SlideShare ist ein Scribd-Unternehmen logo
1 von 69
Johanan Lieberman
Docker on AWS -
the Right Way
● Container Orchestration on AWS
● Service Discovery
● Service Load Balancing
● Auto Scaling
● Storage
● Continuous Integration & Delivery
Agenda
Reference Architecture
Container
Orchestration on
AWS
● Technologies which allow us to:
○ Create multi-node container clusters
○ Manage multiple containers easily
○ Automate container lifecycle
What is Container Orchestration?
● Horizontal scalability across multiple hosts
● Grouping of related containers
● Automatic failure detection and recovery
● Seamless updates
Why Do We Need Container Orchestration?
● Horizontal scalability across multiple hosts
● Grouping of related containers
● Automatic failure detection and recovery
● Seamless updates
Why Do We Need Container Orchestration?
● Docker container orchestration service by AWS
● Operates on top of EC2
● Built-in private Docker registry (ECR)
ECS - EC2 Container Service
● Built-in security
○ Assign IAM Roles to Docker containers
○ Docker registry authentication using IAM
● Native integration with ELB and Auto Scaling
● Spot fleet + Auto Scaling support (announced Sep. 1, 2016)
● Full support from AWS
Why Use ECS?
● Cluster - a group of container instances
● Container Instance - an EC2 instance that hosts containers
● Task - a set of related Docker containers
● Task Definition - a template which defines a task
● Service - a group of identical tasks
ECS Components
● A group of container instances
● Supports multiple Availability Zones
● Bound to a specific AWS region
Cluster
● An EC2 instance running Docker with an ECS agent
● May be deployed from an official AWS AMI
● May be deployed using an Auto Scaling group
● Can be of any EC2 instance type / size
Container Instance
● A set of one or more related containers
● Deployed to a cluster
● Containers within a task are placed on the same host
Task
● Serves as a “template” for tasks
● Allows to define most of the Docker features accessible via
docker run (image, volumes, networking, env vars...)
● Allows to define CPU and memory limits for the tasks
● Can assign an IAM role to a task
● Configurable using JSON
Task Definition
● An abstraction above tasks
● Deploys multiple “copies” from a task definition
● Maintaines the desired number of running tasks
● May bind to a load balancer
Service
● Cluster - a group of container instances
● Container Instance - an EC2 instance that hosts containers
● Task - a set of related Docker containers
● Task Definition - a template which defines a task
● Service - a group of identical tasks
ECS Components
● Use ECS to easily manage containerized apps on AWS
● Deploy ECS instances in multiple AZs for high availability
● Choose an instance type that is appropriate for your apps
ECS - Summary & Best Practices
Service Discovery
Question:
How does a client know where to send a
request when a service runs on multiple
nodes?
● A mechanism which allows a client to find out the network
location of a service automatically
What is Service Discovery?
● Cloud environments change all the time
● IP addresses and ports are assigned dynamically
● Auto Scaling launches and terminates instances
● Some instances might be under maintenance or upgrade
Why Do We Need Service Discovery?
Understanding the Problem
Service Discovery Using a Service Registry
Service Discovery Using a Load Balancer
● Cloud environments are dynamic and require service
discovery
● There are multiple solutions for service discovery
● Use load balancers when possible
● Architectures combining a service registry and load balancers
are possible but are more complicated
Service Discovery - Summary & Best Practices
Service Load
Balancing
Question:
How can we provide a single point of access
to a service which runs on multiple
containers?
● A mechanism which provides a single point of access to an
ECS service
● Routes traffic to multiple containers
● Can be internet-facing or internal
● Powered by AWS ELB
● Complements Auto Scaling
What is Service Load Balancing?
● Native integration with ECS
● Highly-available and auto-scaling by design
● Provides session stickiness
● Built-in health checks per service
● Support for VPC Security Groups
Why Use Service Load Balancing?
● A mature AWS service
● Routes traffic among EC2 instances
● Supports Layer 4 routing or (limited) Layer 7 routing
● No support for dynamic ports
ELB - Classic Load Balancer
ELB - Classic Load Balancer
● A new AWS service (announced Aug. 11, 2016)
● Supports containerized applications
● Routes traffic among EC2 instances or ECS tasks
● Supports Layer 4 routing or HTTP path-based routing
● Supports per-service health checks
● Cheaper than the classic ELB
ELB - Application Load Balancer
ELB - Application Load Balancer
● Two types of load balancers - ELB and ALB
● Use ALBs whenever possible
● Save costs by using path-based routing - one ALB can serve a
big cluster with multiple services
Service Load Balancing - Summary & Best Practices
Auto Scaling
Question:
How can we automatically scale an ECS
service based on load?
● Automatically adjusting the capacity of the application’s
infrastructure based on load
