SlideShare uma empresa Scribd logo

Aws + kubernetes = ❤︎

Anthony Stanton
Anthony Stanton

Slides from my talk at AWS Tech Community Days 2017 in Köln, Germany

Tecnologia
1 de 45
Baixar para ler offline
AWS + KUBERNETES = ❤ Contentful Engineering Anthony Stanton
Anthony Stanton Infrastructure Developer Product Owner for Infrastructure and Reliability Joined 2014, previously worked at a Managed Service Provider (Networks & Hosting)
Like a CMS… without the bad bits. Contentful is a content management developer platform with an API at its core.
Content infrastructure for projects of any size
Microservices architecture with a global CDN
Contentful Engineering Contentful: ~ 130 in Berlin and San Francisco Product and Engineering: ~ 50 in 10 cross-functional teams, all in Berlin Infrastructure Team: 5 (also doing some product dev)
Agenda
Why should you listen to this talk? We're a small org developing a "cloud native" application We've made a bet on Kubernetes as a deployment platform We want to share our experience!
Agenda 1. Why we chose to move to Kubernetes 2. Kubernetes in AWS 3. Migrating 4. Lessons Learned
Before Kubernetes
Previous (2015-2017) Platform Autoscaling Groups of EC2 instances Service Discovery via EC2 tags, some Lambda functions for interacting with them Chef Solo deploying applications as Debian packages Managed datastores: RDS, ElastiCache, S3 All AWS resources progressively added to Terraform
Terraform Declarative cloud infrastructure Same space as AWS CloudFormation Works with multiple cloud providers ● AWS ● Fastly ● NS1 ● Librato ● Sentry
Why change at all? Feature development velocity and time to market are key Our development teams were growing We wanted a delivery-focused platform that didn't require deep knowledge of Chef for developers to be productive
Why containers? Containers were already in heavy use in development and continuous integration They provide a useful operational model for delivering applications in a standardised way
Why Kubernetes?
Kubernetes advantages Feature set focused on enabling application delivery Open source development model Rate of change (updates and improvements) Community and market share But still on AWS!
Kubernetes on AWS
Kubenet Networking Kubenet: simplest networking model available (No overlay network with more complex SDN) Each cluster has its own routing table (max 200 per VPC) Each worker node is assigned a /24 CIDR block for Pods and Services So each worker node has a routing table entry (max 50 per RT)
Cluster Management: Kops Kubernetes Operations
Cluster Management: Kops Manages Kubernetes clusters EC2 autoscaling groups for, IAM policies, routing Handles cluster creation, configuration updates and rolling upgrades Can effect changes directly to AWS resources, or produce Terraform output
Kops + Terraform With Terraform you can override machine-generated configuration with "overrides" This allows us to customise what Kops generates Apply additional security groups or IAM policies Change the AMI used
File-based configuration for Kops Declarative Easiest way to deal with all the things you want to customise Works well with our workflows using git and code review
CoreOS Container Linux Minimise attack surface Simplify container host OS management Auto-updates for security patches
AWS Services Kubernetes uses ECR for private container registry EBS for StatefulSets (persistent storage for applications) ELB for LoadBalancer Services
Unlock ELB magic with Annotations Source: https://gist.github.com/mgoodness/1a2926f3b02d8e8149c224d25cc57dc1
What about IAM profiles? ECS can use IAM profiles for AWS API access, so cool! Kube2iam lets you map those onto Kubernetes objects
kube2iam example
Migrating
Service Discovery We had no real Service Discovery in the original setup Services migrated to Kubernetes exposed via LoadBalancer services (implemented by ELB) Announced via the VPC's Route53 Private DNS zone
debian package Deployment commit docker image code repository legacy platform package archive docker image debian package kubernetes cluster image registry deployment artifact promotion continous integration
Lessons Learned
All this is very new and changing Kubernetes itself releases pretty frequently Lots of times improvements and bug fixes are backported to the stable release Kops releases sometimes lag a little behind Kubernetes Stay up to date!
Kops defaults to creating a new VPC Extra elements required for every cluster New VPC peering, new routes, new CIDRs to add to Security Groups We rely on Route53 Private DNS zones for Service Discovery, so entries must be replicated in every Private DNS zone networkId parameter lets you specify an existing VPC, life is much easier We are now deploying all clusters in the same VPC
Kops doesn't know about your other AWS But Kops + Terraform = ♥ Terraform overrides let you customise Kops-generated resources and refer to them in other resources (Route53 records, etc)
Logging Kubernetes generates logs More logs Still more logs! Expect your log volume to grow considerably, use logLevel in Kops to reduce the default verbosity of Kubernetes components
Monitoring Kubernetes Heapster captures CPU, RAM and disk usage metrics per Pod More metrics Still more metrics! This is currently overloading our application metrics visualisation tool, Librato
Configuration and Secrets Management Make our stateless apps as "12 factor" as possible - environment variables vs. config files Some shared configuration is inevitable as we migrate services over Hashicorp Vault? Chamber + AWS Parameter Store?
Wrap-up
Where Contentful is today Our main API is 100% deployed on Kubernetes (few dependencies) Work is ongoing to adapt more of our components to Kubernetes We plan to complete the migration by Q1 2018
AWS + Kubernetes = ❤ For small organisations we can recommend this: ● Use Kops (Terraform optional but recommended) ● Use kubenet networking in the same VPC ● Use kube2iam to leverage IAM profiles, if your apps are using AWS services ● (Parameter Store!)
Thank you! Anthony Stanton anthony@contentful.com @elblivion

