reinvent2018-net410's People
Forkers
pm010537 izugbokwe trevorrobertsjr bsangwan willchertoff brandonstevens qnu wilmayeung imyoungyang ruparee sessin cloudfiles-me henceman777 bchandramoulireinvent2018-net410's Issues
Fix CloudFormation to handle space in ssh key-pair
Issue was encountered with a space in ssh key pair and cloud formation failed silently. Handle space in the ssh key pair
"sudo" required for commands below
exam Pod's traffic
yum install -y tcpdump
tcpdump -i eni61b9c53e3d2
Thinking of changing to full Title - AWS re:Invent 2018: NET410 Workshop: Deep Dive on Container Networking at Scale on Amazon EKS, Amazon ECS, & Amazon EC2
AWS re:Invent 2018: NET410 Workshop
Please fix git clone issue
It might be better to have attendees get the EKS & Kops Public IP's for ssh from EC2 Console
ssh into EKS console
Find out EksEC2Instance and EC2 instance ID from Cloudformation resource
ssh into EKS instance
Should we have a bold heading saying all "All Workshop activities will be done in eu-west-1" ?
[ec2-user@ip-172-31-21-42 configFiles]$ kubectl apply -f simpleHttpServer.yaml - missed step
Step missed -[ec2-user@ip-172-31-21-42 configFiles]$ kubectl apply -f serviceClusterIp.yaml
[ec2-user@ip-172-31-21-42 configFiles]$ ls
busyboxDeployment.yaml serviceClusterIp.yaml serviceNodePort.yaml
client.yaml serviceLoadBalancer.yaml simpleHttpServer.yaml
[ec2-user@ip-172-31-21-42 configFiles]$ kubectl apply -f serviceClusterIp.yaml
service/service-clusterip created
[ec2-user@ip-172-31-21-42 configFiles]$
Step missed -[ec2-user@ip-172-31-21-42 configFiles]$ kubectl apply -f client.yaml
[ec2-user@ip-172-31-21-42 configFiles]$ kubectl apply -f client.yaml
deployment.apps/simple-client created
[ec2-user@ip-172-31-21-42 configFiles]$
We need to include cd into eks-cni-demo directory- [ec2-user@ip-172-31-23-130 reinvent2018-NET410]$ cd eks-cni-demo/
Create Pods
kubectl apply -f eks-cni-demo/worker_hello.yaml
Remove Section Below similar to to Kops section
CNI DEMO
Setup a EKS cluster
Create a t2.micro instance (using AWS console)
create EC2 key pair, e.g. my-eks-key
create a t2.micro instance using AMI ami-0965d7fbfc86df411 using my-eks-key
run aws configure to configure instance with right permission
Create a EKS cluster
create a EKS cluster
eksctl create cluster --name reinvent-eks-1 --node-type=t2.medium --ssh-access --ssh-public-key=my-eks-key
Fix cloudformation to handle non-default vpc
Are instructions below still valid ?
EKS, security group given to (aws eks create-cluster...) is not right
worker node have proxy setup
worker node have taint
kops also have options to use aws eks cni
We should mention kops also have option to use our aws eks CNI
"Amazon EKS Architecture" diagram has text with 2017 and a floating / superimposed text
Fix CloudFormation template
- Parameterize the name for eks cluster
Fix Typo in Pod Netowrk Stack Internal
Change to Pod "Network" Stack Internal
I think Console should be the first option to create ssh key-pair as it's the simplest
handle kops cluster delete efficiently
as of now if AWS CFT is deleted without deleting kops cluster, it leaves kops cluster orphaned. Handle clean up efficiently
eks cluster needs worker node to use t2.medium
t2.micro is too small for eks cluster, can we have t2.medium?
Let's have them check the region before they start creating the ssh keys
Set region to eu-west-1 (Ireland)
To create ssh key-pair using Amazon EC2 Console, click on Amazon EC2 console.
Documentation can be found here
Use IP from "kubectl get nodes -o wide" command output to make it clear this is from one of the node
vethxx interfaces are for pods that are running in kube-system name space:
$: kubectl get pods -o wide --all-namespaces |grep 10-1-2-179
kube-system kube-dns-5fbcb4d67b-hr4vr 3/3 Running 0 18h 100.65.129.4 ip-10-1-2-179.us-west-2.compute.internal
kube-system kube-dns-autoscaler-6874c546dd-k2twt 1/1 Running 0 2d 100.65.129.2 ip-10-1-2-179.us-west-2.compute.internal
kube-system kube-proxy-ip-10-1-2-179.us-west-2.compute.internal 1/1 Running 0 2d 10.1.2.179 ip-10-1-2-179.us-west-2.compute.internal
kube-system kubernetes-dashboard-7b9c7bc8c9-ttc7z 1/1 Running 0 2d 100.65.129.3 ip-10-1-2-179.us-west-2.compute.internal
$:
CNI Demo: Need to edit cluster set up portion
Remove Policy Section Below to keep focus on networking
install calico policy add-on
kubectl apply -f calico.yaml
daemonset.extensions "calico-node" created
customresourcedefinition.apiextensions.k8s.io "felixconfigurations.crd.projectcalico.org" created
customresourcedefinition.apiextensions.k8s.io "bgpconfigurations.crd.projectcalico.org" created
customresourcedefinition.apiextensions.k8s.io "ippools.crd.projectcalico.org" created
customresourcedefinition.apiextensions.k8s.io "hostendpoints.crd.projectcalico.org" created
customresourcedefinition.apiextensions.k8s.io "clusterinformations.crd.projectcalico.org" created
