Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AWSのマネージドサービスを活かした Kubernetes 運用とAmazon EKS ...

Avatar for foostan foostan
June 13, 2019
Technology
3
2.1k

AWSのマネージドサービスを活かした Kubernetes 運用とAmazon EKS によるクラスタのシングルテナント戦略について

Avatar for foostan

foostan

June 13, 2019
Tweet

More Decks by foostan

See All by foostan
Crafting the Endgame Keyboard
Avatar for foostan foostan
1
680
Merpay SRE Teamが目指すもの
Avatar for foostan foostan
0
68
キーボードは好きですか? / Do you like keyboards?
Avatar for foostan foostan
21
19k
kube-aws から EKS に移行した話
Avatar for foostan foostan
5
1.5k
freeeのクラウドサービス活用術とパフォーマンス改善活動のご紹介
Avatar for foostan foostan
0
11k
Digdag で CI ジョブを定義する
Avatar for foostan foostan
1
1.4k
グリーで行われている勉強会とその特徴 ✕ 勉強会を主催してみた話
Avatar for foostan foostan
0
220
Consulにコントリビュートした話
Avatar for foostan foostan
4
1.3k

Other Decks in Technology

See All in Technology
Postman AI エージェントビルダー最新情報
Avatar for 草薙昭彦 nagix
0
110
AIオンボーディングとAIプロセスマイニング
Avatar for Ryuya Nakamura nrryuya
4
920
LLMベースAIの基本 / basics of LLM based AI
Avatar for Naoki Kishida kishida
10
2.7k
The Ultimate Showdown of Database Migration Tools
Avatar for Paul asm0dey
0
130
Swiftは最高だよの話
Avatar for 野瀬田 裕樹 yuukiw00w
0
200
HA K8s Clusterのスタンダードが覆る!? Cilium 1.18の🔥激アツ🔥新機能
Avatar for logica / Takuto Nagami logica0419
0
120
開発も運用もビジネス部門も! クラウドで実現する「つらくない」統制とセキュリティ / Effortless Governance and Security Enabled by the Cloud
Avatar for Hokuto Hoshi kanny
3
1.2k
主要ライブラリの実例に学ぶ、TypeScriptで実現する型安全な座標定義
Avatar for Haraguchi Kosuke tiroljpn
1
220
初めてのGoogle Cloud by AWS出身者
Avatar for Haruka Sakihara harukasakihara
1
710
AWS LambdaでSocket通信サーバーレスアプリケーションのリアルタイム通信 / 20250523 Kumiko Hennmi
Avatar for SHIFT EVOLVE shift_evolve
1
280
CloudTrailも、GuardDutyも、VPC Flow logsも… ログ多すぎ問題の整理術
Avatar for Hiroki Uchida nikuyoshi
4
530
[JAWS-UG 栃木 #2]AWS FISはドSなのか?システムに試練を与えて強くする!
Avatar for sh_fk2 sh_fk2
1
250

Featured

See All Featured
Large-scale JavaScript Application Architecture
Avatar for Addy Osmani addyosmani
512
110k
Fight the Zombie Pattern Library - RWD Summit 2016
Avatar for Marcelo Somers marcelosomers
233
17k
Designing for Performance
Avatar for Lara Hogan lara
608
69k
What's in a price? How to price your products and services
Avatar for Michael Herold michaelherold
245
12k
Building a Modern Day 
E-commerce SEO Strategy
Avatar for Aleyda Solis aleyda
40
7.3k
ReactJS: Keep Simple. Everything can be a component!
Avatar for Pedro Nauck pedronauck
667
120k
Dealing with People You Can't Stand - Big Design 2015
Avatar for Cassini Nazir cassininazir
367
26k
Building Adaptive Systems
Avatar for Chris Keathley keathley
41
2.6k
[RailsConf 2023] Rails as a piece of cake
Avatar for Vladimir Dementyev palkan
55
5.5k
The Art of Programming - Codeland 2020
Avatar for Erika Heidi erikaheidi
54
13k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
Avatar for Tammy Everts tammyeverts
52
2.8k
Measuring & Analyzing Core Web Vitals
Avatar for Philip Tellis bluesmoon
7
450

Transcript

  1. GSFFFגࣜձࣾ 1 "84ͷϚωʔδυαʔϏεΛ׆͔ͨ͠,VCFSOFUFTӡ༻ͱ "NB[PO&,4ʹΑΔΫϥελͷγϯάϧςφϯτઓུʹ͍ͭͯ AWS Summit Tokyo 2019

  2. 2 w ೥݄dGSFFFʹೖࣾ w ೥݄d43& w ೥͙Β͍ϑϩϯτΤϯυͱαʔόαΠυͷ։ൃ w 43&ʹҠ͔ͬͯΒ&,4Ҡߦ΍ϚϧνΫϥελσϓϩΠπʔ ϧͷ։ൃͳͲ

    w झຯ w ࣗಈԽ w ࣗ࡞ΩʔϘʔυ Kosuke Adachi @foostan GSFFFגࣜձࣾ 43&

  3. ࣭໰ 3

  4. ,Tຊ൪Ͱ࢖͍ͬͯΔΑ 4

  5. &,4ຊ൪Ͱ࢖͍ͬͯΔΑ 5

  6. 6 ΠϯϑϥϦιʔεͷίʔυԽͱ ,VCFSOFUFTͷγϯάϧςφϯτԽͰαʔ Ϗεͷӡ༻ίετΛ෼ࢄͤ͞Δ ຊ೔͓࿩͢Δ͜ͱ

  7. ຊ೔͓࿩͢Δ͜ͱ 7 αʔϏεن໛͕֦େɺαʔϏε਺͕૿Ճɺ։ൃऀ͕૿Ճ w ڧ͍ݖݶΛ͍࣋ͬͯΔͷͰԿͰ΋԰ʹͳΓ͕ͪ w 43&ʹ໰͍߹Θ͕ͤूத w ໨ઌͷλεΫʹ௥ΘΕΔ೔ʑ w

    43&ͷਓ਺͸ͳ͔ͳ͔૿͑ͳ͍ 43&͕ϘτϧωοΫʹ ։ൃऀνʔϜʹαʔϏεͷ ӡ༻Λ͓·͔ͤ͢Δ αʔϏεͷӡ༻ίετΛ෼ࢄͤ͞Δʁ

  8. 8 w Πϯϑϥߏங w ,VCFSOFUFTΫϥελߏங w ΞϓϦέʔγϣϯσϓϩΠ w αʔϏε؂ࢹ w

    ΞϥʔτରԠ ͳͲɺجຊతʹαʔϏεӡ༻ʹඞཁͳ͜ͱ͢΂ͯ ։ൃνʔϜ͚ͩͰαʔϏεӡ༻ͷຆͲΛ·͔ ͳ͑ΔΑ͏ͳج൫ͮ͘ΓΛ43&͕ߦ͏ ຊ೔͓࿩͢Δ͜ͱ ͓·͔ͤ͢Δ಺༰