What is Auto Scaling?
● Service Auto Scaling - adjusting the number of running ECS
tasks for the given service
● Cluster Auto Scaling - adjusting the number of EC2 instances
in the cluster
● Both types rely on CloudWatch metrics
Auto Scaling in ECS
● Each container gets a portion of the CPU and memory of the
host on which it runs
● This capacity is reserved for each container
● The remaining capacity is shared among all containers
● Resource allocation is configured in the task definition
ECS Resource Allocation
● Each ECS instance has 1024 CPU units per CPU core
● A container gets a relative amount of CPU cycles based on the
configured units
● The configured units are reserved for the container
● CPU allocation is only relevant when there is competition on
host resources
● The remaining CPU capacity may be used by other containers
CPU Resource Allocation
● Soft limit - the amount is reserved for the container but may
be exceeded if capacity is available
● Hard limit - container is killed when trying to exceed the
reserved amount
● Must use one limit type but may use both together
Memory Resource Allocation
● Adding more containers to handle an increasing load
● Configured inside ECS
● Use CPU and memory usage to trigger scaling events
● May use custom CloudWatch metrics too
● “Do we have enough compute power?”
Service Auto Scaling
● Adding more instances to accommodate an increasing
number of containers
● Configured via EC2 Auto Scaling
● Use CPU and memory reservation to trigger scaling events
● “Do we have room for more containers?”
Cluster Auto Scaling
Auto Scaling in Action
Auto Scaling in Action
Uh-oh, need more
containers!
Auto Scaling in Action
Instance is almost
full - need another
one!
Auto Scaling in Action
CPU usage is still
high - need more
containers!
Auto Scaling in Action
...
Auto Scaling in Action
Looks good!
● Configure both Service Auto Scaling and Cluster Auto Scaling
● Scale services based on utilization
● Scale clusters based on reservation
● Service Auto Scaling is much faster than Cluster Auto Scaling
● Leave some spare capacity on each host
○ Allows the cluster to scale in time
Auto Scaling - Summary & Best Practices
Storage
Question:
How to persist data used by a containerized
application and share it among containers on
multiple hosts?
● Docker containers are volatile
● Docker uses Union File Systems for container storage
● Data that is written to the Union File System doesn’t persist
Storage in Docker
● Docker volumes can be used to persist data and share data
between containers
● Docker volumes bypass the Union File System
● Host directories may be mounted as volumes
● Volumes are local to a host
Docker Volumes
● Elastic File System (EFS) - a shared storage solution by AWS
● ObjectiveFS - a 3rd party shared storage solution on top of S3
● Both solutions provide the following:
○ A shared file system which can be accessed by multiple
servers at the same time
○ Unlimited capacity which expands automatically
Shared File Systems
Using a Shared File System
● Use Docker volumes for persistence and for sharing data
between containers
● Mount a shared file system on each host and map Docker
volumes to it
Storage - Summary & Best Practices
Continuous
Integration &
Delivery
Question:
How to deploy applications to ECS and
update them without service disruption?
● ECS can use Docker images from ECR or any other registry
● You can specify which images to deploy using task definitions
● ECS allows you to perform rolling updates to running services
● Updates can be triggered automatically using the ECS API
● Jenkins or any other CI/CD solution may be used to automate
the process
CI/CD with ECS
1. Checkout source from version control to Jenkins server
2. Build a new Docker image
3. Push the new image to ECR
4. Update the task definition & service
5. ECS updates the containers on the cluster
CI/CD with ECS - Workflow
● Docker tags allow you to manage Docker images easily
● When building a new Docker image you must tag it
● Any string may be used as a tag
● The “latest” tag is used as a default tag if no tag is specified
when building an image or running a container
Using Docker Tags
● Using the “latest” tag in CI/CD may lead to problems
● Pushing an image with a tag that already exists in the
repository will cause that tag to move to the new image
● This can lead to two containers which appear to use the same
image but in fact have different code
● A good use for “latest” is to indicate a stable or default
version on a public Docker repository
The “latest” Tag is Dangerous!
● It is important to implement a proper tagging strategy when
using Docker for CI/CD
● Common tag values:
○ Application version (“1.3”)
○ CI/CD build number (“136”)
○ Git SHA value (“ca82a6d”)
Tagging Strategy
● Use Jenkins to build new Docker images and push them to ECR
● Use Jenkins to trigger rolling updates on ECS
● Implement a proper tagging strategy
● Use the “latest” carefully and in addition to a version tag
CI/CD - Summary & Best Practices
Thank You!
johananl@emind.co
info@emind.co
jobs@emind.co
We’re Hiring!
Open Positions
DevOps Engineers
Cloud Architect
Big Data Specialist

