Professional Documents
Culture Documents
Aws Eks Kubernetes Masterclass Devops Microservices
Aws Eks Kubernetes Masterclass Devops Microservices
StackSimplify
AWS EKS
Course Outline
DevOps Microservices
DevOps Microservices
AWS Developer Tools Service Discovery
Distributed Tracing
nginxdemos
/hello Docker Daemon
Docker Registry
(Docker Hub)
nginxdemos
Container-11
/hello
Images Containers
Docker Host
docker pull nginxdemos/hello
• Docker Registry or Docker Hub
• A Docker registry stores Docker images. docker run -p 82:80 -d nginxdemos/hello
• Docker Hub is a public registry that anyone can use, and Docker is
configured to look for images on Docker Hub by default. Docker Client (My Desktop or Docker Host)
• We can even run our own private registry.
• When we use the docker pull or docker run commands, the
required images are pulled from our configured registry.
• When we use the docker push command, our image is pushed to
our configured registry.
Imperative Declarative
Pod Pod
ReplicaSet ReplicaSet
Deployment Deployment
Service Service
Users
NodePort Service
Users
NoePort Service
REST
API Deployment
AWS POD
Environment Variables
RDS Database ReplicaSet
Deployment (UserMgmt)
ExternalName Service
MySQL – ExternalName Service
Users
U U ReplicaSet U U
Pod Pod Pod Pod
Deployment
AWS EKS
Network Design Private subnet Private subnet
With
EKS Workload
& Amazon RDS Amazon RDS
RDS Database
© Kalyan Reddy Daida StackSimplify
AWS Cloud
U U ReplicaSet U U
Deployment
AWS EKS MySQL – External Name Service
Network Design EKS Private NodeGroup
With
EKS Workload
RDS & ELB Amazon RDS DB Amazon RDS DB
Classic Load Balancer
© Kalyan Reddy Daida StackSimplify
AWS Cloud
U U ReplicaSet U U
Deployment
AWS EKS MySQL – External Name Service
Network Design EKS Private NodeGroup
With
EKS Workload
RDS & ELB Amazon RDS DB Amazon RDS DB
Network Load Balancer
© Kalyan Reddy Daida StackSimplify
AWS Cloud
N N U
AWS Certificate Manager Pod Pod Pod
ReplicaSet ReplicaSet
AWS EKS Deployment: app1
ReplicaSet
Deployment: app2 Deployment: UMS
Network Design MySQL – External Name Service
With EKS Private NodeGroup
EKS Workload
RDS & ELB
Application Amazon RDS DB Amazon RDS DB
Load Balancer & Route53
Ingress & External-DNS
© Kalyan Reddy Daida StackSimplify
EKS Deployment Options - Mixed
AWS Cloud EKS Cluster
VPC
Availability Zone: us-east-1a Availability Zone: us-east-1b Availability Zone: us-east-1a Availability Zone: us-east-1b
Availability Zone: us-east-1a Availability Zone: us-east-1b Availability Zone: us-east-1a EKS Fargate Availability Zone: us-east-1b
App2 - Ingress U U
Ingress Fargate Profile: UMS
UMS Pod UMS Pod
N N N N
Auto Scaling group Fargate Profile: App2
App1 Pod App1 Pod App2 Pod App2 Pod
EKS Private Managed Node Group
http://ecrdemo.kubeoncloud.com
AWS Cloud
ecrdemo.kubeoncloud.com Push Images
EKS Cluster
Amazon Route 53
AWS Certificate Manager
Docker Image
VPC
Pull Docker Image from ECR
Availability Zone: us-east-1a Availability Zone: us-east-1b
AWSCodePipeline
Kalyan Reddy Daida StackSimplify
AWS Developer Tools or Code Services
Source Build Test Deploy Monitor
AWSCodePipeline
Kalyan Reddy Daida StackSimplify
Microservices
API Developer
Or
API User SMTP
Users DB Server
AWS Cloud
https://ums.kubeoncloud.com/usermgmt/user
ums.kubeoncloud.com
services.kubeoncloud.com
EKS Cluster
VPC Amazon Route 53
Availability Zone: us-east-1a Availability Zone: us-east-1a
U U ReplicaSet U U
AWS X-Ray
UMS POD UMS POD UMS POD UMS POD
UMS Deployment
X DaemonSet X
Simple Email
Service (SES) N
NS Pod
NS Deployment
Deployment
ReplicaSet 3. Scale the app to desired replicas
Scale
Replication Controller
StatefulSet
Application
Kubernetes Cluster
NGINX Deployment
Developer or Operations User
C CloudWatch Agent C
DaemonSet
CW pod CW pod
CloudWatch
F Fluentd F
DaemonSet
CLIs kubectl We can control Kubernetes clusters and objects using kubectl
1. Worker machines in Kubernetes are called nodes. These are EC2 Instances
2. EKS worker nodes run in our AWS account and connect to our cluster's control plane via the cluster
API server endpoint.