Recomendados

Kubernetes on AWS gone wild
Kubernetes on AWS gone wildKubernetes on AWS gone wild
Kubernetes on AWS gone wild
Christian Jantz
 
Kubernetes Kops - Automation Night
Kubernetes Kops - Automation NightKubernetes Kops - Automation Night
Kubernetes Kops - Automation Night
Kasper Nissen
 
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014
Amazon Web Services
 
AWS Connect 2017 - Container (feat. AWS)
AWS Connect 2017 - Container (feat. AWS)AWS Connect 2017 - Container (feat. AWS)
AWS Connect 2017 - Container (feat. AWS)
smalltown
 
DockerCon SF 2015: Resilient Routing and Discovery
DockerCon SF 2015: Resilient Routing and DiscoveryDockerCon SF 2015: Resilient Routing and Discovery
DockerCon SF 2015: Resilient Routing and Discovery
Docker, Inc.
 
DevOps with Azure, Kubernetes, and Helm Webinar
DevOps with Azure, Kubernetes, and Helm WebinarDevOps with Azure, Kubernetes, and Helm Webinar
DevOps with Azure, Kubernetes, and Helm Webinar
Codefresh
 
The elements of kubernetes
The elements of kubernetesThe elements of kubernetes
The elements of kubernetes
Aaron Schlesinger
 
Lunar Way and the Cloud Native "stack"
Lunar Way and the Cloud Native "stack"Lunar Way and the Cloud Native "stack"
Lunar Way and the Cloud Native "stack"
Kasper Nissen
 

Recomendados

Kubernetes on AWS gone wild
Kubernetes on AWS gone wildKubernetes on AWS gone wild
Kubernetes on AWS gone wild
Christian Jantz
 
Kubernetes Kops - Automation Night
Kubernetes Kops - Automation NightKubernetes Kops - Automation Night
Kubernetes Kops - Automation Night
Kasper Nissen
 
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014
Amazon Web Services
 
AWS Connect 2017 - Container (feat. AWS)
AWS Connect 2017 - Container (feat. AWS)AWS Connect 2017 - Container (feat. AWS)
AWS Connect 2017 - Container (feat. AWS)
smalltown
 
DockerCon SF 2015: Resilient Routing and Discovery
DockerCon SF 2015: Resilient Routing and DiscoveryDockerCon SF 2015: Resilient Routing and Discovery
DockerCon SF 2015: Resilient Routing and Discovery
Docker, Inc.
 
