ECS-Ingress: easy nginx load balancing across ecs services

•Download as PPTX, PDF•

0 likes•141 views

A simple open source tool to deploy Nginx as a load balancer solution on a ECS cluster https://github.com/fratuz610/ecs-ingress

Software

Easy Nginx load balancing
across ECS services
Stefano Fratini
stefanofratini610
bitsandpieces.it
@fratuz610

Contents
2
Journey to containerization
The good the bad and the ugly
ECS
ECS vs K8S
Nginx and ECS playing nicely together
ECS Ingress
1
2
3

Containerization
3
SIMPLIFY
management and
create high availability
CI/CD
Seamless CI/CD
approach
COST EFFECTIVE
Because it's easy to
spend a motza on cloud
services

Containerization on K8S
4
COMPLEXITY
and overhead
DEDICATED RES
which we don't have
EXPENSIVE
At least on AWS

● It offers basic container orchestration capabilities
● Ideal for small clusters
● it integrates very well with AWS services
● it's very cheap to run
● It's a lock in solution but so is the whole AWS ecosystem
● we lose secrets, and configuration management from K8S
5
Amazon ECS

ECS Shortcomings
Documentation is lacking
Learning curve is still steep
Ingress networking (*LBs) is inflexible
yet quite expensive

*LB is just not Nginx
● too limiting in terms of routing and URL rewriting
● configuration is cumbersome via API calls
● nothing can beat the simplicity of the Nginx text based
configuration

Can we have it all?*
8
*spoiler alert: yes we can

The problem
9
A load balancing solution that
integrates natively with ECS but
is as easy to configure as Nginx?

The solution
10
ECS Ingress
● a small golang executable that
spawn a vanilla nginx instance
● loosely modelled after ingress-
nginx but 10x simpler :)
● leverages continuously updated
upstreams to integrate with ECS
services
● reads the Nginx conf
dynamically from in S3
github.com/fratuz610/ecs-ingress

Visually
AWS VPC
EC2 #3
EC2 #2
EC2 #1
ECS CLUSTER
SERVICE 1
SERVICE 2
SERVICE 2
incoming
HTTP / TCP
traffic
SERVICE 1
ECS INGRESS ECS INGRESS ECS INGRESS
NGINX
CONFIG
CLUSTER
CHANGES
app.example.com. ::
59 IN A <EC2-1-public-ip>
59 IN A <EC2-2-public-ip>
59 IN A <EC2-3-public-ip>
CD tool

$Basic nginx config http { ... # all upstreams # this is the dynamic reference that always needs to be there include /app/nginx/upstreams.conf; server { server_name app.example.com; location / { # app-ui-prod should be the name of the ECS service proxy_pass http://app-ui-prod; } location /v2/api { # app-api-prod should be the name of the ECS service proxy_pass http://app-api-prod; } } }$

$Nginx config with HTTPS http { ... # all upstreams # this is the dynamic reference that always needs to be there include /app/nginx/upstreams.conf; server { listen 443 ssl; listen [::]:443 ssl; ssl_certificate /app/nginx/fullchain.pem; ssl_certificate_key /app/nginx/privkey.pem; ... location /v2/api { # app-api-prod should be the name of the ECS service proxy_pass http://app-api-prod; } } }$

$Nginx with TCP tunnelling stream { # all upstreams # this needs to be repeated here as it's context sensitive - http and stream include /app/nginx/upstreams.conf; server { listen 1883 so_keepalive=on; proxy_pass mqtt-server:1883; proxy_connect_timeout 1s; } }$

$Nginx with TCP tunnelling #2 # PGSQL Connector to the postgres-prod upstream stream { # all upstreams include /app/nginx/upstreams.conf; server { listen 5432 so_keepalive=on; proxy_pass postgres-prod; # allows access only from the current host allow 172.17.0.0/16; deny all; } } You can connect to Pgsql on 172.17.0.1:5432 from each container in the cluster.$

Gotchas
● A valid Nginx config is required to start the container
● Only ECS RUNNING tasks are considered
● ECS ingress combines NGINX logs and the golang ones*
● It uses polling (every 10 seconds).
API calls are free, S3 calls are metered.
*for easy ingestion into CloudWatch

