Esegui pod serverless con Amazon EKS e AWS Fargate

© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Esegui pod serverless con
Amazon EKS e AWS Fargate
Alessandro Micco, AWS Partner Solutions Architect

Make AWS the BEST PLACE
to run KUBERNETES

Production
Workloads
Native and
upstream
Seamless
integrations
OSS
Contribution

Production workloads
Single tenant
Multi-AZ and highly available
architecture
by default
99.95% Service Level Agreement
for every cluster

Native and upstream
Upstream conformant
Integration testing
with Kubernetes tooling
APIs and existing tooling
just work

OSS contributions
AWS contributes
bug fixes, security patches, and
tooling improvements
Open-source components
Contribute to or maintain over
30 OSS projects on GitHub for
Kubernetes

Seamless integrations
Identity
Audits
Routing
Compliance
Monitoring
Logging
Ingress
Security
Databases
Networking
Storage

All the building blocks for
Kubernetes
in one place

Containers options on AWS – over time
Docker
Host
AWS Cloud
AWSmanagedCustomermanaged

Amazon ECS
EC2 Container
Instances
Auto Scaling group
2015
ECS API
Docker
Host
AWS Cloud

AWS Fargate
Amazon ECS
EC2 Container
Instances
Auto Scaling group
2017
ECS API
Docker
Host
AWS Cloud

AWS Fargate
Amazon ECS
EC2 Container
Instances
Auto Scaling group
Worker
nodes
Auto Scaling group
DIY K8S
ECS API
K8s API
Docker
Host
AWS Cloud

AWS Fargate
Amazon ECSAmazon EKS
EC2 Container
Instances
Auto Scaling group
Worker
nodes
Auto Scaling group
DIY K8S
2018
K8s API ECS API
K8s API
Docker
Host
AWS Cloud

Management of the
Kubernetes control plane
Phase 1

Management of the
Kubernetes control plane
Phase 1
Phase 2
Management of the
Kubernetes data plane

AWS Fargate
EC2 Container
Instances
Auto Scaling group
Managed
Node Groups
Auto Scaling group
Worker
nodes
Auto Scaling group
DIY K8S
2019
K8s API ECS API
K8s API
Docker
Host
AWS Cloud

AWS Fargate
EC2 Container
Instances
K8s API ECS API
AWS Cloud
Auto Scaling group
Managed
Node Groups
Auto Scaling group
Worker
nodes
Auto Scaling group
DIY K8S
re:Invent 2019
Docker
Host
K8s API

Amazon EKS on Fargate
Bring existing pods Production ready Rightsized and integrated
You don’t need to change
your existing pods.
Fargate works with existing
workflows and services that
run on Kubernetes.
Launch pods quickly. Easily run
pods across multiple AZs for high
availability.
Each pod runs in an isolated
compute environment.
Only pay for the resources you need
to run your pods.
Includes native AWS integrations for
networking and security.

What matters for Fargate
Fargate is a serverless compute platform
for containers on AWS
The differences between using EKS and ECS with
Fargate are driven by the orchestration system

The EC2 flow at 33,000 feet
Amazon EC2
Customer AccountAWS
VPC
PodService
You have to manage this
capacity (e.g., with ASGs)
Run a container on EC2
for me, please
EC2
Control Plane
ENI

The Fargate flow at 33,000 feet
Customer AccountAWS
Control Plane
VPC
AWS Fargate
Run a container on
FARGATE for me, please
You don’t have to
manage capacity
FARGATE
PodService
ENI

Fargate Managed nodes Unmanaged nodes
Units of work Pod Pod and EC2 Pod and EC2
Unit of charge Pod EC2 EC2
Fargate Vs. (Un)Managed Nodes

Host lifecycle There is no visible host AWS (SSH is allowed) Customer
Host AMI There is no visible host AWS vetted AMIs Customer BYO
Fargate Vs. (Un)Managed Nodes

Host lifecycle There is no visible host AWS (SSH is allowed) Customer
Host AMI There is no visible host AWS vetted AMIs Customer BYO
Host : Pods 1 : 1 1 : many 1 : many
Fargate vs. (Un)Managed Nodes

EKS data plane options
Worker nodes only
Amazon EKS
Availability Zone 1
Auto Scaling group
Availability Zone 2
Auto Scaling group
Worker node Worker node
Amazon EC2
Auto Scaling
Traditional container data plane
Pods

