[ad_1]
|
Beginning in the present day, you may deploy functions that use IPv6 handle house on Amazon Elastic Kubernetes Service (EKS).
Lots of our clients are standardizing Kubernetes as their compute infrastructure platform for cloud and on-premises functions. Amazon EKS makes it straightforward to deploy containerized workloads. It supplies extremely accessible clusters and automates duties equivalent to patching, node provisioning, and updates.
Kubernetes makes use of a flat networking mannequin that requires every pod to obtain an IP handle. This simplified strategy permits low-friction porting of functions from digital machines to containers however requires a big variety of IP addresses that many non-public VPC IPv4 networks usually are not geared up to deal with. Some cluster directors work round this IPv4 house limitation by putting in container community plugins (CNI) that virtualize IP addresses a layer above the VPC, however this structure limits an administrator’s capability to successfully observe and troubleshoot functions and has a unfavourable impression on community efficiency at scale. Additional, to speak with web providers exterior the VPC, visitors from IPv4 pods is routed by a number of community hops earlier than reaching its vacation spot, which provides latency and places a pressure on community engineering groups who want to take care of advanced routing setups.
To keep away from IP handle exhaustion, decrease latency at scale, and simplify routing configuration, the answer is to make use of IPv6 handle house.
IPv6 is just not new. In 1996, I purchased my first guide on “IPng, Web Protocol Subsequent Technology”, because it was known as 25 years in the past. It supplies a 64-bit handle house, permitting 3.4 x 10^38 doable IP addresses for our gadgets, servers, or containers. We might assign an IPv6 handle to each atom on the floor of the planet and nonetheless have sufficient addresses left to do one other 100-plus Earths.
There are a number of benefits to utilizing Amazon EKS clusters with an IPv6 community. First, you may run extra pods on one single host or subnet with out the danger of exhausting all accessible IPv4 addresses accessible in your VPC. Second, it permits for lower-latency communications with different IPv6 providers, operating on-premises, on AWS, or on the web, by avoiding an additional NAT hop. Third, it relieves community engineers of the burden of sustaining advanced routing configurations.
Kubernetes cluster directors can give attention to migrating and scaling functions with out spending efforts working round IPv4 limits. Lastly, pod networking is configured in order that the pods can talk with IPv4-based functions exterior the cluster, permitting you to undertake the advantages of IPv6 on Amazon EKS with out requiring that each one dependent providers deployed throughout your group are first migrated to IPv6.
As standard, I constructed a brief demo to indicate you the way it works.
How It Works
Earlier than I get began, I create an IPv6 VPC. I take advantage of this CDK script to create an IPv6-enabled VPC in a couple of minutes (thanks Angus Lees for the code). Simply set up CDK v2 (npm set up -g aws-cdk@subsequent) and deploy the stack (cdk bootstrap && cdk deploy).
When the VPC with IPv6 is created, I take advantage of the console to configure auto-assignment of IPv6 addresses to sources deployed within the public subnets (I do that for every public subnet).
I be aware of the subnet IDs created by the CDK script above (they’re listed within the output of the script) and outline a few variables I’ll use all through the demo. I additionally create a cluster IAM function and a node IAM function, as described within the Amazon EKS documentation. When you have already got clusters deployed, these two roles exist already.
I open a Terminal and kind:
CLUSTER_ROLE_ARN="arn:aws:iam::0123456789:function/EKSClusterRole"
NODE_ROLE_ARN="arn:aws:iam::0123456789:function/EKSNodeRole"
SUBNET1="subnet-06000a8"
SUBNET2="subnet-03000cc"
CLUSTER_NAME="AWSNewsBlog"
KEYPAIR_NAME="my-key-pair-name"Subsequent, I create an Amazon EKS IPv6 cluster. In a terminal, I kind:
aws eks create-cluster --cli-input-json "{
"identify": "${CLUSTER_NAME}",
"model": "1.21",
"roleArn": "${CLUSTER_ROLE_ARN}",
"resourcesVpcConfig": {
"subnetIds": [
"${SUBNET1}", "${SUBNET2}"
],
"endpointPublicAccess": true,
"endpointPrivateAccess": true
},
"kubernetesNetworkConfig": {
"ipFamily": "ipv6"
}
}"
{
"cluster": {
"identify": "AWSNewsBlog",
"arn": "arn:aws:eks:us-west-2:486652066693:cluster/AWSNewsBlog",
"createdAt": "2021-11-02T17:29:32.989000+01:00",
"model": "1.21",
...redacted for brevity...