Roadmap
● Notifications / Slack Hooks
● Polling improvements (S3)
● Automatic Route53/DNS updates
● Letsencrypt support
● Move to Openresty

Does anyone have any questions?
18
Thanks!
stefanofratini610
bitsandpieces.it
@fratuz610
github.com/fratuz610/ecs-ingress

What's hot

Dev/Test Environment Provisioning and Management on AWS

Shiva Narayanaswamy

Amazon EKS Managed Kubernetes Cluster

kloia

IaC로 AWS인프라 관리하기 - 이진성 (AUSG) :: AWS Community Day Online 2021

AWSKRUG - AWS한국사용자모임

by Rahul Sareen, Sr. IoT Consultant, AWS Professional Services AWS Lambda and Amazon API Gateway have changed how developers build and run their applications or services. But what are the best practices for tasks such as deployment, monitoring, and debugging in a serverless world? In this session, we’ll dive into best practices that serverless developers can use for application lifecycle management, CI/CD, monitoring, and diagnostics. We’ll talk about how you can build CI/CD pipelines that automatically build, test, and deploy your serverless applications using AWS CodePipeline, AWS CodeBuild, and AWS CloudFormation. We’ll also cover the built-in capabilities of Lambda and API Gateway for creating multiple versions, stages, and environments of your functions and APIs. Finally, we’ll cover monitoring and diagnostics of your Lambda functions with Amazon CloudWatch and AWS X-Ray.

Deep Dive On Serverless App Development

Amazon Web Services

발표자료 다시보기: https://youtu.be/jtlivFXcppc AWS 보안은 AWS 사용자가 시장과 고객의 변화에 대응하기 위해 빠르고 탄력적인 대응을 하는 것 만큼 빠르고 탄력적이어야 합니다. 본 세션에서는 AWS WAF를 이용한 보안관제, System Manager와 Athena를 이용한 OS Hardening과 같은 대표적인 사례를 통해 AWS 서비스만으로 구성된 보안이 갖는 신속함, 탄력성, 간결함은 물론 사용한 만큼 지불하는 요금의 장점을 살펴봅니다. 삼성SDS는 국내 유일 AWS Security Competency를 보유한 보안 전문 기업으로서 고객에게 AWS 보안 서비스를 컨설팅하고 보안 역량 및 조직이 요구되는 24x7 보안관제, 해킹 패턴 분석 및 탐지/차단 Ruleset 작성 등을 제공합니다.

[AWS Builders] 실 적용 사례로 알아보는, AWS를 활용한 WAF 보안의 장점 - 삼성SDS 천준호 프로, 컨설팅그룹 (보안기획팀)

Amazon Web Services Korea

基于Aws的持续集成、交付和部署代闻

Mason Mei

Managing Your Infrastructure as Code by Travis Williams, Solutions Architect,...

Amazon Web Services

AWS Deployment Best Practices

Amazon Web Services

Based on your specific needs and the nature of your application, AWS offers a variety of services for getting your application up and running. You may want to launch and scale a web application or you may want to host a microservices application using Docker containers. How do you decide which service to use and when? In this webinar, we will provide an overview of the AWS services that help simplify launching and running your application in the cloud. We will discuss the strengths of each service and provide a framework for understanding when to use them. Learning Objectives: Understand the primary services for deploying your application on AWS Learn the basics of AWS Elastic Beanstalk, AWS CodeDeploy, and Amazon EC2 Container Service Gain an understanding of the strengths of each service and when to use them Who Should Attend: Developers, DevOps Engineers, IT Professionals

AWS January 2016 Webinar Series - Introduction to Deploying Applications on AWS

Amazon Web Services

AWS Workshop Series: Microsoft licensing and active directory on AWS

Amazon Web Services

Aws container webinar day 2

HoseokSeo7

Introduction to Amazon EC2

Amazon Web Services

Advanced Task Scheduling with Amazon ECS

Julien SIMON

VMware Cloud on AWS lets you migrate your existing on-premises applications to the AWS Cloud while retaining the tooling, management, and operating process you already have. VMware Cloud on AWS brings VMware’s Software-Defined Data Center (SDDC) to the AWS Cloud, allowing customers to run applications across operationally consistent VMware vSphere®-based private, public, and hybrid cloud environments, with optimized access to AWS services. You can use the VMware on AWS solution to bring the scalability and agility of the cloud to your existing Microsoft applications. This session will provide an architectural deep dive on VMware on AWS for your Microsoft applications. We will discuss the key architectural components of the VMware Cloud on AWS solution for your Microsoft applications. Attendees will learn about best practices and receive practical advice on how to start using Vmware Cloud on AWS for their Microsoft applications.

