AEWS 2, Week 2, Restropection

Introduction

AEWS Study Group Week 1, study content and assignments.

The goal is to do all the questions and challenges in the lessions.

Prerequisites

• AEWS 2, Week 1, Restropection

Practices

• One-click deployment guide in Amazon EKS using Console

• Check pods use secondary IPv4 address.

• Create pods for testing, nicolkaka/netshoot

• Communicate each pods using tcpdump.

• Communication test with each pods.

• The limitation of pods' amount using 'kube-ops-view'.

Fundamental

• From networking to CNI and L-LIPAM.

• Maximum number of pods, can be created on a worker node

• Use iptables, not ipvs or userspace in kube-proxy

• The definition and comparison of k8s service.

• What is the ingress of k8s?

• What is the externalDNS of k8s?

• What is the Istio of k8s?

• What is the core-dns of k8s?

• What is the gateway-api of k8s?

• How can I measure speed between each pods?

• What is the kube-ops-view in k8s?

• What is the Topology Aware Hint?

• What is the CNI-Metrics-help?

• What is the Network Policies with VPC CNI.

• How to rapidly scale your application with ALB on EKS (without losing traffic)?

• How can I use IPv6 with EKS?

Challenges

• Scale EKS max pods

  • Prefix Delegation + Warm & Min Ip/Prefix Targets

  • Custom Networks

• Set up security group for each pods.

• Set up ingress of nlb for udp traffic of game server.

• Set up multiple ingress pattern in single alb.

• Expose Amazon EKS pods through cross-acount load balancer.

• Expose k8s applications, part 2 : AWS Load Balancer Controller

• Expose k8s applications, part 3 : NGINX Ingress Controller

• Collect metric "linklocal_allowance_exceeded" of EC@ ENA using prometheus.

• Leveraging CNI custom networking alongside security groups for pods in Amazon EKS

• Using AWS Load Balancer Controller for blue/green deployment, canary deployment and A/B testing

• How to use Application Load Balancer and Amazon Cognito to authenticate users for your Kubernetes web apps

• EKS에 NodeLocal DNS Cache 설정으로 클러스터의 DNS 성능 향상

• Addressing latency and data transfer costs on EKS using Istio

• Deploy a gRPC-based application on an Amazon EKS cluster and access it with an Application Load Balancer

• Optimize webSocket applications scaling with API Gateway on Amazon EKS

• Use shared VPC subnets in Amazon EKS

• Recent changes to the CoreDNS add-on

• Automating custom networking to solve IPv4 exhaustion in Amazon EKS

• A deeper look at Ingress Sharing and Target Group Binding in AWS Load Balancer Controller

• Using Istio Traffic Management on Amazon EKS to Enhance User Experience

• Getting Started with Istio on Amazon EKS

• Avoiding Errors & Timeouts with Kubernetes Applications and AWS Load Balancers

• ALB 경우 인증서 ARN 지정 없이, 자동 발견 가능

  • 방안1(ingress tls),

  • 방안2(ingress rule host)