Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Breaking the Monolith: best practices to containerize your app

Breaking the Monolith: best practices to containerize your app

Following simple patterns of good application design can allow you to scale your application for your customers easily. We'll dive into the 12 factor application design and demo how this applies to containers and deployments on Amazon ECS and Fargate. We'll take a look at tooling that can be used to simplify your work flow and help you adopt the principles of the 12 factor application.

More Decks by Sébastien Stormacq - AWS Developer Advocate

Other Decks in Technology

Transcript

  1. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. P U B L I C S E C T O R S U M M I T Breaking the Monolith - Best Practices to Run Your Containers in the Cloud Sébastien Stormacq Technical Evangelist, AWS @sebsto
  2. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. P U B L I C S E C T O R S U M M I T
  3. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. The 12 factor application I. Codebase One codebase w/ revision control, many deploys II. Dependencies Explicitly declare and isolate dependencies III. Config Store config in the environment IV. Backing services Treat backing services as attached resources V. Build, release, run Strictly separate build and run stages VI. Processes Execute the app as one or more stateless processes VII. Port binding Export services via port binding VIII. Concurrency Scale out via the process model IX. Disposability Fast startup and graceful shutdown X. Dev/prod parity Keep environments as similar as possible XI. Logs Treat logs as event streams XII. Admin processes Run admin/management tasks as one-off processes
  4. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. You know what’s great for a 12 factor app?
  5. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. P U B L I C S E C T O R S U M M I T
  6. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. RUNNING A SINGLE CONTAINER
  7. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. EC2 Instance Task Task Task Task EC2 Instance Task Task Task Task EC2 Instance Task Task Task Task EC2 Instance Task Task Task Task EC2 Instance Task Task Task Task RUNNING CONTAINERS
  8. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. RUNNING CONTAINERS AT SCALE WITH ECS Availability Zone #1 Availability Zone #2 Availability Zone #3 Scheduling and Orchestration Cluster Manager Placement Engine
  9. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. ECS AMI Docker agent ECS agent ECSTask ECSTask ECSTask ECSTask EC2 Instance
  10. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. ECS AMI Docker agent ECS agent EC2 Instance ECS AMI Docker agent ECS agent EC2 Instance ECS AMI Docker agent ECS agent EC2 Instance Scheduling and Orchestration Cluster Manager Placement Engine
  11. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. “Just launch 10 copies of my container distributed across three availability zones and connect them to this load balancer” X 10
  12. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. P U B L I C S E C T O R S U M M I T One codebase tracked in revision control, many deploys
  13. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Staging / QA Production Dev #1 Dev #2
  14. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. P U B L I C S E C T O R S U M M I T Explicitly declare and isolate dependencies
  15. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Dependencies Dependencies Binaries Code
  16. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. P U B L I C S E C T O R S U M M I T Store config in the environment
  17. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. AWS Secrets Manager & Task Definitions "containerDefinitions": [ { "secrets": [ { "name": "environment_variable_name", "valueFrom": ”arn_of_your_secret" } ] } ]
  18. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. P U B L I C S E C T O R S U M M I T Treat backing services as attached resources
  19. PostgreSQL app1 app2 Load balancer Use CNAMES for maximum flexibility

    and easy reconfiguration postgres.mycompany.com app2.mycompany.com
  20. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. P U B L I C S E C T O R S U M M I T Strictly separate build and run stages
  21. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CodeDeploy-ECS appspec version: 1.0 Resources: - TargetService: Type: AWS::ECS::Service Properties: - TaskDefinition: "my_task_definition:8" LoadBalancerInfos: - ContainerName: "SampleApp" ContainerPort: 80 Hooks: - BeforeInstall: "LambdaFunctionToExecuteAnythingBeforeNewRevisionInstalltion" - AfterInstall: "LambdaFunctionToExecuteAnythingAfterNewRevisionInstallation" - AfterAllowTestTraffic: "LambdaFunctionToValidateAfterTestTrafficShift" - BeforeAllowTraffic: "LambdaFunctionToValidateBeforeTrafficShift" - AfterAllowTraffic: "LambdaFunctionToValidateAfterTrafficShift"
  22. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CodeDeploy-ECS blue-green deployment 100% Prod traffic
  23. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CodeDeploy-ECS blue-green deployment Target group 2 100% Prod traffic Test traffic listener (port 9000)
  24. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CodeDeploy-ECS blue-green deployment Green tasks: v2 code 100% Prod traffic Provision green tasks
  25. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CodeDeploy-ECS blue-green deployment 100% Test traffic 100% Prod traffic Run hook against test endpoint before green tasks receive prod traffic
  26. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CodeDeploy-ECS blue-green deployment 100% Prod traffic Flip traffic to green tasks, rollback in case of alarm 0% Prod traffic
  27. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CodeDeploy-ECS blue-green deployment 100% Prod traffic Drain blue tasks
  28. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Container image tagging for deployments • Docker tags are resolved when each container starts, not just during deployments • Deploying “latest” or “prod” can result in untested code in production after a scale-out event • Use unique “immutable” tags for deployments
  29. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Container image tagging for deployments
  30. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Container image tagging for deployments Build pushes new “latest” image Image: sha256@22222... (“latest”)
  31. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Container image tagging for deployments Service scales up, launching new tasks Image: sha256@22222... (“latest”)
  32. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Container image tagging for deployments Deploy using immutable tags { "name": "sample-app", "image": "amazon/amazon-ecs- sample@sha256:3e39d933b1d948c92309bb583b5a1f3d28f0119e1551ca1fe538ba414a41af48d" } { "name": "sample-app", "image": "amazon/amazon-ecs-sample:build-b2085490-359f-4eaf-8970-6d1e26c354f0" } SHA256 Digest Build ID
  33. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Container image tagging for deployments Compute immutable tags during build SHA256 Digest export IMAGE_URI=`docker inspect --format='{{index .RepoDigests 0}}' my_image:$IMAGE_TAG Example Result: amazon/amazon-ecs-sample@sha256:3e39d933b... Build ID export IMAGE_TAG=build-`echo $CODEBUILD_BUILD_ID | awk –F":" ‘{print $2}'` Example Result: build-b2085490-359f-4eaf-8970-6d1e26c354f0
  34. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Container image tagging for deployments
  35. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Container image tagging for deployments Build pushes new image tagged with new build ID Image: sha256@22222... (“build-22222”)
  36. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Container image tagging for deployments Service scales up, launching new tasks Image: sha256@22222... (“build-22222”)
  37. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Container image tagging for deployments Image: “build-22222” tag Deployment updates service’s task definition, replacing tasks Image: sha256@22222... (“build-22222”)
  38. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. P U B L I C S E C T O R S U M M I T Execute the app as one or more stateless processes
  39. Stateful container stores state in local disk or local memory.

