Colin Hom - Infrastructure Engineergithub.com/colhom | [email protected]
Kube-AWS: Production Kubernetes Clusters on AWS
Design Goals
Artifacts should be:
Design Goals
Artifacts should be:
Secure
Design Goals
Artifacts should be:
Secure
Reproducible
Design Goals
Artifacts should be:
Secure
Reproducible
Auditable
CloudEC2, VPC, IAM, security groups,
Autoscaling groups
CloudEC2, VPC, IAM, security groups,
Autoscaling groups
Hostdocker, flannel,
etcd
CloudEC2, VPC, IAM, security groups,
Autoscaling groups
Hostdocker, flannel,
etcd
Clusterhyperkube
CloudEC2, VPC, IAM, security groups,
Autoscaling groups
Hostdocker, flannel,
etcd
Clusterhyperkube
containers: - name: cat-pics-server image: quay.io/colin_hom/cat-pics:latest
“Under the hood” demo
$ kube-aws init \--cluster-name=demo-chom \--external-dns-name=my-cluster-endpoint \--region=us-west-1 \--availability-zone=us-west-1c \--key-name=key-pair-name \--kms-key-arn="arn:aws:kms:us-west-1:xxxxxxxxxx:key/xxxxxxxxxxxxxxxxxxx"
$ ls -R . > cluster.yaml
Step 1.
Initialize yourcluster configuration
Under the hood
Under the hoodcluster.yaml
1.init
clusterName: demo-chom
externalDNSName: demo.coreos.com
availabilityZone: us-west-1c
#workerCount: 1
#workerInstanceType: m3.medium
#controllerInstanceType: m3.medium
$ kube-aws render
$ ls -R . > userdata/ > credentials/ > stack-template.json > cluster.yaml > kubeconfig
Step 2.
Render cluster assets
Under the hood
Under the hood
init
cluster.yaml
render
user data
TLS credentials
stack template
1. 2.
Under the hood
init
cluster.yaml
render
user data
TLS credentials
stack template
1. 2.
"AutoScaleWorker": { "Properties": { "AvailabilityZones": [
"{{.AvailabilityZone}}"
], "DesiredCapacity": "{{.WorkerCount}}",….}
$ kube-aws up
…. (get coffee)
$ kubectl get nodes > NAME STATUS AGE > node-1 READY 10m
Step 3.
Push the button!
Under the hood
Under the hood
init
cluster.yaml
render
user data
TLS credentials
stack template
1. 2.
up
3.
stack template
user data
TLS credentials
Under the hood
init
cluster.yaml
render
user data
TLS credentials
stack template
1. 2.
up
3.
stack template
user data
TLS credentials
$ kube-aws up --export> Exporting demo-chom.stack-template.json
$ git add my-cluster.stack-template.json
$ git commit -am “first pass at my cluster!”
Step 4.
Save your state!
Under the hood
render
Under the hood
init
cluster.yaml
user data
TLS credentials
stack template
1. 2.
up
3. j
stack template
user data
TLS credentials
4.
export
Design Goals
Secure
Reproducible
Auditable
$ git diff> --- a/cluster.yaml +++ b/cluster.yaml
# Instance type for worker nodes -#workerInstanceType: m3.medium +workerInstanceType: m3.large
$ kube-aws up --export
> Exporting demo-chom.stack-template.json
Let’s make some changes!Change the worker instance type from m3.medium to m3.large
$ git diff> # Instance type for worker nodes -#workerInstanceType: m3.medium +workerInstanceType: m3.large
$ kube-aws up --export
> Exporting demo-chom.stack-template.json
Let’s make some changes!Change the worker instance type from m3.medium to m3.large
$ git diff> # Instance type for worker nodes -#workerInstanceType: m3.medium +workerInstanceType: m3.large
$ kube-aws up --export
> Exporting demo-chom.stack-template.json
Let’s make some changes!Change the worker instance type from m3.medium to m3.large
$ git diff> # Instance type for worker nodes -#workerInstanceType: m3.medium +workerInstanceType: m3.large
$ kube-aws up --export
> Exporting demo-chom.stack-template.json
$ git commit -am “workers are m3.large”
Let’s make some changes!Change the worker instance type from m3.medium to m3.large
$ git diff HEAD~1 c542d5d8f20f6c059dfccc2b147f0097b1656381Author: Colin Hom <[email protected]>Date: Thu Apr 28 13:37:45 2016 -0700 # Instance type for worker nodes -#workerInstanceType: m3.medium +workerInstanceType: m3.large
j
Let’s make some changes!
Road to Version 1.0Recently Completed:
- Calico for network policy- Route53 Integration- Existing VPC support
Future Work:
- Zero-downtime upgrade path- HA control plane- Automated TLS rotation
github.com/coreos/coreos-kubernetes
Colin Homgithub.com/colhom | [email protected] | coreos.com
We’re hiring in all departments! Email: [email protected] Positions: coreos.com/ careers