"standing": "CREATING",
"certificateAuthority": {},
"platformVersion": "eks.4",
"tags": {}
}
}
I take advantage of the describe-cluster whereas ready for the cluster to be created. When the cluster is prepared, it has "standing" : "ACTIVE"
aws eks describe-cluster --name "${CLUSTER_NAME}"
Then I create a node group:
aws eks create-nodegroup
--cluster-name ${CLUSTER_NAME}
--nodegroup-name AWSNewsBlog-nodegroup
--node-role ${NODE_ROLE_ARN}
--subnets "${SUBNET1}" "${SUBNET2}"
--remote-access ec2SshKey=${KEYPAIR_NAME}
{
"nodegroup": {
"nodegroupName": "AWSNewsBlog-nodegroup",
"nodegroupArn": "arn:aws:eks:us-west-2:0123456789:nodegroup/AWSNewsBlog/AWSNewsBlog-nodegroup/3ebe70c7-6c45-d498-6d42-4001f70e7833",
"clusterName": "AWSNewsBlog",
"model": "1.21",
"releaseVersion": "1.21.4-20211101",
"standing": "CREATING",
"capacityType": "ON_DEMAND",
... redacted for brevity ...
}
As soon as the node group is created, I see two EC2 cases within the console. I take advantage of the AWS Command Line Interface (CLI) to confirm that the cases acquired an IPv6 handle:
aws ec2 describe-instances --query "Reservations[].Situations[? State.Name == 'running' ][].NetworkInterfaces[].Ipv6Addresses" --output textual content
2600:1f13:812:0000:0000:0000:0000:71eb
2600:1f13:812:0000:0000:0000:0000:3c07I take advantage of the kubectl command to confirm the cluster from a Kubernetes perspective.
kubectl get nodes -o huge
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
ip-10-0-0-108.us-west-2.compute.inside Prepared <none> 2d13h v1.21.4-eks-033ce7e 2600:1f13:812:0000:0000:0000:0000:2263 18.0.0.205 Amazon Linux 2 5.4.149-73.259.amzn2.x86_64 docker://20.10.7
ip-10-0-1-217.us-west-2.compute.inside Prepared <none> 2d13h v1.21.4-eks-033ce7e 2600:1f13:812:0000:0000:0000:0000:7f3e 52.0.0.122 Amazon Linux 2 5.4.149-73.259.amzn2.x86_64 docker://20.10.7Then I deploy a Pod. I observe these steps within the EKS documentation. It deploys a pattern nginx net server.
kubectl create namespace aws-news-blog
namespace/aws-news-blog created
# sample-service.yml is offered at https://docs.aws.amazon.com/eks/newest/userguide/sample-deployment.html
kubectl apply -f sample-service.yml
service/my-service created
deployment.apps/my-deployment created
kubectl get pods -n aws-news-blog -o huge
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
my-deployment-5dd5dfd6b9-7rllg 1/1 Operating 0 17m 2600:0000:0000:0000:405b::2 ip-10-0-1-217.us-west-2.compute.inside <none> <none>
my-deployment-5dd5dfd6b9-h6mrt 1/1 Operating 0 17m 2600:0000:0000:0000:46f9:: ip-10-0-0-108.us-west-2.compute.inside <none> <none>
my-deployment-5dd5dfd6b9-mrkfv 1/1 Operating 0 17m 2600:0000:0000:0000:46f9::1 ip-10-0-0-108.us-west-2.compute.inside <none> <none>
I be aware of the IPv6 handle of my pods, and attempt to join it from my laptop computer. As my superior service supplier doesn’t present me with an IPv6 at residence but, the connection fails. That is anticipated because the pods don’t have an IPv4 handle in any respect. Discover the -g possibility telling curl to not contemplate : within the IP handle because the separator for the port quantity and -6 to inform curl to attach by IPv6 solely (required once you present curl with a DNS hostname).
curl -g -6 http://[2600:0000:0000:35000000:46f9::1]
curl: (7) Could not hook up with serverTo check IPv6 connectivity, I begin a twin stack (IPv4 and IPv6) EC2 occasion in the identical VPC because the cluster. I SSH hook up with the occasion and take a look at the curl command once more. I see I obtain the default HTML web page served by nginx. IPv6 connectivity to the pod works!
curl -g -6 http://[2600:0000:0000:35000000:46f9::1]
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
... redacted for brevity ...
<p><em>Thanks for utilizing nginx.</em></p>
</physique>
</html>If it doesn’t be just right for you, confirm the three parameters to allow web entry for a subnet : does your VPC has an Web Gateway? Does the routing desk connected to the subnet has a default path to the Web Gateway? Does the safety group for the cluster EC2 nodes has a rule permitting incoming connections on port TCP 80 from ::/0? The Web Gateway and the routing desk are robotically configured by the CDK script I supplied as a part of this demo.
A Few Issues to Bear in mind
Earlier than I wrap up, I’d prefer to reply some frequent questions acquired from clients who’ve already experimented with this new functionality:
Pricing and Availability
IPv6 help on your Amazon Elastic Kubernetes Service (EKS) cluster is offered in the present day in all AWS Areas the place Amazon EKS is offered, at no extra price.
Go attempt it out and construct your first IPv6 cluster in the present day.
[ad_2]