DevOps with Azure, Kubernetes, and Helm Webinar
DevOps with Azure, Kubernetes, and Helm WebinarDevOps with Azure, Kubernetes, and Helm Webinar
DevOps with Azure, Kubernetes, and Helm Webinar
Codefresh
 
The elements of kubernetes
The elements of kubernetesThe elements of kubernetes
The elements of kubernetes
Aaron Schlesinger
 
Lunar Way and the Cloud Native "stack"
Lunar Way and the Cloud Native "stack"Lunar Way and the Cloud Native "stack"
Lunar Way and the Cloud Native "stack"
Kasper Nissen
 
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECSWeaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks
 
MicroServices at Netflix - challenges of scale
MicroServices at Netflix - challenges of scaleMicroServices at Netflix - challenges of scale
MicroServices at Netflix - challenges of scale
Sudhir Tonse
 
AWS re:Invent 2016| GAM401 | Riot Games: Standardizing Application Deployment...
AWS re:Invent 2016| GAM401 | Riot Games: Standardizing Application Deployment...AWS re:Invent 2016| GAM401 | Riot Games: Standardizing Application Deployment...
AWS re:Invent 2016| GAM401 | Riot Games: Standardizing Application Deployment...
Amazon Web Services
 
Two Years In Production With Kubernetes - An Experience Report
Two Years In Production With Kubernetes - An Experience ReportTwo Years In Production With Kubernetes - An Experience Report
Two Years In Production With Kubernetes - An Experience Report
Kasper Nissen
 
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...
Docker, Inc.
 
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINXDockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
Docker, Inc.
 
Netflix Container Runtime - Titus - for Container Camp 2016
Netflix Container Runtime - Titus - for Container Camp 2016Netflix Container Runtime - Titus - for Container Camp 2016
Netflix Container Runtime - Titus - for Container Camp 2016
aspyker
 
Federation of Kubernetes Clusters (Ubernetes) KubeCon 2015 slides - Quinton H...
Federation of Kubernetes Clusters (Ubernetes) KubeCon 2015 slides - Quinton H...Federation of Kubernetes Clusters (Ubernetes) KubeCon 2015 slides - Quinton H...
Federation of Kubernetes Clusters (Ubernetes) KubeCon 2015 slides - Quinton H...
Quinton Hoole
 
DockerCon SF 2015: Faster, Cheaper, Safer
DockerCon SF 2015: Faster, Cheaper, SaferDockerCon SF 2015: Faster, Cheaper, Safer
DockerCon SF 2015: Faster, Cheaper, Safer
Docker, Inc.
 
Using Amazon CloudWatch Events, AWS Lambda and Spark Streaming to Process EC...
Using Amazon CloudWatch Events, AWS Lambda and Spark Streaming to Process EC... Using Amazon CloudWatch Events, AWS Lambda and Spark Streaming to Process EC...
Using Amazon CloudWatch Events, AWS Lambda and Spark Streaming to Process EC...
Julien SIMON
 
Microsoft Azure IaaS and Terraform
Microsoft Azure IaaS and TerraformMicrosoft Azure IaaS and Terraform
Microsoft Azure IaaS and Terraform
Alex Mags
 
Java Microservices with Netflix OSS & Spring
Java Microservices with Netflix OSS & Spring Java Microservices with Netflix OSS & Spring
Java Microservices with Netflix OSS & Spring
Conor Svensson
 
Kubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
Kubernetes for Serverless - Serverless Summit 2017 - Krishna KumarKubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
Kubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
CodeOps Technologies LLP
 
Serverless on Kubernetes
Serverless on KubernetesServerless on Kubernetes
Serverless on Kubernetes
Sebastien Goasguen
 
goployer, 코드 기반의 배포 도구 - 송주영 (beNX) :: AWS Community Day 2020
goployer, 코드 기반의 배포 도구 - 송주영 (beNX) :: AWS Community Day 2020goployer, 코드 기반의 배포 도구 - 송주영 (beNX) :: AWS Community Day 2020
goployer, 코드 기반의 배포 도구 - 송주영 (beNX) :: AWS Community Day 2020
AWSKRUG - AWS한국사용자모임
 
