Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Containers on AWS (With Datree, TLV Summit 2018)

Abby Fuller
April 27, 2018
67

Containers on AWS (With Datree, TLV Summit 2018)

Abby Fuller

April 27, 2018
Tweet

Transcript

  1. © 2018, Amazon Web Services, Inc. or Its Affiliates. All

    rights reserved. Abby Fuller @abbyfuller, AWS Shimon Tolts Datree Containers on AWS
  2. What are containers? A container is an atomic, self-contained package

    of software that includes everything it needs to run (code, runtime, libraries, packages, etc.). A popular, widely-used container platform is Docker. More on that here: https://www.docker.com
  3. Why are containers so popular? Portable Lightweight Standardized Easy to

    deploy Along with containers, comes the “monolith to microservices” story: containers and microservices go hand in hand (more on that in a second)
  4. © 2018, Amazon Web Services, Inc. or Its Affiliates. All

    rights reserved. Running one container is easy
  5. Managing many containers is hard Server Guest OS Server Guest

    OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS
  6. © 2018, Amazon Web Services, Inc. or Its Affiliates. All

    rights reserved. So what’s the container landscape look like on AWS?
  7. © 2018, Amazon Web Services, Inc. or Its Affiliates. All

    rights reserved. What does the landscape look like all together? Amazon ECS (available now) Amazon EKS (preview) Fargate mode for ECS (available now) Fargate mode for EKS (available 2018)
  8. ECS Easiest way to deploy and manage containers Integration with

    entire AWS platform ALB, Auto Scaling, Batch, Elastic Beanstalk, CloudFormation, CloudTrail, CloudWatch Events, CloudWatch Logs, CloudWatch Metrics, ECR, EC2 Spot, IAM, NLB, Parameter Store, and VPC Scales to support clusters of any size Service integrations (like ALB and NLB) are at container level 1 2 3
  9. What we did with ECS in 2017 Container access to

    environmental metadata Network Load Balancer support Console support for SpotFleet Override parameters for RunTask and StartTask APIs Task Elastic Network Interface Application Load Balancer Support HIPAA eligibility Console UX improvements CLI V1.0 Container instance draining Windows containers Cron and Cloudwatch Event Task scheduling Support for Docker Privileged Mode Lifecycle Policies for container images Beijing Region Support for Device and Init flags Add attributes during boot Seoul Region Linux capabilities
  10. EKS Managed Kubernetes on AWS Highly available Automated version upgrades

    Integration with other AWS services Etcd Master Managed Kubernetes control plane CloudTrail, CloudWatch, ELB, IAM, VPC, PrivateLink
  11. Fargate Launch quickly Scale easily No infrastructure Resource based pricing

    Containers on demand Manage everything at container level
  12. What does Fargate mean? No worrying about scaling, service mesh,

    underlying infrastructure, cluster resources, capacity, setup. Just give it a task definition or pod (in 2018), set some resource limits, and away you go.
  13. © 2018, Amazon Web Services, Inc. or Its Affiliates. All

    rights reserved. “When someone asks you for a sandwich, they aren’t asking you to put them in charge of a global sandwich logistic chain. They just want a sandwich”
  14. © 2018, Amazon Web Services, Inc. or Its Affiliates. All

    rights reserved. AMAZON CONTAINER SERVICES So you want to run a (managed) container on AWS Choose your orchestration tool 1 Choose your launch type 2 ECS EKS EC2 Fargate EC2 Fargate
  15. How do I know when to use Fargate vs EC2

    mode? Depends on your workload. For Fargate: if you have a Task Definition, and you’re ok with awsvpc networking mode, try Fargate. Some caveats: can’t exec into the container, or access the underlying host (this is also a good thing) For EC2 mode: good if you need to customize!
  16. © 2018, Amazon Web Services, Inc. or Its Affiliates. All

    rights reserved. What are the differences between ec2 mode and Fargate? • Change in networking mode: "networkMode": "awsvpc” • Only specify container port, no host port: • "portMappings": [{"containerPort": ”8081"}] • No links (only local loopback) • No ELB Classic, only ALB or NLB. ALB needs to use target type IP, not instance. • Launch Type: Fargate
  17. © 2018, Amazon Web Services, Inc. or Its Affiliates. All

    rights reserved. New and important! requiresCompatibilities parameter. "requiresCompatibilities": ["FARGATE"] You can have tasks that have multiple compatibilities: "requiresCompatibilities": ["FARGATE”, “EC2”]
  18. © 2018, Amazon Web Services, Inc. or Its Affiliates. All

    rights reserved. Hang on, what’s awsvpc? New task level networking type. Each Task is assigned an ENI (Elastic Network Interface), and a private IP (and optionally a public IP, if you’re using Fargate) from your subnet. This allows for simplified container networking: containers that are part of the same task (and thus on the same host) can use the local loopback interface. Containers not on the same host use the ENI/hostname/IP
  19. © 2018, Amazon Web Services, Inc. or Its Affiliates. All

