Serverless

Running Containers on Amazon EKS Learning Resources

Getting Started with Kubernetes

• Kubernetes 101: Pods, Nodes, Containers, and Clusters: https://medium.com/google-cloud/kubernetes-101-pods-nodes-containers-and-clusters-c1509e409e16
• Kubernetes 110: Your First Deployment : https://medium.com/google-cloud/kubernetes-110-your-first-deployment-bf123c1d3f8
• Kubernetes 120: Networking Basics: https://medium.com/google-cloud/kubernetes-120-networking-basics-3b903f13093a
• 2019 CNCF Survey data: https://www.cncf.io/blog/2020/03/04/2019-cncf-survey-results-are-here-deployments-are-growing-in-size-and-speed-as-cloud-native-adoption-becomes-mainstream/
• Kubernetes production best practices: https://learnk8s.io/production-best-practices
• Kubernetes Operators for beginners: https://medium.com/@stoz_das/kubernetes-operators-for-beginners-8f53ead07097
• What Is The Kubernetes Operator Pattern? https://www.bmc.com/blogs/kubernetes-operator/
• Introducing the AWS Controllers for Kubernetes (ACK) (Not covered in this course but good background if students have questions): https://aws.amazon.com/blogs/containers/aws-controllers-for-kubernetes-ack/

Videos

• What is Kubernetes?: https://opensource.com/resources/what-is-kubernetes
• CNCF Kubernetes Webinars: https://www.cncf.io/webinars?_sft_lf-project=kubernetes&_sft_lf-language=english

Kubernetes Training Courses

• Introduction to Kubernetes: https://www.edx.org/course/introduction-to-kubernetes
• 7 Free Online Courses to Learn Kubernetes in 2020: https://medium.com/javarevisited/7-free-online-courses-to-learn-kubernetes-in-2020-3b8a68ec7abc

Amazon EKS Basics

• EKS Product Page: https://aws.amazon.com/eks/
• Amazon EKS documentation: https://docs.aws.amazon.com/eks/latest/userguide/what-is-eks.html
• The role of Fargate in the container world: https://aws.amazon.com/blogs/containers/the-role-of-aws-fargate-in-the-container-world/
• Running Kubernetes Applications on AWS Fargate: https://d1.awsstatic.com/events/reinvent/2019/NEW_LAUNCH_REPEAT_1_Running_Kubernetes_Applications_on_AWS_Fargate_CON326-R1.pdf
• Serverless Kubernetes Cluster on AWS with EKS on Fargate: https://medium.com/better-programming/serverless-kubernetes-cluster-on-aws-with-eks-on-fargate-a7545cf179be
• Getting started with Amazon EKS: https://docs.aws.amazon.com/eks/latest/userguide/getting-started.html
• Creating and managing clusters  with eksctl: https://eksctl.io/usage/creating-and-managing-clusters/
• eksctl – the EKS CLI: https://aws.amazon.com/blogs/opensource/eksctl-eks-cli/
• How to configure your EKS cluster (Useful for GitOps, CDK and Helm examples): http://www.nickaws.net/kubernetes/2020/03/06/How-to-configure-your-EKS-clusters.html
• Install the SSM agent onto EKS worker nodes using a Kubernetes DaemonSet: https://github.com/jicowan/ssm-agent-daemonset
• EKS Best Practices and Solutions (in one blogger’s opinion): http://ahmedbhamaws.net/2020-05-08-EKS-Best-Practices-And-Solutions/

Videos

• Containers from the Couch: https://containersfromthecouch.com/
• AWS Container Day videos: https://www.youtube.com/results?search_query=AWS+Container+Day
• AWS Containers on Twitch: https://www.twitch.tv/awscontainers
• AWS Fargate under the hood (CON423-R1): https://www.youtube.com/watch?time_continue=7&v=Hr-zOaBGyEA&feature=emb_logo
• Lessons learnt while operating multi-tenant kubernetes cluster in production: https://www.youtube.com/watch?v=wosJ-RBLnRE

DIgital Training

• Amazon Elastic Kubernetes Service (EKS) Primer: https://www.aws.training/Details/eLearning?id=32894
• Amazon EKS Workshop: https://eksworkshop.com/