Architecting Microsoft Applications with VMware on AWS - WIN305 - re:Invent 2017

Amazon Web Services

"You have heard how containers are great for running microservices, but running and managing large scale applications with microservices architectures is hard and often requires operating complex container management infrastructure. So what exactly is needed to get microservices to run in production at scale? In this session, we will explore the reasoning and concepts behind microservices and how containers simplify building microservices based applications, and we will walk through a number of patterns used by our customers to run their microservices platforms. We will also dive deep into some of the challenges of running microservices, such as load balancing, service discovery, and secrets management, and we'll see how Amazon EC2 Container Service (ECS) can help address them. We will also demo how you can easily deploy complex microservices applications using Amazon ECS."

Deep dive on Microservices and ECS - AWS Summit Tel Aviv 2017

Amazon Web Services

Well-Architected for Security: Advanced Session

Amazon Web Services

Hybris install telco accelerators on aws-ec2

Venugopal Gummadala

AWS provides many services to assist customers with their journey to the cloud. Hybrid solutions offer customers a way to continue leveraging existing investments on-premises, while expanding their footprint into the public cloud. This session covers the different technologies available to support hybrid architectures on AWS. We discuss common patterns and anti-patterns for solving enterprise workloads across a hybrid environment.

AWS re:Invent 2016: Hybrid Architectures: Bridging the Gap to the Cloud( ARC2...

Amazon Web Services

Secure Content Delivery with AWS

Amazon Web Services

This session helps you deploy and manage your first AWS resources using a combination of AWS and VMware tools. In this session, you get an overview of the similarities and differences between AWS and VMware, common tools that you can use to leverage your existing VMware experience when getting started with AWS, and a walkthrough of how you can create and manage your first AWS resources. This session also provides several tips and tricks from AWS customers on what to focus on and what to avoid when getting started managing a hybrid environment. We conclude by showcasing some innovative approaches that we have seen for building hybrid AWS/VMware architectures.

(ENT303) Getting Started with AWS for VMware Professionals | AWS re:Invent 2014

Amazon Web Services

What's hot (20)

Dev/Test Environment Provisioning and Management on AWS

Amazon EKS Managed Kubernetes Cluster

IaC로 AWS인프라 관리하기 - 이진성 (AUSG) :: AWS Community Day Online 2021

Deep Dive On Serverless App Development

[AWS Builders] 실 적용 사례로 알아보는, AWS를 활용한 WAF 보안의 장점 - 삼성SDS 천준호 프로, 컨설팅그룹 (보안기획팀)

基于Aws的持续集成、交付和部署代闻

Managing Your Infrastructure as Code by Travis Williams, Solutions Architect,...

AWS Deployment Best Practices

AWS January 2016 Webinar Series - Introduction to Deploying Applications on AWS

AWS Workshop Series: Microsoft licensing and active directory on AWS

Aws container webinar day 2

Introduction to Amazon EC2

Advanced Task Scheduling with Amazon ECS

Architecting Microsoft Applications with VMware on AWS - WIN305 - re:Invent 2017

Deep dive on Microservices and ECS - AWS Summit Tel Aviv 2017

Well-Architected for Security: Advanced Session

Hybris install telco accelerators on aws-ec2

AWS re:Invent 2016: Hybrid Architectures: Bridging the Gap to the Cloud( ARC2...

