SlideShare una empresa de Scribd logo

Deliver Docker Containers Continuously on AWS - QCon 2017

P
Philipp Garbe

With Docker it became easy to start applications locally without installing any dependencies. Even running a local cluster is not a big thing anymore. AWS on the other side offers with ECS a managed container service that starts to schedule containers based on resource needs, isolation policies, and availability requirements. Sounds good, but is it really that easy? In this talk, you'll get an overview of ECS and all other services that are needed to run your containers in production. Philipp shows how an ECS cluster and your containerized applications can automatically be deployed and scaled. He also shares his experiences and discusses what features are still missing.

Tecnología
1 de 45
Descargar para leer sin conexión
Deliver Docker Containers Continuously on AWS Philipp Garbe @pgarbe
So many choices... Amazon ECS Docker Swarm Azure Container Services Cloud Foundry’s Diego https://www.linux.com/news/8-open-source-CONTAINER-ORCHESTRATION-TOOLS-KNOW CoreOS Fleet Google Container Engine Kubernetes Mesosphere Marathon
● Philipp Garbe ● Lead Developer @Scout24 ● Docker Captain ● Living in Bavaria ● Working in the Cloud About Me
“Hello ECS”
Our first ECS cluster
ECS Cluster: Deployment Options AWS Console AWS CLI ECS CLI CloudFormation Easy to start Yes No Yes No Automation No Yes Yes Yes Infrastructure as Code No No No Yes Auto Scaling Yes Yes No Yes
AWSTemplateFormatVersion: '2010-09-09' Parameters: KeyName: Type: AWS::EC2::KeyPair::KeyName Description: EC2 KeyPair to enable SSH access. ... Resources: ECSCluster: Type: AWS::ECS::Cluster ECSAutoScalingGroup: Type: AWS::AutoScaling::AutoScalingGroup Properties: VPCZoneIdentifier: !Ref ServiceSubnets LaunchConfigurationName: !Ref LaunchConfig MinSize: !Ref ClusterMinSize MaxSize: !Ref ClusterMaxSize LaunchConfig: Type: AWS::AutoScaling::LaunchConfiguration Metadata: AWS::CloudFormation::Init: config: commands: 01_add_instance_to_cluster: command: !Sub | #!/bin/bash echo ECS_CLUSTER=${ECSCluster} >> /etc/ecs/ecs.config Properties: ImageId: !FindInMap: [AWSRegionToAMI, Ref: AWS::Region, AMIID] InstanceType: !Ref InstanceType IamInstanceProfile: !Ref EC2InstanceProfile KeyName: !Ref KeyName ... Outputs: ClusterName: Value: !Ref ECSCluster Export: Name: !Sub "${AWS::StackName}-ClusterName"
The first deployment
Container Definition ● Image ● Port mapping ● Mount points ● Network options ● Docker options
Task Definition ● IAM Task Role ● Volumes ● Network Mode ● Task Placement Constraints
Service Description ● Loadbalancer ● AutoScaling ● Deployment Configuration ● Task Placement Strategy
ECS Service: Deployment Options AWS Console AWS CLI ECS CLI CloudFormation Easy to start Yes No Yes No Automation No Yes Yes Yes Configuration as Code No No Partially Yes Auto Scaling Yes Yes No Yes Load Balancer Yes Yes No Yes Task Placement Yes Yes No No *
WebApp: Type: AWS::ECS::Service Properties: Cluster: "Fn::ImportValue": !Sub "${ClusterStack}-ClusterName" TaskDefinition: !Ref TaskDefinition DesiredCount: !Ref DesiredCount DeploymentConfiguration: MaximumPercent: 200 MinimumHealthyPercent: 100 Role: !Ref ServiceAuthRole LoadBalancers: - ContainerName: nginx ContainerPort: 80 TargetGroupArn: !Ref TargetGroup AWSTemplateFormatVersion: '2010-09-09' Parameters: DesiredCount: Type: Number ClusterStack: Type: String Description: Name of the cluster stack ... Resources: TaskDefinition: Type: AWS::ECS::TaskDefinition Properties: TaskRoleArn: !Ref TaskAuthRole ContainerDefinitions: - Name: nginx Image: !Sub nginx:${Version} Cpu: '2048' PortMappings: - ContainerPort: 80 Memory: '1024' Essential: 'true'
Load Balancing
Application Load Balancer (ALB)
Static Port Mapping (ELB)
Dynamic Port Mapping (ALB)
Up & Down
● Two different kinds of scaling (cluster and service) ○ Cluster: Use cpu / memory reservation metrics ○ Service: Use cpu / memory utilization metrics ● Scale down to save money, but avoid endless-loop ● Scaling takes awhile to take effect ● ASG is not aware of ECS AutoScaling: Conclusion
AutoScaling: Rule of Thumb Threshold = (1 - max(Container Reservation) / Total Capacity of a single Container Instance) * 100 Example: Container instance capacity: 2048 MB Container reservation: 512 MB Threshold = (1 - 512 / 2048) * 100 Threshold = 75%
Node draining ● Finally supported by ECS ● Use Lifecycle Hooks https://aws.amazon.com/blogs/compute/how-to-automate-container-instance-draining-in-amazon-ecs/
Best practices for ECS Cluster ● ASG UpdatePolicy defines deployment strategy ● cfn-init: Ensure Docker and ECS-Agent is running ● Put build no in UserData to enforce new EC2 instances
Volumes
EBS vs EFS
Security
IAM Security Roles ecsAutoScalingRole ecsContainerInstanceRole ecsServiceRole ecsTaskRole ● Read CloudWatch Metrics ● Modify App AutoScaling ● ECR: Get Images ● ECS: De/Register Container Instances ● De/Register Instances with Load Balancer ● Everything your task needs to do https://iam.cloudonaut.io
How to protect yourself EC2 ● Disallow access to metadata service from tasks (containers) iptables --insert FORWARD 1 --in-interface docker+ --destination 169.254.169.254/32 --jump DROP IAM ● Give the instance role only the credentials it needs (according to aws docs)
● Re-route call to ECS-Agent ● ECS-Agent gets credentials based on configured TaskRole ● TaskRole needs only one permission: AssumeRole ● X-Acc-Proxy assumes role (Role ARN comes from Docker Label) ● X-Acc-Proxy returns credentials from assumed role Cross Account Proxy
Summary
What did we miss? ● Networking ● Logging ● Monitoring ● CloudWatch Events ● EC2 System Manager parameter store
Where ECS shines… ● Stable Environment ● Catched up with task placement engine ● Native support of IAM ● AutoScaling for hosts and services ● CloudFormation all the way
● Does not support all the Docker features (e.g. HEALTHCHECK) ● Disconnect between Docker Compose and Task Definition ● Network philosophy is different (Still no SecurityGroups for Containers) ● Volumes still not natively supported (3rd party tools needed) ● It’s not a managed container service And where not...
https://boards.greenhouse.io/scout24 Philipp Garbe http://garbe.io @pgarbe https://github.com/pgarbe