Amazon Elastic Container Registry (ECS) with EKS and GitOps

• Amazon ECR documentation: https://docs.aws.amazon.com/AmazonECR/latest/userguide/what-is-ecr.html
• VPC endpoints and private connections to ECR https://docs.aws.amazon.com/AmazonECR/latest/userguide/vpc-endpoints.html#ecr-setting-up-s3-gateway
• Using Helm with Amazon EKS: https://docs.aws.amazon.com/eks/latest/userguide/helm.html
• Helm Documentation: https://helm.sh/docs/
• eksctl and Flagger : https://www.weave.works/blog/oss-product-flagger-eksctl
• Flux documentation: https://docs.fluxcd.io/en/latest/get-started/
• The three paths of Kubernetes in the Cloud: https://medium.com/@jason.umiker/the-three-paths-of-kubernetes-in-the-cloud-a6e88a321e2e
• An example approach for Kubernetes and AWS GitOps (Relates to blog post above): https://github.com/jasonumiker/k8s-plus-aws-gitops
• Continuous Integration using Jenkins and HashiCorp Terraform on Amazon EKS (A popular alternative to the method we demonstrate in this course): https://aws.amazon.com/blogs/opensource/continuous-integration-using-jenkins-and-hashicorp-terraform-on-amazon-eks/
• Continuous Delivery using Spinnaker on Amazon EKS: https://aws.amazon.com/blogs/opensource/continuous-delivery-spinnaker-amazon-eks/
• Amazon Elastic Container Registry Public: A New Public Container Registry: https://aws.amazon.com/blogs/aws/amazon-ecr-public-a-new-public-container-registry/ 

Videos

• AWS Container Days – Managing EKS at Scale with GitOps: https://www.weave.works/blog/aws-container-days-managing-eks-at-scale-with-gitops
• Automate EKS Cluster Configuration with GitOps and eksctl: https://www.weave.works/blog/automate-eks-cluster-configuration-with-gitops-and-eksctl
• AWSSummit: Kubernetes GitOps on AWS – Level 400: https://www.youtube.com/watch?v=3IbJK90rb_M

Digital training course

EKS GitOps quickstart: https://eksctl.io/gitops-quickstart/

Monitoring and Logging for Amazon EKS

• Amazon EKS Control Plane Metrics with Prometheus: https://aws.amazon.com/blogs/opensource/amazon-eks-control-plane-metrics-prometheus/
• Using Prometheus Metrics in Amazon CloudWatch: https://aws.amazon.com/blogs/containers/using-prometheus-metrics-in-amazon-cloudwatch/
• Kubernetes Logging powered by AWS for Fluent Bit: https://aws.amazon.com/blogs/containers/kubernetes-logging-powered-by-aws-for-fluent-bit/
• Centralized Container Logging with Fluent Bit: https://aws.amazon.com/blogs/opensource/centralized-container-logging-fluent-bit/
• Set Up FluentD as a DaemonSet to Send Logs to CloudWatch Logs: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Container-Insights-setup-logs.html
• Monitoring Kubernetes performance metrics: https://www.datadoghq.com/blog/monitoring-kubernetes-performance-metrics/
• Key Metrics for EKS cluster monitoring: https://www.datadoghq.com/blog/eks-cluster-metrics/
• Monitoring Amazon EKS on AWS Fargate using Prometheus and Grafana (A popular alternative to the methods we discuss in this course): https://aws.amazon.com/blogs/containers/monitoring-amazon-eks-on-aws-fargate-using-prometheus-and-grafana/
• How to capture application logs when using Amazon EKS on AWS Fargate: https://aws.amazon.com/blogs/containers/how-to-capture-application-logs-when-using-amazon-eks-on-aws-fargate/

Video

AWS Container Logging Deep Dive: FireLens, Fluentd, and Fluent Bit – AWS Online Tech Talks : https://www.youtube.com/watch?v=HaT9Yc1g170

