Getting Started With Docker on AWS
•Download as PPTX, PDF•
2 likes•144 views
This document provides an overview of using Docker containers on Amazon Web Services (AWS). It discusses the benefits of containers, how Amazon ECS provides container management and scheduling capabilities, and how to run containerized services on ECS. Key points covered include how ECS handles resource management and scheduling across a cluster, its use of APIs, tasks, services, load balancing, and updating deployments. The document concludes with a reminder to complete an evaluation.
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Getting Started With Docker on AWS
Similar to Getting Started With Docker on AWS (20)
Recently uploaded
Recently uploaded (20)
Getting Started With Docker on AWS
- 2. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Mikhail Prudnikov, Senior Solutions Architect October 24th, 2016 Getting started with Docker on AWS
- 3. Agenda Why Containers? Cluster Management Benefits Running Services Demo
- 5. What are Containers? OS virtualization Process isolation Images AutomationServer Guest OS Bins/Libs Bins/Libs App2App1
- 6. Container advantages Portable Flexible Fast EfficientServer Guest OS Bins/Libs Bins/Libs App2App1
- 7. Services evolve to microservices Monolithic Application Order UI User UI Shipping UI Order Service User Service Shipping Service Data Access Host 1 Service A Service B Host 2 Service B Service D Host 3 Service A Service C Host 4 Service B Service C
- 8. Containers are natural for microservices Simple to model Any app, any language Image is the version Test & deploy same artifact Stateless servers decrease change risk
- 9. Scheduling
- 10. Server Guest OS Bins/Libs Bins/Libs App2App1 Scheduling one resource is straightforward
- 11. Scheduling a cluster is hard Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS Server Guest OS
- 12. What is Amazon ECS? Amazon EC2 Container Service (ECS) is a highly scalable, high performance container management service. You can use Amazon ECS to schedule the placement of containers across your cluster. You can also integrate your own scheduler or third-party scheduler to meet business or application specific requirements.
- 14. Cluster Management: Resource Management Docker Task EC2 Instance Container Docker Task EC2 Instance Container Task Container Docker EC2 Instance Task Container AZ 1 AZ 2
- 15. Cluster Management: Scheduling Docker Task EC2 Instance Container Docker Task EC2 Instance Container Task Container Docker EC2 Instance Task Container AZ 1 AZ 2
- 16. Amazon ECS: Resource Management Docker Task Container Instance Container Task Container Docker Task Container Instance Container Task Container Docker Task Container Instance Container Task Container AZ 1 AZ 2 Cluster Management Engine
- 17. Amazon ECS: Agent Communication Docker Task Container Instance Container ECS Agent Task Container Docker Task Container Instance Container ECS Agent Task Container Docker Task Container Instance Container ECS Agent Task Container AZ 1 AZ 2 Cluster Management Engine Agent Communication Service
- 18. Amazon ECS: Key/Value Store Docker Task Container Instance Container ECS Agent ELB Internet ELB Task Container Docker Task Container Instance Container ECS Agent Task Container Docker Task Container Instance Container ECS Agent Task Container AZ 1 AZ 2 Key/Value Store Cluster Management Engine Agent Communication Service
- 19. Amazon ECS under the Hood IDN-1 IDN IDN+1 IDN+2 IDN+3 IDN+4 IDN+5 IDN+6 IDN+5 WRITE READ
- 20. Amazon ECS under the Hood IDN-1 IDN IDN+1 IDN+2 IDN+3 IDN+4 IDN+5 IDN+6IDN+3 IDN+5IDN+2 WRITE WRITE READREAD
- 21. Amazon ECS: APIs Docker Task Container Instance Container ECS Agent ELB Internet ELB User / Scheduler API Cluster Management Engine Task Container Docker Task Container Instance Container ECS Agent Task Container Docker Task Container Instance Container ECS Agent Task Container AZ 1 AZ 2 Key/Value Store Agent Communication Service
- 22. Amazon ECS: Scheduling Docker Task Container Instance Container ECS Agent ELB Internet ELB User / Scheduler API Cluster Management Engine Task Container Docker Task Container Instance Container ECS Agent Task Container Docker Task Container Instance Container ECS Agent Task Container AZ 1 AZ 2 Key/Value Store Agent Communication Service
- 23. Benefits
- 24. Easily Manage Clusters for Any Scale Nothing to run Complete state Control and monitoring Scale
- 25. Scalable
- 26. Flexible Container Placement Applications Batch jobs Multiple schedulers
- 27. Designed for use with other AWS services Elastic Load Balancing Amazon Elastic Block Store Amazon Virtual Private Cloud Amazon CloudWatch AWS Identity and Access Management AWS CloudTrail
- 28. Extensible Comprehensive APIs Custom schedulers Open source agent and CLI
- 29. Amazon ECS Docker Task Container Instance Amazon ECS Container ECS Agent ELB Internet ELB User / Scheduler API Cluster Management Engine Task Container Docker Task Container Instance Container ECS Agent Task Container Docker Task Container Instance Container ECS Agent Task Container AZ 1 AZ 2 Key/Value Store Agent Communication Service
- 30. Running Services
- 31. Task Definitions Volume Definitions Container Definitions
- 32. Key Components: Task Definitions
- 33. Key Components: Task Definitions
- 34. Tasks Shared Data Volume Containers schedule Container Instance Volume Definitions Container Definitions
- 35. Unit of work Grouping of related Containers Run on Container Instances Tasks
- 36. Create a Service Good for long-running applications and services
- 37. Create Service Load Balance traffic across containers Automatically recover unhealthy containers Discover services Elastic Load Balancing Shared Data Volume Containers Shared Data Volume Containers Shared Data Volume Containers
