12월 14일에 열린 AWS Container Day에서 김기완 SA님 께서 발표하신 'ECS & ECR Deep Dive‘ 발표자료입니다.

1. Amazon EC2 Container Service (ECS) &&
Amazon EC2 Container Registry (ECR)
- Dive Deep(?)
김기완, 솔루션스 아키텍트, 아마존웹서비스 코리아
Dec 14, 2015

2. Some Facts on Docker (Sample of 7,000 compaines)
5 times grow in
ONE year
2014.9 : 1.8% à
2015.9 : 8.3%

3. Some Facts on Docker (Sample of 7,000 compaines)
0% à 6% in ONE year!

4. Some Facts on Docker (Sample of 7,000 compaines)
Larger Companies Are
the Early Adopters

5. Server
Guest OS
Bins/Libs Bins/Libs
App2App1
Managing one resource is straightforward

6. Server
Guest OS
Bins/Libs Bins/Libs
App2App1
Managing one resource is straightforward
$ docker run myimage

7. Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Managing a cluster is hard !!

8. Fleet management
• Monitor utilization
• Grow capacity
• Security

9. State Management
Availability Zone 1 Availability Zone 2

10. Amazon EC2 Container Service (ECS)

11. Architecture

12. Cluster Management Made Easy
• No cluster software to install and manage
• Manages cluster state
• Manages containers
• Control and monitoring
• Scale from one to tens of thousands of
containers

13. Flexible Container Placement
Applications
Batch jobs
Multiple schedulers

14. Designed for use with other AWS services
Elastic Load Balancing
Amazon Elastic Block Store
Amazon Virtual Private Cloud
AWS Identity and Access Management
AWS CloudTrail

15. Extensible
Comprehensive APIs
Open source agent
Custom schedulers

16. • Container Instance
• Cluster
• Task Definitions
• Tasks
• Service
Container
Instance
Container
Instance
…
Container
Instance
Cluster
Task
definition
Task
Service
Components

17. Overall Steps
• Create Cluster in ECS Console or CLI
• Prepare Cluster Instances
• Prepare Task Definitions
• Configure the scheduler (services, …)

18. Container Instances
#!/bin/bash
echo ECS_CLUSTER=containerday >> /etc/ecs/ecs.config
EOF
• Use ‘ecs-optimized’AMI
• One line in the user data section

19. Container Instances

20. {
"environment": [],
"name": "simple-demo",
"image": "my-demo",
"cpu": 10,
"memory": 500,
"portMappings": [
{
"containerPort": 80,
"hostPort": 80
}
],
"mountPoints": [
{
"sourceVolume": "my-vol",
"containerPath": "/var/www/my-
vol"
}
],
"entryPoint": [
"/usr/sbin/apache2",
"-D",
"FOREGROUND"
],
"essential": true
},
Task Definitions
[
{
"image": "mysql",
"name": "db",
"cpu": 10,
"memory": 500,
"essential": true,
"entryPoint": [
"/entrypoint.sh"
],
"environment": [
{
"name": "MYSQL_ROOT_PASSWORD",
"value": "pass"
}
],
"portMappings": []
}
]
Essential to our Task
Create and mount volumes
Expose port 80 in container
to port 80 on host
10 CPU Units (1024 is full CPU),
500 Megabytes of Memory

21. Tasks
Container
Instance
Schedule
Shared Data Volume
PHPApp Time of day App
Shared Data Volume
PHPApp Time of
day App

22. Scheduling Amazon ECS Tasks
• The Amazon ECS schedulers leverage cluster state information provided by the
Amazon ECS API to make an appropriate placement decision.
• Services (Service Scheduler)
– Long running stateless services and applications
– Ensures that the specified number of tasks are constantly running and reschedules when a task fails
– ELB
– Can be dynamically changed (new task, # of desired tasks, …)
• Running Tasks (Runtask)
– Batch jobs
– Randomly distributes tasks across the cluster, but try to balance it
• The StartTask API
– Write or use your own schedulers
– AWS CLI, AWS SDK, and the Amazon ECS API
– List/Describe to get the state of your cluster, and using StartTask, place tasks on the appropriate container instance

