getting started with amazon ec2 container servicefiles.meetup.com/19647895/aws ec2...

59
©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved Getting Started With Amazon EC2 Container Service Emeka Igbokwe Solution Architect

Upload: others

Post on 20-May-2020

35 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved

Getting Started With Amazon EC2

Container Service Emeka Igbokwe

Solution Architect

Page 2: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Agenda

• Containers

• EC2 Container Service

• EC2 Container Registry

• Q&A

Page 3: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Containers

Page 4: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

What are containers?

• OS virtualization

• Process isolation

• Images

• Automation Server

Guest OS

Bins/Libs Bins/Libs

App2App1

Page 5: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Container advantages

• Portable

• Flexible

• Fast

• EfficientServer

Guest OS

Bins/Libs Bins/Libs

App2App1

Page 6: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

A container pipeline

IT Operations

Base

Image

PatchesUtilities

Page 7: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

A container pipeline

IT Operations

Base

Image

Ruby Redis Logger

Page 8: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

A container pipeline

IT Operations Developer

Base

Image

App

Ruby Redis Logger

Page 9: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

A container pipeline

IT Operations Developer

Base

Image

App

Ruby Redis Logger

Page 10: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

A container pipeline

IT Operations Developer

Base

Image

Patches

App

Ruby Redis Logger

Page 11: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Server

Guest OS

Bins/Libs Bins/Libs

App2App1

Managing one resource is straightforward

Page 12: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Server

Guest OS

Bins/Libs Bins/Libs

App2App1

Managing one resource is straightforward

$ docker run myimage

Page 13: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Managing a cluster is hard

Page 14: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

EC2 Container Service

Page 15: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Cluster Management Made Easy

• No cluster software to install and manage

• Manages cluster state

• Manages containers

• Control and monitoring

• Scale from one to tens of thousands of

containers

Page 16: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Flexible Scheduling

• Optimal instance placement

• Integrate custom or 3rd party scheduler

Page 17: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Integrated and Extensible

• Integrated with existing AWS

services such as IAM roles and

security groups

• Extensible through powerful APIs

– Use your own scheduler

– Connect with existing software

delivery process

Page 18: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Designed for use with other AWS services

• Elastic Load Balancing

• Amazon Elastic Block Store

• Amazon Virtual Private

Cloud

• AWS Identity and Access

Management (IAM)

• AWS CloudTrail

Page 19: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Security

• Isolation boundaries through EC2

instances

• VPC only

• Security Group and IAM roles support

Page 20: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Performance at Scale

• Building block for distributed applications

• Coordinates and automates container deployment

• Launch thousands of containers in seconds

Page 21: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Scalable

Page 22: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Pattern 1: Services and applications

• Any app, any language

• Image is the version

• Simplified deployments

Phong Nguyen, Founder at Gilt

Groupe, said, "As we Dockerize

all our services, it is very

important for us to have a

platform that can help us speed

up deployments, automate our

services, and gain greater

efficiencies. The new service

scheduler and ELB integration

make Amazon ECS an excellent

platform for our services.”

Page 23: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Monolith development lifecycle

developers

releasetestbuild

delivery pipelineapp

Page 24: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Micro service development lifecycle

developers delivery pipelinesservices

releasetestbuild

releasetestbuild

releasetestbuild

releasetestbuild

releasetestbuild

releasetestbuild

Page 25: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Pattern 2: Batch jobs

• Share resource pools

• Ideal for bursty jobs

• Spot instances

“We required a solution on which

we could securely and efficiently

deploy Docker containers to

encapsulate learner

programming assignment

submissions,” said Brennan

Saeta, Architect at Coursera. “We

are using Amazon EC2 Container

Service to power our new

programming assignments

infrastructure for next-generation

On-Demand course platform.”

Page 26: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Key Components

• Docker Daemon

• Task Definitions

• Containers

• Service

• Clusters

• Container Instances

Page 27: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Amazon EC2 instances

Docker daemon

Amazon ECS agent

Key components: container instances

Page 28: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Regional

Resource pool

Grouping of container instances

Start empty, dynamically scalable

Key Components: Clusters

Page 29: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Key components: task definitions

Volume definitions

Container definitions

Page 30: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Key components: task definitions

Shared data volume

PHP appTime of day

app

Page 31: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Key components: task definitions{

"environment": [],

"name": "simple-demo",

"image": "my-demo",

"cpu": 10,

"memory": 500,

"portMappings": [

{

"containerPort": 80,

"hostPort": 80

}

],

"mountPoints": [

{

"sourceVolume": "my-vol",

"containerPath": "/var/www/my-

vol"

}

],

"entryPoint": [

"/usr/sbin/apache2",

"-D",

"FOREGROUND"

],

"essential": true

},

{

"name": "busybox",

"image": "busybox",

"cpu": 10,

"memory": 500,

"volumesFrom": [

{

"sourceContainer": "simple-demo"

}

],

"entryPoint": [

"sh",

"-c"

],

"command": [

"/bin/sh -c \"while true; do

/bin/date > /var/www/my-vol/date; sleep 1; done\""