Secure Content Delivery with AWS

(ENT303) Getting Started with AWS for VMware Professionals | AWS re:Invent 2014

Similar to ECS-Ingress: easy nginx load balancing across ecs services

Building and running Spring Cloud-based microservices on AWS ECS

Joris Kuipers

Lunar Way and the Cloud Native "stack"

Kasper Nissen

A talk I gave at the recent Advanced AWS Meeup - this is a detailed guide to how I installed and set up Spinnaker to work with our infrastructure at Stitch Fix. I go over the various problems I ran into and how I solved them. I hope this can be useful for others setting up, or interested in setting up Spinnaker for their purposes. **Big thanks to Armory for recording the talks! Video for this talk can be found here: https://youtu.be/ywzPblFpIE0 (I'm the second speaker)**

Making Spinnaker Go @ Stitch Fix

Diana Tkachenko

Dive into DevOps | March, Traefik as kubernetes ingress controller, Ihor Borodin

Provectus

Kubernetes

Meng-Ze Lee

Localize content Devops

mitesh_sharma

Kubernetes (K8s) is on everyone’s lips, but it is easy to experience pitfalls during the development of a K8s cluster. In this talk we will give you an introduction of AWS EKS (Elastic Container Service for Kubernetes), the managed service for deploying and operate Kubernetes on AWS resources, and how you can reach a production readiness. This seamless integration of K8s into the AWS environment allows you a rapid application development assuming architectural concepts of microservice and serverless architecture.

Max Körbächer - AWS EKS and beyond master your Kubernetes deployment on AWS -...

Codemotion

Max Körbächer - AWS EKS and beyond – master your Kubernetes deployment on AWS...

Codemotion

Bitbucket Pipelines - Powered by Kubernetes

Nathan Burrell

Kubernetes Kops - Automation Night

Kasper Nissen

Service Fabric is the foundational technology powering core Azure infrastructure and large-scale Microsoft services such as Azure Cosmos DB, Azure SQL Database, Dynamics 365, and Cortana. Come to this session for a developer’s tour and dives into the latest and greatest of Service Fabric capabilities, including containers, low-latency data processing, .NET Core 2.0 and VS 2017 integration. We are also going to immerse you with our future roadmap that makes building containerized microservice applications much easier.

Azure Service Fabric: The road ahead for microservices

Microsoft Tech Community

Kubernetes basics and hands on exercise

Cloud Technology Experts

Aws + kubernetes = ❤︎

Anthony Stanton

Lessons learned migrating 100+ services to Kubernetes

Jose Galarza

Effective Building your Platform with Kubernetes == Keep it Simple

Wojciech Barczyński

Customer Sharing: miiiCasa - Deep Dive into AWS ECS and Spot Instances at Scale

Amazon Web Services

Deep Dive into AWS ECS and Spot Instances at Scale

Pahud Hsieh

Metal-k8s presentation by Julien Girardin @ Paris Kubernetes Meetup

Laure Vergeron

Meetup 2023 - Gateway API.pdf

Red Hat

In this session, we cover all the options for running containers on AWS. This will include an intro of container concepts, and an overview to different services like ECS, EKS, ECR and Fargate. We cover topics like: how to choose the right orchestration platform for your workload, some different tools that are out there to make the process easier, and how to find more information and support as you work.

Introduction to Containers - AWS Startup Day Johannesburg.pdf

Amazon Web Services

Similar to ECS-Ingress: easy nginx load balancing across ecs services (20)

Building and running Spring Cloud-based microservices on AWS ECS

Lunar Way and the Cloud Native "stack"

Making Spinnaker Go @ Stitch Fix

Dive into DevOps | March, Traefik as kubernetes ingress controller, Ihor Borodin

Kubernetes

Localize content Devops

Max Körbächer - AWS EKS and beyond master your Kubernetes deployment on AWS -...

Max Körbächer - AWS EKS and beyond – master your Kubernetes deployment on AWS...

Bitbucket Pipelines - Powered by Kubernetes

Kubernetes Kops - Automation Night

Azure Service Fabric: The road ahead for microservices

Kubernetes basics and hands on exercise

Aws + kubernetes = ❤︎

Lessons learned migrating 100+ services to Kubernetes

Effective Building your Platform with Kubernetes == Keep it Simple

Customer Sharing: miiiCasa - Deep Dive into AWS ECS and Spot Instances at Scale

Deep Dive into AWS ECS and Spot Instances at Scale

Metal-k8s presentation by Julien Girardin @ Paris Kubernetes Meetup

Meetup 2023 - Gateway API.pdf

Introduction to Containers - AWS Startup Day Johannesburg.pdf

Recently uploaded

CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.