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

"[WORKSHOP] K8S for developers", Denis Romanuk
"[WORKSHOP] K8S for developers", Denis Romanuk"[WORKSHOP] K8S for developers", Denis Romanuk
"[WORKSHOP] K8S for developers", Denis Romanuk
 
Tales of Training: Scaling CodeLabs with Swarm Mode and Docker-Compose
Tales of Training: Scaling CodeLabs with Swarm Mode and Docker-ComposeTales of Training: Scaling CodeLabs with Swarm Mode and Docker-Compose
Tales of Training: Scaling CodeLabs with Swarm Mode and Docker-Compose
 
ContainerDayVietnam2016: Dockerize a small business
ContainerDayVietnam2016: Dockerize a small businessContainerDayVietnam2016: Dockerize a small business
ContainerDayVietnam2016: Dockerize a small business
 
Rails Applications with Docker
Rails Applications with DockerRails Applications with Docker
Rails Applications with Docker
 
Securing Containers - Sathyajit Bhat - Adobe - Container Conference 18
Securing Containers - Sathyajit Bhat - Adobe - Container Conference 18Securing Containers - Sathyajit Bhat - Adobe - Container Conference 18
Securing Containers - Sathyajit Bhat - Adobe - Container Conference 18
 
Container orchestration from theory to practice
Container orchestration from theory to practiceContainer orchestration from theory to practice
Container orchestration from theory to practice
 
Continuous delivery and deployment on AWS
Continuous delivery and deployment on AWSContinuous delivery and deployment on AWS
Continuous delivery and deployment on AWS
 
MongoDB Management & Ansible
MongoDB Management & AnsibleMongoDB Management & Ansible
MongoDB Management & Ansible
 
Velocity NYC 2016 - Containers @ Netflix
Velocity NYC 2016 - Containers @ NetflixVelocity NYC 2016 - Containers @ Netflix
Velocity NYC 2016 - Containers @ Netflix
 
Play Support in Cloud Foundry
Play Support in Cloud FoundryPlay Support in Cloud Foundry
Play Support in Cloud Foundry
 
Cloudfoundry Overview
Cloudfoundry OverviewCloudfoundry Overview
Cloudfoundry Overview
 
JEEconf 2017
JEEconf 2017JEEconf 2017
JEEconf 2017
 
Introduction to Docker
Introduction to DockerIntroduction to Docker
Introduction to Docker
 
New AWS Services
New AWS ServicesNew AWS Services
New AWS Services
 
A Survey of Container Security in 2016: A Security Update on Container Platforms
A Survey of Container Security in 2016: A Security Update on Container PlatformsA Survey of Container Security in 2016: A Security Update on Container Platforms
A Survey of Container Security in 2016: A Security Update on Container Platforms
 