Deep Dive on Microservices and Amazon ECS
Deep Dive on Microservices and Amazon ECSDeep Dive on Microservices and Amazon ECS
Deep Dive on Microservices and Amazon ECS
Amazon Web Services
 
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and PrometheusCanary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Kublr
 
NetflixOSS and ZeroToDocker Talk
NetflixOSS and ZeroToDocker TalkNetflixOSS and ZeroToDocker Talk
NetflixOSS and ZeroToDocker Talk
aspyker
 
CI/CD trên Cloud OpenStack tại Viettel Networks | Hà Minh Công, Phạm Tường Chiến
CI/CD trên Cloud OpenStack tại Viettel Networks | Hà Minh Công, Phạm Tường ChiếnCI/CD trên Cloud OpenStack tại Viettel Networks | Hà Minh Công, Phạm Tường Chiến
CI/CD trên Cloud OpenStack tại Viettel Networks | Hà Minh Công, Phạm Tường Chiến
Vietnam Open Infrastructure User Group
 
Ibm cloud nativenetflixossfinal
Ibm cloud nativenetflixossfinalIbm cloud nativenetflixossfinal
Ibm cloud nativenetflixossfinal
aspyker
 
State of the Union: Containers on AWS
State of the Union: Containers on AWSState of the Union: Containers on AWS
State of the Union: Containers on AWS
Amazon Web Services
 
AWS re:Invent 2016: Introduction to Container Management on AWS (CON303)
AWS re:Invent 2016: Introduction to Container Management on AWS (CON303)AWS re:Invent 2016: Introduction to Container Management on AWS (CON303)
AWS re:Invent 2016: Introduction to Container Management on AWS (CON303)
Amazon Web Services
 

Mais conteúdo relacionado

Mais procurados

DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...
Docker, Inc.
 
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINXDockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
Docker, Inc.
 
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and PrometheusCanary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Kublr
 
Ibm cloud nativenetflixossfinal
Ibm cloud nativenetflixossfinalIbm cloud nativenetflixossfinal
Ibm cloud nativenetflixossfinal
aspyker
 

Mais procurados (20)

Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECSWeaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
 
MicroServices at Netflix - challenges of scale
MicroServices at Netflix - challenges of scaleMicroServices at Netflix - challenges of scale
MicroServices at Netflix - challenges of scale
 
AWS re:Invent 2016| GAM401 | Riot Games: Standardizing Application Deployment...
AWS re:Invent 2016| GAM401 | Riot Games: Standardizing Application Deployment...AWS re:Invent 2016| GAM401 | Riot Games: Standardizing Application Deployment...
AWS re:Invent 2016| GAM401 | Riot Games: Standardizing Application Deployment...
 
Two Years In Production With Kubernetes - An Experience Report
Two Years In Production With Kubernetes - An Experience ReportTwo Years In Production With Kubernetes - An Experience Report
Two Years In Production With Kubernetes - An Experience Report
 
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...
 
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINXDockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
 
Netflix Container Runtime - Titus - for Container Camp 2016
Netflix Container Runtime - Titus - for Container Camp 2016Netflix Container Runtime - Titus - for Container Camp 2016
Netflix Container Runtime - Titus - for Container Camp 2016
 
Federation of Kubernetes Clusters (Ubernetes) KubeCon 2015 slides - Quinton H...
Federation of Kubernetes Clusters (Ubernetes) KubeCon 2015 slides - Quinton H...Federation of Kubernetes Clusters (Ubernetes) KubeCon 2015 slides - Quinton H...
Federation of Kubernetes Clusters (Ubernetes) KubeCon 2015 slides - Quinton H...
 
