Kube-AWS

transcript

Colin Hom - Infrastructure Engineergithub.com/colhom | colin.hom@coreos.com

Kube-AWS: Production Kubernetes Clusters on AWS

Design Goals

Artifacts should be:

Design Goals

Secure

Design Goals

Secure

Reproducible

Design Goals

Secure

Reproducible

Auditable

CloudEC2, VPC, IAM, security groups,

Autoscaling groups

Hostdocker, flannel,

Autoscaling groups

Clusterhyperkube

Autoscaling groups

Clusterhyperkube

containers: - name: cat-pics-server image: quay.io/colin_hom/cat-pics:latest

“Under the hood” demo

$ kube-aws init \--cluster-name=demo-chom \--external-dns-name=my-cluster-endpoint \--region=us-west-1 \--availability-zone=us-west-1c \--key-name=key-pair-name \--kms-key-arn="arn:aws:kms:us-west-1:xxxxxxxxxx:key/xxxxxxxxxxxxxxxxxxx"

$ ls -R . > cluster.yaml

Step 1.

Initialize yourcluster configuration

Under the hood

Under the hoodcluster.yaml

1.init

clusterName: demo-chom

externalDNSName: demo.coreos.com

availabilityZone: us-west-1c

#workerCount: 1

#workerInstanceType: m3.medium

#controllerInstanceType: m3.medium

$ kube-aws render

$ ls -R . > userdata/ > credentials/ > stack-template.json > cluster.yaml > kubeconfig

Step 2.

Render cluster assets

Under the hood

cluster.yaml

render

user data

TLS credentials

stack template

Under the hood

cluster.yaml

render

user data

TLS credentials

stack template

"AutoScaleWorker": { "Properties": { "AvailabilityZones": [

"{{.AvailabilityZone}}"

], "DesiredCapacity": "{{.WorkerCount}}",….}

$ kube-aws up

…. (get coffee)

$ kubectl get nodes > NAME STATUS AGE > node-1 READY 10m

Step 3.

Push the button!

Under the hood

cluster.yaml

render

user data

TLS credentials

stack template

user data

TLS credentials

Under the hood

cluster.yaml

render

user data

TLS credentials

stack template

user data

TLS credentials

$ kube-aws up --export> Exporting demo-chom.stack-template.json

$ git add my-cluster.stack-template.json

$ git commit -am “first pass at my cluster!”

Step 4.

Save your state!

Under the hood

render

Under the hood

cluster.yaml

user data

TLS credentials

stack template

user data

TLS credentials

export

Design Goals

Secure

Reproducible

Auditable

$ git diff> --- a/cluster.yaml +++ b/cluster.yaml

# Instance type for worker nodes -#workerInstanceType: m3.medium +workerInstanceType: m3.large

$ kube-aws up --export

> Exporting demo-chom.stack-template.json

Let’s make some changes!Change the worker instance type from m3.medium to m3.large

$ git diff> # Instance type for worker nodes -#workerInstanceType: m3.medium +workerInstanceType: m3.large

$ git commit -am “workers are m3.large”

$ git diff HEAD~1 c542d5d8f20f6c059dfccc2b147f0097b1656381Author: Colin Hom <colhom@gmail.com>Date: Thu Apr 28 13:37:45 2016 -0700 # Instance type for worker nodes -#workerInstanceType: m3.medium +workerInstanceType: m3.large

Let’s make some changes!

Road to Version 1.0Recently Completed:

- Calico for network policy- Route53 Integration- Existing VPC support

Future Work:

- Zero-downtime upgrade path- HA control plane- Automated TLS rotation

github.com/coreos/coreos-kubernetes

Colin Homgithub.com/colhom | colin.hom@coreos.com | coreos.com

We’re hiring in all departments! Email: careers@coreos.com Positions: coreos.com/ careers

Kube-AWS

Technology