Structured Container Delivery by Oscar Renalias, Accenture
Structured Container Delivery by Oscar Renalias, AccentureStructured Container Delivery by Oscar Renalias, Accenture
Structured Container Delivery by Oscar Renalias, Accenture
 
Kubernetes Architecture - beyond a black box - Part 1
Kubernetes Architecture - beyond a black box - Part 1Kubernetes Architecture - beyond a black box - Part 1
Kubernetes Architecture - beyond a black box - Part 1
 
Introduction to containers a practical session using core os and docker
Introduction to containers  a practical session using core os and dockerIntroduction to containers  a practical session using core os and docker
Introduction to containers a practical session using core os and docker
 
(CMP302) Amazon ECS: Distributed Applications at Scale
(CMP302) Amazon ECS: Distributed Applications at Scale(CMP302) Amazon ECS: Distributed Applications at Scale
(CMP302) Amazon ECS: Distributed Applications at Scale
 
Docker SF Meetup January 2016
Docker SF Meetup January 2016Docker SF Meetup January 2016
Docker SF Meetup January 2016
 

Andere mochten auch

TLS303 How to Deploy Python Applications on AWS Elastic Beanstalk - AWS re:In...
TLS303 How to Deploy Python Applications on AWS Elastic Beanstalk - AWS re:In...TLS303 How to Deploy Python Applications on AWS Elastic Beanstalk - AWS re:In...
TLS303 How to Deploy Python Applications on AWS Elastic Beanstalk - AWS re:In...
Amazon Web Services
 

Andere mochten auch (20)

How to Triple Your Speed of Development Using Automation
How to Triple Your Speed of Development Using AutomationHow to Triple Your Speed of Development Using Automation
How to Triple Your Speed of Development Using Automation
 
Best of re:Invent 2016 meetup presentation
Best of re:Invent 2016 meetup presentationBest of re:Invent 2016 meetup presentation
Best of re:Invent 2016 meetup presentation
 
How to protect your IoT data on AWS
How to protect your IoT data on AWSHow to protect your IoT data on AWS
How to protect your IoT data on AWS
 
Running Docker clusters on AWS (November 2016)
Running Docker clusters on AWS (November 2016)Running Docker clusters on AWS (November 2016)
Running Docker clusters on AWS (November 2016)
 
Docker Build
Docker BuildDocker Build
Docker Build
 
Exploring Docker in CI/CD
Exploring Docker in CI/CDExploring Docker in CI/CD
Exploring Docker in CI/CD
 
Fun with containers: Use Ansible to build Docker images
Fun with containers: Use Ansible to build Docker imagesFun with containers: Use Ansible to build Docker images
Fun with containers: Use Ansible to build Docker images
 
An Engineers Guide to the AWS Ruby SDK
An Engineers Guide to the AWS Ruby SDKAn Engineers Guide to the AWS Ruby SDK
An Engineers Guide to the AWS Ruby SDK
 
AWS EC2 Container Service (ECS) In Action - iMasters Developer Week - Vitoria
AWS EC2 Container Service (ECS) In Action - iMasters Developer Week - VitoriaAWS EC2 Container Service (ECS) In Action - iMasters Developer Week - Vitoria
AWS EC2 Container Service (ECS) In Action - iMasters Developer Week - Vitoria
 
AWS Elastic Beanstalk and Docker
AWS Elastic Beanstalk and DockerAWS Elastic Beanstalk and Docker
AWS Elastic Beanstalk and Docker
 
Scaling Django Apps using AWS Elastic Beanstalk
Scaling Django Apps using AWS Elastic BeanstalkScaling Django Apps using AWS Elastic Beanstalk
Scaling Django Apps using AWS Elastic Beanstalk
 
