Lab XIII: Test Application deployed on Fargate

Hands-On Labs: EKS Fargate

113


EKSManagement

EKS Management

115


EKS (K8S) Dashboard

116


EKS / ECS

With Other Services

EKS on Outpost

118


EKS: CloudWatch & ELB

119


ECS/EKS with API Gateway

120


ECS: CI/CD

121


ECS Batch Processing

122


EKS: Workload & Image Scanning

123


Certifications

K8S Certifications

125

https://k21academy.com/kubernetes02 © Copyright 2021 | K21 Academy | All Rights Reserved

Job Opportunity

Jobs: Kubernetes + AWS

127


Job: USA & UK

128


Job: UK

129


Job: India

130


Results to Inspire You…

131

https://k21academy.com/kubernetes02 © Copyright 2021 | K21 Academy | All Rights Reserved

Documents

On Amazon (AWS)