Getting Started With Amazon EC2 Container Service Emeka Igbokwe Solution Architect 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved
Agenda Containers EC2 Container Service EC2 Container Registry Q&A
Containers
What are containers? App1 App2 Bins/Libs Bins/Libs OS virtualization Process isolation Images Automation
Container advantages App1 App2 Bins/Libs Bins/Libs Portable Flexible Fast Efficient
A container pipeline IT Operations Utilities Patches Base Image
A container pipeline IT Operations Base Image Ruby Redis Logger
A container pipeline IT Operations Developer App Base Image Ruby Redis Logger
A container pipeline IT Operations Developer App Base Image Ruby Redis Logger
A container pipeline IT Operations Developer App Patches Base Image Ruby Redis Logger
Managing one resource is straightforward App1 Bins/Libs App2 Bins/Libs
Managing one resource is straightforward App1 Bins/Libs App2 Bins/Libs $ docker run myimage
Managing a cluster is hard
EC2 Container Service
Cluster Management Made Easy No cluster software to install and manage Manages cluster state Manages containers Control and monitoring Scale from one to tens of thousands of containers
Flexible Scheduling Optimal instance placement Integrate custom or 3 rd party scheduler
Integrated and Extensible Integrated with existing AWS services such as IAM roles and security groups Extensible through powerful APIs Use your own scheduler Connect with existing software delivery process
Designed for use with other AWS services Elastic Load Balancing Amazon Elastic Block Store Amazon Virtual Private Cloud AWS Identity and Access Management (IAM) AWS CloudTrail
Security Isolation boundaries through EC2 instances VPC only Security Group and IAM roles support
Performance at Scale Building block for distributed applications Coordinates and automates container deployment Launch thousands of containers in seconds
Scalable
Pattern 1: Services and applications Any app, any language Image is the version Simplified deployments Phong Nguyen, Founder at Gilt Groupe, said, "As we Dockerize all our services, it is very important for us to have a platform that can help us speed up deployments, automate our services, and gain greater efficiencies. The new service scheduler and ELB integration make Amazon ECS an excellent platform for our services.
Monolith development lifecycle build test release developers app delivery pipeline
Micro service development lifecycle build test release build test release build test release build test release build test release developers services build test delivery pipelines release
Pattern 2: Batch jobs Share resource pools Ideal for bursty jobs Spot instances We required a solution on which we could securely and efficiently deploy Docker containers to encapsulate learner programming assignment submissions, said Brennan Saeta, Architect at Coursera. We are using Amazon EC2 Container Service to power our new programming assignments infrastructure for next-generation On-Demand course platform.
Key Components Docker Daemon Task Definitions Containers Service Clusters Container Instances
Key components: container instances Amazon EC2 instances Docker daemon Amazon ECS agent
Key Components: Clusters Regional Resource pool Grouping of container instances Start empty, dynamically scalable
Key components: task definitions Volume definitions Container definitions
Key components: task definitions Shared data volume PHP app Time of day app
Key components: task definitions { "environment": [], "name": "simple-demo", "image": "my-demo", "cpu": 10, "memory": 500, "portmappings": [ { "containerport": 80, "hostport": 80 } ], "mountpoints": [ { "sourcevolume": "my-vol", "containerpath": "/var/www/myvol" }, } ], "entrypoint": [ "/usr/sbin/apache2", "-D", "FOREGROUND" ], "essential": true { "name": "busybox", "image": "busybox", "cpu": 10, "memory": 500, "volumesfrom": [ { "sourcecontainer": "simple-demo" } ], "entrypoint": [ "sh", "-c" ], "command": [ "/bin/sh -c \"while true; do /bin/date > /var/www/my-vol/date; sleep 1; done\"" ], "essential": false }
