Getting Started With Amazon EC2 Container Service

Agenda Containers EC2 Container Service EC2 Container Registry Q&A

Containers

What are containers? App1 App2 Bins/Libs Bins/Libs OS virtualization Process isolation Images Automation

Container advantages App1 App2 Bins/Libs Bins/Libs Portable Flexible Fast Efficient

A container pipeline IT Operations Utilities Patches Base Image

A container pipeline IT Operations Base Image Ruby Redis Logger

A container pipeline IT Operations Developer App Base Image Ruby Redis Logger

A container pipeline IT Operations Developer App Patches Base Image Ruby Redis Logger

Managing one resource is straightforward App1 Bins/Libs App2 Bins/Libs

Managing one resource is straightforward App1 Bins/Libs App2 Bins/Libs $ docker run myimage

Managing a cluster is hard

EC2 Container Service

Cluster Management Made Easy No cluster software to install and manage Manages cluster state Manages containers Control and monitoring Scale from one to tens of thousands of containers

Flexible Scheduling Optimal instance placement Integrate custom or 3 rd party scheduler

Integrated and Extensible Integrated with existing AWS services such as IAM roles and security groups Extensible through powerful APIs Use your own scheduler Connect with existing software delivery process

Designed for use with other AWS services Elastic Load Balancing Amazon Elastic Block Store Amazon Virtual Private Cloud AWS Identity and Access Management (IAM) AWS CloudTrail

Security Isolation boundaries through EC2 instances VPC only Security Group and IAM roles support

Performance at Scale Building block for distributed applications Coordinates and automates container deployment Launch thousands of containers in seconds

Scalable

Pattern 1: Services and applications Any app, any language Image is the version Simplified deployments Phong Nguyen, Founder at Gilt Groupe, said, "As we Dockerize all our services, it is very important for us to have a platform that can help us speed up deployments, automate our services, and gain greater efficiencies. The new service scheduler and ELB integration make Amazon ECS an excellent platform for our services.

Monolith development lifecycle build test release developers app delivery pipeline

Micro service development lifecycle build test release build test release build test release build test release build test release developers services build test delivery pipelines release

Pattern 2: Batch jobs Share resource pools Ideal for bursty jobs Spot instances We required a solution on which we could securely and efficiently deploy Docker containers to encapsulate learner programming assignment submissions, said Brennan Saeta, Architect at Coursera. We are using Amazon EC2 Container Service to power our new programming assignments infrastructure for next-generation On-Demand course platform.

Key Components Docker Daemon Task Definitions Containers Service Clusters Container Instances

Key components: container instances Amazon EC2 instances Docker daemon Amazon ECS agent

Key Components: Clusters Regional Resource pool Grouping of container instances Start empty, dynamically scalable

Key components: task definitions Volume definitions Container definitions

Key components: task definitions Shared data volume PHP app Time of day app

Key components: task definitions { "environment": [], "name": "simple-demo", "image": "my-demo", "cpu": 10, "memory": 500, "portmappings": [ { "containerport": 80, "hostport": 80 } ], "mountpoints": [ { "sourcevolume": "my-vol", "containerpath": "/var/www/myvol" }, } ], "entrypoint": [ "/usr/sbin/apache2", "-D", "FOREGROUND" ], "essential": true { "name": "busybox", "image": "busybox", "cpu": 10, "memory": 500, "volumesfrom": [ { "sourcecontainer": "simple-demo" } ], "entrypoint": [ "sh", "-c" ], "command": [ "/bin/sh -c \"while true; do /bin/date > /var/www/my-vol/date; sleep 1; done\"" ], "essential": false }

Key components: task definitions { "environment": [], "name": "simple-demo", "image": amazon/amazon-ecs-sample", "cpu": 10, "memory": 500, "portmappings": [ { "containerport": 80, "hostport": 80 } ], "mountpoints": [ { "sourcevolume": "my-vol", "containerpath": "/var/www/myvol" }, } ], "entrypoint": [ "/usr/sbin/apache2", "-D", "FOREGROUND" ], "essential": true [ ] { } "image": "mysql", "name": "db", "cpu": 500 megabytes 10, of memory "memory": 500, "essential": true, Expose port 80 in container "entrypoint": [ to "/entrypoint.sh" port 80 on host ], "environment": [ { Create "name": and "MYSQL_ROOT_PASSWORD", mount volumes "value": "pass" } ], "portmappings": [] 10 CPU Units (1024 is full CPU), Essential to our task

Key components: task definitions [ { "image": "tutum/wordpress-stackable", "name": "wordpress", "cpu": 10, "memory": 500, "essential": true, "links": [ "db" ], "entrypoint": [ "/bin/sh", "-c" ], "environment": [ ], "portmappings": [ { "containerport": 80, "hostport": 80 } ] }, ] From Docker Hub Mount volume from other container Command to exec { "name": "busybox", "image": "busybox", "cpu": 10, "memory": 500, "volumesfrom": [ { "sourcecontainer": "simple-demo" } ], "entrypoint": [ "sh", "-c" ], "command": [ "/bin/sh -c \"while true; do /bin/date > /var/www/my-vol/date; sleep 1; done\"" ], "essential": false }

Key components: tasks Shared data volume PHP app Time of day app Schedule Container Instance

Key Components: tasks Unit of work Grouping of related containers Run on container instances

Key Components: Run a task Good for short-lived containers, e.g. batch jobs

Key components: Create a service Good for longrunning applications and services

Key components: Create a service Load balance traffic across containers Automatically recover unhealthy containers Discover services Elastic Load Balancing

Key components: Update a service Scale up Scale down Elastic Load Balancing

Key components: Update a service Deploy a new version Drain connections Elastic Load Balancing

Key components: Deploy a service Define two ECS services Each service is associated w/ ELB Both ELBs in Route 53 record set with weighted routing policy, 100% Primary, 0% Secondary Deploy to Blue or Green service and switch weights Route 53 record set with weighted routing policy 100% Task 0% Task

Architecture

Typical user workflow I want to run a service.

Typical user workflow Run Instances Amazon EC2 Use custom AMI with Docker support and ECS agent. Instances register with default cluster.

Typical user workflow Create Task Definition Declare resource requirements for containers

Typical user workflow Create Service Elastic Load Balancing X 5 Declare resource requirements for service

Typical user workflow Describe Service

EC2 Container Registry

Amazon EC2 Container Registry Private Docker Repository v2 Docker Registry AWS Identity and Access Management (IAM) and AWS Auth integration Low latency push, pulls, and inspection Alternatives: DockerHub Docker Trusted Registry

Benefits Fully managed Secure Highly available Simplified workflow

Fully Managed No registry software to install and manage Hundreds of concurrent pulls

Secure IAM resource-based policies Transfer via HTTPS Image encryption at rest

Highly Available Backed by Amazon S3 Images redundantly stored across multiple facilities and multiple devices in each facility

Simplified Workflow Tight integration with Amazon ECS Use Docker CLI commands (e.g., push, pull, list, tag)

Additional Resources Setup, Monitoring & Discovery ECS CloudFormation template - http://amzn.to/1kh51m5 ECS CloudWatch metrics - http://amzn.to/1pur7ou Monitoring ECS with Datadog - http://bit.ly/1r723lm Monitoring Amazon ECS with Sysdig - http://bit.ly/1jrmvvd Scaling with CloudWatch Alarms - http://amzn.to/1ort06b Service discovery with Weaveworks - http://bit.ly/1lkrjj9 Service discovery with Consul - http://amzn.to/1jzl5gz

Demo