  9. 9 0WFSWJFX ɹɹγϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ ɹɹΠϯϑϥϦιʔεͷίʔυԽ ɹɹGSFFFʹ͍ͭͯ ɹɹ&,4ΛϚωʔδυαʔϏεͱ૊Έ߹ΘͤͯΫϥελͷӡ༻ίετΛ཈͑Δ ɹɹϚϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

  10. 10 01 GSFFFʹ͍ͭͯ Section

  11. 11 εϞʔϧϏδωεΛɺ ੈքͷओ໾ʹɻ .*44*0/ ੜ࢈೥ྸਓޱ͕ܶతʹݮগ͠ɺຫੑతͳਓखෆ଍ͱͳΔ೔ຊ Ͱ࿑ಇੜ࢈ੑ޲্͸ۓٸͷ՝୊ͱͳ͍ͬͯ·͢ freee͸ʮਓ޻஌ೳʯͱʮ౷߹جװۀ຿γεςϜʯΛΫϥ΢υ ٕज़Λ׆༻͠ɺۀ຿ޮ཰ԽͷαϙʔτΛଓ͚Δ͜ͱͰɺதݎத খاۀͷόοΫΦϑΟεۀ຿ޮ཰ԽΛ໨ࢦ͍ͯ͠·͢ GSFFFʹ͍ͭͯ

  12. 12 PRODUCTS ͦͷଞΠϯλʔφϧͳ ϚΠΫϩαʔϏεଟ਺ GSFFFʹ͍ͭͯ

  13. 13 w ਓҎ্ɺνʔϜdਓఔ౓ w νʔϜͰෳ਺ͷαʔϏεΛ݉೚͢Δ͜ͱ͕ଟ͍ w αʔϏεͷن໛ʹΑͬͯ͸ෳ਺ͷνʔϜͰ։ൃ͢Δ͜ͱ΋͋Δ Dev A Dev

    B Dev C αʔϏεA αʔϏ εB Dev D Dev E αʔϏεC αʔϏ εD Dev F αʔϏεE Dev G Dev H αʔϏ εG αʔϏ εH αʔϏ εF SRE GSFFFͷ։ൃνʔϜ GSFFFʹ͍ͭͯ

  14. 14 Dev A Dev B Dev C αʔϏεA αʔϏ εB

    Dev D Dev E αʔϏεC αʔϏ εD Dev F αʔϏεE Dev G Dev H αʔϏ εG αʔϏ εH αʔϏ εF SRE w ਓ w ͢΂ͯͷϓϩμΫταʔϏεͷΠϯϑϥΛࢧ͑ΔԣஅతͳνʔϜ w αʔϏεͷՁ஋ΛϢʔβʔʹಧ͚ΔͨΊʹɺ҆ఆͨ͠ΠϯϑϥΛ ఏڙ͠ଓ͚Δͷ͕ϛογϣϯ GSFFFͷ43&νʔϜ GSFFFʹ͍ͭͯ

  15. 15 *10४උɾ੒௕اۀ΁ͷಋೖ͕Ճ଎ 41% ࢿۚௐୡ5PQࣾͷ GSFFFಋೖ཰ ※ ग़యɿentrepedia ϕϯνϟʔϦετ ※ ࢿۚௐୡֹTOP100ࣾɿ௚ۙ1೥Ͱ1ԯԁҎ্ͷࢿۚௐୡΛͨ͠اۀΛର৅ʹௐࠪ

    GSFFFʹ͍ͭͯ

  16. 16 40$อূ
 ্৔اۀ͕ࣗࣾͷࡒ຿ใࠂ͕͖ͪΜͱ͍ͯ͠Δ͜ͱΛอূ͢Δ΋ͷ
 GSFFF ձܭιϑτ Λར༻͢Δ৔߹ɺGSFFF΋؂ࠪͷର৅ʹͳΔ
 40$Λऔಘ͍ͯ͠Ε͹GSFFF͕40$อূ͕ຬͨ͞Ε͍ͯΔͱೝΊΒΕΔ ૬ԠͷηΩϡϦςΟରࡦ͕ඞཁ GSFFFʹ͍ͭͯ डୗۀ຿ʹ܎Δ಺෦౷੍ͷอূใࠂॻ

    40$5ZQFใࠂॻ Λडྖ ྫ͑͹%#ʹ௚઀ΞΫηε͢Δ৔߹
 ೝূɺೝՄɺཤྺ؅ཧ͕ඞཁ &$Πϯελϯε౳͔ΒͷΞΫηε΋ 4FDVSJUZ(SPVQͳͲͰ໌֬ʹݖݶ؅ ཧͰ͖͍ͯΔ͜ͱ͕๬·͍͠

  17. 17 02 ΠϯϑϥϦιʔεͷίʔυԽ Section

  18. 43&ͱ։ൃνʔϜͷ໾ׂ 18 ͱ͋Δ৽نϓϩμΫτΛϦϦʔε͢Δͱͯ͠ Product A SRE ΠϯϑϥϦιʔεͷίʔυԽ w ωοτϫʔΫ੔උ

  19. 43&ͱ։ൃνʔϜͷ໾ׂ 19 ͱ͋Δ৽نϓϩμΫτΛϦϦʔε͢Δͱͯ͠ Product A SRE ΠϯϑϥϦιʔεͷίʔυԽ w ωοτϫʔΫ੔උ w

    -#௥Ճ SG ALB

  20. 43&ͱ։ൃνʔϜͷ໾ׂ 20 ͱ͋Δ৽نϓϩμΫτΛϦϦʔε͢Δͱͯ͠ Product A SRE ΠϯϑϥϦιʔεͷίʔυԽ w ωοτϫʔΫ੔උ w

    -#௥Ճ w "VUP4DBMJOH(SPVQ ௥Ճ SG ALB SG Kubernetes AutoScalingGroup

  21. σϓϩΠδϣϒ 43&ͱ։ൃνʔϜͷ໾ׂ 21 ͱ͋Δ৽نϓϩμΫτΛϦϦʔε͢Δͱͯ͠ Product A SRE ΠϯϑϥϦιʔεͷίʔυԽ w ωοτϫʔΫ੔උ

    w -#௥Ճ w "VUP4DBMJOH(SPVQ ௥Ճ w σϓϩΠ؀ڥ੔උ SG ALB SG Kubernetes AutoScalingGroup

  22. σϓϩΠδϣϒ 43&ͱ։ൃνʔϜͷ໾ׂ 22 ͱ͋Δ৽نϓϩμΫτΛϦϦʔε͢Δͱͯ͠ Product A SRE ΠϯϑϥϦιʔεͷίʔυԽ w ωοτϫʔΫ੔උ

    w -#௥Ճ w "VUP4DBMJOH(SPVQ ௥Ճ w σϓϩΠ؀ڥ੔උ w %#௥Ճ SG ALB SG Kubernetes SG RDS AutoScalingGroup