Docker on AWS
Docker on AWSDocker on AWS
Docker on AWS
 
Apache Spark Clusters for Everyone | AWS Public Sector Summit 2016
Apache Spark Clusters for Everyone | AWS Public Sector Summit 2016Apache Spark Clusters for Everyone | AWS Public Sector Summit 2016
Apache Spark Clusters for Everyone | AWS Public Sector Summit 2016
 
(APP313) NEW LAUNCH: Amazon EC2 Container Service in Action | AWS re:Invent 2014
(APP313) NEW LAUNCH: Amazon EC2 Container Service in Action | AWS re:Invent 2014(APP313) NEW LAUNCH: Amazon EC2 Container Service in Action | AWS re:Invent 2014
(APP313) NEW LAUNCH: Amazon EC2 Container Service in Action | AWS re:Invent 2014
 
Apache Kafka, and the Rise of Stream Processing
Apache Kafka, and the Rise of Stream ProcessingApache Kafka, and the Rise of Stream Processing
Apache Kafka, and the Rise of Stream Processing
 
TLS303 How to Deploy Python Applications on AWS Elastic Beanstalk - AWS re:In...
TLS303 How to Deploy Python Applications on AWS Elastic Beanstalk - AWS re:In...TLS303 How to Deploy Python Applications on AWS Elastic Beanstalk - AWS re:In...
TLS303 How to Deploy Python Applications on AWS Elastic Beanstalk - AWS re:In...
 
Demystifying Stream Processing with Apache Kafka
Demystifying Stream Processing with Apache KafkaDemystifying Stream Processing with Apache Kafka
Demystifying Stream Processing with Apache Kafka
 
GDGSCL - Docker a jeho provoz v Heroku a AWS
GDGSCL - Docker a jeho provoz v Heroku a AWSGDGSCL - Docker a jeho provoz v Heroku a AWS
GDGSCL - Docker a jeho provoz v Heroku a AWS
 
CI/CD with Docker on AWS
CI/CD with Docker on AWSCI/CD with Docker on AWS
CI/CD with Docker on AWS
 
Data Pipelines with Kafka Connect
Data Pipelines with Kafka ConnectData Pipelines with Kafka Connect
Data Pipelines with Kafka Connect
 

Ähnlich wie Docker on AWS - the Right Way

Ähnlich wie Docker on AWS - the Right Way (20)

Docker on Amazon ECS
Docker on Amazon ECSDocker on Amazon ECS
Docker on Amazon ECS
 
Running containers in AWS
Running containers in AWSRunning containers in AWS
Running containers in AWS
 
Deliver Docker Containers Continuously On AWS - DevOpsCon Munich 2016
Deliver Docker Containers Continuously On AWS - DevOpsCon Munich 2016Deliver Docker Containers Continuously On AWS - DevOpsCon Munich 2016
Deliver Docker Containers Continuously On AWS - DevOpsCon Munich 2016
 
Kubernetes intro
Kubernetes introKubernetes intro
Kubernetes intro
 
AWS ECS Meetup Talentica
AWS ECS Meetup TalenticaAWS ECS Meetup Talentica
AWS ECS Meetup Talentica
 
Docker Container automatisiert nach AWS deployen - Continuous Lifecycle 2016
Docker Container automatisiert nach AWS deployen  - Continuous Lifecycle 2016Docker Container automatisiert nach AWS deployen  - Continuous Lifecycle 2016
Docker Container automatisiert nach AWS deployen - Continuous Lifecycle 2016
 
Serverless and mixed container orchestration and request routing on AWS
Serverless and mixed container orchestration and request routing on AWSServerless and mixed container orchestration and request routing on AWS
Serverless and mixed container orchestration and request routing on AWS
 
Docker and Azure Kubernetes service.pptx
Docker and Azure Kubernetes service.pptxDocker and Azure Kubernetes service.pptx
Docker and Azure Kubernetes service.pptx
 
Re:invent 2016 Container Scheduling, Execution and AWS Integration
Re:invent 2016 Container Scheduling, Execution and AWS IntegrationRe:invent 2016 Container Scheduling, Execution and AWS Integration
Re:invent 2016 Container Scheduling, Execution and AWS Integration
 