- 38. Scale Service Scale up Scale down Elastic Load Balancing Shared Data Volume Containers Shared Data Volume Containers Shared Data Volume Containers Shared Data Volume Containers
- 39. Scale Service
- 40. Update Service Deploy new version Drain connections Shared Data Volume Containers Shared Data Volume Containers Shared Data Volume Containers new new new Elastic Load Balancing Shared Data Volume Containers Shared Data Volume Containers Shared Data Volume Containers old old old
- 41. Update Service (cont.) Deploy new version Drain connections Shared Data Volume Containers Shared Data Volume Containers Shared Data Volume Containers new new new Elastic Load Balancing Shared Data Volume Containers Shared Data Volume Containers Shared Data Volume Containers old old old
- 42. Update Service (cont.) Deploy new version Drain connections Elastic Load Balancing Shared Data Volume Containers Shared Data Volume Containers Shared Data Volume Containers new new new
- 43. Update Service (cont.) Specify a deployment configuration for your service: • minimumHealthyPercent: lower limit (as a percentage of the service's desiredCount) of the number of running tasks that must remain running in a service during a deployment. • maximumPercent: upper limit (as a percentage of the service's desiredCount) of the number of running tasks that can be running in a service during a deployment.
- 44. Update Service (cont.) Deploy using the least space: minimumHealthyPercent = 50%, maximumPercent = 100%
- 45. Update Service (cont.) Deploy quickly without reducing service capacity: minimumHealthyPercent = 100%, maximumPercent = 200%
- 46. Demo
- 47. Thank You!
Editor's Notes
- So we are going to briefly recap, why containers and the challenges you may face in production, and some of the use patterns We will then talk about cluster management and how Amazon ECS fits into all of this Then we will close with a demo
- Containers are similar to hardware virtualization (like EC2), however instead of partitioning a machine, containers isolate the processes running on a single operating system This is a useful concept that lets you use the OS kernel to create multiple isolated user space processes that can have constraints on them like cpu & memory. The Docker CLI makes using containers easy, with commands like docker run. Docker images make it easy to define what runs in a container and versions the entire app These concepts enable automation – you can define your app, build & share the image, and deploy that image.
- You may be thinking – this sounds interesting but why would I want to use containers? There are 4 key benefits to using containers. 1.) The first is that containers are portable. the image is consistent and immutable -- no matter where I run it, or when I start it, it’s the same. This makes the dev lifecycle simpler –an image works the same on the developer’s desktop & prod, whether I start it today or scale my environment tomorrow, so there’s no surprises. The entire Application is self-contained -- The image is the version, which makes deployments and scaling easier because the image includes the dependencies. Small, usually 10s MB for the image, very sharable 2.) Containers are flexible. You can create clean, reproducible, and modular environments. Whereas in the past multiple processes would be on the same OS (e.g. Ruby, caching, log pushing), now Containers makes make it easy to decompose an app into smaller chunks, like microservices, reducing complexity & letting teams move faster while still running the processes on the same host, e.g. no library conflicts This streamlines both code deployment and infrastructure management 3.) Simply stating that Docker images start fast sells the technology short as speed is apparent in both performance characteristics and in application lifecycle and deployment benefits So yes, containers start quickly because the operating system is already running, but Every container can be a single threaded dev stream; less interdependencies Also ops benefits - Example: IT updates the base image, I just do a new docker build – I can just focus on my app, meaning it’s faster for me to build & release. 4.) Finally, containers are efficient. You can allocate exactly the resources you want – specific cpu, ram, disk, network Since it shares the same OS kernel & libs, containers use less resources than running the same processes on different virtual machines (different way to get isolation)
- So I want to tell you a story about Amazon.com and the evolution of its architecture. Over 10 years ago, Amazon had a large monolithic application running its website. Everything from its UI, ordering systems, recommendations engine, shopping cart was one big application with one large code base. The problem with that was there are a lot of code interdependencies that have to be resolved. Another problem Amazon experienced was it was hard to scale the website. If one part or service was memory intensive and another CPU intensive, the servers much be provisioned with enough memory and CPU to handle that baseline load. So if the CPU intensive service received a heavy load you have to provision a large machine and have a lot of underutilized resources In order to scale better, Amazon decomposed its architecture into individual services that could be deployed separately. This allowed it to scale each service independently. It was able to have smaller teams that worked on each of the services and controlled that services codebase. This allowed the website to evolve faster because new updates can be delivered independently of other teams. This architecture is what now is known as microservices.