  23. σϓϩΠδϣϒ 43&ͱ։ൃνʔϜͷ໾ׂ 23 ͱ͋Δ৽نϓϩμΫτΛϦϦʔε͢Δͱͯ͠ Product A SRE ΠϯϑϥϦιʔεͷίʔυԽ w ωοτϫʔΫ੔උ

    w -#௥Ճ w "VUP4DBMJOH(SPVQ ௥Ճ w σϓϩΠ؀ڥ੔උ w %#௥Ճ w 3PVUFొ࿥ SG ALB SG Kubernetes SG RDS AutoScalingGroup

  24. σϓϩΠδϣϒ 43&ͱ։ൃνʔϜͷ໾ׂ 24 ͱ͋Δ৽نϓϩμΫτΛϦϦʔε͢Δͱͯ͠ Product A SRE ΠϯϑϥϦιʔεͷίʔυԽ w ωοτϫʔΫ੔උ

    w -#௥Ճ w "VUP4DBMJOH(SPVQ ௥Ճ w σϓϩΠ؀ڥ੔උ w %#௥Ճ w 3PVUFొ࿥ w ηΩϡϦςΟ֬อ SG ALB SG Kubernetes SG RDS AutoScalingGroup

  25. σϓϩΠδϣϒ 43&ͱ։ൃνʔϜͷ໾ׂ 25 ͱ͋Δ৽نϓϩμΫτΛϦϦʔε͢Δͱͯ͠ Product A SRE ΠϯϑϥϦιʔεͷίʔυԽ w ωοτϫʔΫ੔උ

    w -#௥Ճ w "VUP4DBMJOH(SPVQ ௥Ճ w σϓϩΠ؀ڥ੔උ w %#௥Ճ w 3PVUFొ࿥ w ηΩϡϦςΟ֬อ w *".ϩʔϧ௥Ճ SG ALB SG Kubernetes SG RDS AutoScalingGroup

  26. σϓϩΠδϣϒ 43&ͱ։ൃνʔϜͷ໾ׂ 26 ͱ͋Δ৽نϓϩμΫτΛϦϦʔε͢Δͱͯ͠ Product A SRE ΠϯϑϥϦιʔεͷίʔυԽ w ωοτϫʔΫ੔උ

    w -#௥Ճ w "VUP4DBMJOH(SPVQ ௥Ճ w σϓϩΠ؀ڥ੔උ w %#௥Ճ w 3PVUFొ࿥ w ηΩϡϦςΟ֬อ w *".ϩʔϧ௥Ճ SG ALB SG Kubernetes SG RDS AutoScalingGroup Developers w ΞϓϦέʔγϣϯ։ൃ

  27. σϓϩΠδϣϒ 43&ͱ։ൃνʔϜͷ໾ׂ 27 ͱ͋Δ৽نϓϩμΫτΛϦϦʔε͢Δͱͯ͠ Product A SRE ΠϯϑϥϦιʔεͷίʔυԽ w ωοτϫʔΫ੔උ

    w -#௥Ճ w "VUP4DBMJOH(SPVQ ௥Ճ w σϓϩΠ؀ڥ੔උ w %#௥Ճ w 3PVUFొ࿥ w ηΩϡϦςΟ֬อ w *".ϩʔϧ௥Ճ SG ALB SG Kubernetes SG RDS AutoScalingGroup Developers w ΞϓϦέʔγϣϯ։ൃ w ΞϓϦέʔγϣϯσϓ ϩΠ

  28. ϓϩμΫτ αʔϏε ͸ϦϦʔεͯ͠ऴΘΓͰ͸ͳ͍ 28 ຊ൪͸͔͜͜Β

  29. σϓϩΠδϣϒ 43&ͱ։ൃνʔϜͷ໾ׂ 29 ӡ༻ϑΣʔζͰ͸໰͍߹Θͤ͸43&ʹू·Γ͕ͪ Product A ΠϯϑϥϦιʔεͷίʔυԽ SG ALB SG

    Kubernetes SG RDS AutoScalingGroup SRE Developers σϓϩΠࣦഊ͠·ͨ͠ ☓

  30. σϓϩΠδϣϒ 43&ͱ։ൃνʔϜͷ໾ׂ 30 ӡ༻ϑΣʔζͰ͸໰͍߹Θͤ͸43&ʹू·Γ͕ͪ Product A ΠϯϑϥϦιʔεͷίʔυԽ SG ALB SG

    Kubernetes SG RDS AutoScalingGroup SRE Developers αʔϏε͕མͪ·ͨ͠ ☓ σϓϩΠࣦഊ͠·ͨ͠

  31. σϓϩΠδϣϒ 43&ͱ։ൃνʔϜͷ໾ׂ 31 ӡ༻ϑΣʔζͰ͸໰͍߹Θͤ͸43&ʹू·Γ͕ͪ Product A ΠϯϑϥϦιʔεͷίʔυԽ SG ALB SG

    Kubernetes SG RDS AutoScalingGroup SRE Developers ΞΫηε਺૿Ճͯ͠ ͞͹͖͖Ε·ͤΜ ☓ σϓϩΠࣦഊ͠·ͨ͠ αʔϏε͕མͪ·ͨ͠

  32. σϓϩΠδϣϒ 43&ͱ։ൃνʔϜͷ໾ׂ 32 ӡ༻ϑΣʔζͰ͸໰͍߹Θͤ͸43&ʹू·Γ͕ͪ Product A ΠϯϑϥϦιʔεͷίʔυԽ SG ALB SG

    Kubernetes SG RDS AutoScalingGroup SRE Developers %#ͷ*014ߴ͍Ͱ͢ɺ
 ଱͑ΒΕ·ͤΜ ☓ σϓϩΠࣦഊ͠·ͨ͠ αʔϏε͕མͪ·ͨ͠ ΞΫηε਺૿Ճͯ͠͞͹͖͖Ε·ͤΜ

  33. σϓϩΠδϣϒ 43&ͱ։ൃνʔϜͷ໾ׂ 33 ӡ༻ϑΣʔζͰ͸໰͍߹Θͤ͸43&ʹू·Γ͕ͪ ΠϯϑϥϦιʔεͷίʔυԽ SRE Developers αʔϏε͕૿͑·ͨ͠ σϓϩΠࣦഊ͠·ͨ͠ αʔϏε͕མͪ·ͨ͠

    ΞΫηε਺૿Ճͯ͠͞͹͖͖Ε·ͤΜ Product A SG ALB SG Kubernetes SG RDS AutoScalingGroup ProductB SG ALB SG Kubernetes SG RDS AutoScalingGroup