Recomendados

Deliver Docker Containers Continuously On AWS - DevOpsCon Munich 2016
Deliver Docker Containers Continuously On AWS - DevOpsCon Munich 2016Deliver Docker Containers Continuously On AWS - DevOpsCon Munich 2016
Deliver Docker Containers Continuously On AWS - DevOpsCon Munich 2016
Philipp Garbe
 
Docker Container automatisiert nach AWS deployen - Continuous Lifecycle 2016
Docker Container automatisiert nach AWS deployen - Continuous Lifecycle 2016Docker Container automatisiert nach AWS deployen - Continuous Lifecycle 2016
Docker Container automatisiert nach AWS deployen - Continuous Lifecycle 2016
Philipp Garbe
 
ECS and ECR deep dive
ECS and ECR deep diveECS and ECR deep dive
ECS and ECR deep dive
Shiva Narayanaswamy
 
Amazon EC2 Container Service: Deep Dive
Amazon EC2 Container Service: Deep DiveAmazon EC2 Container Service: Deep Dive
Amazon EC2 Container Service: Deep Dive
Amazon Web Services
 
AWS December 2015 Webinar Series - Continuous Delivery to Amazon EC2 Containe...
AWS December 2015 Webinar Series - Continuous Delivery to Amazon EC2 Containe...AWS December 2015 Webinar Series - Continuous Delivery to Amazon EC2 Containe...
AWS December 2015 Webinar Series - Continuous Delivery to Amazon EC2 Containe...
Amazon Web Services
 
Multi host container networking
Multi host container networkingMulti host container networking
Multi host container networking
Weaveworks
 
Amazon Web Services EC2 Container Service (ECS)
Amazon Web Services EC2 Container Service (ECS)Amazon Web Services EC2 Container Service (ECS)
Amazon Web Services EC2 Container Service (ECS)
Mayank Patel
 
Container Orchestration with Amazon ECS
Container Orchestration with Amazon ECSContainer Orchestration with Amazon ECS
Container Orchestration with Amazon ECS
Amazon Web Services
 