Leveraging Amzon EC2 Container Services for Container Orchestration
Leveraging Amzon EC2 Container Services for Container OrchestrationLeveraging Amzon EC2 Container Services for Container Orchestration
Leveraging Amzon EC2 Container Services for Container Orchestration
 
ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day
ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container DayECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day
ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day
 
Working with microservices and Amazon ECS at Airtime
Working with microservices and Amazon ECS at AirtimeWorking with microservices and Amazon ECS at Airtime
Working with microservices and Amazon ECS at Airtime
 
AWS re:Invent 2016: Development Workflow with Docker and Amazon ECS (CON302)
AWS re:Invent 2016: Development Workflow with Docker and Amazon ECS (CON302)AWS re:Invent 2016: Development Workflow with Docker and Amazon ECS (CON302)
AWS re:Invent 2016: Development Workflow with Docker and Amazon ECS (CON302)
 
Advanced Container Scheduling
Advanced Container SchedulingAdvanced Container Scheduling
Advanced Container Scheduling
 
Container Management with Amazon ECS
Container Management with Amazon ECSContainer Management with Amazon ECS
Container Management with Amazon ECS
 
AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...
AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...
AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...
 
Netflix and Containers: Not A Stranger Thing
Netflix and Containers:  Not A Stranger ThingNetflix and Containers:  Not A Stranger Thing
Netflix and Containers: Not A Stranger Thing
 
Netflix and Containers: Not Stranger Things
Netflix and Containers: Not Stranger ThingsNetflix and Containers: Not Stranger Things
Netflix and Containers: Not Stranger Things
 
01. Kubernetes-PPT.pptx
01. Kubernetes-PPT.pptx01. Kubernetes-PPT.pptx
01. Kubernetes-PPT.pptx
 
Containerization with Microsoft Azure
Containerization with Microsoft AzureContainerization with Microsoft Azure
Containerization with Microsoft Azure
 

Kürzlich hochgeladen

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 

Kürzlich hochgeladen (20)