Mixed mode
Serverless container data plane
re:Invent 2019
AWS Fargate
Amazon EKS
Availability Zone 1
Auto Scaling group
Availability Zone 2
Auto Scaling group
Amazon EC2
Auto Scaling
Traditional container data plane
PodsPods

Fargate only
Serverless container data plane
re:Invent 2019
AWS Fargate
Amazon EKS
Pods

Kubernetes and EKS: Objects and constructs
KubernetesAmazon EKS
Amazon EKS

Kubernetes and EKS: Objects and constructs
aws eks create-cluster
aws eks update-cluster-version
…
kubectl apply
kubectl autoscale
Kubectl expose
…aws eks create-fargate-profile
NEW

Fargate profile template
Subnets to pick for
the Pod deployment
Parameters to “catch”
the pod deployment
IAM Role to be associated to the kubelet

{
"name": profile-a,
"clusterName": mycluster,
"podExecutionRole": iam-role-xyz,
"subnets": subnet-0ad888345,
"selectors": [
{
"namespace": prod,
"labels": {
stack: blue
}
}
]
}
Fargate profile
Simplified deployment flow
Availability Zone 1
Auto Scaling group
Availability Zone 2
Auto Scaling group
Amazon EC2 Auto
Scaling
AWS Fargate
Fargate Scheduler
Pod 4
Mutating/
Validating
Webhooks
namespace: prod
labels:
- stack: blue
- profile = profile-a
- schedulerName = fargate-
scheduler
Pod
3
2 namespace: prod
labels:
- stack: blue
1
Pod

{
"name": profile-a,
"selectors": [
{
"namespace": prod,
"labels": {
stack: blue
}
}
]
}
Fargate profile
Simplified deployment flow
Availability Zone 1
Auto Scaling group
Availability Zone 2
Auto Scaling group
Amazon EC2 Auto
Scaling
AWS Fargate
Fargate Scheduler
Pod 4
Mutating/
Validating
Webhooks
namespace: test
1
Pod
2
3

Need a custom pod spec to deploy to Fargate?
No You can configure EKS to deploy to Fargate…
without touching your pod spec
See the pod
restart on Fargate
Kill the podCreate a Fargate
profile that matches
the pod namespace
(and optionally, labels)
Example
Run a pod on standard
worker nodes

Example: Deploy to workers
Availability Zone 1
Auto Scaling group
Availability Zone 2
Auto Scaling group
Amazon EC2 Auto
Scaling
AWS Fargate
Fargate Scheduler
Pod 4
Mutating/
Validating
Webhooks
2
3
1
Pod
namespace: default
1
Pod

{
"name": profile-a,
"selectors": [
{
"namespace": default
}
}
]
}
Fargate profile
Example: Re-deploy to Fargate
Availability Zone 1
Auto Scaling group
Availability Zone 2
Auto Scaling group
Amazon EC2 Auto
Scaling
AWS Fargate
Fargate Scheduler
Pod 4
Mutating/
Validating
Webhooks
namespace: default
labels:
- profile = profile-a
- shchedulerName = fargate-
schedulerPod
3
2 namespace: default
1
Pod
Same pod spec

How do we pick the size of the pod?
Init containers
Start sequentially and then stop
Containers
Long running
Request
Limit
This is for both
Memory and
CPU dimensions

Init containers
Containers
Long running
Request
Only requests
are considered
1

Init containers
Containers
Long running
Request
Requests
for ALL
long-running
containers are
added together
2

Init containers
Containers
Long running
Request
The biggest
number is taken
and used to size
the Fargate pod
3
This

Init containers
Containers
Long running
Another
example?

Init containers
Containers
Long running
Let’s
consider the
requests only

Init containers
Containers
Long running
Let’s add all
long-running
containers and
pick the biggest
number
This

Init containers
Containers
Long running
How do we
go from this
Pod config
example to a
Fargate size?
This

This
Fargate task size combinations

This
Closest config
(rounded up)
is picked
Fargate task size combinations
MEMCPU
+256MB
Kubernetes components

Networking architecture
Secondary
IPs
K8s
components
Worker nodes data plane
(Instance)
PodPodPodPod
ENIENI
(Instances)
Fargate data plane
K8s
components
Pod
K8s
components
Pod
K8s
components
Pod
K8s
components
Pod
ENIENIENIENI