Recomendados

Deliver Docker Containers Continuously On AWS - DevOpsCon Munich 2016
Deliver Docker Containers Continuously On AWS - DevOpsCon Munich 2016Deliver Docker Containers Continuously On AWS - DevOpsCon Munich 2016
Deliver Docker Containers Continuously On AWS - DevOpsCon Munich 2016
Philipp Garbe
 
Docker Container automatisiert nach AWS deployen - Continuous Lifecycle 2016
Docker Container automatisiert nach AWS deployen - Continuous Lifecycle 2016Docker Container automatisiert nach AWS deployen - Continuous Lifecycle 2016
Docker Container automatisiert nach AWS deployen - Continuous Lifecycle 2016
Philipp Garbe
 
ECS and ECR deep dive
ECS and ECR deep diveECS and ECR deep dive
ECS and ECR deep dive
Shiva Narayanaswamy
 
Amazon EC2 Container Service: Deep Dive
Amazon EC2 Container Service: Deep DiveAmazon EC2 Container Service: Deep Dive
Amazon EC2 Container Service: Deep Dive
Amazon Web Services
 
AWS December 2015 Webinar Series - Continuous Delivery to Amazon EC2 Containe...
AWS December 2015 Webinar Series - Continuous Delivery to Amazon EC2 Containe...AWS December 2015 Webinar Series - Continuous Delivery to Amazon EC2 Containe...
AWS December 2015 Webinar Series - Continuous Delivery to Amazon EC2 Containe...
Amazon Web Services
 
Multi host container networking
Multi host container networkingMulti host container networking
Multi host container networking
Weaveworks
 
Amazon Web Services EC2 Container Service (ECS)
Amazon Web Services EC2 Container Service (ECS)Amazon Web Services EC2 Container Service (ECS)
Amazon Web Services EC2 Container Service (ECS)
Mayank Patel
 
Container Orchestration with Amazon ECS
Container Orchestration with Amazon ECSContainer Orchestration with Amazon ECS
Container Orchestration with Amazon ECS
Amazon Web Services
 
ecs-presentation
ecs-presentationecs-presentation
ecs-presentation
Marc Costello
 
IDI 2020 - Containers Meet Serverless
IDI 2020 - Containers Meet ServerlessIDI 2020 - Containers Meet Serverless
IDI 2020 - Containers Meet Serverless
Massimo Ferre'
 
AWS Elastic Container Service - DockerHN
AWS Elastic Container Service - DockerHNAWS Elastic Container Service - DockerHN
AWS Elastic Container Service - DockerHN
Nguyen Anh Tu
 
Running your dockerized application(s) on AWS Elastic Container Service
Running your dockerized application(s) on AWS Elastic Container ServiceRunning your dockerized application(s) on AWS Elastic Container Service
Running your dockerized application(s) on AWS Elastic Container Service
Marco Pas
 
AWS Lambda at JUST EAT
AWS Lambda at JUST EATAWS Lambda at JUST EAT
AWS Lambda at JUST EAT
Andrew Brown
 
Containers Meetup (AWS+CNCF) Milano Jan 15th 2020
Containers Meetup (AWS+CNCF) Milano Jan 15th 2020Containers Meetup (AWS+CNCF) Milano Jan 15th 2020
Containers Meetup (AWS+CNCF) Milano Jan 15th 2020
Massimo Ferre'
 
Amazon EC2 Container Service
Amazon EC2 Container ServiceAmazon EC2 Container Service
Amazon EC2 Container Service
Amazon Web Services
 
London Hug 19/5 - Terraform in Production
London Hug 19/5 - Terraform in ProductionLondon Hug 19/5 - Terraform in Production
London Hug 19/5 - Terraform in Production
London HashiCorp User Group
 
Kubernetes Operations (KOPS)
Kubernetes Operations (KOPS)Kubernetes Operations (KOPS)
Kubernetes Operations (KOPS)
Jakir Patel
 
OpenEBS - Containerized Storage for Containers
OpenEBS - Containerized Storage for ContainersOpenEBS - Containerized Storage for Containers
OpenEBS - Containerized Storage for Containers
Umasankar Mukkara
 
docker-machine, docker-compose, docker-swarm 覚書
docker-machine, docker-compose, docker-swarm 覚書docker-machine, docker-compose, docker-swarm 覚書
docker-machine, docker-compose, docker-swarm 覚書
じゅん なかざ
 
Kubernetes and Amazon ECS
Kubernetes and Amazon ECSKubernetes and Amazon ECS
Kubernetes and Amazon ECS
Geert Pante
 