Key components: task definitions { "environment": [], "name": "simple-demo", "image": amazon/amazon-ecs-sample", "cpu": 10, "memory": 500, "portmappings": [ { "containerport": 80, "hostport": 80 } ], "mountpoints": [ { "sourcevolume": "my-vol", "containerpath": "/var/www/myvol" }, } ], "entrypoint": [ "/usr/sbin/apache2", "-D", "FOREGROUND" ], "essential": true [ ] { } "image": "mysql", "name": "db", "cpu": 500 megabytes 10, of memory "memory": 500, "essential": true, Expose port 80 in container "entrypoint": [ to "/entrypoint.sh" port 80 on host ], "environment": [ { Create "name": and "MYSQL_ROOT_PASSWORD", mount volumes "value": "pass" } ], "portmappings": [] 10 CPU Units (1024 is full CPU), Essential to our task
Key components: task definitions [ { "image": "tutum/wordpress-stackable", "name": "wordpress", "cpu": 10, "memory": 500, "essential": true, "links": [ "db" ], "entrypoint": [ "/bin/sh", "-c" ], "environment": [ ], "portmappings": [ { "containerport": 80, "hostport": 80 } ] }, ] From Docker Hub Mount volume from other container Command to exec { "name": "busybox", "image": "busybox", "cpu": 10, "memory": 500, "volumesfrom": [ { "sourcecontainer": "simple-demo" } ], "entrypoint": [ "sh", "-c" ], "command": [ "/bin/sh -c \"while true; do /bin/date > /var/www/my-vol/date; sleep 1; done\"" ], "essential": false }
Key components: tasks Shared data volume PHP app Time of day app Schedule Container Instance
Key Components: tasks Unit of work Grouping of related containers Run on container instances
Key Components: Run a task Good for short-lived containers, e.g. batch jobs
Key components: Create a service Good for longrunning applications and services
Key components: Create a service Load balance traffic across containers Automatically recover unhealthy containers Discover services Elastic Load Balancing
Key components: Update a service Scale up Scale down Elastic Load Balancing
Key components: Update a service Deploy a new version Drain connections Elastic Load Balancing
Key components: Update a service Deploy a new version Drain connections Elastic Load Balancing
Key components: Update a service Deploy a new version Drain connections Elastic Load Balancing
Key components: Deploy a service Define two ECS services Each service is associated w/ ELB Both ELBs in Route 53 record set with weighted routing policy, 100% Primary, 0% Secondary Deploy to Blue or Green service and switch weights Route 53 record set with weighted routing policy 100% Task 0% Task
Architecture
Typical user workflow I want to run a service.
Typical user workflow Run Instances Amazon EC2 Use custom AMI with Docker support and ECS agent. Instances register with default cluster.
Typical user workflow Create Task Definition Declare resource requirements for containers
Typical user workflow Create Service Elastic Load Balancing X 5 Declare resource requirements for service
Typical user workflow Describe Service
EC2 Container Registry
Amazon EC2 Container Registry Private Docker Repository v2 Docker Registry AWS Identity and Access Management (IAM) and AWS Auth integration Low latency push, pulls, and inspection Alternatives: DockerHub Docker Trusted Registry
Benefits Fully managed Secure Highly available Simplified workflow
Fully Managed No registry software to install and manage Hundreds of concurrent pulls
Secure IAM resource-based policies Transfer via HTTPS Image encryption at rest
Highly Available Backed by Amazon S3 Images redundantly stored across multiple facilities and multiple devices in each facility
Simplified Workflow Tight integration with Amazon ECS Use Docker CLI commands (e.g., push, pull, list, tag)
Additional Resources Setup, Monitoring & Discovery ECS CloudFormation template - http://amzn.to/1kh51m5 ECS CloudWatch metrics - http://amzn.to/1pur7ou Monitoring ECS with Datadog - http://bit.ly/1r723lm Monitoring Amazon ECS with Sysdig - http://bit.ly/1jrmvvd Scaling with CloudWatch Alarms - http://amzn.to/1ort06b Service discovery with Weaveworks - http://bit.ly/1lkrjj9 Service discovery with Consul - http://amzn.to/1jzl5gz
Demo
Q&A 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved