Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2...
Transcript of Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2...
©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved
Getting Started With Amazon EC2
Container Service Emeka Igbokwe
Solution Architect
Agenda
• Containers
• EC2 Container Service
• EC2 Container Registry
• Q&A
Containers
What are containers?
• OS virtualization
• Process isolation
• Images
• Automation Server
Guest OS
Bins/Libs Bins/Libs
App2App1
Container advantages
• Portable
• Flexible
• Fast
• EfficientServer
Guest OS
Bins/Libs Bins/Libs
App2App1
A container pipeline
IT Operations
Base
Image
PatchesUtilities
A container pipeline
IT Operations
Base
Image
Ruby Redis Logger
A container pipeline
IT Operations Developer
Base
Image
App
Ruby Redis Logger
A container pipeline
IT Operations Developer
Base
Image
App
Ruby Redis Logger
A container pipeline
IT Operations Developer
Base
Image
Patches
App
Ruby Redis Logger
Server
Guest OS
Bins/Libs Bins/Libs
App2App1
Managing one resource is straightforward
Server
Guest OS
Bins/Libs Bins/Libs
App2App1
Managing one resource is straightforward
$ docker run myimage
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Managing a cluster is hard
EC2 Container Service
Cluster Management Made Easy
• No cluster software to install and manage
• Manages cluster state
• Manages containers
• Control and monitoring
• Scale from one to tens of thousands of
containers
Flexible Scheduling
• Optimal instance placement
• Integrate custom or 3rd party scheduler
Integrated and Extensible
• Integrated with existing AWS
services such as IAM roles and
security groups
• Extensible through powerful APIs
– Use your own scheduler
– Connect with existing software
delivery process
Designed for use with other AWS services
• Elastic Load Balancing
• Amazon Elastic Block Store
• Amazon Virtual Private
Cloud
• AWS Identity and Access
Management (IAM)
• AWS CloudTrail
Security
• Isolation boundaries through EC2
instances
• VPC only
• Security Group and IAM roles support
Performance at Scale
• Building block for distributed applications
• Coordinates and automates container deployment
• Launch thousands of containers in seconds
Scalable
Pattern 1: Services and applications
• Any app, any language
• Image is the version
• Simplified deployments
Phong Nguyen, Founder at Gilt
Groupe, said, "As we Dockerize
all our services, it is very
important for us to have a
platform that can help us speed
up deployments, automate our
services, and gain greater
efficiencies. The new service
scheduler and ELB integration
make Amazon ECS an excellent
platform for our services.”
Monolith development lifecycle
developers
releasetestbuild
delivery pipelineapp
Micro service development lifecycle
developers delivery pipelinesservices
releasetestbuild
releasetestbuild
releasetestbuild
releasetestbuild
releasetestbuild
releasetestbuild
Pattern 2: Batch jobs
• Share resource pools
• Ideal for bursty jobs
• Spot instances
“We required a solution on which
we could securely and efficiently
deploy Docker containers to
encapsulate learner
programming assignment
submissions,” said Brennan
Saeta, Architect at Coursera. “We
are using Amazon EC2 Container
Service to power our new
programming assignments
infrastructure for next-generation
On-Demand course platform.”
Key Components
• Docker Daemon
• Task Definitions
• Containers
• Service
• Clusters
• Container Instances
Amazon EC2 instances
Docker daemon
Amazon ECS agent
Key components: container instances
Regional
Resource pool
Grouping of container instances
Start empty, dynamically scalable
Key Components: Clusters
Key components: task definitions
Volume definitions
Container definitions
Key components: task definitions
Shared data volume
PHP appTime of day
app
Key components: task definitions{
"environment": [],
"name": "simple-demo",
"image": "my-demo",
"cpu": 10,
"memory": 500,
"portMappings": [
{
"containerPort": 80,
"hostPort": 80
}
],
"mountPoints": [
{
"sourceVolume": "my-vol",
"containerPath": "/var/www/my-
vol"
}
],
"entryPoint": [
"/usr/sbin/apache2",
"-D",
"FOREGROUND"
],
"essential": true
},
{
"name": "busybox",
"image": "busybox",
"cpu": 10,
"memory": 500,
"volumesFrom": [
{
"sourceContainer": "simple-demo"
}
],
"entryPoint": [
"sh",
"-c"
],
"command": [