Getting Started with Docker On AWS
Getting Started with Docker On AWSGetting Started with Docker On AWS
Getting Started with Docker On AWS
Amazon Web Services
 
Docker Elastic Beanstalk
Docker Elastic BeanstalkDocker Elastic Beanstalk
Docker Elastic Beanstalk
Ladislav Prskavec
 
Building and Scaling a Containerized Microservice - DevDay Austin 2017
Building and Scaling a Containerized Microservice - DevDay Austin 2017Building and Scaling a Containerized Microservice - DevDay Austin 2017
Building and Scaling a Containerized Microservice - DevDay Austin 2017
Amazon Web Services
 
Automating aws infrastructure and code deployments using Ansible @WebEngage
Automating aws infrastructure and code deployments using Ansible @WebEngageAutomating aws infrastructure and code deployments using Ansible @WebEngage
Automating aws infrastructure and code deployments using Ansible @WebEngage
Vishal Uderani
 
HashiCorp at Just Eat
HashiCorp at Just EatHashiCorp at Just Eat
HashiCorp at Just Eat
Andrew Brown
 
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014
Amazon Web Services
 
Packer + Ansible을 이용한 AMI 생성 및 AutoScaling Group 이미지 교체 이야기
Packer + Ansible을 이용한 AMI 생성 및 AutoScaling Group 이미지 교체 이야기Packer + Ansible을 이용한 AMI 생성 및 AutoScaling Group 이미지 교체 이야기
Packer + Ansible을 이용한 AMI 생성 및 AutoScaling Group 이미지 교체 이야기
창훈 정
 
Container Orchestration using Kubernetes
Container Orchestration using KubernetesContainer Orchestration using Kubernetes
Container Orchestration using Kubernetes
Hesham Amin
 
Announcing AWS CodeBuild - January 2017 Online Teck Talks
Announcing AWS CodeBuild - January 2017 Online Teck TalksAnnouncing AWS CodeBuild - January 2017 Online Teck Talks
Announcing AWS CodeBuild - January 2017 Online Teck Talks
Amazon Web Services
 
Technical Track
Technical TrackTechnical Track
Technical Track
Amazon Web Services
 

Más contenido relacionado

La actualidad más candente

IDI 2020 - Containers Meet Serverless
IDI 2020 - Containers Meet ServerlessIDI 2020 - Containers Meet Serverless
IDI 2020 - Containers Meet Serverless
Massimo Ferre'
 
Building and Scaling a Containerized Microservice - DevDay Austin 2017
Building and Scaling a Containerized Microservice - DevDay Austin 2017Building and Scaling a Containerized Microservice - DevDay Austin 2017
Building and Scaling a Containerized Microservice - DevDay Austin 2017
Amazon Web Services
 
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014
Amazon Web Services
 

La actualidad más candente (20)

ecs-presentation
ecs-presentationecs-presentation
ecs-presentation
 
IDI 2020 - Containers Meet Serverless
IDI 2020 - Containers Meet ServerlessIDI 2020 - Containers Meet Serverless
IDI 2020 - Containers Meet Serverless
 
AWS Elastic Container Service - DockerHN
AWS Elastic Container Service - DockerHNAWS Elastic Container Service - DockerHN
AWS Elastic Container Service - DockerHN
 
Running your dockerized application(s) on AWS Elastic Container Service
Running your dockerized application(s) on AWS Elastic Container ServiceRunning your dockerized application(s) on AWS Elastic Container Service
Running your dockerized application(s) on AWS Elastic Container Service
 
AWS Lambda at JUST EAT
AWS Lambda at JUST EATAWS Lambda at JUST EAT
AWS Lambda at JUST EAT
 
Containers Meetup (AWS+CNCF) Milano Jan 15th 2020
Containers Meetup (AWS+CNCF) Milano Jan 15th 2020Containers Meetup (AWS+CNCF) Milano Jan 15th 2020
Containers Meetup (AWS+CNCF) Milano Jan 15th 2020
 
Amazon EC2 Container Service
Amazon EC2 Container ServiceAmazon EC2 Container Service
Amazon EC2 Container Service
 
London Hug 19/5 - Terraform in Production
London Hug 19/5 - Terraform in ProductionLondon Hug 19/5 - Terraform in Production
London Hug 19/5 - Terraform in Production
 
Kubernetes Operations (KOPS)
Kubernetes Operations (KOPS)Kubernetes Operations (KOPS)
Kubernetes Operations (KOPS)
 
