containers-on-aws (demo)

Transcript

1. AWS Dockerʢͦͷ 2ʣ JAWS-UG ίϯςφࢧ෦ #5 2016/09/21

2. @pottava SUPINF Inc. Docker Administration and Operations (AWS Certified) SA,

   DevOps Engineer Pro 2

3. ޮՌతͳಋೖɾӡ༻ͷͨΊͷ Amazon Web Services ׆༻ೖ໳ 2016/08/01 ίϯςφؔ࿈αʔϏεͰ͋Δ ECSɺECR ͦͷଞ CloudFrontɺACMɺAPI

   Gateway IAMɺAWS WAFɺCloudFormation ॻ͖·ͨ͠ɻ 3

4. גࣜձࣾεϐϯϑ ΞΠσΟΞΛ͔ͨͪʹʂ + 4

5. https://www.supinf.co.jp/service/dockersupport/ Comfy for Docker ϓϩδΣΫτ΁ͷ Docker ಋೖɾ։ൃࢧԉɾӡ༻؂ࢹ୅ߦΛ͍ͨ͠·͢ɻ ʢGCP / Azure

   ΋΋ͪΖΜରԠ͍ͯ͠·͢ɾɾʣ http://prtimes.jp/main/html/rd/p/000000007.000007768.html 5

6. Ͱ͸ 6

7. ɹAWS Docker 7

8. ͓఻͍͑ͨ͜͠ͱ 1. AWS ͷίϯςφࢧԉػೳͨ͘͞Μ 2. ࣮ࡍʹσϓϩΠ͕ಈ༷͘ࢠ 8

9. ͓࿩͢͠Δ͜ͱ 1. AWS ͷίϯςφؔ࿈αʔϏε֓ཁ 2. جຊతͳߏ੒ɾߋ৽ྫ 2.1. ECSɻ 2.2. ElasticBeanstalkɻ

   2.3. CodeDeployɻ 3. σϞ 9

10. 1. AWS ͷίϯςφؔ࿈αʔϏε֓ཁ 10

11. EC2 Amazon Elastic Compute CloudɻԾ૝αʔόɻ [ Ϣʔεέʔε ] • Docker

    ͷ swarm Ϟʔυ΍ Kubernetes Λ࢖͍͍ͨ • Docker ϨδετϦΛࣗલͰӡ༻͍ͨ͠ • อक೿ʢʁʣओʹ SSH ଒ͷओઓ৔ɻ [ ಛ௃ ] • Ϋϥελ؅ཧπʔϧ෼ɺαʔόىಈ਺↑ӡ༻ෛՙ↑ • ͱ͸͍͑ɺͳΜͰ΋Ͱ͖Δ. 11

12. • Docker ࣾ੡ɺAWS ༻ swarm Ϋϥελಋೖπʔϧɻεέʔϧ΋؆୯ɻ • αʔϏεΛఆٛ͢Δͱ ELB ͷ֘౰ϙʔτ͕ͦΕʹࣗಈ௥ਵ͢Δʂ

    • ଍Γͳ͍ͱ͜Ζ͸ΈΜͳͰ Docker ࣾʹཁ๬Λʙ ࢀߟʣDocker for AWS 12

13. ECS EC2 Container Serviceɻίϯςφ؅ཧɻ [ Ϣʔεέʔε ] • λεΫ͝ͱͷద੾ͳݖݶઃఆ +

    εέʔϧ΋ AWS ʹ೚͍ͤͨ • ࠷େݶϦιʔεΛޮ཰తʹ࢖͍ɺۃྗίετΛ཈͍͑ͨ. [ ಛ௃ ] • Ϛωʔδυ͞ΕͨΫϥελʔϚωʔδϟɻӡ༻ෛՙ͕௿͍. • Service Auto Scaling ΍ AZ Λҙࣝͨ͠ ࣗಈεέʔϧ • ALB ͱͷ૊Έ߹ΘͤͰಈతϙʔτϚοϐϯά࣮ݱ • λεΫεέδϡʔϥΛࣗ༝ʹೖΕସ͑ΒΕΔ. 13

14. name EC2 Container Service (ECS) Google Container Engine (GKE) Azure

    Container Service (ACS) based on - Kubernetes DC/OS or Docker swarm unit λεΫ Pod Service 14 ࢀߟʣίϯςφ؅ཧ͓͓·͔ͳൺֱ