Digital Training

AWS Observability Workshop: https://observability.workshop.aws/en/

Deploying large Scale Kubernetes environments and EKS pricing on AWS

• AWS Node Termination Handler: https://github.com/aws/aws-node-termination-handler
• Building large clusters in Kubernetes: https://kubernetes.io/docs/setup/best-practices/cluster-large/
• Cluster over-provisioning in Kubernetes: https://medium.com/scout24-engineering/cluster-overprovisiong-in-kubernetes-79433cb3ed0e
• Deploying Kubernetes — Deciding the size of your nodes: https://medium.com/swlh/deploying-kubernetes-deciding-the-size-of-your-nodes-a115e770e09
• Welcome Bottlerocket (written before Bottlerocket went GA): https://www.nickaws.net/kubernetes/2020/03/31/Welcome-Bottlerocket.html
• Building for Cost optimization and Resilience for EKS with Spot Instances: https://aws.amazon.com/blogs/compute/cost-optimization-and-resilience-eks-with-spot-instances/
• Cost optimization for Kubernetes on AWS: https://aws.amazon.com/blogs/containers/cost-optimization-for-kubernetes-on-aws/
• Saving money a pod at a time with EKS, Fargate, and AWS Compute Savings Plans: https://aws.amazon.com/blogs/containers/saving-money-pod-at-time-with-eks-fargate-and-aws-compute-savings-plans/
• Fargate Pricing in Context: https://www.trek10.com/blog/fargate-pricing-vs-ec2
• How to track costs in multi-tenant Amazon EKS clusters using Kubecost  (Not covered in this course, but good background info if your students have questions about multi-tenancy): https://aws.amazon.com/blogs/containers/how-to-track-costs-in-multi-tenant-amazon-eks-clusters-using-kubecost/
• Now proactively manage your ECR API use with CloudWatch Metrics and Service Quotas: : https://aws.amazon.com/about-aws/whats-new/2020/03/now-proactively-manage-your-ecr-api-use-with-cloudwatch-metrics-and-service-quotas/
• Kubernetes production best-practices: https://learnk8s.io/production-best-practices

Networking Kubernetes on AWS EKS

• A Guide to the Kubernetes Networking Model : https://sookocheff.com/post/kubernetes/understanding-kubernetes-networking-model/
• AWS CNI: https://github.com/aws/amazon-vpc-cni-k8s
• Proposal: CNI plugin for Kubernetes networking over AWS VPC: https://github.com/aws/amazon-vpc-cni-k8s/blob/master/docs/cni-proposal.md
• De-mystifying cluster networking for Amazon EKS worker nodes: https://aws.amazon.com/blogs/containers/de-mystifying-cluster-networking-for-amazon-eks-worker-nodes/
• Kubernetes Namespaces: use cases and insights : https://kubernetes.io/blog/2016/08/kubernetes-namespaces-use-cases-insights/
• Kubernetes services simply explained: https://medium.com/swlh/kubernetes-services-simply-visually-explained-2d84e58d70e5
• EKS VPC routable IP address conservation patterns in a hybrid network: https://aws.amazon.com/blogs/containers/eks-vpc-routable-ip-address-conservation/
• Cross account IAM roles for Kubernetes service accounts: https://aws.amazon.com/blogs/containers/cross-account-iam-roles-for-kubernetes-service-accounts/
• How To Inspect Kubernetes Networking: https://www.digitalocean.com/community/tutorials/how-to-inspect-kubernetes-networking
• CoreDNS and Route53: https://www.nickaws.net/aws/2019/11/26/CoreDNS-and-Route53.html
• How do I troubleshoot DNS failures with Amazon EKS? https://aws.amazon.com/premiumsupport/knowledge-center/eks-dns-failure/
• Learning AWS App Mesh: https://aws.amazon.com/blogs/compute/learning-aws-app-mesh/
• Deciphering the Difference Between a Service Mesh and API Gateway: https://levelup.gitconnected.com/deciphering-the-difference-between-a-service-mesh-and-api-gateway-c57e4abec302
• Integrating AWS X-Ray with AWS App Mesh: https://aws.amazon.com/blogs/compute/integrating-aws-x-ray-with-aws-app-mesh/
• We’ve made quite a mesh: https://speakerdeck.com/thockin/weve-made-quite-a-mesh
• AWS Load Balancer Controller: https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html 

Videos

• Everything you need to know about Kubernetes pod networking on AWS : https://www.projectcalico.org/everything-you-need-to-know-about-kubernetes-pod-networking-on-aws/
• Lessons learnt while operating multi-tenant kubernetes cluster in production – Prateek Nayak (MYOB): https://www.youtube.com/watch?v=wosJ-RBLnRE
• re:Invent video: Deep Dive on Amazon EKS (the networking section of this video is very good)- https://youtu.be/vrYLrx-a_Wg

