containers-on-aws (demo)

AWS Dockerʢͦͷ 2ʣ JAWS-UG ίϯςφࢧ෦ #5 2016/09/21

@pottava SUPINF Inc. Docker Administration and Operations (AWS Certiﬁed) SA,
DevOps Engineer Pro 2

ޮՌతͳಋೖɾӡ༻ͷͨΊͷ Amazon Web Services ׆༻ೖ໳ 2016/08/01 ίϯςφؔ࿈αʔϏεͰ͋Δ ECSɺECR ͦͷଞ CloudFrontɺACMɺAPI
Gateway IAMɺAWS WAFɺCloudFormation ॻ͖·ͨ͠ɻ 3

גࣜձࣾεϐϯϑ ΞΠσΟΞΛ͔ͨͪʹʂ + 4

https://www.supinf.co.jp/service/dockersupport/ Comfy for Docker ϓϩδΣΫτ΁ͷ Docker ಋೖɾ։ൃࢧԉɾӡ༻؂ࢹ୅ߦΛ͍ͨ͠·͢ɻ ʢGCP / Azure
΋΋ͪΖΜରԠ͍ͯ͠·͢ɾɾʣ http://prtimes.jp/main/html/rd/p/000000007.000007768.html 5

Ͱ͸ 6

ɹAWS Docker 7

͓఻͍͑ͨ͜͠ͱ 1. AWS ͷίϯςφࢧԉػೳͨ͘͞Μ 2. ࣮ࡍʹσϓϩΠ͕ಈ༷͘ࢠ 8

͓࿩͢͠Δ͜ͱ 1. AWS ͷίϯςφؔ࿈αʔϏε֓ཁ 2. جຊతͳߏ੒ɾߋ৽ྫ 2.1. ECSɻ 2.2. ElasticBeanstalkɻ
2.3. CodeDeployɻ 3. σϞ 9

1. AWS ͷίϯςφؔ࿈αʔϏε֓ཁ 10

EC2 Amazon Elastic Compute CloudɻԾ૝αʔόɻ [ Ϣʔεέʔε ] • Docker
ͷ swarm Ϟʔυ΍ Kubernetes Λ࢖͍͍ͨ • Docker ϨδετϦΛࣗલͰӡ༻͍ͨ͠ • อक೿ʢʁʣओʹ SSH ଒ͷओઓ৔ɻ [ ಛ௃ ] • Ϋϥελ؅ཧπʔϧ෼ɺαʔόىಈ਺↑ӡ༻ෛՙ↑ • ͱ͸͍͑ɺͳΜͰ΋Ͱ͖Δ. 11

• Docker ࣾ੡ɺAWS ༻ swarm Ϋϥελಋೖπʔϧɻεέʔϧ΋؆୯ɻ • αʔϏεΛఆٛ͢Δͱ ELB ͷ֘౰ϙʔτ͕ͦΕʹࣗಈ௥ਵ͢Δʂ
• ଍Γͳ͍ͱ͜Ζ͸ΈΜͳͰ Docker ࣾʹཁ๬Λʙ ࢀߟʣDocker for AWS 12

ECS EC2 Container Serviceɻίϯςφ؅ཧɻ [ Ϣʔεέʔε ] • λεΫ͝ͱͷద੾ͳݖݶઃఆ +
εέʔϧ΋ AWS ʹ೚͍ͤͨ • ࠷େݶϦιʔεΛޮ཰తʹ࢖͍ɺۃྗίετΛ཈͍͑ͨ. [ ಛ௃ ] • Ϛωʔδυ͞ΕͨΫϥελʔϚωʔδϟɻӡ༻ෛՙ͕௿͍. • Service Auto Scaling ΍ AZ Λҙࣝͨ͠ ࣗಈεέʔϧ • ALB ͱͷ૊Έ߹ΘͤͰಈతϙʔτϚοϐϯά࣮ݱ • λεΫεέδϡʔϥΛࣗ༝ʹೖΕସ͑ΒΕΔ. 13

name EC2 Container Service (ECS) Google Container Engine (GKE) Azure
Container Service (ACS) based on - Kubernetes DC/OS or Docker swarm unit λεΫ Pod Service 14 ࢀߟʣίϯςφ؅ཧ͓͓·͔ͳൺֱ

