6. Docker standalone
Install default linux machines with docker engine
Run docker images with individual port mapping
Use DNS + Load Balancer to access services.
Example: nexus.hi10.cloud, nexusd.hi10.cloud
Contra:
High Availability needs to be managed manually
Port mapping needs to be managed manually (e.g. avoid overlapping ports)
7. ALB: Amazon Application LoadBalancer
Dedicated Amazon Hardware
Always at least 2 machines
Same cost as 2 t2.micro EC2’s
Can do HTTPS handshake
Parses part of the HTTP
request to route to correct
target group.
Chooses healthy registered
target in the target group.
9. Amazon AWS ECS / ECR
ECR: Elastic Container Registry
Free docker registry with IAM authentication
ECS: Elastic Container Services
‘Task definition’ similar to docker-compose project
Runs on EC2 instances with special Amazon Linux installation
Future: Fargate, ECS without EC2 instances (GA: May 2018)
AWS ECS will handle distribution over availability zones, VPC etc.
AWS ECS will auto-scale on demand (based on CloudWatch alarms)
11. ECS Task Definition
Defined in container-definitions.json
Set of docker images, always run together
Can have shared volumes
Can have local network links (bridged)
Example
Frontend Proxy
Backend Server
Log Streamer
13. ECS Service
ECS Service will monitor and
restart one or more replica’s of
a Task
ECS Service will bind the
frontend container’s port to an
ELB’s TargetGroup
Only way to access a container
is via the loadbalancer
16. Kubernetes
Container orchestrator from Google, rewrite of internal cluster management system
First deployment option for Google Cloud Platform
Now, they also support simple VM’s
Kubernetes manager for free on Google Cloud Platform
On AWS: EKS announces, but not yet available (Q2 2018?)
18. Kubernetes Pods
Pod: similar to ECS task
● Set of Containers
● Always on the same node
● Have their own IP address
● Can share volumes
● Always scaled together
19. Kubernetes Manager
Runs on a separate node
Manages Deployments (fka Replication Controllers)
- Scheduler that starts and monitors Pods over all worker nodes
- Assures correct amount of replicas
Services
- Makes Pods accessible
- Multiple options
- Virtual ClusterIP
- Fixed NodePort on all Nodes’ private ip
- LoadBalancer
- Uses kube-proxy service that runs on every node
- Every service gets a local DNS name
- Allows multiple ports per Pod
20. ClusterIP
Creates a virtual IP to access a service
from within the cluster.
KubeCTL Proxy allows tunneling
ClusterIP’s for development purposes.
E.g. Admin console:
http://localhost:8080/api/v1/namespaces/kube-syst
em/services/https:kubernetes-dashboard:/proxy/
23. Ingress
Needs Ingress Controller services
running on any Node
nginx reverse proxy by default
older versions: haproxy
new alternative: traefik
Like a load balancer, but running on the
Kubernetes Nodes
Fully customisable, e.g. can include
Authentication.
25. Kubernetes vs AWS ECS
ECS:
Only on AWS
Uses existing AWS infrastructure
Scheduler is for free
No Service Discovery built-in
Networking only via ALB or NLB
1 port per service
Managed setup & maintenance
Kubernetes:
Works on all Cloud Platforms and On-Premise
Limited AWS Services integration
Pay for an extra Manager Node
Service Discovery via DNS
Complex networking possibilities
Multiple ports per service
Custom setup & maintenance