- Containers & Docker are natural for this pattern of microservices It makes services simple to model; The application and all its dependencies are packaged into an image using a Dockerfile. It supports Any app, any language The Image is a versioned artifact that can be stored in a repository just like your source code. This makes applications easy to test & deploy because they are the same artifacts Containers also simplify deployment -- Stateless servers are natural with Docker and each deployment is a new set of containers This Decreases risk of change – rollback is simple This all makes it easy to decompose applications to microservices. Every microservice is self contained allowing you to reduce dependency conflicts and decouple deployments.
- So lets talk about scheduling
- The Docker CLI is great if you want to run a container on your laptop for example “docker run myimage”.
- But it’s challenging to scale to 100s of containers. Now you’re suddenly managing a cluster & cluster management is hard. You need a way to intelligently place your containers on the instances that have the resources and that means you need to know the state of everything in your system. For example… what instances have available resources like memory and ports? How do I know if a container dies? How do I hook into other resources like ELB? Can I extend whatever system that I use, e.g. CD pipeline, third party schedulers, etc. Do I need to operate another piece of software? These are the questions and challenges that our customers had which led us to build Amazon ECS
- These are snippets taken from the ECS landing page. At the core ECS is a container management service which enables schedulers to run concurrently on-top. We currently offer a built-in scheduler known as the Amazon ECS Service Scheduler to make running services on ECS easy.
- Resource Manager is responsible for keeping track of resources like memory, CPU, and storage and their availability at any given time in the cluster.
- Next, the Scheduler is responsible for scheduling containers or tasks for execution. The scheduler contains algorithms for assigning tasks to nodes in the cluster based on the resources required to execute the task. To properly schedule you need to : Know your constraints like memory, CPU Find resources from your cluster that meet the constraints Request a resource Confirm the resource The scheduler is also responsible for the task execution lifecycle. Is the task alive or dead and should it be rescheduled
- ECS provides a simple solution to cluster management: We have a cluster management engine that coordinates the cluster of instances, which is just a pool of CPU, memory, storage, and networking resources The instances are just EC2 instances that are running our agent that have been checked into a cluster. You own them and can SSH into them if you want Dynamically scalable. Possible to have a 1 instance cluster, and then a 100 or even 1000 instance cluster. Segment for particular purposes, e.g. dev/test
- On each instance, we have the ECS agent which communicates with the engine and processes ECS commands and turns them into Docker commands To instructs the EC2 instances to start, stop containers and monitor the used and available resources It’s all open source on Github and we develop in the open, so we’d love to see you involved through pull requests.
- To coordinate this cluster we need a single source of truth for all the instances in the cluster, tasks running on the instances, and containers that make up the task, and the resources available. This is known as cluster state So at the heart of ECS is a key/value store that stores all of this cluster state To be robust and scalable, this key/value store needs to be distributed for durability and availability But because the key/value store is distributed, making sure data is consistent and handling concurrent changes becomes more difficult For example, if two developers request all the remaining memory resources from a certain EC2 instance for their container, only one container can actually receive those resources and the other would have to be told their request could not be completed. As such, some form of concurrency control has to be put in place in order to make sure that multiple state changes don’t conflict.
- Lets talk a bit how we achieve this concurrency control under the hood We implemented Amazon ECS using one of Amazon’s core distributed systems primitives: a Paxos-based transactional journal based data store that keeps a record of every change made to a data entry. Any write to the data store is committed as a transaction in the journal with a specific order-based ID. The current value in a data store is the sum of all transactions made as recorded by the journal. Any read from the data store is only a snapshot in time of the journal.
- For a write to succeed, the write proposed must be the latest transaction since the last read. So if a user made a read and subsequently a few writes happened after that and it tries to write based on the last seend ID, the write wouldn’t succeed This primitive allows Amazon ECS to store its cluster state information with optimistic concurrency, which is ideal in environments where constantly changing data is shared. This architecture affords Amazon ECS high availability, low latency, and high throughput because the data store is never pessimistically locked.