ElasticBeanstalk (EB) Heroku తͳࢠɻ [ Ϣʔεέʔε ] • ίϯςφ΋طଘͷ EB
ΞϓϦಉ༷ʹӡ༻͍ͨ͠ [ ಛ௃ ] • ECS ͷλεΫͱ࣮ͯ͠ߦ͞ΕΔ → ECS ͷΑ͞ΛҰ෦׆͔ͤΔ • ҰํͰ ECS ͷλεΫఆٛɺίϯςφ਺্ݶ 10 ʹΑΔ੍໿ • ElasticBeanstalk ͷ֤छػೳ͕࢖͑Δʂ؀ڥΫϩʔϯͳͲ • εέʔϧ͸αʔό୯Ґ. 15

ALB / CLB Application Load Balancer (L7) / Classic Load
Balancer (L4, L7)ɻϩʔυόϥϯαɻ [ Ϣʔεέʔε ] • ίϯςφͷલʹ͓͖͍ͨ • ECS ͷಈతϙʔτϚοϐϯάΛ࢖͍͍ͨ ( ALB ) • DC/OS ΍ Docker for AWS ͳͲͰ؅ཧϊʔυ΁ͷ HTTPS, SSH [ ಛ௃ ] • ٸܹͳෛՙ͕༧૝͞ΕΔͱ͖͸ஆؾਃ੥ • VPC ಺෦ͷϩʔυόϥϯαͱͯ͠΋࡞੒Մೳ NEW 16

ECR EC2 Container RegistryɻDocker ϨδετϦɻ [ Ϣʔεέʔε ] • Docker
Hub ͷ଎౓͕ෆຬɻ౦ژʹ΄͍͠ʂ • ΞΫηε੍ޚ͍͚ͨ͠Ͳࣗલ؅ཧ͸ݏ. [ ಛ௃ ] • Ϛωʔδυ͞Εͨ Docker ϨδετϦɻӡ༻ෛՙ͕௿͍. • IAM ͱ౷߹͞Ε͍ͯͯɺΞΧ΢ϯτ/Ϣʔβࢦఆͷղ์ָ͕ • ΦϑΟε΍ GCP ͳͲ AWS ֎͔Β΋ར༻Մೳ • github.com/awslabs/amazon-ecr-credential-helper 17

S3 ߴػೳͳετϨʔδαʔϏεɻϑΝΠϧஔ͖৔ɻ [ Ϣʔεέʔε ] • docker save Ͱੜ੒Ͱ͖Δ tar
ΞʔΧΠϒͷอ؅ɾ഑෍ ʢDocker ΠϝʔδͰ͸഑෍͠ʹ͍͘ঢ়گͳͲͰͱͯ΋ศརʣ • ൿಗ৘ใΛอ؅ɾ഑෍͍ͨ͠. • ίϯςφ֎ʹӬଓԽ͍ͨ͠σʔλ͕͋Δ. [ ಛ௃ ] • σʔλͷ҉߸ԽΦϓγϣϯ͕๛෋. • IAM ͱͷ࿈ܞͰίϯςφ͔ΒͷΞΫηε੍ޚ΋༰қ 18

CodeDeploy σϓϩΠࣗಈԽͷΈʹಛԽͨ͠αʔϏεɻ [ Ϣʔεέʔε ] • docker pull ͚ͩͰͳ͘ɺsave &
load ΋࢖͍͍ͨ • ωΟςΠϒͳ docker-compose ΍ swarm ͰσϓϩΠ͍ͨ͠ • σϓϩΠલޙʹ͋Μͳॲཧ΍͜ΜͳॲཧΛؾܰʹ͸͞Έ͍ͨ [ ಛ௃ ] • ΦϯϓϨʹ͋Δαʔόʹରͯ͠΋࢖͑Δ • Healthy Ͱ͍ͯ΄͍͠ ୆਺ / ׂ߹ Λࢦఆͯ͠σϓϩΠ 19

2. جຊతͳߏ੒ɾߋ৽ྫ 20

ECS 21 ࠷খߏ੒: ECR ECS EC2 Ϣʔβ

ECS 22 ؀ڥߋ৽: ECR ECS EC2 ᶃ docker push ᶄ
λεΫఆٛߋ৽ & ɹ Service ߋ৽ͳͲ ᶅ ΤʔδΣϯτʹࢦࣔ ΤϯδχΞ Ϣʔβ ᶆ docker pull ᶇ σϓϩΠ

