Post on 08-Apr-2018
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Matt McCleanSolutions Architect, AWS
28 June, 2017
Getting Started with Docker on AWS
Chris PitchfordLead Platform Owner, News UK
What to Expect from the Session
• Why Containers ?
• Introduction to EC2 Container Service
• Customer: News UK story
What are Containers?
OS virtualization
Process isolation
Images
Automation Server
Guest OS
Bins/Libs Bins/Libs
App2App1
Scheduling a cluster is hard
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Introducing Amazon ECS• Fully managed elastic service – You don’t need
to run anything, and the service scales as your microservices architecture grows
• Shared state optimistic scheduling• Fully ACID compliant resource and state
management• Integration with CloudWatch service for
monitoring and logging• Integration with Code* services for continuous
integration and delivery (CI/CD)
Benefits
Cluster management made easy
Flexible scheduling Integrated and extensible
Security Performance at scale
Cluster Management Made Easy
No cluster software to install and manage
Manages cluster state
Manages containers
Control and monitoring
Scale from one to tens of thousands of containers
Flexible Scheduling
Optimal instance placement
Integrate custom or 3rd party scheduler
NEW – Task Placement Engine
New Placement Constraints & Attributes
Name Example
AMI ID attribute:ecs.ami-id == ami-eca289fb
Availability Zone attribute:ecs.availability-zone == us-east-1a
Instance Type attribute:ecs.instance-type == t2.small
Distinct Instances type=“distinctInstance”
Custom attribute:stack == prod
Anatomy of Task Placement
Cluster Constraints
Custom Constraints
Placement Strategies
Apply Filter
Satisfy CPU, memory, and port requirements
Filter for location, instance-type, AMI, or custom attribute constraints
Identify instances that meet spread or binpack placement strategy
Select final container instances for placement
Integrated and Extensible
Integrated with existing AWS services such as IAM roles and security groups
Extensible through powerful APIs• Use your own scheduler• Connect with existing software delivery
process• NEW - Open source project Blox for
custom schedulers
Performance at Scale
Building block for distributed applications
Coordinates and automates container deployment
Launch thousands of containers in seconds
Cluster Management: Resource Management
DockerTask
EC2 Instance
Container
DockerTask
EC2 Instance
Container
TaskContainer
Docker
EC2 Instance
TaskContainer
AZ 1 AZ 2
Amazon ECS: Agent Communication
DockerTask
Container Instance
Container
ECS Agent
TaskContainer
DockerTask
Container Instance
Container
ECS Agent
TaskContainer
DockerTask
Container Instance
Container
ECS Agent
TaskContainer
AZ 1 AZ 2
Cluster Management Engine
Agent Communication Service
Key/Value Store
Amazon ECS: APIs
DockerTask
Container Instance
Container
ECS Agent
ELB
Internet
ELB
User / Scheduler
API
Cluster Management Engine
TaskContainer
DockerTask
Container Instance
Container
ECS Agent
TaskContainer
DockerTask
Container Instance
Container
ECS Agent
TaskContainer
AZ 1 AZ 2
Key/Value Store
Agent Communication Service
Tasks
Shared Data Volume
Containers
schedule
Container Instance
Volume Definitions
Container Definitions
Create ServiceLoad Balance traffic across containers
Automatically recover unhealthy containers
Discover services
Elastic Load Balancing
Shared Data Volume
Containers
Shared Data Volume
Containers
Shared Data Volume
Containers
Scale Service
Scale up
Scale down
Elastic Load Balancing
Shared Data Volume
Containers
Shared Data Volume
Containers
Shared Data Volume
Containers
Shared Data Volume
Containers
Update Service
Deploy new version
Drain connections
new new new
Elastic Load Balancing
Shared Data Volume
Containers
old old old
Shared Data Volume
Containers
Shared Data Volume
Containers
Shared Data Volume
Containers
Shared Data Volume
Containers
Shared Data Volume
Containers
Update Service (cont.)