  34. σϓϩΠ δϣϒ 43&ͱ։ൃνʔϜͷ໾ׂ 34 ӡ༻ϑΣʔζͰ͸໰͍߹Θͤ͸43&ʹू·Γ͕ͪ Product A ΠϯϑϥϦιʔεͷίʔυԽ SG ALB

    SG SG RDS SRE Developers αʔϏε͕૿͑·ͨ͠ σϓϩΠࣦഊ͠·ͨ͠ αʔϏε͕མͪ·ͨ͠ ΞΫηε਺૿Ճͯ͠͞͹͖͖Ε·ͤΜ αʔϏε͕૿͑·ͨ͠ Product B SG ALB SG SG RDS Product C SG ALB SG SG RDS

  35. σϓϩΠ δϣϒ 43&ͱ։ൃνʔϜͷ໾ׂ 35 ӡ༻ϑΣʔζͰ͸໰͍߹Θͤ͸43&ʹू·Γ͕ͪ A ΠϯϑϥϦιʔεͷίʔυԽ SG ALB SG

    SG RDS SRE Developers αʔϏε͕૿͑·ͨ͠ σϓϩΠࣦഊ͠·ͨ͠ αʔϏε͕མͪ·ͨ͠ ΞΫηε਺૿Ճͯ͠͞͹͖͖Ε·ͤΜ αʔϏε͕૿͑·ͨ͠ αʔϏε͕૿͑·ͨ͠ B SG ALB SG SG RDS C SG ALB SG SG RDS D SG ALB SG SG RDS E SG ALB SG SG RDS

  36. 36 w αʔϏε͕૿͑Δʹैͬͯ43&΁ͷґཔ݅਺΋૿Ճ w ։ൃऀͷํ͕ѹ౗తʹଟ͍ͷͰɺ43&͕ϘτϧωοΫʹ w ԿͰ΋԰ʹͳΓ͕ͪͰɺ໨ઌͷλεΫʹ௥ΘΕΔ೔ʑ 43&͕ϘτϧωοΫʹ ઃఆมߋ ґཔ

    Քಇ཰ͷ ୲อ ো֐ରԠ ؂ࢹ ෛՙରࡦ CI/CD੔උ EOL 43& ߏ੒૬ஊ ΠϯϑϥϦιʔεͷίʔυԽ

  37. ϚΠΫϩαʔϏεԽͷྲྀΕ 37 ։ൃ૊৫ͷ֦େʹ൐͍ɺ͜Ε·Ͱͷ&$ "VUP4DBMJOHͩͱਏ͘ͳ͖ͬͯͨ w ݴޠ΍ϑϨʔϜϫʔΫͷଟ༷Խ w ෳࡶԽ͢ΔσϓϩΠϑϩʔ w ґଘ͢ΔαʔϏεͷ૿Ճ

    w 43&ʹ໰͍߹Θ͕ͤ͞Βʹूத ΠϯϑϥϦιʔεͷίʔυԽ

  38. 38 ͢΂ͯͷΞϓϦέʔγϣ ϯΛίϯςφԽ ຊ൪؀ڥͷίϯςφͷ ϥϯλΠϜͱͯ͠࠾༻ "84ϦιʔεͷίʔυԽ GSFFFΛࢧ͑ΔΠϯϑϥܥπʔϧ ΠϯϑϥϦιʔεͷίʔυԽ

  39. 39 ͢΂ͯͷΞϓϦέʔγϣϯΛίϯςφԽ ଟ༷Խ͢Δݴޠ΍ϑϨʔϜϫʔΫΛٵऩ ΠϯϑϥϦιʔεͷίʔυԽ

  40. σϓϩΠ δϣϒ 40 A ΠϯϑϥϦιʔεͷίʔυԽ SG ALB SG SG RDS

    B SG ALB SG SG RDS C SG ALB SG SG RDS D SG ALB SG SG RDS E SG ALB SG SG RDS ͢΂ͯͷΞϓϦέʔγϣϯΛίϯςφԽ

  41. σϓϩΠδϣϒ 41 A ΠϯϑϥϦιʔεͷίʔυԽ SG ALB SG SG RDS B

    SG ALB SG SG RDS C SG ALB SG SG RDS D SG ALB SG SG RDS E SG ALB SG SG RDS ECR ͢΂ͯͷΞϓϦέʔγϣϯΛίϯςφԽ ίϯςφʹٵऩ͞Εͯߟ͑ํ͕γϯϓϧʹ

  42. 42 ΞϓϦέʔγϣϯͷಈ࡞؀ڥΛϚχϑΣετͱͯ͠ίʔυԽ એݴతʹσϓϩΠɺΦʔτεέʔϦϯάɺηϧϑώʔϦϯάΛ࣮ݱ ຊ൪؀ڥͷίϯςφͷϥϯλΠϜͱͯ͠࠾༻ ΠϯϑϥϦιʔεͷίʔυԽ

  43. σϓϩΠδϣϒ 43 A ΠϯϑϥϦιʔεͷίʔυԽ SG ALB SG SG RDS B

    SG ALB SG SG RDS C SG ALB SG SG RDS D SG ALB SG SG RDS E SG ALB SG SG RDS ECR ίϯςφΛ,VCFSOFUFTͰಈ͔͢ ΞϓϦέʔγϣϯͷߏ੒͕ίʔυԽ͞ΕΔ

  44. 44 A ΠϯϑϥϦιʔεͷίʔυԽ SG ALB SG SG RDS B SG

    ALB SG SG RDS C SG ALB SG SG RDS D SG ALB SG SG RDS E SG ALB SG SG RDS ECR ίϯςφΛ,VCFSOFUFTͰಈ͔͢ namespace namespace namespace namespace namespace pod pod pod pod pod Manifests Manifests ΞϓϦέʔγϣϯͷߏ੒͕ίʔυԽ͞ΕΔ

  45. 45 એݴతʹ"84ͷϦιʔεΛ֬อ "84ϦιʔεͷίʔυԽ ΠϯϑϥϦιʔεͷίʔυԽ

  46. 46 A ΠϯϑϥϦιʔεͷίʔυԽ SG ALB SG SG RDS B SG

    ALB SG SG RDS C SG ALB SG SG RDS D SG ALB SG SG RDS E SG ALB SG SG RDS એݴతʹ"84ϦιʔεΛ֬อ namespace namespace namespace namespace namespace pod pod pod pod pod SRE w ωοτϫʔΫ੔උ w -#௥Ճ w "VUP4DBMJOH(SPVQ ௥Ճ w σϓϩΠ؀ڥ੔උ w %#௥Ճ w 3PVUFొ࿥ w ηΩϡϦςΟ֬อ w *".ϩʔϧ௥Ճ

