AWS Community Day - Andrew May - Running Containers in AWS

Running
Containers in
AWS
ANDREW MAY
CLOUD SOLUTIONS LEAD
COLUMBUS
MEET-UP

Docker
Storage
ECR
Orchestration (Services)
Elastic Container
Service (ECS)
EC2 Fargate
EKS Elastic Beanstalk
Single Multi
Discovery
CloudMap AppMesh
Transient
AWS
Batch
CodeBuild

ECR Amazon Elastic Container Registry

Elastic Container Registry (ECR)
ECR is a Docker registry hosted within AWS in each region
◦ Images are stored close to where your containers will run
Images are secured using AWS IAM Policies
The Elastic Container Registry contains a Repository for each image
Lifecycle Policies can be used to clean up old versions of images
Login using AWS CLI, use standard Docker commands to pull and push
Image names are prefixed by ECR Repository URL
(<account>.dkr.ecr.<region>.amazonaws.com)

Orchestration Management of the container lifecycles

Orchestration provides:
➢Configuration
➢Scheduling
➢Deployment
➢Scaling
➢Storage (Volume) mapping
➢Secret management
➢High Availability
➢Load balancing integration

Managed Orchestration options (AWS)

ECS Amazon Elastic Container Service

Elastic Container Service (ECS)
Original AWS Service for running containers
ECS Service is free, you only pay for the resources
(EC2/Fargate) that are used with ECS
Strong integration with other AWS Services:
◦ IAM
◦ Load balancers
AutoScaling of containers (similar to EC2 AutoScaling)

• ECS can use either EC2 instances or Fargate to run
Docker containers
• Container Instances = ECS Instances = EC2 Instances
• Tasks have 1 or more running Containers
• Tasks are defined by Task Definitions

Task Definition
and Tasks
❖Template for a Task
❖Runs one or more
Container
❖References Container
Image
❖ECS Agent pulls image
and starts container
❖Port mappings,
CPU/Memory
requirements, Volumes
etc.
❖Versioned

ALB Integration
with ECS
Services
❖Services are long
running collections of
Tasks
❖Run multiple copies
❖Containers have a
container port (e.g. 80)
and a host port
❖Host port zero
= ephemeral
❖ALB Target Group
automatically updated

Other ECS Benefits
ECS Infrastructure can be created using CloudFormation
Updating a Service to use a new Task Definition will perform
a Blue-Green deployment
Possible to use Spot Instances
Metrics => CloudWatch
Logs => CloudWatch Logs (or elsewhere)

Fargate AWS Fargate
(compute engine for ECS)

Fargate
“Serverless” option for running containers in an ECS Cluster
◦ Configure desired CPU/Memory and this will be guaranteed for that
container
◦ Compare to using EC2 where you may be over/under provisioned
Networking is always awsvpc:
i.e. it will use an ENI per instance (one of your subnet IPs)
Scaling at a task level is similar to when using EC2 instances,
but without the complexity of scaling the underlying EC2
AutoScaling group(s)

Why aren’t we all using Fargate?
Fargate was expensive when launched, but the Firecracker VM
technology has allowed AWS to reduce costs
With recent price reductions, Fargate is comparable in price to on-
demand EC2 instances with ~70% utilization
Reserved or Spot instances make using EC2 a lot cheaper

EKS Amazon Elastic Container Service for
Kubernetes

Kubernetes
Predominant Docker Orchestration service
Managed Kubernetes available in:
◦ Google Cloud Platform (Google Kubernetes Engine)
◦ Microsoft Azure (Azure Kubernetes Service – AKS)
◦ Amazon Web Services (EKS)
The GCP offering is the most mature, AKS and EKS were both launched in 2018
Support for running Kubernetes clusters on EC2 and integrating with other
services (e.g. ELB) has existed for longer than EKS has been available

What does EKS manage?
EKS manages three Kubernetes master instances across AZs to provide high availability

Using EKS
Cluster creation can be automated with CloudFormation, and AWS provides
sample templates and a quick-start
◦ Set up VPC
◦ Create EKS Service IAM Role
◦ Create EKS Cluster
◦ Add Node instances to cluster using EKS AMI
Once Cluster created, configure kubectl with access to cluster and use normal
Kubernetes tools and templates to manage and deploy to the cluster
EKS Cluster cost $0.20/hour (about $140/month)