OpenEBS - Containerized Storage for Containers
OpenEBS - Containerized Storage for ContainersOpenEBS - Containerized Storage for Containers
OpenEBS - Containerized Storage for Containers
 
docker-machine, docker-compose, docker-swarm 覚書
docker-machine, docker-compose, docker-swarm 覚書docker-machine, docker-compose, docker-swarm 覚書
docker-machine, docker-compose, docker-swarm 覚書
 
Kubernetes and Amazon ECS
Kubernetes and Amazon ECSKubernetes and Amazon ECS
Kubernetes and Amazon ECS
 
Getting Started with Docker On AWS
Getting Started with Docker On AWSGetting Started with Docker On AWS
Getting Started with Docker On AWS
 
Docker Elastic Beanstalk
Docker Elastic BeanstalkDocker Elastic Beanstalk
Docker Elastic Beanstalk
 
Building and Scaling a Containerized Microservice - DevDay Austin 2017
Building and Scaling a Containerized Microservice - DevDay Austin 2017Building and Scaling a Containerized Microservice - DevDay Austin 2017
Building and Scaling a Containerized Microservice - DevDay Austin 2017
 
Automating aws infrastructure and code deployments using Ansible @WebEngage
Automating aws infrastructure and code deployments using Ansible @WebEngageAutomating aws infrastructure and code deployments using Ansible @WebEngage
Automating aws infrastructure and code deployments using Ansible @WebEngage
 
HashiCorp at Just Eat
HashiCorp at Just EatHashiCorp at Just Eat
HashiCorp at Just Eat
 
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014
 
Packer + Ansible을 이용한 AMI 생성 및 AutoScaling Group 이미지 교체 이야기
Packer + Ansible을 이용한 AMI 생성 및 AutoScaling Group 이미지 교체 이야기Packer + Ansible을 이용한 AMI 생성 및 AutoScaling Group 이미지 교체 이야기
Packer + Ansible을 이용한 AMI 생성 및 AutoScaling Group 이미지 교체 이야기
 
Container Orchestration using Kubernetes
Container Orchestration using KubernetesContainer Orchestration using Kubernetes
Container Orchestration using Kubernetes
 

Destacado

Announcing AWS CodeBuild - January 2017 Online Teck Talks
Announcing AWS CodeBuild - January 2017 Online Teck TalksAnnouncing AWS CodeBuild - January 2017 Online Teck Talks
Announcing AWS CodeBuild - January 2017 Online Teck Talks
Amazon Web Services
 
Privacy: a short intro
Privacy: a short introPrivacy: a short intro
Privacy: a short intro
Paul Bush
 
Autonomic Dysreflexia
Autonomic DysreflexiaAutonomic Dysreflexia
Autonomic Dysreflexia
Jane Sarnicki
 

Destacado (20)

Announcing AWS CodeBuild - January 2017 Online Teck Talks
Announcing AWS CodeBuild - January 2017 Online Teck TalksAnnouncing AWS CodeBuild - January 2017 Online Teck Talks
Announcing AWS CodeBuild - January 2017 Online Teck Talks
 
Technical Track
Technical TrackTechnical Track
Technical Track
 
AWS Perú Meetup - Arquitecting for HA by Raul Hugo
AWS Perú Meetup - Arquitecting for HA by Raul HugoAWS Perú Meetup - Arquitecting for HA by Raul Hugo
AWS Perú Meetup - Arquitecting for HA by Raul Hugo
 
Aws Lambda Cart Microservice Server Less
Aws Lambda Cart Microservice Server LessAws Lambda Cart Microservice Server Less
Aws Lambda Cart Microservice Server Less
 
Tarea 4
Tarea 4Tarea 4
Tarea 4
 
Zoraya harika
Zoraya harikaZoraya harika
Zoraya harika
 
Privacy: a short intro
Privacy: a short introPrivacy: a short intro
Privacy: a short intro
 
Autonomic Dysreflexia
Autonomic DysreflexiaAutonomic Dysreflexia
Autonomic Dysreflexia
 
02_PAPUA
02_PAPUA02_PAPUA
02_PAPUA
 
Corporate Volunteering in China
Corporate Volunteering in ChinaCorporate Volunteering in China
Corporate Volunteering in China
 
Ppt.examen final pamela addona
Ppt.examen final pamela addonaPpt.examen final pamela addona
Ppt.examen final pamela addona
 
Career In Financial Planning
Career In Financial PlanningCareer In Financial Planning
Career In Financial Planning
 
Automation of Deep learning training with AWS Step Functions
Automation of Deep learning training with AWS Step FunctionsAutomation of Deep learning training with AWS Step Functions
Automation of Deep learning training with AWS Step Functions
 
Insights to MVP/ Design Sprints by Heist.
Insights to MVP/ Design Sprints by Heist.Insights to MVP/ Design Sprints by Heist.
Insights to MVP/ Design Sprints by Heist.
 