customresourcedefinition.apiextensions.k8s.io "globalnetworkpolicies.crd.projectcalico.org" created
customresourcedefinition.apiextensions.k8s.io "globalnetworksets.crd.projectcalico.org" created
customresourcedefinition.apiextensions.k8s.io "networkpolicies.crd.projectcalico.org" created
serviceaccount "calico-node" created
clusterrole.rbac.authorization.k8s.io "calico-node" created
clusterrolebinding.rbac.authorization.k8s.io "calico-node" created
deployment.extensions "calico-typha" created
clusterrolebinding.rbac.authorization.k8s.io "typha-cpha" created
clusterrole.rbac.authorization.k8s.io "typha-cpha" created
configmap "calico-typha-horizontal-autoscaler" created
deployment.extensions "calico-typha-horizontal-autoscaler" created
role.rbac.authorization.k8s.io "typha-cpha" created
serviceaccount "typha-cpha" created
rolebinding.rbac.authorization.k8s.io "typha-cpha" created
service "calico-typha" created
Examine calico add-on
kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
aws-node-2c5zn 1/1 Running 0 3h
aws-node-ng546 1/1 Running 0 3h
aws-node-wx4nh 1/1 Running 1 3h
calico-node-g779n 1/1 Running 0 1m
calico-node-k2svs 1/1 Running 0 1m
calico-node-wmzbw 1/1 Running 0 1m
calico-typha-75667d89cb-7m4jr 1/1 Running 0 1m
calico-typha-horizontal-autoscaler-78f747b679-qf965 1/1 Running 0 1m
kube-dns-64b69465b4-57l8d 3/3 Running 0 8h
kube-proxy-8mf7f 1/1 Running 0 3h
kube-proxy-9t9n8 1/1 Running 0 3h
kube-proxy-nmnz9 1/1 Running 0 3h
Simple Policy Demo
Configure Namespaces
kubectl create ns policy-demo
Create demo pods
Run the Pods.
kubectl run --namespace=policy-demo nginx --replicas=2 --image=nginx
Create the Service.
kubectl expose --namespace=policy-demo deployment nginx --port=80
Run a Pod and try to access the nginx
Service.
$ kubectl run --namespace=policy-demo access --rm -ti --image busybox /bin/sh
Waiting for pod policy-demo/access-472357175-y0m47 to be running, status is Pending, pod ready: false
If you don't see a command prompt, try pressing enter.
/ # wget -q nginx -O -
enable isolation
kubectl create -f - <<EOF
kind: NetworkPolicy
apiVersion: extensions/v1beta1
metadata:
name: default-deny
namespace: policy-demo
spec:
podSelector:
matchLabels: {}
EOF
test isolation
Run a Pod and try to access the nginx
Service.
$ kubectl run --namespace=policy-demo access --rm -ti --image busybox /bin/sh
Waiting for pod policy-demo/access-472357175-y0m47 to be running, status is Pending, pod ready: false
If you don't see a command prompt, try pressing enter.
/ # wget -q --timeout=5 nginx -O -
wget: download timed out
/ #
Allow Access using a Network Policy
kubectl create -f - <<EOF
kind: NetworkPolicy
apiVersion: extensions/v1beta1
metadata:
name: access-nginx
namespace: policy-demo
spec:
podSelector:
matchLabels:
run: nginx
ingress:
- from:
- podSelector:
matchLabels:
run: access
EOF
with label is able to access nginx
Run a Pod and try to access the nginx
Service.
$ kubectl run --namespace=policy-demo access --rm -ti --image busybox /bin/sh
Waiting for pod policy-demo/access-472357175-y0m47 to be running, status is Pending, pod ready: false
If you don't see a command prompt, try pressing enter.
/ # wget -q --timeout=5 nginx -O -
Run a Pod without label and try to access the nginx
Service.
$ kubectl run --namespace=policy-demo cant-access --rm -ti --image busybox /bin/sh
Waiting for pod policy-demo/cant-access-472357175-y0m47 to be running, status is Pending, pod ready: false
If you don't see a command prompt, try pressing enter.
/ # wget -q --timeout=5 nginx -O -
wget: download timed out
/ #
cleanup
kubectl delete ns policy-demo
# /opt/cni/bin/aws-cni-support.sh - Command missing / explanation for what is being done
show prompt before command being run - see below
[ec2-user@ip-172-31-23-130 ~]$ aws eks list-clusters
[ec2-user@ip-172-31-21-42 configFiles]$ kubectl apply -f busyboxDeployment.yaml - This step was missed
[ec2-user@ip-172-31-21-42 kops-kubenet-demo]$ cd configFiles/
[ec2-user@ip-172-31-21-42 configFiles]$ ls
busyboxDeployment.yaml serviceClusterIp.yaml serviceNodePort.yaml
client.yaml serviceLoadBalancer.yaml simpleHttpServer.yaml
[ec2-user@ip-172-31-21-42 configFiles]$ kubectl apply -f busyboxDeployment.yaml
deployment.apps/net410-kops-busybox created
[ec2-user@ip-172-31-21-42 configFiles]$
[ec2-user@ip-172-31-21-42 configFiles]$
[ec2-user@ip-172-31-21-42 configFiles]$ kubectl get deployment -o wide
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
net410-kops-busybox 2 2 2 2 59s net410-kops-busybox busybox app=net410-kops-busybox
[ec2-user@ip-172-31-21-42 configFiles]$
typo in kops demo - kubeclt should be kubectl
Minor typo in kubectl command
kubeclt --> kubectl
We need to show how eni id was obtained -aws ec2 describe-network-interfaces --network-interface-ids eni-0f96810f42e4f53e8 --region eu-west-1
aws ec2 describe-network-interfaces --network-interface-ids eni-0f96810f42e4f53e8 --region eu-west-1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.