"/bin/sh -c \"while true; do
/bin/date > /var/www/my-vol/date; sleep 1; done\""
],
"essential": false
}
{
"environment": [],
"name": "simple-demo",
"image": “amazon/amazon-ecs-sample",
"cpu": 10,
"memory": 500,
"portMappings": [
{
"containerPort": 80,
"hostPort": 80
}
],
"mountPoints": [
{
"sourceVolume": "my-vol",
"containerPath": "/var/www/my-
vol"
}
],
"entryPoint": [
"/usr/sbin/apache2",
"-D",
"FOREGROUND"
],
"essential": true
},
Key components: task definitions[
{
"image": "mysql",
"name": "db",
"cpu": 10,
"memory": 500,
"essential": true,
"entryPoint": [
"/entrypoint.sh"
],
"environment": [
{
"name": "MYSQL_ROOT_PASSWORD",
"value": "pass"
}
],
"portMappings": []
}
]
Essential to our task
Create and mount volumes
Expose port 80 in container
to port 80 on host
10 CPU Units (1024 is full CPU),
500 megabytes of memory
{
"name": "busybox",
"image": "busybox",
"cpu": 10,
"memory": 500,
"volumesFrom": [
{
"sourceContainer": "simple-demo"
}
],
"entryPoint": [
"sh",
"-c"
],
"command": [
"/bin/sh -c \"while true; do
/bin/date > /var/www/my-vol/date; sleep 1; done\""
],
"essential": false
}
Key components: task definitions[
{
"image": "tutum/wordpress-stackable",
"name": "wordpress",
"cpu": 10,
"memory": 500,
"essential": true,
"links": [
"db"
],
"entryPoint": [
"/bin/sh",
"-c"
],
"environment": [
…
],
"portMappings": [
{
"containerPort": 80,
"hostPort": 80
}
]
},
]
From Docker Hub
Mount volume from other container
Command to exec
Key components: tasks
Container
Instance
Schedule
Shared data volume
PHP appTime of day
app
Unit of work
Grouping of related containers
Run on container instances
Key Components: tasks
Key Components: Run a task
Good for short-lived
containers, e.g.
batch jobs
Key components: Create a service
Good for long-
running applications
and services
Key components: Create a service
• Load balance traffic across containers
• Automatically recover unhealthy containers
• Discover services
Elastic Load Balancing
Key components: Update a service
• Scale up
• Scale down
Elastic Load Balancing
Key components: Update a service
• Deploy a new version
• Drain connections
Elastic Load Balancing
Key components: Update a service
• Deploy a new version
• Drain connections
Elastic Load Balancing
Key components: Update a service
• Deploy a new version
• Drain connections
Elastic Load Balancing
Key components: Deploy a service
• Define two ECS services
• Each service is associated w/ ELB
• Both ELBs in Route 53 record set
with weighted routing policy, 100%
Primary, 0% Secondary
• Deploy to Blue or Green service and
switch weights TaskTask
Route 53
record set
with
weighted
routing
policy
0%
100%
Architecture
Typical user workflow
I want to run a service.
Typical user workflow
Run Instances
Amazon EC2
Use custom AMI with
Docker support and
ECS agent.
Instances register
with default cluster.
Typical user workflow
Create Task Definition
Declare resource
requirements for
containers
Typical user workflow
Create Service
Declare resource
requirements for
service
X 5
Elastic Load Balancing
Typical user workflow
Describe Service
EC2 Container Registry
Amazon EC2 Container Registry
• Private Docker Repository– v2 Docker Registry
– AWS Identity and Access Management (IAM) and AWS Auth
integration
– Low latency push, pulls, and inspection
• Alternatives: – DockerHub
– Docker Trusted Registry
Benefits
Fully managed Secure Highly available Simplified workflow
Fully Managed
• No registry software to install and manage
• Hundreds of concurrent pulls
Secure
• IAM resource-based policies
• Transfer via HTTPS
• Image encryption at rest
Highly Available
• Backed by Amazon S3
• Images redundantly stored
across multiple facilities and
multiple devices in each facility
Simplified Workflow
• Tight integration with Amazon ECS
• Use Docker CLI commands (e.g.,
push, pull, list, tag)
Additional Resources
• Setup, Monitoring & Discovery
ECS CloudFormation template - http://amzn.to/1KH51m5
ECS CloudWatch metrics - http://amzn.to/1PUR7OU
Monitoring ECS with Datadog - http://bit.ly/1R723Lm
Monitoring Amazon ECS with Sysdig - http://bit.ly/1jrmvvD
Scaling with CloudWatch Alarms - http://amzn.to/1ORt06b
Service discovery with Weaveworks - http://bit.ly/1LkRjJ9
Service discovery with Consul - http://amzn.to/1JZL5gz
Demo
©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved
Q&A