15. ElasticBeanstalk (EB) Heroku తͳࢠɻ [ Ϣʔεέʔε ] • ίϯςφ΋طଘͷ EB

    ΞϓϦಉ༷ʹӡ༻͍ͨ͠ [ ಛ௃ ] • ECS ͷλεΫͱ࣮ͯ͠ߦ͞ΕΔ → ECS ͷΑ͞ΛҰ෦׆͔ͤΔ • ҰํͰ ECS ͷλεΫఆٛɺίϯςφ਺্ݶ 10 ʹΑΔ੍໿ • ElasticBeanstalk ͷ֤छػೳ͕࢖͑Δʂ؀ڥΫϩʔϯͳͲ • εέʔϧ͸αʔό୯Ґ. 15

16. ALB / CLB Application Load Balancer (L7) / Classic Load

    Balancer (L4, L7)ɻϩʔυόϥϯαɻ [ Ϣʔεέʔε ] • ίϯςφͷલʹ͓͖͍ͨ • ECS ͷಈతϙʔτϚοϐϯάΛ࢖͍͍ͨ ( ALB ) • DC/OS ΍ Docker for AWS ͳͲͰ؅ཧϊʔυ΁ͷ HTTPS, SSH [ ಛ௃ ] • ٸܹͳෛՙ͕༧૝͞ΕΔͱ͖͸ஆؾਃ੥ • VPC ಺෦ͷϩʔυόϥϯαͱͯ͠΋࡞੒Մೳ NEW 16

17. ECR EC2 Container RegistryɻDocker ϨδετϦɻ [ Ϣʔεέʔε ] • Docker

    Hub ͷ଎౓͕ෆຬɻ౦ژʹ΄͍͠ʂ • ΞΫηε੍ޚ͍͚ͨ͠Ͳࣗલ؅ཧ͸ݏ. [ ಛ௃ ] • Ϛωʔδυ͞Εͨ Docker ϨδετϦɻӡ༻ෛՙ͕௿͍. • IAM ͱ౷߹͞Ε͍ͯͯɺΞΧ΢ϯτ/Ϣʔβࢦఆͷղ์ָ͕ • ΦϑΟε΍ GCP ͳͲ AWS ֎͔Β΋ར༻Մೳ • github.com/awslabs/amazon-ecr-credential-helper 17

18. S3 ߴػೳͳετϨʔδαʔϏεɻϑΝΠϧஔ͖৔ɻ [ Ϣʔεέʔε ] • docker save Ͱੜ੒Ͱ͖Δ tar

    ΞʔΧΠϒͷอ؅ɾ഑෍ ʢDocker ΠϝʔδͰ͸഑෍͠ʹ͍͘ঢ়گͳͲͰͱͯ΋ศརʣ • ൿಗ৘ใΛอ؅ɾ഑෍͍ͨ͠. • ίϯςφ֎ʹӬଓԽ͍ͨ͠σʔλ͕͋Δ. [ ಛ௃ ] • σʔλͷ҉߸ԽΦϓγϣϯ͕๛෋. • IAM ͱͷ࿈ܞͰίϯςφ͔ΒͷΞΫηε੍ޚ΋༰қ 18

19. CodeDeploy σϓϩΠࣗಈԽͷΈʹಛԽͨ͠αʔϏεɻ [ Ϣʔεέʔε ] • docker pull ͚ͩͰͳ͘ɺsave &

    load ΋࢖͍͍ͨ • ωΟςΠϒͳ docker-compose ΍ swarm ͰσϓϩΠ͍ͨ͠ • σϓϩΠલޙʹ͋Μͳॲཧ΍͜ΜͳॲཧΛؾܰʹ͸͞Έ͍ͨ [ ಛ௃ ] • ΦϯϓϨʹ͋Δαʔόʹରͯ͠΋࢖͑Δ • Healthy Ͱ͍ͯ΄͍͠ ୆਺ / ׂ߹ Λࢦఆͯ͠σϓϩΠ 19