    rights reserved. Need some more info on working with awsvpc? https://aws.amazon.com/blogs/compute/task- networking-in-aws-fargate/ https://aws.amazon.com/blogs/compute/introd ucing-cloud-native-networking-for-ecs- containers/
  20. © 2018, Amazon Web Services, Inc. or Its Affiliates. All

    rights reserved. Need help migrating between Fargate and EC2? https://aws.amazon.com/blogs/compute/migr ating-your-amazon-ecs-containers-to-aws- fargate/
  21. ECS: can be totally managed, or can customize resource usage,

    networking, task placement etc. to fit your application needs. Shared responsibility with AWS (because managed service). ecs-agent is open source. Easy integration with other AWS services. EKS: managed, upstream Kubernetes. Can connect to clusters through kubectl and use existing tooling. Can opt in to managed version upgrades. Add resources to your cluster through EC2 (now), or with Fargate mode (2018). Fargate: underlying technology for containers on demand. Pass a Task Definition or Kubernetes Pod, set resource limits, and Fargate manages everything else. NO access to underlying host, no managing of resources. Great if you don’t want to handle scaling, orchestration, deployments, upgrades yourself. Not for those of you that are making changes to your infrastructure (i.e., bringing custom AMIs, or installing things through EC2 user-data) tl;dr
  22. © 2018, Amazon Web Services, Inc. or Its Affiliates. All

    rights reserved. I get by with a little help from my friends
  23. CLIs (that I know of) for Fargate/ECS: aws-cli: the official

    OG. Open source, includes most AWS services. • More info here: https://aws.amazon.com/cli/ • Github here: https://github.com/aws/aws-cli ecs-cli: also official, but just for ECS. Supports docker compose files. • More info here: https://github.com/aws/amazon-ecs-cli Some good unofficial options: Fargate cli: https://github.com/jpignata/fargate Coldbrew cli: https://github.com/coldbrewcloud/coldbrew-cli
  24. © 2018, Amazon Web Services, Inc. or Its Affiliates. All

    rights reserved. Datree Shimon Tolts, Founder and CTO
  25. Agenda Whoami About datree.io Our Code Components Stack 36 Why

    We Migrated Benefits of Migration How We Migrated Challenges
  26. $ ~ whoami Shimon Tolts { age: 29, title: “CTO

    & Co-Founder @ datree”, misc: [“AWS Community Hero”,“Gamer”] } 37 @shimontolts
  27. 38 DevOps Culture Done Right Gain full visibility into your

    code components Sync your developers in real-time Enhance collaboration
  28. EC2 Instance Management AMI and auto-scaling-groups OS Management Linux Patching,

    Docker service updates, ECS Agent upgrades Scaling Having to deal with fleet scaling Compliance & Security SOC 2, HIPPA, PCI-DSS Why We Migrated 42
  29. Benefits of Migration Log management integration out of the box

    (the defaults) Auto Scaling and task distribution Cost savings - pay for what you use - not for what you provision 44
  30. How We Migrated Service by service upgrades 1. Switch network

    mode to ‘awsvpc’ 2. Switch Compatibilities type to Fargate 3. Remove Soft/Hard limits 4. Set your CPU and MEM requirements 46 Hybrid is also supported
  31. Challenges Longer Deployment Times (Up to 10m) Automatic using Travis(ci)

    and ecs-deploy Scheduled Tasks are Not Supported on Fargate Scheduled Lambda Can Trigger a Task 47
  32. We want to hear from all of you! More focus

    on supporting Tasks as compute primitive, more focus on removing undifferentiated heavy lifting. Our roadmap is driven by feedback:
  33. How can I get started? • To join the EKS

    preview: https://aws.amazon.com/eks/ • To get started with Fargate: https://aws.amazon.com/fargate/ • Blogs: https://aws.amazon.com/blogs/aws/aws-fargate/ • https://aws.amazon.com/blogs/aws/amazon-elastic-container-service-for-kubernetes/ • Liz Rice from Aquasec on Fargate: https://blog.aquasec.com/securing-struts-in-aws-fargate • Nathan Peck from AWS: https://medium.com/containers-on-aws/choosing-your-container-environment-on-aws- with-ecs-eks-and-fargate-cfbe416ab1a • Deepak Singh (containers GM at AWS): https://www.slideshare.net/AmazonWebServices/containers-on-aws-state- of-the-union-con201-reinvent-2017
  34. Need a little help? Community Slack channels: awsdevelopers.slack.com amazon-ecs.slack.com Or

    reach out to one of us directly: @abbyfuller or [email protected] @nathankpeck @brentcontained @paulmaddox