AWS DevDay Vienna - Automating building blocks choices you will face with container services

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Cobus Bernard
Senior Technical Evangelist
Amazon Web Services
V I E N N A
24.10.19
Automating Building Blocks:
Choices you will face with Container
Services
B A R 6
@cobusbernard
In/cobusbernard
cobusbernard

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Structureappsascollectionsofmicroservices
Properties of microservices
Microservices
• Independent
• Individually Deployed & Scaled
• Polyglot
• Modular - Easily Replaced
• Decentralized

Rigid Flexible
Abstractions
Easy Hard
1 System N Systems2 Systems

Monolith
Does everything
Monoliths are OK

Microservicedevelopment lifecycle
developers services
monitorreleasetestbuild
delivery pipelines

Usecodetomodelapplicationsandinfrastructure
Infrastructure ascode
Declarative
I tell you
what I need
I tell you
what to do
Imperative

Infrastructure ascode goals
1. Make infrastructure changes repeatable and predictable
2. Release infrastructure changes using the same tools as code changes
3. Replicate production environment in a staging environment to enable
continuous testing

Model container environments withAWS
Cloud Development Kit(CDK)
• Open source framework to define cloud infrastructure
• JavaScript, TypeScript, and Python, (Java, and C# in
developer preview)
• Provides library of higher-level resource types
(“construct” classes) that have AWS best practices built
in by default
• Provisions resources with CloudFormation
• Supports all CloudFormation resource types
AWS
CDK
https://awslabs.github.io/aws-cdk

CDKtemplate
import ec2 = require('@aws-cdk/aws-ec2');
import ecs = require('@aws-cdk/aws-ecs');
import cdk = require('@aws-cdk/cdk');
class BonjourFargate extends cdk.Stack {
constructor(parent: cdk.App, name: string, props?: cdk.StackProps) {
super(parent, name, props);
const vpc = new ec2.VpcNetwork(this, 'MyVpc', { maxAZs: 2 });
const cluster = new ecs.Cluster(this, 'Cluster', { vpc });
new ecs.LoadBalancedFargateService(
this, "FargateService", {
cluster,
image: ecs.DockerHub.image("amazon/amazon-ecs-sample"),
});
}
}
const app = new cdk.App();
new BonjourFargate(app, 'Bonjour');
app.run();

CDKtemplate
applets:
MyHelloWorldService:
type: @aws-cdk/aws-ecs:LoadBalancedFargateServiceApplet
properties:
image: 'amazon/amazon-ecs-sample’
$ cdk --app ./my-applet.yaml deploy

Model pipelines withAWSCDK
• Minimize copy-and-paste by using object-oriented language
• Define microservice pipeline “shape” in one class, then re-use it across
many pipelines
• CDK includes many high-level constructs for modeling a CodePipeline
pipeline, including automatically configuring IAM role policies

CDKpipelines:Construct
export class MyMicroservicePipeline extends cdk.Construct {
constructor(parent: cdk.Construct, name: string, props: MyMicroservicePipelineProps) {
super(parent, name);
const pipeline = new codepipeline.Pipeline(this, 'Pipeline', {
pipelineName: props.serviceName,
});
const githubAccessToken = new cdk.SecretParameter(this, 'GitHubToken',
{ ssmParameter: 'GitHubToken' });
new codepipeline.GitHubSourceAction(this, 'GitHubSource', {
stage: pipeline.addStage('Source'),
owner: 'myorg',
repo: props.serviceName,
oauthToken: githubAccessToken.value
});
…

CDKpipelines:Stack
import cdk = require('@aws-cdk/cdk');
import { MyMicroservicePipeline } from './pipeline';
class MyMicroservicePipelinesStack extends cdk.Stack {
constructor(parent: cdk.App, name: string, props?: cdk.StackProps) {
super(parent, name, props);
new MyMicroservicePipeline(this, 'Pipeline1', { 'serviceName': 'Microservice1' });
}
}
const app = new cdk.App();
new MyMicroservicePipelinesStack(app, 'MyMicroservicePipelines');
app.run();

Sundays …

Availability zone 1
Auto Scaling group
AWS Region
Availability zone 2
Auto-scaling for upgrades
Elastic Load
Balancing (ELB)
X

AWSCodeBuild
• Fully managed build service that compiles source
code, runs tests, and produces software packages
• Scales continuously and processes multiple builds
concurrently
• No build servers to manage
• Pay by the minute, only for the compute resources
you use
• Monitor builds through CloudWatch Events

Model function environments withAWSServerless
Application Model (SAM)
• Open source framework for building serverless
applications on AWS
• Shorthand syntax to express functions, APIs,
databases, and event source mappings
• Transforms and expands SAM syntax into AWS
CloudFormation syntax on deployment
• Supports all AWS CloudFormation resource types
https://aws.amazon.com/serverless/sam/

Containers and Docker
A container is a standard unit of software that packages up code and all its
dependencies so the application runs quickly and reliably from one
computing environment to another.1
1 https://www.docker.com/resources/what-container
Server
Operating System
Docker Engine
AppA
AppB
AppC
AppD