Cyaniclab : Software Development Agency Portfolio.pdf

Cyanic lab

Advanced Flow Concepts Every Developer Should Know

Peter Caitens

A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1

KnowledgeSeed

Vitthal Shirke Microservices Resume Montevideo

Vitthal Shirke

Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...

rajkumar669520

Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have. For more Tendenci AMS events, check out www.tendenci.com/events

Corporate Management | Session 3 of 3 | Tendenci AMS

Tendenci - The Open Source AMS (Association Management Software)

Crafting the Perfect Measurement Sheet with PLM Integration

Wave PLM

Les Buildpacks existent depuis plus de 10 ans ! D’abord, ils étaient utilisés pour détecter et construire une application avant de la déployer sur certains PaaS. Ensuite, nous avons pu créer des images Docker (OCI) avec leur dernière génération, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautés les soutiennent et comment ? Venez le découvrir lors de cette session ignite

Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...

Anthony Dahanne

Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.

TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR

Tier1 app

A Comprehensive Appium Guide for Hybrid App Automation Testing.pdf

kalichargn70th171

Agnieszka Andrzejewska - BIM School Course in Kraków

bim.edu.pl

Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.

Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...

Shahin Sheidaei

Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...

informapgpstrackings

De mooiste recreatieve routes ontdekken met RouteYou en FME

Jelle | Nordend

AI/ML Infra Meetup May. 23, 2024 Organized by Alluxio For more Alluxio Events: https://www.alluxio.io/events/ Speaker: - Eric Wang (Software Engineer, @Uber) Uber has numerous deep learning models, most of which are highly complex with many layers and a vast number of features. Understanding how these models work is challenging and demands significant resources to experiment with various training algorithms and feature sets. With ML explainability, the ML team aims to bring transparency to these models, helping to clarify their predictions and behavior. This transparency also assists the operations and legal teams in explaining the reasons behind specific prediction outcomes. In this talk, Eric Wang will discuss the methods Uber used for explaining deep learning models and how we integrated these methods into the Uber AI Michelangelo ecosystem to support offline explaining.

AI/ML Infra Meetup | ML explainability in Michelangelo

Alluxio, Inc.

"Introduction to Windows 7" serves as the foundational chapter in our guide, setting the stage for understanding the key features and functionalities of this operating system. Windows 7, released by Microsoft in 2009, quickly became one of the most popular and widely used versions of Windows due to its user-friendly interface, stability, and performance improvements over its predecessor, Windows Vista. This chapter begins by providing an overview of the Windows 7 operating system, highlighting its key attributes and improvements compared to earlier versions of Windows. It introduces users to the visual enhancements such as Aero Glass, the revamped taskbar (also known as the Superbar), and the redesigned Start menu, which all contribute to a more intuitive and streamlined user experience. Furthermore, "Introduction to Windows 7" delves into the architecture and system requirements of the operating system, helping users understand what hardware specifications are necessary for optimal performance. It covers topics such as processor requirements, RAM, disk space, and graphics capabilities, ensuring that readers have a clear 3 understanding of the hardware prerequisites for running Windows 7 smoothly. Additionally, this chapter explores the various editions of Windows 7, including Home Premium, Professional, Ultimate, and Enterprise, outlining the differences between them and helping users choose the edition that best suits their needs and requirements. Moreover, "Introduction to Windows 7" provides an overview of the installation process, guiding users through the steps required to install or upgrade to Windows 7 on their computers. It covers topics such as preparing for installation, choosing the installation type (upgrade or custom), partitioning disks, and configuring initial settings. In summary, "Introduction to Windows 7" serves as a comprehensive primer for users who are new to the operating system or seeking to refresh their understanding. By familiarizing themselves with the core concepts and features of Windows 7, readers can lay a solid foundation for exploring more advanced topics covered in subsequent chapters of this guide.

Mastering Windows 7 A Comprehensive Guide for Power Users .pdf

mbmh111980

The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month. The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies. However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News. Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!

SOCRadar Research Team: Latest Activities of IntelBroker

SOCRadar

WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation

WSO2

Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...