- But what is unique about ECS is we decouple the container scheduling from the cluster management. We have opened up the Amazon ECS cluster manager through a set of API actions that allow customers to access all the cluster state information stored in our key/value store This set of API actions form the basis of solutions that customers can build on top of Amazon ECS such as connecting your CICD system or schedulers
- This API allows you to connect different schedulers to ECS A scheduler just provides logic around how, when, and where to start and stop containers. Amazon ECS’ architecture is designed to share the state of the cluster and allow customers to run as many varieties of schedulers (e.g., bin packing, spread, etc) as needed for their applications.
- The reason we developed ECS was customers had been running containers and Docker on EC2 for quite some time. What customers told us was the difficulty of running these containers at scale which generally involved installing and managing cluster management software Eliminates cluster management software Manages cluster state Manages containers Control and monitoring Scale from one to tens of thousands of containers
- Earlier this year we ran a load test Over a 3 day period we scaled our cluster 200 to over 1000 instances in our cluster as represented by the purple line The green and red line show the p99 and p50 latencies As you can see they are relatively flat demonstrating that ECS is stable and will scale regardless of your cluster size
- So Amazon ECS has two builtin schedulers to help find the optimal instance placement based on your resource needs, isolation policies, and availability requirements: A scheduler for long running applications and services A scheduler for short running tasks like batch jobs As discussed before - Because ECS provides you a power set of APIs, it allows you to integrate your own custom scheduler as well as open source schedulers. All of these allow you to have very flexible methods to do scheduling on ECS
- Amazon ECS is built to work with the AWS services you value. You can set up each cluster in its own Virtual Private Cloud and use security groups to control network access to your ec2 instances. You can store persistent information using EBS and you can route traffic to containers using ELB. CloudTrail integration captures every API access for security analysis, resource change tracking, and compliance auditing
- As discussed before ECS has a simple set of APIs that allows it to be very easy to integrate and extend You can use your own container scheduler or connect ECS into your existing software delivery process (e.g., continuous integration and delivery systems) Our container agent and CLI is open source and available on GitHub. We look forward to hearing your input and pull requests.
- Summing everything, what ECS allows is the reduction on the amount of code you need to go from idea to implementation when building distributed systems. So, rather than having Mesos or other cluster management software having to manage a set of machines directly, ECS manages your instances. Much of the undifferentiated heavy lifting and housekeeping has been abstracted behind a set of APIs. The ability to run multiple tasks on a shared pool of resources can also lead to higher utilization and faster task completion than if compute resources are statically partitioned.
- You can model your app using a file called a Task Definition This file defines the containers you want to run together. A task definition also lets you specify Docker concepts like links to establish network channels between the containers and the volumes your containers need. Task definitions are tracked by name and revision, just like source code
- To create a task definition, you can use the console to specify the Docker image to use for the containers You can specify resources like CPU and memory, ports and volumes for each container. You can specify what command to run when the container starts. And the essential flag specifies whether the task should fail if the container stops running.
- You can also type everything as JSON if you want
- Once your task definition is created, scheduling a Task Definition onto an instance with available resources creates a task
- A task is an instantiation of a task definition. You can have a task with just 1 container…or up to 10 that work together on a single machine. Maybe nginx in front of rails, or redis behind rails. You can run as many tasks on an instances as will fit. Often people wonder about cross host links, those don’t go in your task, put them behind an ELB, or a discovery system and make multiple tasks.
- ECS has a scheduler that is good for long-running applications called the service scheduler You reference a task definition and the number of tasks you want to run and then can optionally place it behind an ELB. The scheduler will then launch the number of tasks that you requested
- The scheduler will maintain the number of tasks you want to run and will have it automatically load balance
- Scaling up and down is simple. You just tell the scheduler how many tasks you need and the scheduler will automatically launch more tasks or terminate tasks
- Amazon EC2 Container Service (Amazon ECS) can now automatically scale container-based applications by dynamically growing and shrinking the number of tasks run by an Amazon ECS service. Now, you can automatically scale an Amazon ECS service based on any Amazon CloudWatch metric. For example, you can use CloudWatch metrics published by Amazon ECS, such as each service’s average CPU and memory usage. You can also use CloudWatch metrics published by other services or use custom metrics that are specific to your application. For example, a web service could increase the number of tasks based on Elastic Load Balancing metrics like SurgeQueueLength, while a batch job could increase the number of tasks based on Amazon SQS metrics like ApproximateNumberOfMessagesVisible.
- Updating a service is easy You deploy the new version and the scheduler with launch tasks with the new application version
- It will drain the connection from the old containers and remove the containers
- Leaving the newest containers running
- minimumHealthyPercent represents the minimum number of running tasks during a deployment. maximumPercent represents an upper limit on the number of running tasks during a deployment, enabling you to define the deployment batch size.