ECS with ALB / ELB AWS CLI Ͱͷߋ৽ྫɻʢECS CLI ͸ݱঢ়ಛఆ༻్͔ͳ..ʣ
1. docker build & push > ECR etc..ɻ 2. λεΫఆٛॻ͖׵͑ 3. aws ecs register-task-deﬁnitionɻ 4. aws ecs update-serviceɻ εέʔϧͤ͞ΔͳΒϩʔυόϥϯαΛɻ ECS ͸αʔϏεσΟεΧόϦ΋ ALB / ELB Ͱߦ͏ࢥ૝ɻ 23

ECS: ಈతϙʔτϚοϐϯά • λεΫఆٛ ͷ Host ଆ Port ʹ 0
Λࢦఆ • Service ͷϩʔυόϥϯαʹ ALB Λࢦఆ • ίϯςφଆ Port ͱҰக͢Δ TargetGroup ΛׂΓ౰ͯ NEW 24

• ͨͱ͑ EC2 ͕ 1୆Ͱ΋ɺService DesiredCount > 1 Մೳ •
ྫ͑͹ 5 ʹ͢Δͱ͜͏ͳΔ • TargetGroup ͷ Targets ΋ݡ͘ɺউखʹ͜͏ͳΔ ECS: ಈతϙʔτϚοϐϯά NEW 25

ElasticBeanstalk 26 ࠷খߏ੒: EC2 ECR EB ECS Ϣʔβ

ElasticBeanstalk 27 ؀ڥߋ৽: EC2 ECR EB ᶃ docker push ΤϯδχΞ
Ϣʔβ ᶈ docker pull ᶉ ϩʔϦϯά Ξοϓσʔτ S3 ᶄ S3 ʹ bundle.zip సૹ ᶅ όʔδϣΞοϓ & ؀ڥߋ৽ ʢEB ͷߋ৽ύλʔϯ͸ෳ਺ʣ ECS ᶆ λεΫߋ৽ ᶇ ΤʔδΣϯτ ɹʹࢦࣔ

ElasticBeanstalk: ෳ਺ίϯςφ؀ڥ AWS CLI Ͱͷߋ৽ྫɻʢEB CLI ͳΒߋʹγϯϓϧʣ • source-bundleɻ -
.ebextensionsɻ - foo.conﬁgɻ - bar.conﬁgɻ - Dockerrun.aws.json : ඞཁʹԠͯ͜͡ΕΛͭΒͭΒॻ͖׵͑.. 1. source-bundle Λ zip ͰݻΊͯ S3 ʹసૹ 2. aws elasticbeanstalk create-application-versionɻ 3. aws elasticbeanstalk update-environmentɻ 28

CodeDeploy 29 ࠷খߏ੒: EC2 S3 CodeDeploy Ϣʔβ

CodeDeploy 30 ؀ڥߋ৽: EC2 S3 CodeDeploy ᶃ docker save ͨ͠
tar ͱ ɹ appspec.yml Λసૹ ᶄ CodeDeploy ʹ ɹ S3 ར༻ͷσϓϩΠΛࢦࣔ ᶅ ΤʔδΣϯτʹࢦࣔ ΤϯδχΞ Ϣʔβ ᶆ σʔλऔಘ ᶇ σϓϩΠ

CodeDeploy with docker ؀ڥߋ৽ͷجຊɻ 1. CircleCI ΍ GitLab CI Ͱಛఆϒϥϯνʹ
push / λά͕͍ͭͨΒ 2. Docker Πϝʔδੜ੒ͯ͠ɺςετ͕௨ͬͨΒ - docker save ͨ͠ tar ࠐΈͰ CodeDeploy ༻ͷ S3 ʹసૹ - ·ͨ͸ ECR ʹ docker push + appspec.yml ͳͲΛ S3 ʹసૹ 3. CodeDeploy ʹσϓϩΠࢦࣔ 4. ApplicationStop ϑοΫͰ docker rm -f name 2>/dev/null || true 5. ApplicationStart ϑοΫͰ docker load / run -d -p 80:80 .. 31