],

"essential": false

}

Page 32: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

{

"environment": [],

"name": "simple-demo",

"image": “amazon/amazon-ecs-sample",

"cpu": 10,

"memory": 500,

"portMappings": [

{

"containerPort": 80,

"hostPort": 80

}

],

"mountPoints": [

{

"sourceVolume": "my-vol",

"containerPath": "/var/www/my-

vol"

}

],

"entryPoint": [

"/usr/sbin/apache2",

"-D",

"FOREGROUND"

],

"essential": true

},

Key components: task definitions[

{

"image": "mysql",

"name": "db",

"cpu": 10,

"memory": 500,

"essential": true,

"entryPoint": [

"/entrypoint.sh"

],

"environment": [

{

"name": "MYSQL_ROOT_PASSWORD",

"value": "pass"

}

],

"portMappings": []

}

]

Essential to our task

Create and mount volumes

Expose port 80 in container

to port 80 on host

10 CPU Units (1024 is full CPU),

500 megabytes of memory

Page 33: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

{

"name": "busybox",

"image": "busybox",

"cpu": 10,

"memory": 500,

"volumesFrom": [

{

"sourceContainer": "simple-demo"

}

],

"entryPoint": [

"sh",

"-c"

],

"command": [

"/bin/sh -c \"while true; do

/bin/date > /var/www/my-vol/date; sleep 1; done\""

],

"essential": false

}

Key components: task definitions[

{

"image": "tutum/wordpress-stackable",

"name": "wordpress",

"cpu": 10,

"memory": 500,

"essential": true,

"links": [

"db"

],

"entryPoint": [

"/bin/sh",

"-c"

],

"environment": [

],

"portMappings": [

{

"containerPort": 80,

"hostPort": 80

}

]

},

]

From Docker Hub

Mount volume from other container

Command to exec

Page 34: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Key components: tasks

Container

Instance

Schedule

Shared data volume

PHP appTime of day

app

Page 35: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Unit of work

Grouping of related containers

Run on container instances

Key Components: tasks

Page 36: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Key Components: Run a task

Good for short-lived

containers, e.g.

batch jobs

Page 37: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Key components: Create a service

Good for long-

running applications

and services

Page 38: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Key components: Create a service

• Load balance traffic across containers

• Automatically recover unhealthy containers

• Discover services

Elastic Load Balancing

Page 39: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Key components: Update a service

• Scale up

• Scale down

Elastic Load Balancing

Page 40: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Key components: Update a service

• Deploy a new version

• Drain connections

Elastic Load Balancing

Page 41: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Key components: Update a service

• Deploy a new version

• Drain connections

Elastic Load Balancing

Page 42: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Key components: Update a service

• Deploy a new version

• Drain connections

Elastic Load Balancing

Page 43: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Key components: Deploy a service

• Define two ECS services

• Each service is associated w/ ELB

• Both ELBs in Route 53 record set

with weighted routing policy, 100%

Primary, 0% Secondary

• Deploy to Blue or Green service and

switch weights TaskTask

Route 53

record set

with

weighted

routing

policy

0%

100%

Page 44: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Architecture

Page 45: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Typical user workflow

I want to run a service.

Page 46: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Typical user workflow

Run Instances

Amazon EC2

Use custom AMI with

Docker support and

ECS agent.

Instances register

with default cluster.

Page 47: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Typical user workflow

Create Task Definition

Declare resource

requirements for

containers

Page 48: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Typical user workflow

Create Service

Declare resource

requirements for

service

X 5

Elastic Load Balancing

Page 49: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Typical user workflow

Describe Service

Page 50: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

EC2 Container Registry

Page 51: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Amazon EC2 Container Registry

• Private Docker Repository– v2 Docker Registry

– AWS Identity and Access Management (IAM) and AWS Auth

integration

– Low latency push, pulls, and inspection

• Alternatives: – DockerHub

– Docker Trusted Registry

Page 52: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Benefits

Fully managed Secure Highly available Simplified workflow

Page 53: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Fully Managed

• No registry software to install and manage

• Hundreds of concurrent pulls

Page 54: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Secure

• IAM resource-based policies

• Transfer via HTTPS

• Image encryption at rest

Page 55: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Highly Available

• Backed by Amazon S3

• Images redundantly stored

across multiple facilities and

multiple devices in each facility

Page 56: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Simplified Workflow

• Tight integration with Amazon ECS

• Use Docker CLI commands (e.g.,

push, pull, list, tag)

Page 57: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Additional Resources

• Setup, Monitoring & Discovery

ECS CloudFormation template - http://amzn.to/1KH51m5

ECS CloudWatch metrics - http://amzn.to/1PUR7OU

Monitoring ECS with Datadog - http://bit.ly/1R723Lm

Monitoring Amazon ECS with Sysdig - http://bit.ly/1jrmvvD

Scaling with CloudWatch Alarms - http://amzn.to/1ORt06b

Service discovery with Weaveworks - http://bit.ly/1LkRjJ9

Service discovery with Consul - http://amzn.to/1JZL5gz

Page 58: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

Demo

Page 59: Getting Started With Amazon EC2 Container Servicefiles.meetup.com/19647895/AWS EC2 Containers.pdf · deploy Docker containers to encapsulate learner programming assignment submissions,”

©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved

Q&A