Deploy new version
Drain connections
new new new
Elastic Load Balancing
Shared Data Volume
Containers
old old old
Shared Data Volume
Containers
Shared Data Volume
Containers
Shared Data Volume
Containers
Shared Data Volume
Containers
Shared Data Volume
Containers
Update Service (cont.)
Deploy new version
Drain connections
Elastic Load Balancing
Shared Data Volume
Containers
Shared Data Volume
Containers
Shared Data Volume
Containers
new new new
Monitoring with Amazon CloudWatch
Metric data sent to CloudWatch in 1-minute periods and recorded for a period of two weeksAvailable metrics: CPUReservation, MemoryReservation, CPUUtilization, MemoryUtilizationAvailable dimensions: ClusterName, ServiceName
Continuous Delivery to ECS with CodePipeline
4. Push image to Docker registry
2. Build image from sources 3. Run test on image
1. Code push triggers build 5. Update stack
6. Pull image
CodeBuildAWS
CloudFormation
5. Update service
CodePipeline
1 London Bridge Street, London SE1 9GFT: 020 7782 8000
Registered Office: Times Newspapers Limited, 1 London Bridge Street, London SE1 9GF.Registered Number: 894646 England & Wales.
1 London Bridge Street, London SE1 9GFT: 020 7782 8000
Registered Office: Times Newspapers Limited, 1 London Bridge Street, London SE1 9GFRegistered Number: 894646 England & Wales
• AWS since 2011.• 75% to the cloud started 2012.• P2V: Data centres to EC2.• Our Digital has gone all in!
Building our platform
• ELB + AutoScaling Group, each running our AMI.
• Deployed into a VPC with supporting infrastructure.Load Balancer
Auto Scaling
Web servers
virtual private cloud
Database
Caching
Web site assets
Basic App Server
AMI
Building an Image
• Launch a blank EC2 instance.
• Install base apps and configuration.
• Freeze the box into an AMI, ready to be launched.
Deploy at boot
• Our instances boot without the code.
• Our deploy tool downloads our application code.
• The code and config are installed then the webserver starts.Basic App Server
Application bucket
GIT Repo
Working web server
But…
• Building many similar, large AMI takes time and costs. • Auto scaling is less responsive when bootstrapping
wastes minutes.• Can’t upgrade EC2 instances, need to start new ones.• If code fails, EC2 instances are unhealthy so they are
replaced.• Many small stacks have lower efficiency.
But…
• We’re under utilising what we provision.• We believe isolated infrastructure is the key to stability,
but it comes at a premium.• Anything that reduces cost, increase complexity and
reduces velocity?
ECS and Docker to the rescue?
• Using fewer, simpler parts we need less support• Removing repetition means reduced costs (increases
efficiency in costs and time)• ECS does orchestration for us. One less thing to worry
about
5 mins doing / 5 hours reading
• Install Docker locally, make some images.
• Learn to deploy into EC2 Container Registry.
• Use Elastic Beanstalk to run the images.
AWS Elastic Beanstalk
client
ECR registry
MS SQL instance
bucket
To the white board!
• Build into images.• Store in ECR.• Run tasks in ECS.
• Tasks cover multiple processes: Dev/QA/Prod.
• Tasks cover multiple sites.
Web Container Cluster
ECR
ContainerBuild
Make it work.
• Code Build replaces AMI builder to produce layers.• ECR replaces the wheelie-bin full of AMI.• ECS Cluster replaces many AutoScaling groups.• ECS Tasks replace ASG deployments.• Application Load Balancer replaces Classic Elastic Load
Balancers, effective sharing with host and path rules.
Oops.
• Sizing application is tricky.• Task placement rules are important.• We want the container images to be read-only, but
sometimes an old script comes back to bite us.
Continuous Delivery to ECS with Jenkins
Easy DeploymentDevelopers – Merge into master, done!