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

Docker on AWS - the Right Way

  • 1. Johanan Lieberman Docker on AWS - the Right Way
  • 2. ● Container Orchestration on AWS ● Service Discovery ● Service Load Balancing ● Auto Scaling ● Storage ● Continuous Integration & Delivery Agenda
  • 5. ● Technologies which allow us to: ○ Create multi-node container clusters ○ Manage multiple containers easily ○ Automate container lifecycle What is Container Orchestration?
  • 6. ● Horizontal scalability across multiple hosts ● Grouping of related containers ● Automatic failure detection and recovery ● Seamless updates Why Do We Need Container Orchestration?
  • 7.
  • 8. ● Horizontal scalability across multiple hosts ● Grouping of related containers ● Automatic failure detection and recovery ● Seamless updates Why Do We Need Container Orchestration?
  • 9. ● Docker container orchestration service by AWS ● Operates on top of EC2 ● Built-in private Docker registry (ECR) ECS - EC2 Container Service
  • 10. ● Built-in security ○ Assign IAM Roles to Docker containers ○ Docker registry authentication using IAM ● Native integration with ELB and Auto Scaling ● Spot fleet + Auto Scaling support (announced Sep. 1, 2016) ● Full support from AWS Why Use ECS?
  • 11. ● Cluster - a group of container instances ● Container Instance - an EC2 instance that hosts containers ● Task - a set of related Docker containers ● Task Definition - a template which defines a task ● Service - a group of identical tasks ECS Components
  • 12. ● A group of container instances ● Supports multiple Availability Zones ● Bound to a specific AWS region Cluster
  • 13. ● An EC2 instance running Docker with an ECS agent ● May be deployed from an official AWS AMI ● May be deployed using an Auto Scaling group ● Can be of any EC2 instance type / size Container Instance
  • 14. ● A set of one or more related containers ● Deployed to a cluster ● Containers within a task are placed on the same host Task
  • 15. ● Serves as a “template” for tasks ● Allows to define most of the Docker features accessible via docker run (image, volumes, networking, env vars...) ● Allows to define CPU and memory limits for the tasks ● Can assign an IAM role to a task ● Configurable using JSON Task Definition
  • 16. ● An abstraction above tasks ● Deploys multiple “copies” from a task definition ● Maintaines the desired number of running tasks ● May bind to a load balancer Service
  • 17. ● Cluster - a group of container instances ● Container Instance - an EC2 instance that hosts containers ● Task - a set of related Docker containers ● Task Definition - a template which defines a task ● Service - a group of identical tasks ECS Components
  • 18.
  • 19. ● Use ECS to easily manage containerized apps on AWS ● Deploy ECS instances in multiple AZs for high availability ● Choose an instance type that is appropriate for your apps ECS - Summary & Best Practices
  • 21. Question: How does a client know where to send a request when a service runs on multiple nodes?
  • 22. ● A mechanism which allows a client to find out the network location of a service automatically What is Service Discovery?
  • 23. ● Cloud environments change all the time ● IP addresses and ports are assigned dynamically ● Auto Scaling launches and terminates instances ● Some instances might be under maintenance or upgrade Why Do We Need Service Discovery?
  • 25. Service Discovery Using a Service Registry
  • 26. Service Discovery Using a Load Balancer
  • 27. ● Cloud environments are dynamic and require service discovery ● There are multiple solutions for service discovery ● Use load balancers when possible ● Architectures combining a service registry and load balancers are possible but are more complicated Service Discovery - Summary & Best Practices
  • 29. Question: How can we provide a single point of access to a service which runs on multiple containers?
  • 30. ● A mechanism which provides a single point of access to an ECS service ● Routes traffic to multiple containers ● Can be internet-facing or internal ● Powered by AWS ELB ● Complements Auto Scaling What is Service Load Balancing?
  • 31. ● Native integration with ECS ● Highly-available and auto-scaling by design ● Provides session stickiness ● Built-in health checks per service ● Support for VPC Security Groups Why Use Service Load Balancing?
  • 32. ● A mature AWS service ● Routes traffic among EC2 instances ● Supports Layer 4 routing or (limited) Layer 7 routing ● No support for dynamic ports ELB - Classic Load Balancer
  • 33. ELB - Classic Load Balancer
  • 34. ● A new AWS service (announced Aug. 11, 2016) ● Supports containerized applications ● Routes traffic among EC2 instances or ECS tasks ● Supports Layer 4 routing or HTTP path-based routing ● Supports per-service health checks ● Cheaper than the classic ELB ELB - Application Load Balancer
  • 35. ELB - Application Load Balancer
  • 36. ● Two types of load balancers - ELB and ALB ● Use ALBs whenever possible ● Save costs by using path-based routing - one ALB can serve a big cluster with multiple services Service Load Balancing - Summary & Best Practices
  • 38. Question: How can we automatically scale an ECS service based on load?
  • 39. ● Automatically adjusting the capacity of the application’s infrastructure based on load What is Auto Scaling?
  • 40. ● Service Auto Scaling - adjusting the number of running ECS tasks for the given service ● Cluster Auto Scaling - adjusting the number of EC2 instances in the cluster ● Both types rely on CloudWatch metrics Auto Scaling in ECS