CodeDeploy with docker-compose 32 ϩʔΧϧͱಉ͡ؾ͕ܰ͞΄͍͠ɻ 1. ಉ্ 2. docker-compose.yml ΋
zip ʹೖΕͯ S3 ʹసૹ 3. ಉ্ 4. ApplicationStop ϑοΫͰ docker-compose rm -f 5. ApplicationStart ϑοΫͰ docker-compose up -d

EC2 1୆Ͱ΋ແఀࢭΞοϓσʔτ͍ͨ͠ɻ 1. ಉ্ 2. with docker ͱಉ༷ 3. ಉ্
4. ApplicationStop ෆཁ 5. ApplicationStart ϑοΫͰ - ͢ͰʹՔಇαʔϏε͕͋Ε͹ docker service update ʢ͜ͷͱ͖ docker ΠϝʔδΛ࠷৽ʹߋ৽͢ΔͨΊͷ޻෉Λʂʣ ʢECR ͳΒ @sha256:.. Ͱͷϋογϡࢦఆ͕ݸਓతʹ͸Φεεϝʣ - ͳ͚Ε͹ docker service create --name web -p 80:80 --replicas 2 .. CodeDeploy with docker swarm 33

CodeDeploy ಋೖ Tips 34 • CI αʔό༻ͷ IAM Ϣʔβʹ͸ -
https://circleci.com/docs/continuous-deployment-with-aws-codedeploy/ ɻ - ECR Λܦ༝͢Δ৔߹͸͜͜ͷ IAM ʹ ECR ͷ؅ཧݖݶΛ௥Ճ • CodeDeploy ͷσϓϩΠʹ S3 Λ࢖͏ͱ͖͸ - EC2 ʹ AmazonS3ReadOnlyAccess ͳͲͷϩʔϧΛ • CodeDeploy ͷσϓϩΠʹ ECR Λ࢖͏ͱ͖͸ - EC2 ʹ AmazonEC2ContainerRegistryReadOnly ͳͲͷϩʔϧΛ - github.com/awslabs/amazon-ecr-credential-helper ɻ - github.com/pottava/dockerized-ecr-credential-helper ɻ • Docker swarm ϞʔυΛ࢖͏ʹ͸ - Docker 1.12 ͕ඞཁͳͨΊɺAMI ʹ͸ CentOS 7 / Ubuntu 14.04 ͳͲΛ

3. σϞ 35

CloudFront ʢCDNʣ ߏ੒ CLB / ALB EC2 https://www.service.com/ ʢϩʔυόϥϯαʣ ʢԾ૝αʔόʣ
https://www.service.com/api/ EC2 ʢԾ૝αʔόʣ Web ͱ API ΛίϯςφͰՔಇ͍ͤͯ͞·͢ 36

σϓϩΠ CloudFront ECS / ElasticBeanstalk CLB / ALB EC2 https://www.service.com/
ʢCDNʣ ʢίϯςφΫϥελ؅ཧʣ ʢϩʔυόϥϯαʣ ʢԾ૝αʔόʣ CodeDeploy ʢσϓϩΠαʔϏεʣ https://www.service.com/api/ EC2 ʢԾ૝αʔόʣ ECS / CodeDeploy Ͱ֤αʔϏεΛߋ৽͠·͢ 37

σϓϩΠ CloudFront ECS / ElasticBeanstalk CLB / ALB EC2 https://www.service.com/
ʢCDNʣ ʢίϯςφΫϥελ؅ཧʣ ʢϩʔυόϥϯαʣ ʢԾ૝αʔόʣ CodeDeploy ʢσϓϩΠαʔϏεʣ https://www.service.com/api/ EC2 ʢԾ૝αʔόʣ GitHub / CircleCI ܦ༝ͰσϓϩΠ͞Ε·͢ 38 ΤϯδχΞ git tag GitHub

ଓ͖͸ͪ͜Β http://bit.ly/2cPVJNC 39

͝૬ஊ͸͓ؾܰʹͪ͜Β·Ͱ.. <

containers-on-aws (demo)

containers-on-aws (demo)

More Decks by ryo nakamaru

Other Decks in Technology

Featured

Transcript