    Workload ends up tied to a specific host that has state data. eu-west-1b Container 1 Disk eu-west-1c eu-west-1a
  40. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Stateful data Use services: • Amazon RDS • Amazon DynamoDB • Amazon ElasticCache • Amazon ElasticSearch • Amazon S3 • ……
  41. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. P U B L I C S E C T O R S U M M I T Export services via port binding
  42. Port 32768 Port 33487 Port 32192 Port 32794 Port 32781

    Match: /api/users* Match: /api/auth*
  43. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. P U B L I C S E C T O R S U M M I T Keep development, staging, and production as similar as possible
  44. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Dev #1 Dev #2 Staging / QA Production
  45. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Staging / QA Production Dev #1 Dev #2 Local Application Remote
  46. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. Model container environments with AWS Cloud Development Kit (CDK) Developer Preview • Open source framework to define cloud infrastructure in TypeScript, Java, C#, … • Provides library of higher-level resource types (“construct” classes) that have AWS best practices built in by default, packaged as npm modules • Provisions resources with CloudFormation • Supports all CloudFormation resource types AWS CDK https://awslabs.github.io/aws-cdk
  47. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CDK template import ec2 = require('@aws-cdk/aws-ec2'); import ecs = require('@aws-cdk/aws-ecs'); import cdk = require('@aws-cdk/cdk'); class BonjourFargate extends cdk.Stack { constructor(parent: cdk.App, name: string, props?: cdk.StackProps) { super(parent, name, props); const vpc = new ec2.VpcNetwork(this, 'MyVpc', { maxAZs: 2 }); const cluster = new ecs.Cluster(this, 'Cluster', { vpc }); new ecs.LoadBalancedFargateService( this, "FargateService", { cluster, image: ecs.DockerHub.image("amazon/amazon-ecs-sample"), }); } } const app = new cdk.App(); new BonjourFargate(app, 'Bonjour'); app.run();
  48. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. import ec2 = require('@aws-cdk/aws-ec2'); import ecs = require('@aws-cdk/aws-ecs'); import cdk = require('@aws-cdk/cdk'); class BonjourFargate extends cdk.Stack { constructor(parent: cdk.App, name: string, props?: cdk.StackProps) { super(parent, name, props); const vpc = new ec2.VpcNetwork(this, 'MyVpc', { maxAZs: 2 }); const cluster = new ecs.Cluster(this, 'Cluster', { vpc }); new ecs.LoadBalancedFargateService( this, "FargateService", { cluster, image: ecs.DockerHub.image("amazon/amazon-ecs-sample"), }); } } const app = new cdk.App(); new BonjourFargate(app, 'Bonjour'); app.run(); CDK template
  49. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CDK template import ec2 = require('@aws-cdk/aws-ec2'); import ecs = require('@aws-cdk/aws-ecs'); import cdk = require('@aws-cdk/cdk'); class BonjourFargate extends cdk.Stack { constructor(parent: cdk.App, name: string, props?: cdk.StackProps) { super(parent, name, props); const vpc = new ec2.VpcNetwork(this, 'MyVpc', { maxAZs: 2 }); const cluster = new ecs.Cluster(this, 'Cluster', { vpc }); new ecs.LoadBalancedFargateService( this, "FargateService", { cluster, image: ecs.DockerHub.image("amazon/amazon-ecs-sample"), }); } } const app = new cdk.App(); new BonjourFargate(app, 'Bonjour'); app.run();
  50. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. P U B L I C S E C T O R S U M M I T Treat logs as event streams
  51. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CLOUDWATCH LOGS CONFIGURATION { "containerDefinitions": [ { "name":“scorekeep-api", ... "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group": "scorekeep", "awslogs-region": “us-east-1", "awslogs-stream-prefix": "scorekeep/api"}} } ]}
  52. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. CLOUDWATCH LOGS Logs Tab in the Task Detail Page View logs in the ECS or Cloudwatch Console
  53. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. P U B L I C S E C T O R S U M M I T
  54. Thank you! © 2019, Amazon Web Services, Inc. or its

    affiliates. All rights reserved. P U B L I C S E C T O R S U M M I T Sébastien Stormacq Technical Evangelist, AWS @sebsto
  55. © 2019, Amazon Web Services, Inc. or its affiliates. All

    rights reserved. P U B L I C S E C T O R S U M M I T