20. 2. جຊతͳߏ੒ɾߋ৽ྫ 20

21. ECS 21 ࠷খߏ੒: ECR ECS EC2 Ϣʔβ

22. ECS 22 ؀ڥߋ৽: ECR ECS EC2 ᶃ docker push ᶄ

    λεΫఆٛߋ৽ & ɹ Service ߋ৽ͳͲ ᶅ ΤʔδΣϯτʹࢦࣔ ΤϯδχΞ Ϣʔβ ᶆ docker pull ᶇ σϓϩΠ

23. ECS with ALB / ELB AWS CLI Ͱͷߋ৽ྫɻʢECS CLI ͸ݱঢ়ಛఆ༻్͔ͳ..ʣ

    1. docker build & push > ECR etc..ɻ 2. λεΫఆٛॻ͖׵͑ 3. aws ecs register-task-definitionɻ 4. aws ecs update-serviceɻ εέʔϧͤ͞ΔͳΒϩʔυόϥϯαΛɻ ECS ͸αʔϏεσΟεΧόϦ΋ ALB / ELB Ͱߦ͏ࢥ૝ɻ 23

24. ECS: ಈతϙʔτϚοϐϯά • λεΫఆٛ ͷ Host ଆ Port ʹ 0

    Λࢦఆ • Service ͷϩʔυόϥϯαʹ ALB Λࢦఆ • ίϯςφଆ Port ͱҰக͢Δ TargetGroup ΛׂΓ౰ͯ NEW 24

25. • ͨͱ͑ EC2 ͕ 1୆Ͱ΋ɺService DesiredCount > 1 Մೳ •

    ྫ͑͹ 5 ʹ͢Δͱ͜͏ͳΔ • TargetGroup ͷ Targets ΋ݡ͘ɺউखʹ͜͏ͳΔ ECS: ಈతϙʔτϚοϐϯά NEW 25

26. ElasticBeanstalk 26 ࠷খߏ੒: EC2 ECR EB ECS Ϣʔβ

27. ElasticBeanstalk 27 ؀ڥߋ৽: EC2 ECR EB ᶃ docker push ΤϯδχΞ

    Ϣʔβ ᶈ docker pull ᶉ ϩʔϦϯά Ξοϓσʔτ S3 ᶄ S3 ʹ bundle.zip సૹ ᶅ όʔδϣΞοϓ & ؀ڥߋ৽ ʢEB ͷߋ৽ύλʔϯ͸ෳ਺ʣ ECS ᶆ λεΫߋ৽ ᶇ ΤʔδΣϯτ ɹʹࢦࣔ

28. ElasticBeanstalk: ෳ਺ίϯςφ؀ڥ AWS CLI Ͱͷߋ৽ྫɻʢEB CLI ͳΒߋʹγϯϓϧʣ • source-bundleɻ -

    .ebextensionsɻ - foo.configɻ - bar.configɻ - Dockerrun.aws.json : ඞཁʹԠͯ͜͡ΕΛͭΒͭΒॻ͖׵͑.. 1. source-bundle Λ zip ͰݻΊͯ S3 ʹసૹ 2. aws elasticbeanstalk create-application-versionɻ 3. aws elasticbeanstalk update-environmentɻ 28

29. CodeDeploy 29 ࠷খߏ੒: EC2 S3 CodeDeploy Ϣʔβ

30. CodeDeploy 30 ؀ڥߋ৽: EC2 S3 CodeDeploy ᶃ docker save ͨ͠

    tar ͱ ɹ appspec.yml Λసૹ ᶄ CodeDeploy ʹ ɹ S3 ར༻ͷσϓϩΠΛࢦࣔ ᶅ ΤʔδΣϯτʹࢦࣔ ΤϯδχΞ Ϣʔβ ᶆ σʔλऔಘ ᶇ σϓϩΠ

31. CodeDeploy with docker ؀ڥߋ৽ͷجຊɻ 1. CircleCI ΍ GitLab CI Ͱಛఆϒϥϯνʹ

    push / λά͕͍ͭͨΒ 2. Docker Πϝʔδੜ੒ͯ͠ɺςετ͕௨ͬͨΒ - docker save ͨ͠ tar ࠐΈͰ CodeDeploy ༻ͷ S3 ʹసૹ - ·ͨ͸ ECR ʹ docker push + appspec.yml ͳͲΛ S3 ʹసૹ 3. CodeDeploy ʹσϓϩΠࢦࣔ 4. ApplicationStop ϑοΫͰ docker rm -f name 2>/dev/null || true 5. ApplicationStart ϑοΫͰ docker load / run -d -p 80:80 .. 31