  47. 47 A ΠϯϑϥϦιʔεͷίʔυԽ SG ALB SG SG RDS B SG

    ALB SG SG RDS C SG ALB SG SG RDS D SG ALB SG SG RDS E SG ALB SG SG RDS એݴతʹ"84ϦιʔεΛ֬อ namespace namespace namespace namespace namespace pod pod pod pod pod Manifests TF Files "84Ϧιʔε͕ίʔυԽ͞ΕΔ

  48. ΠϯϑϥϦιʔε͕ίʔυԽ͞ΕΔͱ։ൃνʔϜͱ 43&ͱͷίϛϡχέʔγϣϯํ๏͕มΘΔ 48 ΠϯϑϥϦιʔεͷίʔυԽ

  49. 49 ΠϯϑϥϦιʔεͷίʔυԽ SRE Developers αʔϏε͕૿͑·ͨ͠ ΠϯϑϥϦιʔε͕ίʔυԽ͞Ε͍ͯͳ͍ੈք Πϯϑϥͷߏஙʹ͸ڧ͍ݖݶ͕ඞཁ ݱঢ়ͷΠϯϑϥߏ੒Λཧղ͍ͯ͠ͳ͍ ΠϯϑϥΛ৮Δͷ͸ͳΜͱͳ͘ා͍ 43&ʹ͓ئ͍͢Δ͔͠ͳ͍

    ͜ͷݴ༿ʹ͸ҎԼͷ಺༰ؚ͕·Ε͍ͯΔͷͰ͸ͳ͍͔

  50. 50 ΠϯϑϥϦιʔεͷίʔυԽ SRE Developers ίʔυॻ͖·ͨ͠ʂ
 ϨϏϡʔ͓ئ͍͠·͢ʂ ΠϯϑϥϦιʔε͕ίʔυԽ͞Εͨੈք Πϯϑϥߏஙͷݖݶ͕༩͑ΒΕ͍ͯΔ ݱঢ়ͷΠϯϑϥߏ੒͸طଘͷίʔυ͔ΒಡΈऔΕΔ ΠϯϑϥΛ৮Δͷ͸·ͩා͍͚Ͳ43&ʹϨϏϡʔͯ͠΋Β͑Δ

    ։ൃνʔϜ͕ΠϯϑϥͷίʔυΛॻ͍ͯ43&͕ϨϏϡʔ͢Δ Manifests TF File

  51. ΠϯϑϥϦιʔε͕ίʔυԽ͞ΕΔͱ։ൃνʔϜͱ 43&ͱͷίϛϡχέʔγϣϯํ๏͕มΘΔ 51 ΠϯϑϥϦιʔεͷίʔυԽ ։ൃऀνʔϜʹαʔϏεͷӡ༻Λ͓·͔ͤͰ͖Δ ͔΋͠Εͳ͍

  52. 52 03 γϯάϧςφϯτͰݖݶΛ෼཭͠ ͯΫϥελͷӡ༻Λ͓·͔ͤ͢Δ Section

  53. Ϛϧνςφϯτ͔γϯάϧςφϯτ͔ 53 K8s cluster Product A Service A-1 Service A-2

    Service A-3 Product B Service B-1 ServiceB-2 Service B-3 Product C Service C-1 Service C-2 Service C-3 K8s cluster Product A Service A-1 Service A-2 Service A-3 K8s cluster Product B Service B-1 Service B-2 Service B-3 K8s cluster Product C Service C-1 Service C-2 Service C-3 ϓϩμΫτ ෼཭͍ͨ͠ݖ ݶ ୯ҐͰ෼ׂͨ͠γϯά ϧςφϯτ γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ ͢΂ͯͷϓϩμΫτ͕ಈ͍͍ͯΔ Ϛϧνςφϯτ

  54. γϯάϧςφϯτͷϝϦοτ w #MBTUSBEJVT ো֐ͷӨڹൣғ ͕ খ͍͞ w ηΩϡϦςΟͷڥքઢͷ໌֬Խ w Ϋϥελશମʹؔ܎͢ΔΞοϓσʔ

    τ࡞ۀ͕͠΍͍͢ γϯάϧςφϯτͷσϝϦοτ w ར༻ྉ͕ۚ૿͑Δ w ӡ༻ίετ͕૿͑Δ 54 ݖݶҠৡʹΑΓӡ༻ίετͷ ෼ࢄ͸Մೳ γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ Ϛϧνςφϯτ͔γϯάϧςφϯτ͔

  55. #MBTUSBEJVT ো֐ͷӨڹൣғ ͕খ͍͞ 55 ϦεΫΛ෼ࢄ͠ɺ৺ཧత҆શੑΛߴΊΔ γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ

  56. K8s cluster Product A Service A-1 Service A-2 Service A-3

    Product B Service B-1 ServiceB-2 Service B-3 Product C Service C-1 Service C-2 Service C-3 K8sͷόά Φϖϛε શαʔϏεμ΢ϯͷةݥ w #MBTUSBEJVT ো֐ͷӨڹൣғ ͕େ͖͍ w ӡ༻ͷ೉қ౓͕ߴ͍ w νϟϨϯδͮ͠Β͍ۭؾ ϚϧνςφϯτͷϦεΫ 56 γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ

  57. γϯάϧςφϯτʹΑΔϦεΫͷܰݮ 57 K8s cluster Product A Service A-1 Service A-2

    Service A-3 K8s cluster Product B Service B-1 Service B-2 Service B-3 K8s cluster Product C Service C-1 Service C-2 Service C-3 K8sͷόά Φϖϛε Ұ෦ͷΈαʔϏεμ΢ϯ w #MBTUSBEJVT ো֐ͷӨڹൣғ ͕খ͍͞ w ӡ༻ͷ೉қ౓͸Լ͕Δ w νϟϨϯδ͠΍͍ۭ͢ؾ w ৺ཧత҆શੑ͕ߴ͍ γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ

  58. ηΩϡϦςΟͷڥքઢͷ໌֬Խ 58 ϓϩμΫτؒͷෆਖ਼ͳΞΫηεΛͲ͏๷͙͔ γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ

  59. 59 40$อূ
 ্৔اۀ͕ࣗࣾͷࡒ຿ใࠂ͕͖ͪΜͱ͍ͯ͠Δ͜ͱΛอূ͢Δ΋ͷ
 GSFFF ձܭιϑτ Λར༻͢Δ৔߹ɺGSFFF΋؂ࠪͷର৅ʹͳΔ
 40$Λऔಘ͍ͯ͠Ε͹GSFFF͕40$อূ͕ຬͨ͞Ε͍ͯΔͱೝΊΒΕΔ ૬ԠͷηΩϡϦςΟରࡦ͕ඞཁ ྫ͑͹%#ʹ௚઀ΞΫηε͢Δ৔߹
 ೝূɺೝՄɺཤྺ؅ཧ͕ඞཁ