23. Services (Service Scheduler)
• If a task in a service becomes unhealthy or unresponsive, the task is
killed and restarted. This process continues until your service reaches
the number of desired running tasks.
• You can optionally run your service behind a load balancer
• When the service scheduler launches new tasks, it attempts to balance
them across the Availability Zones in your cluster with the following
logic (AZ aware scheduling) :
– Determine which of the container instances in your cluster can support your service's task definition (for
example, they have the required CPU, memory, ports, and container instance attributes).
– Sort the valid container instances by the fewest number of running tasks for this service in the same
Availability Zone as the instance. For example, if zone Ahas one running service task and zones B and C
each have zero, valid container instances in either zone B or C are considered optimal for placement.
– Place the new service task on a valid container instance in an optimalAvailability Zone (based on the
previous steps), favoring container instances with the fewest number of running tasks for this service.

24. Service Load Balancer

25. Service Load Balancer
• One Load Balancer per service.
• One Load Balancer can support multiple ports, if containers in the
task definitions require multiple ports for the service. (e.g. a task
definition consists of Elasticsearch using port 3030 on the container
instance, with Logstash and Kibana using port 4040 on the container
instance, the same load balancer can route traffic to Elasticsearch and
Kibana through two listeners)
• Load balancer subnet configuration must include all subnets that your
container instances reside in.
• If a service’s task fails the load balancer health check criteria, the task
is killed and restarted. This process continues until your service
reaches the number of desired running tasks.

26. Updating a Service
• Change the number of tasks that are maintained by a service.
• Scale up or down. (as long as the container instances are available)
• If the Docker image is updated, create a new task definition with that
image, and deploy it to the service.
• The service scheduler creates a task with the new task definition
(provided there is an available container instance to place it on), and
after it reaches the RUNNING state, a task that is using the old task
definition is drained and stopped. This process continues until all of
the desired tasks in your service are using the new task definition.

27. Services
• Load Balance traffic across containers
• Automatically recover unhealthy containers
• Discover services
Shared Data Volume
PHP
App
Time of
day
App
Shared Data Volume
PHP
App
Time of
day
App
Shared Data Volume
PHP
App
Time of
day
App
Elastic Load Balancing

28. Update Service
• Scale up
• Scale down
Elastic Load Balancing
Shared Data Volume
PHP
App
Time of
day
App
Shared Data Volume
PHP
App
Time of
day
App
Shared Data Volume
PHP
App
Time of
day
App
Shared Data Volume
PHP
App
Time of
day
App

29. Update Service
• Deploy new version
• Drain connections
Elastic Load Balancing
Shared Data Volume
PHP
App
Time of
day
App
Shared Data Volume
PHP
App
Time of
day
App
Shared Data Volume
PHP
App
Time of
day
App

30. Running Tasks (RunTask)
• One-time or periodic batch job.
• If you want a specified number of tasks to always remain
running or if you want to place your tasks behind a load
balancer, you should use the Amazon ECS service
scheduler.

31. Task Life Cycle

32. Auto Scaling in ECS?
https://aws.amazon.com/blogs/compute/scali
ng-amazon-ecs-services-automatically-using-
amazon-cloudwatch-and-aws-lambda/

33. So, Happy Enough?

34. Some Facts on Docker (Sample of 7,000 compaines)
Hmmmm, Registry??

35. Remaining Pain-points
• “We don’t want to be in the business of hosting our own
infrastructure for a container registry”
• “Need a service that has better up time and can handle
hundreds of image pulls at once”
• “Need to keep images private with fine-grained access
control without managing certificates or credentials”

38. Overview
• Security
– IAM Resource-based Policies
– Images encrypted at transit and at rest
• Easily Manage & Deploy Images
– Tight Integration with ECS
– Standalone Service
– Integration with Docker Toolset
– Management Console & AWS CLI
• Reliability & Performance
– S3 Backed
– Regional Endpoints
– Expect to handle hundreds of concurrent pulls

39. Pricing
• $0.10 per GB/month Docker image storage
pricing
• Data transfer pass-through pricing (customary
AWS rates)
– Free data in
– Charge for data out to internet and data out from one region to
another
• 12-month free tier for 500MB image storage

40. Amazon ECR Default Service Limits
Resources Default Limit
Number of repositories per account 10
Number of images per repository 50
Number of layers per image 127 (Current Docker limit)
Layer size 1GiB

41. AWS Console for ECR

42. AWS Console for ECR

43. AWS Console for ECR

44. Demo

45. Q&A

46. THANK YOU!