DockerCon SF 2015: Faster, Cheaper, Safer
DockerCon SF 2015: Faster, Cheaper, SaferDockerCon SF 2015: Faster, Cheaper, Safer
DockerCon SF 2015: Faster, Cheaper, Safer
 
Using Amazon CloudWatch Events, AWS Lambda and Spark Streaming to Process EC...
Using Amazon CloudWatch Events, AWS Lambda and Spark Streaming to Process EC... Using Amazon CloudWatch Events, AWS Lambda and Spark Streaming to Process EC...
Using Amazon CloudWatch Events, AWS Lambda and Spark Streaming to Process EC...
 
Microsoft Azure IaaS and Terraform
Microsoft Azure IaaS and TerraformMicrosoft Azure IaaS and Terraform
Microsoft Azure IaaS and Terraform
 
Java Microservices with Netflix OSS & Spring
Java Microservices with Netflix OSS & Spring Java Microservices with Netflix OSS & Spring
Java Microservices with Netflix OSS & Spring
 
Kubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
Kubernetes for Serverless - Serverless Summit 2017 - Krishna KumarKubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
Kubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
 
Serverless on Kubernetes
Serverless on KubernetesServerless on Kubernetes
Serverless on Kubernetes
 
goployer, 코드 기반의 배포 도구 - 송주영 (beNX) :: AWS Community Day 2020
goployer, 코드 기반의 배포 도구 - 송주영 (beNX) :: AWS Community Day 2020goployer, 코드 기반의 배포 도구 - 송주영 (beNX) :: AWS Community Day 2020
goployer, 코드 기반의 배포 도구 - 송주영 (beNX) :: AWS Community Day 2020
 
Deep Dive on Microservices and Amazon ECS
Deep Dive on Microservices and Amazon ECSDeep Dive on Microservices and Amazon ECS
Deep Dive on Microservices and Amazon ECS
 
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and PrometheusCanary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
 
NetflixOSS and ZeroToDocker Talk
NetflixOSS and ZeroToDocker TalkNetflixOSS and ZeroToDocker Talk
NetflixOSS and ZeroToDocker Talk
 
CI/CD trên Cloud OpenStack tại Viettel Networks | Hà Minh Công, Phạm Tường Chiến
CI/CD trên Cloud OpenStack tại Viettel Networks | Hà Minh Công, Phạm Tường ChiếnCI/CD trên Cloud OpenStack tại Viettel Networks | Hà Minh Công, Phạm Tường Chiến
CI/CD trên Cloud OpenStack tại Viettel Networks | Hà Minh Công, Phạm Tường Chiến
 
Ibm cloud nativenetflixossfinal
Ibm cloud nativenetflixossfinalIbm cloud nativenetflixossfinal
Ibm cloud nativenetflixossfinal
 

Semelhante a Aws + kubernetes = ❤︎

Openshift Workshop
Openshift Workshop Openshift Workshop
Openshift Workshop
PT Datacomm Diangraha
 

Semelhante a Aws + kubernetes = ❤︎ (20)

State of the Union: Containers on AWS
State of the Union: Containers on AWSState of the Union: Containers on AWS
State of the Union: Containers on AWS
 
AWS re:Invent 2016: Introduction to Container Management on AWS (CON303)
AWS re:Invent 2016: Introduction to Container Management on AWS (CON303)AWS re:Invent 2016: Introduction to Container Management on AWS (CON303)
AWS re:Invent 2016: Introduction to Container Management on AWS (CON303)
 
Application portability with kubernetes
Application portability with kubernetesApplication portability with kubernetes
Application portability with kubernetes
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
 
Getting Started with Containers on AWS: Collision 2018
Getting Started with Containers on AWS: Collision 2018Getting Started with Containers on AWS: Collision 2018
Getting Started with Containers on AWS: Collision 2018
 
Why kubernetes for Serverless (FaaS)
Why kubernetes for Serverless (FaaS)Why kubernetes for Serverless (FaaS)
Why kubernetes for Serverless (FaaS)
 
Kubernetes on AWS 實作工作坊
Kubernetes on AWS 實作工作坊Kubernetes on AWS 實作工作坊
Kubernetes on AWS 實作工作坊
 
Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!
Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!
Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!
 