    &$Πϯελϯε౳͔ΒͷΞΫηε΋ 4FDVSJUZ(SPVQͳͲͰ໌֬ʹݖݶ؅ ཧͰ͖͍ͯΔ͜ͱ͕๬·͍͠ <࠶ܝ>GSFFFʹ͍ͭͯ डୗۀ຿ʹ܎Δ಺෦౷੍ͷอূใࠂॻ 40$5ZQFใࠂॻ Λडྖ

  60. Product B ϚϧνςφϯτͰڥքઢͷ໌֬Խ͸೉͍͠ 60 Product A SG Kubernetes node Kubernetes

    node Service A-1 Service B-2 Service B-3 Kubernetes node Kubernetes node Service B-1 Service A-2 Service A-3 SG SG 4FDVSJUZ(SPVQʹΑΔ෼ׂ͸ෆՄ *".ͱ,JBNͰ"84Ϧιʔε΁ͷ੍ޚ͸Մೳ 3#"$Ͱ/BNFTQBDFؒͷΞΫηε੍ޚ͸Մೳ ͨͩ͠ϓϩμΫτؒͰ7.͸ڞ௨ ˣ ϓϩμΫτ୯ҐͰ/PEF(SPVQΛ෼ׂ͢Ε͹ର ԠՄೳ͕ͩɺͦͷͨΊͷ࢓૊Έͮ͘Γ͕ඞཁ γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ

  61. Product B SG Product A SG Kubernetes node Kubernetes node

    Service A-1 Service B-2 Service B-3 Kubernetes node Kubernetes node Service B-1 Service A-2 Service A-3 SG SG ςφϯτ͸෼཭͍ͨ͠ݖݶ୯Ґʹͳ͍ͬͯΔ 4FDVSJUZ(SPVQ͕ར༻Մೳ 3#"$Λซ༻ 7.ϨϕϧͰ෼ׂ͞Ε͍ͯΔ ˣ ࠓ·Ͱӡ༻͖ͯͨ͠ ރΕͨ ߏ੒ͱ ҰॹͳͷͰѻ͍͕؆୯ γϯάϧςφϯτͳΒڥքͷ໌֬Խ͸༰қ 61 γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ

  62. Ϋϥελશମʹؔ܎͢ΔΞοϓσʔτ࡞ۀ͕͠΍͍͢ 62 w ,VCFSOFUFTΫϥελ͸සൟʹΞοϓάϨʔυ͕ඞཁ w ڞ௨෦෼Ͱར༻͍ͯ͠ΔπʔϧͷΞοϓσʔτ΋ඞཁ γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ

  63. 63 γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ K8s cluster Product A Service A-1 Service A-2

    Service A-3 Product B Service B-1 ServiceB-2 Service B-3 Product C Service C-1 Service C-2 Service C-3 Developers A Developers B Developers C ӡ ༻ ӡ ༻ ӡ ༻ Ϛϧνςφϯτ͸Ϋϥελશମʹؔ܎͢Δ Ξοϓσʔτ࡞ۀ͕ͮ͠Β͍ ڞ௨෦෼ Product A SRE ΫϥελͷΞοϓ άϨʔυͳͲ w αʔϏεΛ͢΂ͯఀࢭͤ͞Δඞཁ͕͋Δ w ΞοϓάϨʔυʹࣦഊ͢ΔՄೳੑ͕͋Δ w ࣦഊͨ͠ͱ͖ͷϩʔϧόοΫͷίετ͕ߴ͍

  64. 64 γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ Developers A Developers B Developers C ӡ ༻

    ӡ ༻ ӡ ༻ γϯάϧςφϯτ͸Ϋϥελશମʹؔ܎͢Δ Ξοϓσʔτ࡞ۀ͕͠΍͍͢ SRE ΫϥελͷΞοϓ άϨʔυͳͲ w αʔϏεͷఀࢭ͸࠷খݶ w ΞοϓάϨʔυʹࣦഊͯ͠΋࠷খݶ w ࣦഊͨ͠ͱ͖ͷϩʔϧόοΫͷίετ΋࠷খݶ K8s cluster Product A Service A-1 Service A-2 Service A-3 K8s cluster Product B Service B-1 Service B-2 Service B-3 K8s cluster Product C Service C-1 Service C-2 Service C-3

  65. γϯάϧςφϯτͷϝϦοτ w #MBTUSBEJVT ো֐ͷӨڹൣғ ͕খ͍͞ w ηΩϡϦςΟͷڥքઢͷ໌֬Խ w Ϋϥελશମʹؔ܎͢ΔΞοϓσʔτ ࡞ۀ͕͠΍͍͢

    65 γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ Ϋϥελͷӡ༻Λ͓·͔ͤ͢ΔͳΒγϯάϧςφϯτ͕Ϛον͢Δ

  66. 66 ։ൃνʔϜ͕ΫϥελΛ ӡ༻͢Δͷ͸؆୯Ͱ͸ͳ͍ ֤ΫϥελαʔϏεΛԣஅతʹ ໘౗ΛݟΔνʔϜΛઃஔ w 43& w ֤छΞοϓσʔτิॿɺΠϯγσϯτରԠิॿɺΫϥελ࡞੒ิॿɺπʔϧͷ ݕূ࡞੒ɺ044΁ͷίϛοτ

    w αʔϏεج൫ w ڞ௨Ͱ࢖͏ϥΠϒϥϦΛ੔උ w ϚΠΫϩαʔϏεҕһձ 43&ͱαʔϏεج൫ΛؚΉ֤αʔϏε୲౰ऀͰߏ੒  w ڞ௨ͷํ਑΍࢓༷ͷܾఆɺ৘ใڞ༗ɺԣల։ γϯάϧςφϯτͰݖݶΛ෼཭ͯ͠Ϋϥελͷӡ༻Λ͓·͔ͤ͢Δ

  67. 67 04 &,4ΛϚωʔδυαʔϏεͱ૊Έ ߹ΘͤͯΫϥελͷӡ༻ίετΛ ཈͑Δ Section

  68. 68 Product A SG SG SG Kubernetes node applications Product

    B SG SG SG Kubernetes node applications ,VCFSOFUFTʹͲ͜·Ͱ೚ͤΔʁ w "QQMJDBUJPO w %BUBCBTF w -PBE#BMBODFS w 4FDVSJUZ w "VUI &,4ΛϚωʔδυαʔϏεͱ૊Έ߹ΘͤͯΫϥελͷӡ༻ίετΛ཈͑Δ ALB RDS ALB RDS

  69. ,VCFSOFUFTͰͳΜͰ΋΍Ζ͏ͱ͠ͳ͍ 69 ϚωʔδυαʔϏε͸ੵۃతʹར༻͠ɺ γεςϜʹ,VCFSOFUFT &,4 Λ૊ΈࠐΉ ރΕͨӡ༻ϊ΢ϋ΢͸࠷େݶʹ׆͔͢ &,4ΛϚωʔδυαʔϏεͱ૊Έ߹ΘͤͯΫϥελͷӡ༻ίετΛ཈͑Δ

