Managed Kubernetes Breakdown

Overview of the managed k8s solutions from GCP, AWS and Azure

19 June 2018

Rael Garcia

Systems Engineer at CAPSiDE

AKS at Microsoft Azure

Azure Kubernetes Service (AKS)
2

EKS at Microsoft Azure

Amazon EKS Features
3

GKE at Google Cloud Platform

Multi-Zone and Regional Clusters
4

Region Availability

Australia East, Canada Central, Canada East, Central US, East US, North Europe, UK South, West US and West 2.

Quotas and region availability for Azure Kubernetes Service (AKS) at docs.microsoft.com

Only available in North Virgnia (us-east-1) and Oregon (us-west-2).

Where is Amazon EKS available? at aws.amazon.com

Montreal, Iowa, Orgeon, Northen Virginia, South Carolina, São Paulo, Finland, Belgium, London, Frankfurt, Netherlands, Mumbai, Singapore, Taiwan, Tokyio and Syndey.

Kubernetes Engine Overview at cloud.google.com
5

Pricing

Control plane is free, only pay for the workers, storage and network services.

Azure Kubernetes Service (AKS) pricing at docs.microsoft.com

The control plane costs $0.20 per hour (~$150 per month and EKS cluster).
Same pay per use for the workers, storage and network services.

Amazon EKS Pricing at aws.amazon.com

Since the 28th November 2017, the control plane is free, only pay for the workers, storage and network services.

Kubernetes Engine Pricing at cloud.google.com
6

Kubernetes version

From 1.7.7 to 1.9.6.

Create an Azure Kubernetes Service (AKS) cluster at docs.microsoft.com

Only 1.10.3.

Which Kubernetes versions does Amazon EKS support? at aws.amazon.com

From 1.8.10 to 1.10.4.

Versioning and Upgrades at cloud.google.com
7

Masters - Zone fault tolerance

No support for availability zones. However, Azure seek to maintain availability of at least 99.5% for the Kubernetes API server.

Azure Kubernetes Service (AKS) at docs.microsoft.com

Amazon EKS runs the Kubernetes management infrastructure across multiple AWS Availability Zones, automatically detects and replaces unhealthy control plane nodes.

What Is Amazon EKS? at docs.aws.amazon.com

Cluster can be deployed as Regional, with masters spread across multiple zones within a Region or Local.

Multi-Zone and Regional Clusters at cloud.google.com
8

Workers - Region fault tolerance

Nodes are deployed in availability sets that protect against zone hardware failures.

Availability set overview at docs.microsoft.com

Worker nodes can be deployed across zones in the same region.

Distributing Instances Across Availability Zones at docs.aws.amazon.com

Worker nodes can be deployed across zones in the same region.

Node Pools at cloud.google.com
9

Workers - Node pools

Only support one node pool per cluster.

Add Node Pool Support #287 github.com][docs.aws.amazon.com

Independents group of servers can be added to the cluster, which different carachteristics and sizes, including spot instances.

Launching Amazon EKS Worker Nodes at docs.aws.amazon.com

Independent node pools of instance groups, each one with their own configuration in sizes, OS and preemptiveness.

Node Pools at cloud.google.com
10

Cluster node autoscaling

Node autoscaling is not supported but is on the roadmap.

Scale an Azure Kubernetes Service (AKS) cluster at docs.microsoft.com

Autoscaling using EC2 Auto Scaling Groups.

Cluster Autoscaler at cloud.google.com

Native with Cluster Autoscaler and Compute Engine Instance Groups.

Cluster Autoscaler at cloud.google.com

Cluster Autoscaler is a tool that automatically adjusts the size of the Kubernetes cluster.

Kubernetes Autoscaler at github.com/kubernetes/autoscaler
11

Container Regitry

Azure Container Registry is a managed Docker registry service based on the open-source Docker Registry 2.0.

Introduction to private Docker container registries in Azure at docs.microsoft.com

Amazon Elastic Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images.

Amazon Elastic Container Registry at aws.amazon.com

Google Container Registry provides secure, private Docker image storage on Google Cloud Platform.

Google Container Registry at cloud.google.com
12

Pod Networking configuration

Basic networking creates a new VNet for your cluster using default values or
Advanced networking allows clusters to use a new or existing VNet with customizable addresses and application pods are connected directly to the VNet.

Network configuration in Azure Kubernetes Service (AKS) at docs.microsoft.com

Native VPC networking via the Amazon VPC CNI plugin for Kubernete, allowing pods to have the same IP address inside the pod as they do on the VPC network.

Pod Networking at docs.aws.amazon.com

With Alias IPs, Kubernetes Engine clusters can allocate IP addresses from a CIDR block known to Google Cloud Platform (GCP), allowing pod IPs to be natively routable within the GCP network and access to hosted services without using a NAT gateway.

Creating VPC-native clusters using Alias IPs at cloud.google.com
13

Role Based Access Control

Kubernetes RBAC system grants granular permissions for specific resources and operations within your clusters.

Kubernetes RBAC with support to use Azure Active Directory for user authentication.

Integrate Azure Active Directory with AKS - Preview at docs.microsoft.com

Kubernetes RBAC with IAM authentication through a collaboration with Heptio.

Heptio Authenticator for AWS at github.com
Managing Users or IAM Roles for your Cluster at docs.aws.amazon.com

Cloud IAM to grant users access to Kubernetes Engine and Kubernetes resources.
Kubernetes RBAC for access control within your clusters.

Kubernetes Engine - Access Control Overview at cloud.google.com
14

Logging and monitroing

With Azure Kubernetes Service, you will get CPU and memory usage metrics for each node. In addition, you can enable container monitoring capabilities and get insights into the performance and health of your entire Kubernetes cluster.

Monitor Azure Kubernetes Service (AKS) container health (Preview) at docs.microsoft.com

Logs and metrics from pods, nodes and masters published to CloudWatch and CloudTrail.

Amazon EKS Features at docs.aws.amazon.com

Logs and metrics from pods, nodes and masters published to GCP Monitoring and Stackdriver.

Kubernetes Engine Logging at cloud.google.com
Kubernetes Engine Monitoring at cloud.google.com
15

Regulatory compliance

Azure Kubernetes Service (AKS) is compliant with SOC and ISO/HIPPA/HITRUST.

Azure Kubernetes Service (AKS) at docs.microsoft.com

No information provided yet.

AWS Services in Scope by Compliance Program at docs.aws.amazon.com

Kubernetes Engine is backed by Google security team of over 750 experts and is both HIPAA and PCI DSS 3.1 compliant.

Standards, Regulations & Certifications at cloud.google.com
16

Extra Slide: Virtual Kubelet

Virtual Kubelet
17

Serverless Kubernetes

Virtual Kubelet with Azure Container Instances

Virtual Kubelet with AKS at docs.microsoft.com

AWS Fargate is already supported in ECS and for Amazon EKS will be available in 2018.

AWS Fargate at docs.aws.amazon.com

Open Source implementation can be found at github.com/virtual-kubelet.

Sailing into Infinity: Seamlessly managed serverless containers using Kubernetes and AWS Fargate at contentful.com

Not implemented, yet.

18

Demo

19

Thank you

Rael Garcia

Systems Engineer at CAPSiDE

self@rael.io

@raelga

https://github.com/raelga/kubernetes-talks

Use the left and right arrow keys or click the left and right edges of the page to navigate between slides.
(Press 'H' or navigate to hide this message.)