Kube-AWS
Kube-AWSKube-AWS
Kube-AWS
 
20160629 aws well-architected
20160629 aws well-architected20160629 aws well-architected
20160629 aws well-architected
 
AWS Survival Guide
AWS Survival GuideAWS Survival Guide
AWS Survival Guide
 
Texto analizado morfológicamente.odp
Texto analizado morfológicamente.odpTexto analizado morfológicamente.odp
Texto analizado morfológicamente.odp
 
Micro services infrastructure with AWS and Ansible
Micro services infrastructure with AWS and AnsibleMicro services infrastructure with AWS and Ansible
Micro services infrastructure with AWS and Ansible
 
DeNA流Scrumとcommのチームビルディング
DeNA流ScrumとcommのチームビルディングDeNA流Scrumとcommのチームビルディング
DeNA流Scrumとcommのチームビルディング
 

Similar a Deliver Docker Containers Continuously on AWS - QCon 2017

Monitoring Containers at Scale - September Webinar Series
Monitoring Containers at Scale - September Webinar SeriesMonitoring Containers at Scale - September Webinar Series
Monitoring Containers at Scale - September Webinar Series
Amazon Web Services
 
Managed Container Orchestration with Amazon ECS
Managed Container Orchestration with Amazon ECSManaged Container Orchestration with Amazon ECS
Managed Container Orchestration with Amazon ECS
Philipp Garbe
 
February 2016 Webinar Series - EC2 Container Service Deep Dive
February 2016 Webinar Series - EC2 Container Service Deep Dive February 2016 Webinar Series - EC2 Container Service Deep Dive
February 2016 Webinar Series - EC2 Container Service Deep Dive
Amazon Web Services
 
Amazon ECS Deep Dive
Amazon ECS Deep DiveAmazon ECS Deep Dive
Amazon ECS Deep Dive
Amazon Web Services
 

Similar a Deliver Docker Containers Continuously on AWS - QCon 2017 (20)

Docker clusters on AWS with Amazon ECS and Kubernetes
Docker clusters on AWS with Amazon ECS and KubernetesDocker clusters on AWS with Amazon ECS and Kubernetes
Docker clusters on AWS with Amazon ECS and Kubernetes
 
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECSWeaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
 
Advanced Scheduling with Amazon ECS (September 2017)
Advanced Scheduling with Amazon ECS (September 2017)Advanced Scheduling with Amazon ECS (September 2017)
Advanced Scheduling with Amazon ECS (September 2017)
 
Monitoring Containers at Scale - September Webinar Series
Monitoring Containers at Scale - September Webinar SeriesMonitoring Containers at Scale - September Webinar Series
Monitoring Containers at Scale - September Webinar Series
 
Advanced Task Scheduling with Amazon ECS
Advanced Task Scheduling with Amazon ECSAdvanced Task Scheduling with Amazon ECS
Advanced Task Scheduling with Amazon ECS
 
Docker on Amazon ECS
Docker on Amazon ECSDocker on Amazon ECS
Docker on Amazon ECS
 
Managed Container Orchestration with Amazon ECS
Managed Container Orchestration with Amazon ECSManaged Container Orchestration with Amazon ECS
Managed Container Orchestration with Amazon ECS
 
Amazon ECS (March 2016)
Amazon ECS (March 2016)Amazon ECS (March 2016)
Amazon ECS (March 2016)
 
Introduction to Amazon EC2 Container Service
Introduction to Amazon EC2 Container ServiceIntroduction to Amazon EC2 Container Service
Introduction to Amazon EC2 Container Service
 
February 2016 Webinar Series - EC2 Container Service Deep Dive
February 2016 Webinar Series - EC2 Container Service Deep Dive February 2016 Webinar Series - EC2 Container Service Deep Dive
February 2016 Webinar Series - EC2 Container Service Deep Dive
 
Artem Zhurbila - docker clusters (solit 2015)
Artem Zhurbila - docker clusters (solit 2015)Artem Zhurbila - docker clusters (solit 2015)
Artem Zhurbila - docker clusters (solit 2015)
 
AWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul Maddox
AWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul MaddoxAWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul Maddox
AWS reinvent 2019 recap - Riyadh - Containers and Serverless - Paul Maddox
 
reInvent 2021 Recap and k9s review
reInvent 2021 Recap and k9s reviewreInvent 2021 Recap and k9s review
reInvent 2021 Recap and k9s review
 
AWS Workshop 102
AWS Workshop 102AWS Workshop 102
AWS Workshop 102
 
Max Körbächer - AWS EKS and beyond master your Kubernetes deployment on AWS -...
Max Körbächer - AWS EKS and beyond master your Kubernetes deployment on AWS -...Max Körbächer - AWS EKS and beyond master your Kubernetes deployment on AWS -...
Max Körbächer - AWS EKS and beyond master your Kubernetes deployment on AWS -...
 