Abortion Clinic

Using IESVE for Room Loads Analysis - Australia & New Zealand

IES VE

Recently uploaded (20)

Cyaniclab : Software Development Agency Portfolio.pdf

Advanced Flow Concepts Every Developer Should Know

A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1

Vitthal Shirke Microservices Resume Montevideo

Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...

Corporate Management | Session 3 of 3 | Tendenci AMS

Crafting the Perfect Measurement Sheet with PLM Integration

Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...

TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR

A Comprehensive Appium Guide for Hybrid App Automation Testing.pdf

Agnieszka Andrzejewska - BIM School Course in Kraków

Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...

Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...

De mooiste recreatieve routes ontdekken met RouteYou en FME

AI/ML Infra Meetup | ML explainability in Michelangelo

Mastering Windows 7 A Comprehensive Guide for Power Users .pdf

SOCRadar Research Team: Latest Activities of IntelBroker

WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation

Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...

Using IESVE for Room Loads Analysis - Australia & New Zealand

ECS-Ingress: easy nginx load balancing across ecs services

1. Easy Nginx load balancing across ECS services Stefano Fratini stefanofratini610 bitsandpieces.it @fratuz610

2. Contents 2 Journey to containerization The good the bad and the ugly ECS ECS vs K8S Nginx and ECS playing nicely together ECS Ingress 1 2 3

3. Containerization 3 SIMPLIFY management and create high availability CI/CD Seamless CI/CD approach COST EFFECTIVE Because it's easy to spend a motza on cloud services

4. Containerization on K8S 4 COMPLEXITY and overhead DEDICATED RES which we don't have EXPENSIVE At least on AWS

5. ● It offers basic container orchestration capabilities ● Ideal for small clusters ● it integrates very well with AWS services ● it's very cheap to run ● It's a lock in solution but so is the whole AWS ecosystem ● we lose secrets, and configuration management from K8S 5 Amazon ECS

6. ECS Shortcomings Documentation is lacking Learning curve is still steep Ingress networking (*LBs) is inflexible yet quite expensive

7. *LB is just not Nginx ● too limiting in terms of routing and URL rewriting ● configuration is cumbersome via API calls ● nothing can beat the simplicity of the Nginx text based configuration

8. Can we have it all?* 8 *spoiler alert: yes we can

9. The problem 9 A load balancing solution that integrates natively with ECS but is as easy to configure as Nginx?

10. The solution 10 ECS Ingress ● a small golang executable that spawn a vanilla nginx instance ● loosely modelled after ingress- nginx but 10x simpler :) ● leverages continuously updated upstreams to integrate with ECS services ● reads the Nginx conf dynamically from in S3 github.com/fratuz610/ecs-ingress

11. Visually AWS VPC EC2 #3 EC2 #2 EC2 #1 ECS CLUSTER SERVICE 1 SERVICE 2 SERVICE 2 incoming HTTP / TCP traffic SERVICE 1 ECS INGRESS ECS INGRESS ECS INGRESS NGINX CONFIG CLUSTER CHANGES app.example.com. :: 59 IN A <EC2-1-public-ip> 59 IN A <EC2-2-public-ip> 59 IN A <EC2-3-public-ip> CD tool

12. Basic nginx config http { ... # all upstreams # this is the dynamic reference that always needs to be there include /app/nginx/upstreams.conf; server { server_name app.example.com; location / { # app-ui-prod should be the name of the ECS service proxy_pass http://app-ui-prod; } location /v2/api { # app-api-prod should be the name of the ECS service proxy_pass http://app-api-prod; } } }

13. Nginx config with HTTPS http { ... # all upstreams # this is the dynamic reference that always needs to be there include /app/nginx/upstreams.conf; server { listen 443 ssl; listen [::]:443 ssl; ssl_certificate /app/nginx/fullchain.pem; ssl_certificate_key /app/nginx/privkey.pem; ... location /v2/api { # app-api-prod should be the name of the ECS service proxy_pass http://app-api-prod; } } }

14. Nginx with TCP tunnelling stream { # all upstreams # this needs to be repeated here as it's context sensitive - http and stream include /app/nginx/upstreams.conf; server { listen 1883 so_keepalive=on; proxy_pass mqtt-server:1883; proxy_connect_timeout 1s; } }

15. Nginx with TCP tunnelling #2 # PGSQL Connector to the postgres-prod upstream stream { # all upstreams include /app/nginx/upstreams.conf; server { listen 5432 so_keepalive=on; proxy_pass postgres-prod; # allows access only from the current host allow 172.17.0.0/16; deny all; } } You can connect to Pgsql on 172.17.0.1:5432 from each container in the cluster.