Worker Nodes
3. A node group is one or more EC2 instances that are deployed in an EC2 Autoscaling group.
&
4. All instances in a node group must
Node Groups
1. Be the same instance type
2. Be running the same AMI
3. Use the same EKS worker node IAM role
1. EKS uses AWS VPC network policies to restrict traffic between control plane components to within a
single cluster.
2. Control plane components for a EKS cluster cannot view or receive communication from other
VPC
clusters or other AWS accounts, except as authorized with Kubernetes RBAC policies.
3. This secure and highly-available configuration makes EKS reliable and recommended for production
workloads.
kube-apiserver
Worker Node
kube-
etcd
scheduler Kubelet Kube-Proxy
kube-apiserver
Worker Node
kube-
etcd
scheduler Kubelet Kube-Proxy
kube-apiserver
Worker Node - 2
kube-
etcd
scheduler Kubelet Kube-Proxy
Imperative Declarative
Pod Pod
ReplicaSet ReplicaSet
Deployment Deployment
Service Service
N N N N
N N N N N
• NodePort Service
• LoadBalancer ClusterIP Service Port
Scaling
ReplicaSets
Load Balancing
Reliability
Or
N N N
High Availability
POD POD POD
ReplicaSet
Worker Node
Kubernetes Cluster
Service
N N N N
Deployment
Worker Node - 1 Worker Node - 2
Kubernetes Cluster
© Kalyan Reddy Daida StackSimplify
Kubernetes - Deployment
Create a Deployment to rollout a ReplicaSet
Deployment Status
Clean up Policy
Canary Deployments
Services Primarily for Cloud Providers to integrate with their Load Balancer
LoadBalancer
services (Example: AWS Elastic Load Balancer)
N N N
POD POD POD
ReplicaSet
Deployment (app=frontend)
DB – ExternalName Service
AWS Cloud
B B B
AWS RDS Database
POD POD POD
ReplicaSet
Services Deployment (app=Backend)
POD
ReplicaSet
Deployment (app=frontend)
POD
ReplicaSet
Deployment (app=Backend)
In-Tree EBS Provisioner EBS CSI Driver EFS CSI Driver FSx for Luster CSI
Will be deprecated soon Latest & Greatest available today & in Beta release & ready for production use
Allows EKS Clusters to manage lifecycle of EBS Volumes for persistent storage, EFS File
systems & FSx for Luster File systems
EKS Storage
EBS CSI Driver
MySQL – ClusterIP Service
AWS Elastic Block Store - EBS
Users
NodePort Service
REST
API Deployment
POD
EKS Storage ReplicaSet Environment Variables
Kubelet uses liveness probes to know Kubelet uses readiness probes to know Kubelet uses startup probes to know when
when to restart a container when a container is ready to accept traffic a container application has started
Liveness probes could catch a deadlock, Firstly this proble disables liveness &
When a Pod is not ready, it is removed
where an application is running, but readiness checks until it succeeds ensuring
from Service load balancers based on this
unable to make progress and restarting those pods don’t interfere with app
readiness probe signal.
container helps in such state startup.
This can be used to adopt liveness checks on
slow starting containers, avoiding them
getting killed by the kubelet before they are
Options to define Probes up and running.