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
 
Lessons learned migrating 100+ services to Kubernetes
Lessons learned migrating 100+ services to KubernetesLessons learned migrating 100+ services to Kubernetes
Lessons learned migrating 100+ services to Kubernetes
 
AWS re:Invent 2016: Deploying Scalable SAP Hybris Clusters using Docker (CON312)
AWS re:Invent 2016: Deploying Scalable SAP Hybris Clusters using Docker (CON312)AWS re:Invent 2016: Deploying Scalable SAP Hybris Clusters using Docker (CON312)
AWS re:Invent 2016: Deploying Scalable SAP Hybris Clusters using Docker (CON312)
 
Openshift Workshop
Openshift Workshop Openshift Workshop
Openshift Workshop
 
Ford's AWS Service Update - March 2020 (Richmond AWS User Group)
Ford's AWS Service Update - March 2020 (Richmond AWS User Group)Ford's AWS Service Update - March 2020 (Richmond AWS User Group)
Ford's AWS Service Update - March 2020 (Richmond AWS User Group)
 
Kubernetes on on on on on on on on on on on on on on Azure Deck.pptx
Kubernetes on on on on on on on on on on on on on on Azure Deck.pptxKubernetes on on on on on on on on on on on on on on Azure Deck.pptx
Kubernetes on on on on on on on on on on on on on on Azure Deck.pptx
 
Challenges of Kubernetes On-premise Deployment
Challenges of Kubernetes On-premise DeploymentChallenges of Kubernetes On-premise Deployment
Challenges of Kubernetes On-premise Deployment
 
TDC2017 | São Paulo - Trilha Cloud Computing How we figured out we had a SRE ...
TDC2017 | São Paulo - Trilha Cloud Computing How we figured out we had a SRE ...TDC2017 | São Paulo - Trilha Cloud Computing How we figured out we had a SRE ...
TDC2017 | São Paulo - Trilha Cloud Computing How we figured out we had a SRE ...
 
A journey from mesos to kubernetes in AWS!
A journey from mesos to kubernetes in AWS!A journey from mesos to kubernetes in AWS!
A journey from mesos to kubernetes in AWS!
 
Bitbucket Pipelines - Powered by Kubernetes
Bitbucket Pipelines - Powered by KubernetesBitbucket Pipelines - Powered by Kubernetes
Bitbucket Pipelines - Powered by Kubernetes
 
Gordon's secret session kubernetes on windows
Gordon's secret session kubernetes on windowsGordon's secret session kubernetes on windows
Gordon's secret session kubernetes on windows
 
KubernetesPPT.pptx
KubernetesPPT.pptxKubernetesPPT.pptx
KubernetesPPT.pptx
 

Último

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 

Último (20)