  70. 70 Product A SG SG SG Kubernetes node applications Product

    B SG SG SG Kubernetes node applications Product A SG Product B SG SG SG Kubernete s node SG SG Kubernete s node &,4ΛϚωʔδυαʔϏεͱ૊Έ߹ΘͤͯΫϥελͷӡ༻ίετΛ཈͑Δ ,VCFSOFUFT͸ΞϓϦέʔγϣϯΛಈ͔͢͜ͱ͚ͩ ʹར༻͢Δ ALB RDS ALB RDS ALB RDS ALB RDS

  71. &,4ΛϚωʔδυαʔϏεͱ૊Έ߹ΘͤͯΫϥελͷӡ༻ίετΛ཈͑Δ .BOBHFE,VCFSOFUFT4FSWJDF .BOBHFE$POUSPM1MBOF  8PSLFS/PEFT͸&$Ͱಈ͕͘ࠓޙ'BSHBUFʹରԠ༧ఆ .BOHFE8PSLFS/PEFT΋ϩʔυϚοϓʹ͸ࡌ͍ͬͯΔͷͰ͍ͣΕରԠ͞ΕΔ͸ͣ "QQ.FTI΍$MPVE.BQʹ࿈ܞ

  72. 72 Product A SG Product B SG SG SG Kubernete

    s node SG SG Kubernete s node ϚωʔδυαʔϏεͱ,VCFSOFUFTͷಘҙ෼໺͕ ׆͖Δ એݴతσϓϩΠ ࣗಈ഑ஔ ηϧϑώʔϦϯά ΦʔτεέʔϦϯά Databases MySQL/Redis/ ElasticSearch Load Balancer Application/Classic Load Balancer Security GuardDuty/IAM/ WAF &,4ΛϚωʔδυαʔϏεͱ૊Έ߹ΘͤͯΫϥελͷӡ༻ίετΛ཈͑Δ ALB RDS ALB RDS

  73. 73 Product A SG Product B SG SG SG Kubernete

    s node SG SG Kubernete s node ෦඼ͷަ׵Λ΍Γ΍͍͢ঢ়ଶʹอͭ ΑΓྑ͍΋ͷ͕ग़͖ͯͨͱ͖ʹͦΕΛऔΓࠐΈ΍͢ ͍ঢ়ଶʹ͓ͯ͘͠ "84"QQ.FTI *TUJP &,4PO'BSHBUF &$4PO'BSHBUF ,OBUJWF /FYUHFOFSBUJPO-# /FYUHFOFSBUJPO%# &,4ΛϚωʔδυαʔϏεͱ૊Έ߹ΘͤͯΫϥελͷӡ༻ίετΛ཈͑Δ ALB RDS ALB RDS

  74. 74 05 Ϛϧνςφϯτ͔Βγϯάϧςφ ϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ Section

  75. GSFFFͰ,VCFSOFUFT͕ຊ൪ಋೖ͞Εͨͷ͸໿೥લ 75 w ৽͍͠ϚΠΫϩαʔϏε͕ग़͖ͯͨ͜ͱ͕͖͔͚ͬ w 5FSSBGPSNʹΑΔ"84ϦιʔεͷίʔυԽ͸Ұ෦ͰಋೖࡁΈ w ,VCFBXTΛ࠾༻ w Ϛϧνςφϯτ

    Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

  76. &,45PLZP3FHJPO 76 w LVCFBXTͷΫϥελͷূ໌ॻ͕݄೔ʹ੾ΕΔ w ূ໌ॻͷೖΕସ͑͸ͪΐͬͱ໘౗ͰαʔϏεϝϯς͕ඞཁ w ΋͏&,4ʹҠߦͯ͠͠·͓͏ʂ Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

  77. &,4ҠߦϓϩδΣΫτ 77 w ݄Լ०ࠒ͔Βελʔτ w ݄೔·ͰʹશϓϩμΫτΛҠߦ͢Δ w γϯάϧςφϯτʹมߋ͢Δ w ඞཁͳ"84Ϧιʔε͸։ൃνʔϜओಋͰ༻ҙͯ͠΋Β͏

    w ,VCFSOFUFTΫϥελ΋։ൃνʔϜओಋͰߏஙͯ͠΋Β͏ 43&͔Β։ൃνʔϜ΁ݖݶҕৡΛՌͨ͠ɺ։ൃνʔϜʹαʔϏ εͷӡ༻Λ͓·͔ͤ͢Δ͜ͱ͕࠷େͷϛογϣϯ Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

  78. ϓϩδΣΫτͷن໛ײ 78 w LVCFBXTͰ΋ͱ΋ͱಈ͍͍ͯͨϓϩμΫτ਺ w &,4ʹҠߦͨ͠ϓϩμΫτ਺ Ҡߦதʹͭ૿͑ͨ  w Ϋϥελ૯਺

    TUBHJOH؀ڥΛؚΉ  w ؔΘͬͨਓ਺໿ਓ Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

  79. &,4ҠߦϓϩδΣΫτͰ׆༂ͨ͠πʔϧ 79 w 5FSSBGPSN w LVCFDUM w FLTDUM w IFMNIFMNGJMF

    w FLTDMTU Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

  80. 80 5FSSBGPSN ඞཁͳAWSϦιʔε͸͢΂ͯTerraformͰ༻ҙ/SREͷϨϏϡʔΛܦͯApply Product A SG SG SG Kubernetes node

    Kubernetes node Service A-1 Service A-2 Service A-3 Developers A PR apply SRE Review/Approve resource "aws_lb" "product-a-internal" { name = "product-a-internal" internal = true load_balancer_type = "application" security_groups = ["${var.lb_security_groups}"] subnets = ${var.subnets} ip_address_type = "ipv4" enable_deletion_protection = true } resource "aws_route53_record" "product-a-internal" { zone_id = "${var.route53_hosted_zone_id}" name = "${var.route53_dns_name}" type = "A" alias { name = "${aws_lb.product-a-internal.dns_name}" zone_id = "${aws_lb.product-a-internal.zone_id}" evaluate_target_health = true } } Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

  81. 81 Product A SG SG SG Kubernetes node Kubernetes node

    Service A-1 Service A-2 Service A-3 Developers A (Admin) IAM Role ops via kubectl assume role LVCFDUM RBAC with aws-auth aws-auth Λར༻ͯ͠ IAM Role ͱඥ෇͚ͯݖݶΛߜͬͯར༻ apiVersion: v1 kind: ConfigMap metadata: name: aws-auth namespace: kube-system data: mapRoles: | - rolearn: {{ .Values.rolearn }} username: system:node:{{`{{EC2PrivateDNSName}}`}} groups: - system:bootstrappers - system:nodes - rolearn: arn:aws:iam::<ID>:role/team-a-admin username: team-a-admin:{{`{{SessionName}}`}} groups: - system:masters - rolearn: arn:aws:iam::<ID>:role/team-a-readonly username: team-a-readonly:{{`{{SessionName}}`}} groups: - system:authenticated Developers A (ReadOnly) read only access Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