Max Körbächer - AWS EKS and beyond – master your Kubernetes deployment on AWS...
Max Körbächer - AWS EKS and beyond – master your Kubernetes deployment on AWS...Max Körbächer - AWS EKS and beyond – master your Kubernetes deployment on AWS...
Max Körbächer - AWS EKS and beyond – master your Kubernetes deployment on AWS...
 
應用開發新思維
應用開發新思維應用開發新思維
應用開發新思維
 
Running Docker clusters on AWS (November 2016)
Running Docker clusters on AWS (November 2016)Running Docker clusters on AWS (November 2016)
Running Docker clusters on AWS (November 2016)
 
Amazon ECS Deep Dive
Amazon ECS Deep DiveAmazon ECS Deep Dive
Amazon ECS Deep Dive
 
Running Docker clusters on AWS (June 2016)
Running Docker clusters on AWS (June 2016)Running Docker clusters on AWS (June 2016)
Running Docker clusters on AWS (June 2016)
 

Más de Philipp Garbe

Más de Philipp Garbe (6)

Run Jenkins as Managed Product on ECS - AWS Meetup
Run Jenkins as Managed Product on ECS - AWS MeetupRun Jenkins as Managed Product on ECS - AWS Meetup
Run Jenkins as Managed Product on ECS - AWS Meetup
 
Is Platform Engineering the new Ops?
Is Platform Engineering the new Ops?Is Platform Engineering the new Ops?
Is Platform Engineering the new Ops?
 
Finding Cars and Hunting Down Logs - ElasticSearch @AutoScout24
Finding Cars and Hunting Down Logs - ElasticSearch @AutoScout24Finding Cars and Hunting Down Logs - ElasticSearch @AutoScout24
Finding Cars and Hunting Down Logs - ElasticSearch @AutoScout24
 
Deliver docker containers continuously on aws
Deliver docker containers continuously on awsDeliver docker containers continuously on aws
Deliver docker containers continuously on aws
 
ElasticSearch on AWS
ElasticSearch on AWSElasticSearch on AWS
ElasticSearch on AWS
 
DockerCon 2016 Seattle Recap
DockerCon 2016 Seattle RecapDockerCon 2016 Seattle Recap
DockerCon 2016 Seattle Recap
 

Último

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Último (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