Jenkins Build StepsTrigger via webhooks, monitoring, LambdaBuild Docker image via build and publish plugin Push Docker image into registryRegister updated job with ECS API
Deploying Containers on ECS – Choose a Scheduler
Batch Jobs
ECS task schedulerRun tasks once
Batch jobsRunTask (random) StartTask (placed)
Long-Running Apps
ECS service schedulerHealth managementScale-up and scale-downAZ awareGrouped containers
Scheduling Containers: Long-Running App
Deploy using the least space: minimumHealthyPercent = 50%, maximumPercent = 100%
Scheduling Containers: Long-Running App
Deploy quickly without reducing service capacity: minimumHealthyPercent = 100%, maximumPercent = 200%
Scheduling Containers: Long-Running App
Blue-Green Deployments
• Define two ECS services• Each service is associated w/ load
balancer• Both load balancers in Route 53
record set with weighted routing policy, 100% primary, 0% secondary
• Deploy to blue or green service and switch weights
TaskTask
Route 53 record set
with weighted routing policy
0%100%
Services evolve to microservices
Monolithic Application
Order UI User UI Shipping UI
OrderService
UserService
ShippingService
DataAccess
Host 1
Service A
Service B
Host 2
Service B
Service D
Host 3
Service A
Service C
Host 4
Service B
Service C
Containers are natural for microservices
Any app, any language
Image is the version
Test & deploy same artifact
Stateless servers decrease change risk
What is Amazon ECS?
Amazon EC2 Container Service (ECS) is a highly scalable, high performance container management service. You can use Amazon ECS to schedule the placement of containers across your cluster. You can also integrate your own scheduler or third-party scheduler to meet business or application specific requirements.
Amazon ECS under the Hood
IDN-1 IDN IDN+1 IDN+2 IDN+3 IDN+4 IDN+5
IDN+6IDN+3
IDN+5IDN+2
WRITE WRITE
READREAD
Amazon ECS: Scheduling
DockerTask
Container Instance
Container
ECS Agent
ELB
Internet
ELB
User / Scheduler
API
Cluster Management Engine
TaskContainer
DockerTask
Container Instance
Container
ECS Agent
TaskContainer
DockerTask
Container Instance
Container
ECS Agent
TaskContainer
AZ 1 AZ 2
Key/Value Store
Agent Communication Service
Designed for use with other AWS services
Elastic Load Balancing
Amazon Elastic Block Store
Amazon Virtual Private Cloud
Amazon CloudWatch
AWS Identity and Access Management
AWS CloudTrail
Amazon ECS
DockerTask
Container Instance
Amazon ECS
Container
ECS Agent
ELB
Internet
ELB
User / Scheduler
API
Cluster Management Engine
TaskContainer
DockerTask
Container Instance
Container
ECS Agent
TaskContainer
DockerTask
Container Instance
Container
ECS Agent
TaskContainer
AZ 1 AZ 2
Key/Value Store
Agent Communication Service
Update Service (cont.)
Specify a deployment configuration for your service:• minimumHealthyPercent: lower limit (as a percentage of
the service's desiredCount) of the number of running tasks that must remain running in a service during a deployment.
• maximumPercent: upper limit (as a percentage of the service's desiredCount) of the number of running tasks that can be running in a service during a deployment.
Update Service (cont.)Deploy using the least space: minimumHealthyPercent = 50%, maximumPercent = 100%
Update Service (cont.)
Deploy quickly without reducing service capacity: minimumHealthyPercent = 100%, maximumPercent = 200%
Cluster Management: Scheduling
DockerTask
EC2 Instance
Container
DockerTask
EC2 Instance
Container
TaskContainer
Docker
EC2 Instance
TaskContainer
AZ 1 AZ 2
Amazon ECS: Resource Management
DockerTask
Container Instance
Container
TaskContainer
DockerTask
Container Instance
Container
TaskContainer
DockerTask
Container Instance
Container
TaskContainer
AZ 1 AZ 2
Cluster Management Engine
Amazon ECS: Key/Value Store
DockerTask
Container Instance
Container
ECS Agent
ELB
Internet
ELB
TaskContainer
DockerTask
Container Instance
Container
ECS Agent
TaskContainer
DockerTask
Container Instance
Container
ECS Agent
TaskContainer
AZ 1 AZ 2
Key/Value Store
Cluster Management Engine
Agent Communication Service