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 

Aws + kubernetes = ❤︎

  • 1. AWS + KUBERNETES = ❤ Contentful Engineering Anthony Stanton
  • 2. Anthony Stanton Infrastructure Developer Product Owner for Infrastructure and Reliability Joined 2014, previously worked at a Managed Service Provider (Networks & Hosting)
  • 3. Like a CMS… without the bad bits. Contentful is a content management developer platform with an API at its core.
  • 4. Content infrastructure for projects of any size
  • 6. Contentful Engineering Contentful: ~ 130 in Berlin and San Francisco Product and Engineering: ~ 50 in 10 cross-functional teams, all in Berlin Infrastructure Team: 5 (also doing some product dev)
  • 8. Why should you listen to this talk? We're a small org developing a "cloud native" application We've made a bet on Kubernetes as a deployment platform We want to share our experience!
  • 9. Agenda 1. Why we chose to move to Kubernetes 2. Kubernetes in AWS 3. Migrating 4. Lessons Learned
  • 11. Previous (2015-2017) Platform Autoscaling Groups of EC2 instances Service Discovery via EC2 tags, some Lambda functions for interacting with them Chef Solo deploying applications as Debian packages Managed datastores: RDS, ElastiCache, S3 All AWS resources progressively added to Terraform
  • 12. Terraform Declarative cloud infrastructure Same space as AWS CloudFormation Works with multiple cloud providers ● AWS ● Fastly ● NS1 ● Librato ● Sentry
  • 13.
  • 14. Why change at all? Feature development velocity and time to market are key Our development teams were growing We wanted a delivery-focused platform that didn't require deep knowledge of Chef for developers to be productive
  • 15. Why containers? Containers were already in heavy use in development and continuous integration They provide a useful operational model for delivering applications in a standardised way
  • 17. Kubernetes advantages Feature set focused on enabling application delivery Open source development model Rate of change (updates and improvements) Community and market share But still on AWS!
  • 19. Kubenet Networking Kubenet: simplest networking model available (No overlay network with more complex SDN) Each cluster has its own routing table (max 200 per VPC) Each worker node is assigned a /24 CIDR block for Pods and Services So each worker node has a routing table entry (max 50 per RT)
  • 20.
  • 22. Cluster Management: Kops Manages Kubernetes clusters EC2 autoscaling groups for, IAM policies, routing Handles cluster creation, configuration updates and rolling upgrades Can effect changes directly to AWS resources, or produce Terraform output
  • 23. Kops + Terraform With Terraform you can override machine-generated configuration with "overrides" This allows us to customise what Kops generates Apply additional security groups or IAM policies Change the AMI used
  • 24. File-based configuration for Kops Declarative Easiest way to deal with all the things you want to customise Works well with our workflows using git and code review
  • 25.
  • 26. CoreOS Container Linux Minimise attack surface Simplify container host OS management Auto-updates for security patches
  • 27. AWS Services Kubernetes uses ECR for private container registry EBS for StatefulSets (persistent storage for applications) ELB for LoadBalancer Services
  • 28. Unlock ELB magic with Annotations Source: https://gist.github.com/mgoodness/1a2926f3b02d8e8149c224d25cc57dc1
  • 29. What about IAM profiles? ECS can use IAM profiles for AWS API access, so cool! Kube2iam lets you map those onto Kubernetes objects
  • 32. Service Discovery We had no real Service Discovery in the original setup Services migrated to Kubernetes exposed via LoadBalancer services (implemented by ELB) Announced via the VPC's Route53 Private DNS zone
  • 35. All this is very new and changing Kubernetes itself releases pretty frequently Lots of times improvements and bug fixes are backported to the stable release Kops releases sometimes lag a little behind Kubernetes Stay up to date!
  • 36. Kops defaults to creating a new VPC Extra elements required for every cluster New VPC peering, new routes, new CIDRs to add to Security Groups We rely on Route53 Private DNS zones for Service Discovery, so entries must be replicated in every Private DNS zone networkId parameter lets you specify an existing VPC, life is much easier We are now deploying all clusters in the same VPC
  • 37. Kops doesn't know about your other AWS But Kops + Terraform = ♥ Terraform overrides let you customise Kops-generated resources and refer to them in other resources (Route53 records, etc)
  • 38. Logging Kubernetes generates logs More logs Still more logs! Expect your log volume to grow considerably, use logLevel in Kops to reduce the default verbosity of Kubernetes components
  • 39. Monitoring Kubernetes Heapster captures CPU, RAM and disk usage metrics per Pod More metrics Still more metrics! This is currently overloading our application metrics visualisation tool, Librato
  • 40. Configuration and Secrets Management Make our stateless apps as "12 factor" as possible - environment variables vs. config files Some shared configuration is inevitable as we migrate services over Hashicorp Vault? Chamber + AWS Parameter Store?
  • 41.
  • 43. Where Contentful is today Our main API is 100% deployed on Kubernetes (few dependencies) Work is ongoing to adapt more of our components to Kubernetes We plan to complete the migration by Q1 2018
  • 44. AWS + Kubernetes = ❤ For small organisations we can recommend this: ● Use Kops (Terraform optional but recommended) ● Use kubenet networking in the same VPC ● Use kube2iam to leverage IAM profiles, if your apps are using AWS services ● (Parameter Store!)