  82. 82 FLTDUM Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ Product B SG SG SG Kubernetes node

    Kubernetes node Developers B eksctl create cluster PR Commands SRE Review/Approve apiVersion: eksctl.io/v1alpha5 kind: ClusterConfig metadata: name: cluster-name region: ap-northeast-1 version: "1.13" vpc: id: “*****” cidr: "10.0.0.0/16" subnets: private: ap-northeast-1a: id: “*****” ap-northeast-1c: id: “*****” cluster.yaml ͰΫϥελΛఆٛɺeksctl create cluster Ͱ࡞੒ nodeGroups: - name: nodegroup1 instanceType: r5.large desiredCapacity: 2 availabilityZones: - ap-northeast-1a - ap-northeast-1c privateNetworking: true securityGroups: attachIDs: - ****** iam: withAddonPolicies: imageBuilder: true autoScaler: true attachPolicyARNs: - arn:aws:iam::aws:policy/*****

  83. 83 )FMN)FMNGJMFʹΑΔΞϓϦέʔγϣϯσϓϩΠ GitOps Ͱ KubernetesͷϚχϑΣετΛ҆શʹσϓϩΠ Product B SG SG SG

    Kubernetes node Kubernetes node Service B-1 Service B-2 Service B-3 Team B helmfile sync PR Commands SRE Review/Approve environments: production: values: - production.yaml releases: - name: kube-state-metrics namespace: kube-system chart: stable/kube-state-metrics version: 0.13.0 - name: metricbeat namespace: kube-system chart: stable/metricbeat version: 1.2.1 values: - values.yaml.gotmpl w )FMN )FMN$IBSU  w 5IF,VCFSOFUFT1BDLBHF .BOBHFS w ϚχϑΣετΛύοέʔδԽ w Α͋͘ΔπʔϧͷςϯϓϨ w )FMNGJMF w )FMN$IBSUͷґଘؔ܎ΛϑΝ ΠϧͰϑΝΠϧͰఆٛ w IFMNGJMFTZOD w IFMNGJMFEJGG w IFMNGJMFEFMFUF Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

  84. 84 Templates Manifests FLTDMTUʹΑΔΫϥελͷςϯϓϨԽ Α͋͘Δߏ੒ͷΫϥελςϯϓϨԽ͠ɺΫϥελͷ࡞੒/ෳ੡Λ༰қʹ͢Δ New Product SG Kubernetes node

    Kubernetes node cluster-autoscaler Metricbeat Filebeat New Developers eksctl
 create cluster PR Commands Manifests eksclst init Templates cluster.yaml
 helmfile.yaml aws-auth.yaml ͳͲ helmfile sync w ΫϥελΛྔ࢈͢Δ಺੡πʔϧ w DMVTUFSZBNM w BXTBVUIZBNM w NFUSJDCFBUGJMFCFBU w ͳͲɺҰ͔Βॻ͘ίετΛ࡟ݮ͢Δ ͨΊʹςϯϓϨΛ༻ҙ Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

  85. New Product A Ҡߦ࡞ۀ 85 Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ Product A Product A

    SG SG SG Kubernetes node Kubernetes node Service B-1 Service B-2 Service B-3 SG Kubernetes node Kubernetes node Service B-1 Service B-2 Service B-3 Kube-aws্ͷϓϩμΫτ (࣮ࡍ͸Ϛϧνςφϯτ) EKS্ͷϓϩμΫτ Weighted Routing 80% 20% w ಉ͡ߏ੒ͷΫϥελΛ༻ҙ w "84Ϧιʔε͸ڞ༗Ͱ͖Δ΋ͷ͸ڞ ༗͢Δ %#͸ඞਢ  w 3PVUFͷ8FJHIUFE3PVUJOHΛར ༻ͯ͠ঃʑʹϦΫΤετΛྲྀ͠ࠐΉ w αʔϏεʹΑͬͯ͸3PVUFͰ͸ͳ ͘-#Λڞ௨Խͯ͠ɺ,VCFSOFUFT OPEFΛࠩ͠ସ͑Δํ๏Λ࢖༻ w ϊʔϝϯςͰ੾Γସ͑

  86. ϓϩδΣΫτ੒ޭͷཁҼ 86 w ؔΘͬͨ։ൃνʔϜͷ,VCFSOFUFT΁ͷҙཉ͕ߴ͍ w υΩϡϝϯτΛօͰฤू͠ͳ͕Β ৘ใަ׵Λີʹ͠ ͳ͕Β ਐΊͨ w

    ׬ᘳͰ͸ͳ͍υΩϡϝϯτ΋ϝϯόʔ͕ҙਤΛټΈ औͬͯཧղͯ͘͠Εͨ w ࠷ޙ·ͰϞνϕʔγϣϯ͕Լ͕Βͳ͔ͬͨ Ϛϧνςφϯτ͔Βγϯάϧςφϯτͳ&,4ʹҠߦ࣮ͨ͠ྫ

  87. ·ͱΊ ΠϯϑϥϦιʔεͷίʔυԽͱ,VCFSOFUFTͷγϯά ϧςφϯτԽͰαʔϏεͷӡ༻ίετΛ෼ࢄͤ͞Δ w ΠϯϑϥϦιʔεͷίʔυԽ͸ඞਢ w Ϋϥελӡ༻Λ͓·͔ͤ͢Δʹ͸γϯάϧςφϯτ͕͓͢͢Ί w Ϋϥελࣗମͷӡ༻ίετΛ཈͑Δʹ͸ϚωʔδυαʔϏεΛ͏·͘࢖͏ w

    ։ൃνʔϜʹ,VCFSOFUFTʹର͢Δߴ͍ҙཉ͕͋Δ͜ͱ͕ॏཁ 87 νʔϜͷߏ੒΍ਓ਺ʹΑͬͯ͜ͷํ๏͕Ϛον͢Δ͔ܾ·ΔͷͰ ৗʹͲ͏͢Δͷ͕ϕλʔͳͷ͔ߟ͑ͳ͕Βӡ༻͍ͯ͘͠ͷ͕ॏཁ

  88. 88 ΞΠσΞ΍ύογϣϯ΍εΩϧ͕͋Ε͹ͩΕͰ΋ɺ ϏδωεΛڧ͘εϚʔτʹҭͯΒΕΔϓϥοτϑΥʔϜ εϞʔϧϏδωεΛɺੈքͷओ໾ʹɻ