AEWS 2, Week 2, Restropection

AWS EKS Workshop Study

unchaptered

Mar 10, 2024

Contents

Introduction Prerequisites Practices Fundamental Challenges

Introduction

AEWS Study Group Week 1, study content and assignments.

The goal is to do all the questions and challenges in the lessions.

Prerequisites

AEWS 2, Week 1, Restropection

Practices

One-click deployment guide in Amazon EKS using Console

Check pods use secondary IPv4 address.
Create pods for testing, nicolkaka/netshoot
Communicate each pods using tcpdump.
Communication test with each pods.
The limitation of pods' amount using 'kube-ops-view'.

Fundamental

From networking to CNI and L-LIPAM.
Maximum number of pods, can be created on a worker node
Use iptables, not ipvs or userspace in kube-proxy
The definition and comparison of k8s service.
What is the ingress of k8s?
What is the externalDNS of k8s?
What is the Istio of k8s?
What is the core-dns of k8s?
What is the gateway-api of k8s?
How can I measure speed between each pods?
What is the kube-ops-view in k8s?
What is the Topology Aware Hint?
What is the CNI-Metrics-help?
What is the Network Policies with VPC CNI.
How to rapidly scale your application with ALB on EKS (without losing traffic)?
How can I use IPv6 with EKS?

Challenges

Scale EKS max pods
- Prefix Delegation + Warm & Min Ip/Prefix Targets
- Custom Networks
Set up security group for each pods.
Set up ingress of nlb for udp traffic of game server.
Set up multiple ingress pattern in single alb.
Expose Amazon EKS pods through cross-acount load balancer.
Expose k8s applications, part 2 : AWS Load Balancer Controller
Expose k8s applications, part 3 : NGINX Ingress Controller
Collect metric "linklocal_allowance_exceeded" of EC@ ENA using prometheus.
Leveraging CNI custom networking alongside security groups for pods in Amazon EKS
Using AWS Load Balancer Controller for blue/green deployment, canary deployment and A/B testing
How to use Application Load Balancer and Amazon Cognito to authenticate users for your Kubernetes web apps
EKS에 NodeLocal DNS Cache 설정으로 클러스터의 DNS 성능 향상
Addressing latency and data transfer costs on EKS using Istio
Deploy a gRPC-based application on an Amazon EKS cluster and access it with an Application Load Balancer
Optimize webSocket applications scaling with API Gateway on Amazon EKS
Use shared VPC subnets in Amazon EKS
Recent changes to the CoreDNS add-on
Automating custom networking to solve IPv4 exhaustion in Amazon EKS
A deeper look at Ingress Sharing and Target Group Binding in AWS Load Balancer Controller
Using Istio Traffic Management on Amazon EKS to Enhance User Experience
Getting Started with Istio on Amazon EKS
Avoiding Errors & Timeouts with Kubernetes Applications and AWS Load Balancers
ALB 경우 인증서 ARN 지정 없이, 자동 발견 가능
- 방안1(ingress tls),
- 방안2(ingress rule host)

Fundamental

From networking to CNI and L-LIPAM.

Maximum number of pods, can be created on a worker node

Use iptables, not ipvs or userspace in kube-proxy

The definition and comparison of k8s service.

What is the ingress of k8s?

What is the externalDNS of k8s?

What is the Istio of k8s?

What is the core-dns of k8s?

What is the gateway-api of k8s?

How can I measure speed between each pods?

What is the kube-ops-view in k8s?

What is the Topology Aware Hint?

What is the CNI-Metrics-help?

What is the Network Policies with VPC CNI.

How to rapidly scale your application with ALB on EKS (without losing traffic)?

How can I use IPv6 with EKS?

Challenges

Scale EKS max pods

Prefix Delegation + Warm & Min Ip/Prefix Targets
Custom Networks

Set up security group for each pods.

Set up ingress of nlb for udp traffic of game server.

Set up multiple ingress pattern in single alb.

Expose Amazon EKS pods through cross-acount load balancer.

Expose k8s applications, part 2 : AWS Load Balancer Controller

Expose k8s applications, part 3 : NGINX Ingress Controller

Collect metric "linklocal_allowance_exceeded" of EC@ ENA using prometheus.

Leveraging CNI custom networking alongside security groups for pods in Amazon EKS

Using AWS Load Balancer Controller for blue/green deployment, canary deployment and A/B testing

How to use Application Load Balancer and Amazon Cognito to authenticate users for your Kubernetes web apps

EKS에 NodeLocal DNS Cache 설정으로 클러스터의 DNS 성능 향상

Addressing latency and data transfer costs on EKS using Istio

Deploy a gRPC-based application on an Amazon EKS cluster and access it with an Application Load Balancer

Optimize webSocket applications scaling with API Gateway on Amazon EKS

Use shared VPC subnets in Amazon EKS

Recent changes to the CoreDNS add-on

Automating custom networking to solve IPv4 exhaustion in Amazon EKS

A deeper look at Ingress Sharing and Target Group Binding in AWS Load Balancer Controller

Using Istio Traffic Management on Amazon EKS to Enhance User Experience

Getting Started with Istio on Amazon EKS

Avoiding Errors & Timeouts with Kubernetes Applications and AWS Load Balancers

ALB 경우 인증서 ARN 지정 없이, 자동 발견 가능

방안1(ingress tls),
방안2(ingress rule host)