Secondary
IPs
K8s
components
Worker nodes data plane
(Instance)
PodPodPodPod
ENIENI
(Instances)
Fargate data plane
K8s
components
Pod
K8s
components
Pod
K8s
components
Pod
K8s
components
Pod
ENIENIENIENI
Security group considerations
SG1
SG1 SG1 SG1 SG1

Load Balancers considerations
ALB Ingress works as it normally does
Latest version includes the required code changes to make it work
NLB support with the AWS Load Balancer Controller (Oct, 2020)
AWS Load Balancer Controller includes support for both Application Load Balancers and Network
Load Balancers. The new controller enables you to simplify operations and save costs by sharing
an Application Load Balancer across multiple applications in your Kubernetes cluster, as well as
using a Network Load Balancer to target pods running on AWS Fargate.
CLB will not work because it must target EC2 instances
There are no EC2 instances with EKS/Fargate

Storage options with EKS for Fargate
AWS Fargate provides a local storage space for containers to share
This space is ephemeral and only lives for the time the pod lives
Persistent storage for Fargate is a frequent ask from customers and is
available with latest Amazon EFS CSI driver (Aug, 2020)
AWS Fargate will use the EFS CSI driver to automatically mount an EFS file system requested by a
pod running on Fargate, without the need for manual driver installation. Fargate pods requiring
EFS volumes can be started with newly created EKS clusters running Kubernetes version 1.17

EKSCTL support
EKSCTL supports Fargate and EC2 worker nodes
Make sure you use the latest version
It is possible to create a Fargate-only cluster
Or a combination of Fargate and managed node groups
EKSCTL takes care of some undifferentiated
heavy lifting
Such as creating the Fargate profiles and more
$ eksctl create cluster --fargate
https://eksctl.io/

Recap: EKS for Fargate introduces UX changes
Things you no
longer need to do
Manage Kubernetes
worker nodes
Pay for unused capacity
Use K8s Cluster
Autoscaler (CA)
Things you get
out of the box
VM isolation at pod level
Pod level billing
Easy chargeback in multi-
tenant scenarios
Use LoadBalancer (ALB/NLB)
Run statefull workloads via EFS
Things you
can’t do (for now)
Deploy Daemonsets
Use Classic
LoadBalancer (CLB)
Running privileged
containers
Security Groups per Pod
https://github.com/aws/containers-roadmap

Limits: Things to keep in mind
AWS accounts have a soft limit of 500
Fargate tasks/pods per region
You increase this limit
Due to the nature of the solution,
there’s a limit of 5,000 pods per cluster
K8s tests up to
5,000 workers per cluster

Scalability: Things to keep in mind
Single individual pod start time may be longer
on Fargate than on EC2
Each pod deployment sources a virtual
node first from the Fargate fleet
Pod deployments at scale may be faster due to
Fargate parallelism
E.g., think of the delay that Cluster Autoscaler can
introduce in sourcing new EC2 capacity

Pricing
Standard EKS cluster pricing $0.10 per hour
Standard Fargate Pricing for vCPU and memory
AWS Fargate for Amazon EKS now included in Compute
Savings Plans (Aug, 2020)

AWS Europe (Milan) Region
On April, 28th AWS expanded its global footprint with the opening of the AWS Infrastructure Region in Italy. The new
Region AWS Europe (Milano) brings advanced cloud technologies that enable opportunities for innovation,
entrepreneurship, and digital transformation. For additional information about services and characteristics of an AWS
Region, you can check the website: aws.amazon.com/local/italy/milan/

AWS Training & Certification
https://www.aws.training : Free on-demand courses to help you build new cloud skills
Video: Deep Dive on AWS Fargate: Building Serverless Containers at Scale
https://www.aws.training/Details/Video?id=26855
E-Learning: Amazon Elastic Kubernetes Service (EKS) Primer
https://www.aws.training/Details/eLearning?id=32894
Video: Introduction to AWS Fargate
https://www.aws.training/Details/Video?id=16623
For more info on AWS T&C visit: https://aws.amazon.com/it/training/
Available AWS Certifications

Esegui pod serverless con Amazon EKS e AWS Fargate

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à Esegui pod serverless con Amazon EKS e AWS Fargate

Similaire à Esegui pod serverless con Amazon EKS e AWS Fargate (20)

Plus de Amazon Web Services

Plus de Amazon Web Services (20)

Esegui pod serverless con Amazon EKS e AWS Fargate