$ eksctl create cluster -p personal -r us-east-2
[ ] using region us-east-2
[ ] setting availability zones to [us-east-2b us-east-2c us-east-2a]
[ ] subnets for us-east-2b - public:192.168.0.0/19 private:192.168.96.0/19
[ ] subnets for us-east-2c - public:192.168.32.0/19 private:192.168.128.0/19
[ ] subnets for us-east-2a - public:192.168.64.0/19 private:192.168.160.0/19
[ ] nodegroup "ng-c94ddd68" will use "ami-04ea7cb66af82ae4a" [AmazonLinux2/1.12]
[ ] creating EKS cluster "floral-painting-1556150853" in "us-east-2" region
[ ] will create 2 separate CloudFormation stacks for cluster itself and the initial nodegroup
[ ] if you encounter any issues, check CloudFormation console or try 'eksctl utils describe-stacks --region=us-east-2 --
name=floral-painting-1556150853’
[ ] 2 sequential tasks: { create cluster control plane "floral-painting-1556150853", create nodegroup "ng-c94ddd68" }
[ ] building cluster stack "eksctl-floral-painting-1556150853-cluster“
[ ] deploying stack "eksctl-floral-painting-1556150853-cluster“
[ ] buildings nodegroup stack "eksctl-floral-painting-1556150853-nodegroup-ng-c94ddd68“
[ ] --nodes-min=2 was set automatically for nodegroup ng-c94ddd68
[ ] --nodes-max=2 was set automatically for nodegroup ng-c94ddd68
[ ] deploying stack "eksctl-floral-painting-1556150853-nodegroup-ng-c94ddd68“
[X] all EKS cluster resource for "floral-painting-1556150853" had been created
[X] saved kubeconfig as "C:Usersandrew.may.CORP/.kube/config“
[ ] adding role "arn:aws:iam::648758314004:role/eksctl-floral-painting-1556150853-NodeInstanceRole-4TJQAGSUVG7Q" to auth ConfigMap
[ ] nodegroup "ng-c94ddd68" has 0 node(s)
[ ] waiting for at least 2 node(s) to become ready in "ng-c94ddd68“
[ ] nodegroup "ng-c94ddd68" has 2 node(s)
[ ] node "ip-192-168-25-233.us-east-2.compute.internal" is ready
[ ] node "ip-192-168-79-171.us-east-2.compute.internal" is ready
[ ] kubectl command should work with "C:Usersandrew.may.CORP/.kube/config", try 'kubectl get nodes’
[x] EKS cluster "floral-painting-1556150853" in "us-east-2" region is ready

EKS Experience
Without eksctrl setting up cluster is time consuming
Integration with other AWS services is more difficult than with ECS
Have to install a variety of services to get IAM, ALB, DNS integrations
Significant changes since launch

AWS
CloudMap
“AWS Cloud Map is a cloud resource
discovery service.”

CloudMap
AWS CloudMap superceeds Service Discovery for ECS
◦ Registered in Route 53 namespace, creating A (IP) and SRV (IP and Port)
records
◦ Query DNS for available services
◦ ECS Tasks must use awsvpc networking
AWS CloudMap adds an API based system, allowing it to be used for
resources where DNS does not apply
◦ Supports a variety of services including ECS, EKS, S3, SQS, Lambda, Load
Balancers
Similar to the Service Discovery portions of Hashicorp Consul

AWS
AppMesh
AWS Application Service Mesh

AppMesh
Recently released, but still in early stages
Service Mesh implementation for AWS, using
the Open Source Envoy proxy, but a custom
Control Plane
Manage connectivity between microservices, including traffic shaping functionality like:
◦ Routing: Canary and A/B Testing
◦ Load Balancing and Service Discovery
◦ Handling Failures (Retry, Circuit Breaker)
Integration with CloudMap for Service Discovery
Logging and Tracing (CloudWatch, X-Ray)

Questions?
Ask at Unconference

AWS Community Day - Andrew May - Running Containers in AWS

Recommended

More Related Content

Similar to AWS Community Day - Andrew May - Running Containers in AWS (20)

More from AWS Chicago (20)

Recently uploaded (20)

AWS Community Day - Andrew May - Running Containers in AWS