F F F
B B B
Deployment
B B B
B B B
AWS EKS
&
RDS Database
Users
NodePort Service
Users
NoePort Service
REST
API Deployment
AWS POD
Environment Variables
RDS Database ReplicaSet
Deployment (UserMgmt)
ExternalName Service
MySQL – ExternalName Service
Users
U U ReplicaSet U U
Pod Pod Pod Pod
Deployment
AWS EKS
Network Design Private subnet Private subnet
With
EKS Workload
& Amazon RDS Amazon RDS
RDS Database
© Kalyan Reddy Daida StackSimplify
Classic Network Application
Load Balancer Load Balancer Load Balancer
AWS
Elastic Load Balancing
Overview
https://aws.amazon.com/elasticloadbalancing/features/#compare
AWS EKS
&
RDS & ELB
Classic Load Balancer
© Kalyan Reddy Daida StackSimplify
AWS Cloud
Users
U U ReplicaSet U U
Pod Pod Pod Pod
Deployment
AWS EKS
Network Design Private subnet Private subnet
With
EKS Workload
& Amazon RDS Amazon RDS
RDS Database
© Kalyan Reddy Daida StackSimplify
AWS Cloud
U U ReplicaSet U U
Deployment
AWS EKS MySQL – External Name Service
Network Design EKS Private NodeGroup
With
EKS Workload
RDS & ELB Amazon RDS DB Amazon RDS DB
Classic Load Balancer
© Kalyan Reddy Daida StackSimplify
Elastic Load Classic Network Application Amazon RDS
Balancing Load Balancer Load Balancer Load Balancer
AWS EKS
&
RDS & ELB
Network Load Balancer
© Kalyan Reddy Daida StackSimplify
AWS Cloud
U U ReplicaSet U U
Deployment
AWS EKS MySQL – External Name Service
Network Design EKS Private NodeGroup
With
EKS Workload
RDS & ELB Amazon RDS DB Amazon RDS DB
Network Load Balancer
© Kalyan Reddy Daida StackSimplify
Elastic Load Classic Network Application Amazon RDS
Balancing Load Balancer Load Balancer Load Balancer
AWS EKS
&
RDS & ELB
Application Load Balancer
© Kalyan Reddy Daida StackSimplify
How Ingress
Works?
https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/master/docs/examples/iam-policy.json
N N U
AWS Certificate Manager Pod Pod Pod
ReplicaSet ReplicaSet
AWS EKS Deployment: app1
ReplicaSet
Deployment: app2 Deployment: UMS
Network Design MySQL – External Name Service
With EKS Private NodeGroup
EKS Workload
RDS & ELB
Application Amazon RDS DB Amazon RDS DB
Load Balancer & Route53
Ingress & External-DNS
© Kalyan Reddy Daida StackSimplify
Elastic Load Classic Network Application Amazon RDS
Balancing Load Balancer Load Balancer Load Balancer
AWS EKS
RDS & ELB
Application Load Balancer
Ingress Controller Basics
© Kalyan Reddy Daida StackSimplify
AWS Cloud
U
Pod
AWS EKS ReplicaSet
Deployment: UMS
Network Design MySQL – External Name Service
With EKS Private NodeGroup
EKS Workload
RDS & ELB
Application Amazon RDS DB Amazon RDS DB
Load Balancer
AWS EKS
RDS & ELB
Application Load Balancer
Ingress Context Path
based Routing
© Kalyan Reddy Daida StackSimplify
AWS Cloud
N N U
AWS EKS Pod Pod Pod
Network Design ReplicaSet
Deployment: app1
ReplicaSet
Deployment: app2
ReplicaSet
Deployment: UMS
With MySQL – External Name Service
EKS Workload EKS Private NodeGroup
RDS & ELB
Application
Load Balancer Amazon RDS DB Amazon RDS DB
ntext path based Routing
AWS EKS
RDS & ELB
Application Load Balancer
Ingress SSL
© Kalyan Reddy Daida StackSimplify
AWS Cloud
N N U
AWS EKS AWS Certificate Manager Pod Pod Pod
Network Design ReplicaSet
Deployment: app1
ReplicaSet
Deployment: app2
ReplicaSet
Deployment: UMS
With MySQL – External Name Service
EKS Workload EKS Private NodeGroup
RDS & ELB
Application
Load Balancer Amazon RDS DB Amazon RDS DB
Ingress SSL
AWS EKS
RDS & ELB
Application Load Balancer
Ingress SSL Redirect
© Kalyan Reddy Daida StackSimplify
AWS Cloud
N N U
AWS EKS AWS Certificate Manager Pod Pod Pod
Network Design ReplicaSet
Deployment: app1
ReplicaSet
Deployment: app2
ReplicaSet
Deployment: UMS
With MySQL – External Name Service
EKS Workload EKS Private NodeGroup
RDS & ELB
Application
Load Balancer Amazon RDS DB Amazon RDS DB
Ingress SSL Redirect
AWS EKS
RDS & ELB
Application Load Balancer
& Route53
Ingress & External-DNS
© Kalyan Reddy Daida StackSimplify
AWS Cloud
N N U
AWS Certificate Manager Pod Pod Pod
ReplicaSet ReplicaSet
AWS EKS Deployment: app1
ReplicaSet
Deployment: app2 Deployment: UMS
Network Design MySQL – External Name Service
With EKS Private NodeGroup
EKS Workload
RDS & ELB
Application Amazon RDS DB Amazon RDS DB
Load Balancer & Route53
Ingress & External-DNS
© Kalyan Reddy Daida StackSimplify
Elastic Load Classic Network Application Certificate Route53 Elastic Block Amazon RDS
Balancing Load Balancer Load Balancer Load Balancer Manager Store
AWS EKS
Fargate Profiles
Serverless
Fargate
Profiles
© Kalyan Reddy Daida StackSimplify
What is Fargate?
• Fargate is a Serverless compute platform for containers on AWS
• Fargate provides on-demand, right-sized compute capacity for containers
• EKS integrates Kubernetes with Fargate by using controllers that are built by
AWS using the upstream, extensible model provided by Kubernetes.
• These controllers run as part of the EKS managed Kubernetes control plane
and are responsible for scheduling native Kubernetes pods onto Fargate.
• The Fargate controllers include a new scheduler that runs alongside the
default Kubernetes scheduler in addition to several mutating and validating
admission controllers.
• When we start a pod that meets the criteria for running on Fargate, the
Fargate controllers running in the cluster recognize, update, and schedule
the pod onto Fargate.
Managed Nodes
Fargate Nodes
VPC
Managed Node
Groups in both public
Private subnet Private subnet
and private subnets of
a VPC
Auto Scaling group
EC2 Instance EC 2Instance
EKS Private Managed Node Group
VPC
Pods running on
Fargate are only
supported on private
Private subnet Private subnet
subnets
EKS Fargate
Fargate Profile
Fargate EC2 Instance Fargate EC2 Instance
VPC
Availability Zone: us-east-1a Availability Zone: us-east-1b Availability Zone: us-east-1a Availability Zone: us-east-1b
AWS EKS
Fargate Profiles
Basics
Fargate
Profiles
© Kalyan Reddy Daida StackSimplify
EKS Deployment Options - Mixed
AWS Cloud EKS Cluster
VPC
VPC
Availability Zone: us-east-1a Availability Zone: us-east-1b Availability Zone: us-east-1a Availability Zone: us-east-1b
VPC
Availability Zone: us-east-1a Availability Zone: us-east-1b
Users
Amazon Route 53 Public subnet Public subnet
Application Load Balancer
SSL
SSL Redirect external-dns
User Management – Application Load Balancer Service (Ingress)
fpdev.kubeoncloud.com
https://fpdev.kubeoncloud.com/app1/index.html NAT gateway NAT gateway
/* Ingress
N ReplicaSet N
Pod Pod
AWS Certificate Manager
Deployment: app1
AWS EKS
Fargate Profiles
Advanced with YAML
Fargate
Profiles
© Kalyan Reddy Daida StackSimplify
Users EKS Deployment Options – Mixed Mode - 3 Apps
AWS Cloud app1. kubeoncloud.com Amazon RDS DB
app2.kubeoncloud.com
app1.kubeoncloud.com app2.kubeoncloud.com ums.kubeoncloud.com ums.kubeoncloud,com Amazon Route 53
VPC
Availability Zone: us-east-1a Availability Zone: us-east-1b Availability Zone: us-east-1a EKS Fargate Availability Zone: us-east-1b
App2 - Ingress U U
Ingress Fargate Profile: UMS
UMS Pod UMS Pod
N N N N
Auto Scaling group Fargate Profile: App2
App1 Pod App1 Pod App2 Pod App2 Pod
EKS Private Managed Node Group
Availability Zone: us-east-1a Availability Zone: us-east-1b Availability Zone: us-east-1a EKS Fargate Availability Zone: us-east-1b
N N N N
Auto Scaling group Fargate Profile: App2
App1 Pod App1 Pod App2 Pod App2 Pod
EKS Private Managed Node Group
AWS EKS
ECR
Elastic Container Registry
Docker Container
On-Premise
http://ecrdemo.kubeoncloud.com
AWS Cloud
ecrdemo.kubeoncloud.com Push Images
EKS Cluster
Amazon Route 53
AWS Certificate Manager
Docker Image
VPC
Pull Docker Image from ECR
Availability Zone: us-east-1a Availability Zone: us-east-1b
AWS EKS
&
AWS Developer Tools
AWSCodePipeline
Kalyan Reddy Daida StackSimplify
AWS Developer Tools or Code Services
Source Build Test Deploy Monitor
AWSCodePipeline
Kalyan Reddy Daida StackSimplify
AWS CodeCommit
AWS CodeCommit
Amazon Simple Notification AWS Key Management AWS Elastic Beanstalk Amazon CloudWatch
AWS CloudTrail
Service Service
Kalyan Reddy Daida StackSimplify
CodeCommit - Steps
Developer
Local Git
Repo
push
AWS Cloud
AWS CodeCommit
Build Logs
Amazon EC2 Container
Registry
Local Git
Repo
push
AWS Cloud
AWS CodeCommit
ECR
N N
ReplicaSet
Pod Pod
Deployment: app1
AWS EKS
What are Microservices?
AWS EKS
Microservices
Deployment
API Developer
Or
API User SMTP
Users DB Server
AWS Cloud
https://ums.kubeoncloud.com/usermgmt/user
ums.kubeoncloud.com
services.kubeoncloud.com
EKS Cluster
VPC Amazon Route 53
Availability Zone: us-east-1a Availability Zone: us-east-1a
AWS EKS
Microservices Distributed
Tracing
AWS X-Ray
U U ReplicaSet U U
AWS X-Ray
UMS POD UMS POD UMS POD UMS POD
UMS Deployment
X DaemonSet X
Simple Email
Service (SES) N
NS Pod
NS Deployment
AWS EKS
Microservices
Canary Deployments
Canary – 50%
Downside
We need to incrementally increase Canary – 25%
pods based on percentage distribution
Canary – 10%
we need for canary
Deployment
ReplicaSet 3. Scale the app to desired replicas
Scale
Replication Controller
StatefulSet
Application
Kubernetes Cluster
HPA requires
Min Replicas = 2
Max Replicas = 10
AWS EKS
CloudWatch
Container Insights
Fargate Elastic Container Code Code Code Simple Email X-Ray CloudWatch Simple
Profiles Registry Commit Build Pipeline Service Notification Service
© Kalyan Reddy Daida StackSimplify
Container Insights
• A fully managed observability service for monitoring, troubleshooting and
alarming on our containerized applications.
• Container Insights to collect, aggregate, and summarize metrics and logs from
our containerized applications and microservices.
• The metrics include utilization for resources such as CPU, memory, disk, and
network.
• It also provides diagnostic information, such as container restart failures, to help
us isolate issues and resolve them quickly.
• We can also set CloudWatch alarms on metrics that Container Insights collects.
• The metrics that Container Insights collects are available in CloudWatch
automatic dashboards.
• We can analyze and troubleshoot container performance and logs data with
CloudWatch Logs Insights.
NGINX Deployment
Developer or Operations User
C CloudWatch Agent C
DaemonSet
CW pod CW pod
CloudWatch
F Fluentd F
DaemonSet