32. CodeDeploy with docker-compose 32 ϩʔΧϧͱಉ͡ؾ͕ܰ͞΄͍͠ɻ 1. ಉ্ 2. docker-compose.yml ΋

    zip ʹೖΕͯ S3 ʹసૹ 3. ಉ্ 4. ApplicationStop ϑοΫͰ docker-compose rm -f 5. ApplicationStart ϑοΫͰ docker-compose up -d

33. EC2 1୆Ͱ΋ແఀࢭΞοϓσʔτ͍ͨ͠ɻ 1. ಉ্ 2. with docker ͱಉ༷ 3. ಉ্

    4. ApplicationStop ෆཁ 5. ApplicationStart ϑοΫͰ - ͢ͰʹՔಇαʔϏε͕͋Ε͹ docker service update ʢ͜ͷͱ͖ docker ΠϝʔδΛ࠷৽ʹߋ৽͢ΔͨΊͷ޻෉Λʂʣ ʢECR ͳΒ @sha256:.. Ͱͷϋογϡࢦఆ͕ݸਓతʹ͸Φεεϝʣ - ͳ͚Ε͹ docker service create --name web -p 80:80 --replicas 2 .. CodeDeploy with docker swarm 33

34. CodeDeploy ಋೖ Tips 34 • CI αʔό༻ͷ IAM Ϣʔβʹ͸ -

    https://circleci.com/docs/continuous-deployment-with-aws-codedeploy/ ɻ - ECR Λܦ༝͢Δ৔߹͸͜͜ͷ IAM ʹ ECR ͷ؅ཧݖݶΛ௥Ճ • CodeDeploy ͷσϓϩΠʹ S3 Λ࢖͏ͱ͖͸ - EC2 ʹ AmazonS3ReadOnlyAccess ͳͲͷϩʔϧΛ • CodeDeploy ͷσϓϩΠʹ ECR Λ࢖͏ͱ͖͸ - EC2 ʹ AmazonEC2ContainerRegistryReadOnly ͳͲͷϩʔϧΛ - github.com/awslabs/amazon-ecr-credential-helper ɻ - github.com/pottava/dockerized-ecr-credential-helper ɻ • Docker swarm ϞʔυΛ࢖͏ʹ͸ - Docker 1.12 ͕ඞཁͳͨΊɺAMI ʹ͸ CentOS 7 / Ubuntu 14.04 ͳͲΛ

35. 3. σϞ 35

36. CloudFront ʢCDNʣ ߏ੒ CLB / ALB EC2 https://www.service.com/ ʢϩʔυόϥϯαʣ ʢԾ૝αʔόʣ

    https://www.service.com/api/ EC2 ʢԾ૝αʔόʣ Web ͱ API ΛίϯςφͰՔಇ͍ͤͯ͞·͢ 36

37. σϓϩΠ CloudFront ECS / ElasticBeanstalk CLB / ALB EC2 https://www.service.com/

    ʢCDNʣ ʢίϯςφΫϥελ؅ཧʣ ʢϩʔυόϥϯαʣ ʢԾ૝αʔόʣ CodeDeploy ʢσϓϩΠαʔϏεʣ https://www.service.com/api/ EC2 ʢԾ૝αʔόʣ ECS / CodeDeploy Ͱ֤αʔϏεΛߋ৽͠·͢ 37

38. σϓϩΠ CloudFront ECS / ElasticBeanstalk CLB / ALB EC2 https://www.service.com/

    ʢCDNʣ ʢίϯςφΫϥελ؅ཧʣ ʢϩʔυόϥϯαʣ ʢԾ૝αʔόʣ CodeDeploy ʢσϓϩΠαʔϏεʣ https://www.service.com/api/ EC2 ʢԾ૝αʔόʣ GitHub / CircleCI ܦ༝ͰσϓϩΠ͞Ε·͢ 38 ΤϯδχΞ git tag GitHub

39. ଓ͖͸ͪ͜Β http://bit.ly/2cPVJNC 39

40. ͝૬ஊ͸͓ؾܰʹͪ͜Β·Ͱ.. <