Container imagetagging for deployments
• Docker tags are resolved when each container starts, not just during
deployments
• Deploying “latest” or “prod” can result in untested code in production after
a scale-out event
• Use unique “immutable” tags for deployments

Build pushes new “latest” image
Image: sha256@22222... (“latest”)

Service scales up, launching new tasks
Image: sha256@22222... (“latest”)

Deploy using immutable tags
{
"name": "sample-app",
"image": "amazon/amazon-ecs-
sample@sha256:3e39d933b1d948c92309bb583b5a1f3d28f0119e1551ca1fe538ba414a41af48d"
}
{
"name": "sample-app",
"image": "amazon/amazon-ecs-sample:build-b2085490-359f-4eaf-8970-6d1e26c354f0"
}
SHA256 Digest
Build ID

Compute immutable tags during build
SHA256 Digest
export IMAGE_URI=`docker inspect --format='{{index .RepoDigests 0}}' my_image:$IMAGE_TAG
Example Result:
amazon/amazon-ecs-sample@sha256:3e39d933b...
Build ID
export IMAGE_TAG=build-`echo $CODEBUILD_BUILD_ID | awk –F":" ‘{print $2}'`
Example Result:
build-b2085490-359f-4eaf-8970-6d1e26c354f0

Build pushes new image tagged with new build ID
Image: sha256@22222... (“build-22222”)

Service scales up, launching new tasks
Image: sha256@22222... (“build-22222”)

Image: “build-22222” tag
Deployment updates service’s task definition, replacing tasks
Image: sha256@22222... (“build-22222”)

Availability zone 1
Auto Scaling group
AWS Region
Availability zone 2
Auto-scaling for self-healing
Elastic Load
Balancing (ELB)
X

Buildwithserverlesstechnologiesasmuchaspossible
AWS container serviceslandscape
Management
Deployment, Scheduling,
Scaling & Management of
containerized applications
Hosting
Where the containers run
Amazon Elastic
Container Service
Amazon Elastic
Container Service
for Kubernetes
Amazon EC2AWS Fargate
Image Registry
Container Image Repository
Amazon Elastic
Container Registry

Amazon ECS key components
Development cluster
Container instance Container instance
Container instance
Productioncluster
Container instance Container instance
Container instance
AmazonElastic Container Service
(AmazonECS)
Container
Container
Volume
Taskdefinition
AmazonElastic Container Registry

Kubectl
EKS Architecture

ShiftinInfrastructure Logic
OSS Hystrix:
code changes required
Service Mesh:
decentral, language agnostic,
dumb endpoints
https://www.infoq.com/articles/microservices-post-kubernetes
ESB: clustered monolith

Open Source: Istio Service Mesh
Connect, secure, and observe services
• Shift in where functionality is located
• Control plane = Istio
• Data plane = set of all Envoy proxies
• Envoy proxy as sidecar in K8s pod
• Automatic or manual injection of proxy with EKS

Data Plane (Proxy)
• Touches every packet / request
• Service discovery
• Health Checking
• Routing
• Load Balancing
• Authentication / Authorization
• Observability

IstioServiceMeshwithEnvoyProxy

Envoy Proxy
• Level 7 proxy
• HTTP, HTTP/2, gRPC, AWS Dynamo DB, MongoDB
• C++11 code base , only 8 MB (statically linked)
• No language or framework dependencies
• Rquires no code changes
• Battle proved OSS, started at Lyft
• Works across compute options – also on EC2
• Envoy is not tightly coupled Istio

Service Mesh
But Docker / Kubernetes can do rolling updates!
Yes, but Istio sparates traffic flow
from replica deployment

UpdateStrategies
A bath tub full of cold water ? K8s roling update
25%
1 pod at a time
… or just wetten your feet? Service Mesh
3%
Traffic routing
🛁 🛁 🛁
💦
🛀🏽🛁
🌊❄️🌊❄️🌊❄️
Fancy a Swim in the Arctic Sea ?
Blue / Green
100%
All services at once

User Based Routing Traffic Shifting

Control Plane (Istio)
• Routing information
• Policies & configuration

App Mesh works across compute services
Amazon ECS
AWS Fargate
Amazon EKS
Amazon EC2
Kubernetes on EC2

Based on Envoy proxy
Start App Mesh from the AWS CLI, console or SDK
There is no additional charge for using AWS App Mesh
Supports any third-party tool that works with Envoy
App Mesh

Thank you!
Cobus Bernard
Senior Technical Evangelist
Amazon Web Services
@cobusbernard
In/cobusbernard
cobusbernard

AWS DevDay Vienna - Automating building blocks choices you will face with container services

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to AWS DevDay Vienna - Automating building blocks choices you will face with container services

Similar to AWS DevDay Vienna - Automating building blocks choices you will face with container services (20)

More from Cobus Bernard

More from Cobus Bernard (20)

Recently uploaded

Recently uploaded (20)

AWS DevDay Vienna - Automating building blocks choices you will face with container services

Editor's Notes