  • 41. ● Each container gets a portion of the CPU and memory of the host on which it runs ● This capacity is reserved for each container ● The remaining capacity is shared among all containers ● Resource allocation is configured in the task definition ECS Resource Allocation
  • 42. ● Each ECS instance has 1024 CPU units per CPU core ● A container gets a relative amount of CPU cycles based on the configured units ● The configured units are reserved for the container ● CPU allocation is only relevant when there is competition on host resources ● The remaining CPU capacity may be used by other containers CPU Resource Allocation
  • 43. ● Soft limit - the amount is reserved for the container but may be exceeded if capacity is available ● Hard limit - container is killed when trying to exceed the reserved amount ● Must use one limit type but may use both together Memory Resource Allocation
  • 44. ● Adding more containers to handle an increasing load ● Configured inside ECS ● Use CPU and memory usage to trigger scaling events ● May use custom CloudWatch metrics too ● “Do we have enough compute power?” Service Auto Scaling
  • 45. ● Adding more instances to accommodate an increasing number of containers ● Configured via EC2 Auto Scaling ● Use CPU and memory reservation to trigger scaling events ● “Do we have room for more containers?” Cluster Auto Scaling
  • 46. Auto Scaling in Action
  • 47. Auto Scaling in Action Uh-oh, need more containers!
  • 48. Auto Scaling in Action Instance is almost full - need another one!
  • 49. Auto Scaling in Action CPU usage is still high - need more containers!
  • 50. Auto Scaling in Action ...
  • 51. Auto Scaling in Action Looks good!
  • 52. ● Configure both Service Auto Scaling and Cluster Auto Scaling ● Scale services based on utilization ● Scale clusters based on reservation ● Service Auto Scaling is much faster than Cluster Auto Scaling ● Leave some spare capacity on each host ○ Allows the cluster to scale in time Auto Scaling - Summary & Best Practices
  • 54. Question: How to persist data used by a containerized application and share it among containers on multiple hosts?
  • 55. ● Docker containers are volatile ● Docker uses Union File Systems for container storage ● Data that is written to the Union File System doesn’t persist Storage in Docker
  • 56. ● Docker volumes can be used to persist data and share data between containers ● Docker volumes bypass the Union File System ● Host directories may be mounted as volumes ● Volumes are local to a host Docker Volumes
  • 57. ● Elastic File System (EFS) - a shared storage solution by AWS ● ObjectiveFS - a 3rd party shared storage solution on top of S3 ● Both solutions provide the following: ○ A shared file system which can be accessed by multiple servers at the same time ○ Unlimited capacity which expands automatically Shared File Systems
  • 58. Using a Shared File System
  • 59. ● Use Docker volumes for persistence and for sharing data between containers ● Mount a shared file system on each host and map Docker volumes to it Storage - Summary & Best Practices
  • 61. Question: How to deploy applications to ECS and update them without service disruption?
  • 62. ● ECS can use Docker images from ECR or any other registry ● You can specify which images to deploy using task definitions ● ECS allows you to perform rolling updates to running services ● Updates can be triggered automatically using the ECS API ● Jenkins or any other CI/CD solution may be used to automate the process CI/CD with ECS
  • 63. 1. Checkout source from version control to Jenkins server 2. Build a new Docker image 3. Push the new image to ECR 4. Update the task definition & service 5. ECS updates the containers on the cluster CI/CD with ECS - Workflow
  • 64. ● Docker tags allow you to manage Docker images easily ● When building a new Docker image you must tag it ● Any string may be used as a tag ● The “latest” tag is used as a default tag if no tag is specified when building an image or running a container Using Docker Tags
  • 65. ● Using the “latest” tag in CI/CD may lead to problems ● Pushing an image with a tag that already exists in the repository will cause that tag to move to the new image ● This can lead to two containers which appear to use the same image but in fact have different code ● A good use for “latest” is to indicate a stable or default version on a public Docker repository The “latest” Tag is Dangerous!
  • 66. ● It is important to implement a proper tagging strategy when using Docker for CI/CD ● Common tag values: ○ Application version (“1.3”) ○ CI/CD build number (“136”) ○ Git SHA value (“ca82a6d”) Tagging Strategy
  • 67. ● Use Jenkins to build new Docker images and push them to ECR ● Use Jenkins to trigger rolling updates on ECS ● Implement a proper tagging strategy ● Use the “latest” carefully and in addition to a version tag CI/CD - Summary & Best Practices
  • 69. Open Positions DevOps Engineers Cloud Architect Big Data Specialist

Hinweis der Redaktion

  1. Couple of reasons: SLB integrates natively with ECS It comes with built-in high availability and auto scaling so you don’t need to worry about failures or capacity It provides session stickiness which may be critical for certain applications It automatically checks that all of your nodes are healthy and stops routing traffic to unhealthy nodes And it employs VPC security groups which allows you to control who or what can access your service.