16. Gotchas ● A valid Nginx config is required to start the container ● Only ECS RUNNING tasks are considered ● ECS ingress combines NGINX logs and the golang ones* ● It uses polling (every 10 seconds). API calls are free, S3 calls are metered. *for easy ingestion into CloudWatch

17. Roadmap ● Notifications / Slack Hooks ● Polling improvements (S3) ● Automatic Route53/DNS updates ● Letsencrypt support ● Move to Openresty

18. Does anyone have any questions? 18 Thanks! stefanofratini610 bitsandpieces.it @fratuz610 github.com/fratuz610/ecs-ingress

Editor's Notes

As all companies we started small Trying to find our market fitness At the beginning we had 1 server with everything on it it worked fine but we had no CI/CD of any sort
Looked into containers to - simplify management / high aviability - provide seemless CD capabilities - provide a cost effective solution -> margins
I had managed teams that had got into the K8S journey early on and - it comes with complexities and overhead - we don't have a dedicated devops resource - it's expensive to run on AWS
- It offers basic container orchestration capabilities -- Amazon Elastic Container Service (Amazon ECS) is a container orchestration service that runs and manages Docker containers - Fits our requirements for small clusters - it integrates very well with AWS services (even too well) - for example cloudwatch, VPC, EFS, code build and code deploy - it's very cheap to run - free - spot instances - It's a lock in solution but so is the whole AWS ecosystem - we lose secrets, and configuration management from K8S
- documentation is lacking - learning curve is not as steep as K8s but still - incoming networking is lacking -- Specifically the ELB/ALB/NLB trio are just not good enough for anything above basic -- ELB/ALB/NLB are black boxes and expensive to run
- "it's too limiting when it comes to routing" compared to NGINX - We run everything behind the same domain for SSL cert management simplicity but also to get rid of CORS - load balancers -> listeners (ports) -> rules that link to placement groups - BG: I wrote 6 or 7 blog posts a few years ago on NGINX conf and they are still the highest hits - Nginx is fast, actively developed and has an expressive configuration - that simply cannot be matched by any other way
We want to use ECS because we are on Amazon + the alternative is too expensive/complicated But we want to still use Nginx for routing
- ECS-Ingress - https://github.com/fratuz610/ecs-ingress - a small golang executable that spawn a vanilla nginx instance - loosely modelled after ingress-nginx but 10x simpler :) - leverages continuously updated upstreams to integrate with ECS services - reads the Nginx conf dynamically and stored in S3
- it's deployed as a daemon with HOST networking - all services are deployed with Bridge networking and a mapped port of 0 - Change on the S3 bundle OR the ECS cluster => reload - We use any DNS service to add multiple A records pointing to all the members of the cluster. - Modern DNS services have a built in health check - Each instance needs to have a public IP - source control the configuration
- A valid config is required - Only running tasks are considered - ECS ingress combines NGINX logs and the golang ones in 1 stadout/stderr stream for easy ingestion into Cloudwatch Logs - Uses polling (every 10 seconds). API calls are free, S3 calls are metered.
- Slack Hooks support for automatic update notifications - Automatic support for Route53 updates to reflect changes in the instances attached to a ECS cluster - Letsencrypt support to automatically generate new HTTPS certificates (Gossip protocol coordination across running containers in a cluster to coordinate Letsencrypt requests) - Move to openresty to avoid potentially costly config reloads from NGINX

ECS-Ingress: easy nginx load balancing across ecs services

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to ECS-Ingress: easy nginx load balancing across ecs services

Similar to ECS-Ingress: easy nginx load balancing across ecs services (20)

Recently uploaded

Recently uploaded (20)

ECS-Ingress: easy nginx load balancing across ecs services

Editor's Notes