Deliver Docker Containers Continuously on AWS - QCon 2017

  • 1. Deliver Docker Containers Continuously on AWS Philipp Garbe @pgarbe
  • 2. So many choices... Amazon ECS Docker Swarm Azure Container Services Cloud Foundry’s Diego https://www.linux.com/news/8-open-source-CONTAINER-ORCHESTRATION-TOOLS-KNOW CoreOS Fleet Google Container Engine Kubernetes Mesosphere Marathon
  • 3. ● Philipp Garbe ● Lead Developer @Scout24 ● Docker Captain ● Living in Bavaria ● Working in the Cloud About Me
  • 5. Our first ECS cluster
  • 6. ECS Cluster: Deployment Options AWS Console AWS CLI ECS CLI CloudFormation Easy to start Yes No Yes No Automation No Yes Yes Yes Infrastructure as Code No No No Yes Auto Scaling Yes Yes No Yes
  • 7. AWSTemplateFormatVersion: '2010-09-09' Parameters: KeyName: Type: AWS::EC2::KeyPair::KeyName Description: EC2 KeyPair to enable SSH access. ... Resources: ECSCluster: Type: AWS::ECS::Cluster ECSAutoScalingGroup: Type: AWS::AutoScaling::AutoScalingGroup Properties: VPCZoneIdentifier: !Ref ServiceSubnets LaunchConfigurationName: !Ref LaunchConfig MinSize: !Ref ClusterMinSize MaxSize: !Ref ClusterMaxSize LaunchConfig: Type: AWS::AutoScaling::LaunchConfiguration Metadata: AWS::CloudFormation::Init: config: commands: 01_add_instance_to_cluster: command: !Sub | #!/bin/bash echo ECS_CLUSTER=${ECSCluster} >> /etc/ecs/ecs.config Properties: ImageId: !FindInMap: [AWSRegionToAMI, Ref: AWS::Region, AMIID] InstanceType: !Ref InstanceType IamInstanceProfile: !Ref EC2InstanceProfile KeyName: !Ref KeyName ... Outputs: ClusterName: Value: !Ref ECSCluster Export: Name: !Sub "${AWS::StackName}-ClusterName"
  • 9. Container Definition ● Image ● Port mapping ● Mount points ● Network options ● Docker options
  • 10. Task Definition ● IAM Task Role ● Volumes ● Network Mode ● Task Placement Constraints
  • 11. Service Description ● Loadbalancer ● AutoScaling ● Deployment Configuration ● Task Placement Strategy
  • 12. ECS Service: Deployment Options AWS Console AWS CLI ECS CLI CloudFormation Easy to start Yes No Yes No Automation No Yes Yes Yes Configuration as Code No No Partially Yes Auto Scaling Yes Yes No Yes Load Balancer Yes Yes No Yes Task Placement Yes Yes No No *
  • 13. WebApp: Type: AWS::ECS::Service Properties: Cluster: "Fn::ImportValue": !Sub "${ClusterStack}-ClusterName" TaskDefinition: !Ref TaskDefinition DesiredCount: !Ref DesiredCount DeploymentConfiguration: MaximumPercent: 200 MinimumHealthyPercent: 100 Role: !Ref ServiceAuthRole LoadBalancers: - ContainerName: nginx ContainerPort: 80 TargetGroupArn: !Ref TargetGroup AWSTemplateFormatVersion: '2010-09-09' Parameters: DesiredCount: Type: Number ClusterStack: Type: String Description: Name of the cluster stack ... Resources: TaskDefinition: Type: AWS::ECS::TaskDefinition Properties: TaskRoleArn: !Ref TaskAuthRole ContainerDefinitions: - Name: nginx Image: !Sub nginx:${Version} Cpu: '2048' PortMappings: - ContainerPort: 80 Memory: '1024' Essential: 'true'
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28. ● Two different kinds of scaling (cluster and service) ○ Cluster: Use cpu / memory reservation metrics ○ Service: Use cpu / memory utilization metrics ● Scale down to save money, but avoid endless-loop ● Scaling takes awhile to take effect ● ASG is not aware of ECS AutoScaling: Conclusion
  • 29. AutoScaling: Rule of Thumb Threshold = (1 - max(Container Reservation) / Total Capacity of a single Container Instance) * 100 Example: Container instance capacity: 2048 MB Container reservation: 512 MB Threshold = (1 - 512 / 2048) * 100 Threshold = 75%
  • 30. Node draining ● Finally supported by ECS ● Use Lifecycle Hooks https://aws.amazon.com/blogs/compute/how-to-automate-container-instance-draining-in-amazon-ecs/
  • 31. Best practices for ECS Cluster ● ASG UpdatePolicy defines deployment strategy ● cfn-init: Ensure Docker and ECS-Agent is running ● Put build no in UserData to enforce new EC2 instances
  • 35. IAM Security Roles ecsAutoScalingRole ecsContainerInstanceRole ecsServiceRole ecsTaskRole ● Read CloudWatch Metrics ● Modify App AutoScaling ● ECR: Get Images ● ECS: De/Register Container Instances ● De/Register Instances with Load Balancer ● Everything your task needs to do https://iam.cloudonaut.io
  • 36.
  • 37.
  • 38.
  • 39. How to protect yourself EC2 ● Disallow access to metadata service from tasks (containers) iptables --insert FORWARD 1 --in-interface docker+ --destination 169.254.169.254/32 --jump DROP IAM ● Give the instance role only the credentials it needs (according to aws docs)
  • 40. ● Re-route call to ECS-Agent ● ECS-Agent gets credentials based on configured TaskRole ● TaskRole needs only one permission: AssumeRole ● X-Acc-Proxy assumes role (Role ARN comes from Docker Label) ● X-Acc-Proxy returns credentials from assumed role Cross Account Proxy
  • 42. What did we miss? ● Networking ● Logging ● Monitoring ● CloudWatch Events ● EC2 System Manager parameter store
  • 43. Where ECS shines… ● Stable Environment ● Catched up with task placement engine ● Native support of IAM ● AutoScaling for hosts and services ● CloudFormation all the way
  • 44. ● Does not support all the Docker features (e.g. HEALTHCHECK) ● Disconnect between Docker Compose and Task Definition ● Network philosophy is different (Still no SecurityGroups for Containers) ● Volumes still not natively supported (3rd party tools needed) ● It’s not a managed container service And where not...