Authentication and Security for Kubernetes with Amazon EKS

• Cluster authentication: https://docs.aws.amazon.com/eks/latest/userguide/managing-auth.html
• AWS IAM Authenticator for Kubernetes: https://github.com/kubernetes-sigs/aws-iam-authenticator
• Demystifying RBAC in Kubernetes : https://www.cncf.io/blog/2018/08/01/demystifying-rbac-in-kubernetes/
• How do I provide access to other users and roles after cluster creation in Amazon EKS?: https://aws.amazon.com/premiumsupport/knowledge-center/amazon-eks-cluster-access/
• Enabling cross-account access to Amazon EKS cluster resources: https://aws.amazon.com/blogs/containers/enabling-cross-account-access-to-amazon-eks-cluster-resources/
• Amazon EKS IAM Role for Service Accounts CDK/CloudFormation Library: https://github.com/awslabs/amazon-eks-irsa-cfn
• Introducing OIDC identity provider authentication for Amazon EKS: https://aws.amazon.com/blogs/containers/introducing-oidc-identity-provider-authentication-amazon-eks/
  Amazon EKS Best Practices Guide for Security: https://aws.github.io/aws-eks-best-practices/
• Envelope encryption for EKS: https://aws.amazon.com/blogs/containers/using-eks-encryption-provider-support-for-defense-in-depth/
• AWS Secrets Controller PoC: integrating AWS Secrets Manager with Kubernetes: https://aws.amazon.com/blogs/containers/aws-secrets-controller-poc/
• Using Pod Security Policies with Amazon EKS Clusters : https://aws.amazon.com/blogs/opensource/using-pod-security-policies-amazon-eks-clusters/
• Calico and EKS: https://docs.projectcalico.org/getting-started/kubernetes/managed-public-cloud/eks
• Using Gatekeeper as a drop-in Pod Security Policy replacement in Amazon EKS (Not covered in this course. OPA is an alternative to PSPs that your students may ask about): https://aws.amazon.com/blogs/containers/using-gatekeeper-as-a-drop-in-pod-security-policy-replacement-in-amazon-eks/
• Introducing security groups for pods (This feature was released after this course was developed and is another alternative to PSPs): https://aws.amazon.com/blogs/containers/introducing-security-groups-for-pods/
• AWS Security Messaging Guidelines (why we don’t use terms like “blast radius” in this course): https://w.amazon.com/bin/view/AWS_IT_Security/GrowthStrategies/AWS_Security_Messaging#HContextMatters
• Security groups for pods: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html

Videos

Role based access control (RBAC) policies in Kubernetes: https://www.cncf.io/webinars/role-based-access-control-rbac-policies-in-kubernetes/

Twitch presentation on envelope encryption: https://www.twitch.tv/aws/video/700334161

Maintaining an Amazon EKS Kubernetes Deployment

• Updating an Amazon EKS cluster Kubernetes version : https://docs.aws.amazon.com/eks/latest/userguide/update-cluster.html
• EKS platform versions: https://docs.aws.amazon.com/eks/latest/userguide/platform-versions.html
• Kubernetes version and version skew support policy: https://kubernetes.io/docs/setup/release/version-skew-policy/
• Amazon EKS upgrade journey from 1.15 to 1.16 (Customer story using Terraform): https://itnext.io/amazon-eks-upgrade-journey-from-1-15-to-1-16-4f48c7b6e512
• Migrating EKS Node Groups with Zero Downtime (Not covered in this course. Example uses Pulumi): https://www.pulumi.com/blog/day-2-kubernetes-migrating-eks-nodegroups-with-zero-downtime/
• EKS Rolling Update tool: https://github.com/hellofresh/eks-rolling-update
• Amazon EKS add-ons: https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html

## Example User Data to install kubectl and eksctl on ec2 – Check install with kubectl version and eksctl version commands

#!/bin/bash
yum update -y
curl -o kubectl https://amazon-eks.s3-us-west-2.amazonaws.com/1.21.2/2021-07-05/bin/linux/amd64/kubectl
sudo chmod +x ./kubectl
sudo mkdir -p $HOME/bin && cp ./kubectl $HOME/bin/kubectl && export PATH=$PATH:$HOME/bin
echo 'export PATH=$PATH:$HOME/bin' >> ~/.bashrc
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin

Great tutorial on Amazon EKS

https://www.eksworkshop.com

Containers Cheat Sheet – Docker – Kubernetes and EKS command cheat sheet.
https://www.anuragkapur.com/blog/cheat-sheets/containers

Other Links

Subnetting
https://nsrc.org/workshops/2009/summer/presentations/day3/subnetting.pdf
https://cidr.xyz

AWS Pricing Calculator
https://calculator.aws

AWS Architectural Icons for PowerPoint
https://aws.amazon.com/architecture/icons/

Read more →