Slides for "Running your dockerized application(s) on AWS Elastic Container Service"

1. Running your
Dockerized application(s)
on AWS EC2 Container Service
Marco Pas
Philips Lighting
Software geek, hands on
Developer/Architect/DevOps Engineer
@marcopas

2. Some stuff about me...
● Mostly doing cloud related stuff
○ Java, Groovy, Scala, Spring Boot, IOT, AWS, Terraform, Infrastructure
● Enjoying the good things
● Chef leuke dingen doen == “trying out cool and new stuff”
● Currently involved in a big IOT project
● Wannabe chef, movie & Netflix addict

3. ..Quick Inventory..

5. From Personal Container Management to ...

6. Something that runs into production
● Docker
● Security
● Service Discovery
● Logging & Monitoring
● Rolling Deployments
● Networking
● Supervision
● Container hosting
● Docker
Development Production
Learning
cliff

7. Using Docker Compose != Running production

8. Agenda
● Containers
● Creating a Container using Spring Boot
● Container Services
● Amazon EC2 Container Service (ECS)
○ Pushing and Pulling containers
○ Deploying containers
○ Scaling your containers
○ Service Discovery
○ Logging
○ Monitoring

9. Containers

10. ● OS Virtualization
● Process Isolation
● Automation
● Images
What are containers
Portable
Flexible
Fast
Efficient

11. Creating a Docker Image
# Dockerfile ~ example
FROM alpine:latest
ADD HelloWorld.class HelloWorld.class
RUN apk --update add openjdk8-jre
ENTRYPOINT ["java", "-Djava.security.egd=file:/dev/./urandom", "HelloWorld"]
docker build -t <your imagename>:<tag> .

12. From Docker Image to a Docker Container

13. Creating a Container
using Spring Boot

14. // file: DemoApplication.java
package springboot.docker.helloworld;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@SpringBootApplication
public class DemoApplication {
public static void main(String[] args) { SpringApplication.run(DemoApplication.class, args); }
@RequestMapping("/")
String home() {
return "Hello World!"; → say hello :)
}
}

15. // file: build.gradle ~ some code intentionally removed
dependencies {
compile('org.springframework.boot:spring-boot-starter-web')
compile('org.springframework.boot:spring-boot-starter-actuator') → add spring boot actuator
testCompile('org.springframework.boot:spring-boot-starter-test')
}
String dockerImageName = "spring-boot-docker-helloworld" → set the image name
task buildDockerImage(type:Exec) { → task to create an image
group = 'docker'
description = 'Build a docker image'
commandLine 'docker', 'build', '-f', 'build/docker/Dockerfile', '-t', "${dockerImageName}", 'build/docker'
doFirst {
println ">> Creating image: ${dockerImageName}"
// some code intentionally removed
}
}

16. // file: build.gradle ~ some code intentionally removed
doFirst {
println ">> Creating image: ${dockerImageName}"
copy {
// copy files to build location, Dockerfile - Jar file
}
copy {
// process Dockerfile to replace labels (Dockerfile label: @name@, @version@, @build-date@, …
// copy files to build location, Dockerfile - Jar file
from('src/main/docker/') {
include 'Dockerfile'
filter(ReplaceTokens, tokens: [
'version': version,
'build-date': new Date().format("yyyy-MM-dd'T'HH:mm:ss'Z'", TimeZone.getTimeZone("UTC")),
'git-branch': gitBranch(),
'git-commit': gitCommitHash()
])
}
file("build/docker/app/${jar.archiveName}").renameTo("build/docker/app/application.jar")
}

17. // file: Dockerfile example ~ some code intentionally removed
FROM java:8u66-jdk
LABEL com.acme.build-date="@build-date@" → provide data to the Dockerfile
EXPOSE 8080 → expose port 8080, so the host can map this port
# Create app that holds the application.jar file
RUN mkdir -p /app → do some housekeeping, creating directories
WORKDIR /app
COPY /app/application.jar application.jar → copy the application.jar file into the container
COPY /app/docker-entrypoint.sh docker-entrypoint.sh → copy startup script into the container
# Set file permissions
RUN chmod +x docker-entrypoint.sh → make the shel script executable
# Set start script as default command
CMD ["./docker-entrypoint.sh"] → execute the startup script when we start the container

18. // file: build.gradle
project.ext.dockerRegistry = System.env.DOCKER_REGISTRY → get the docker registry from environment
String dockerImageName = "spring-boot-docker-helloworld" → set the image name
task pushDockerImage(type: Exec) {
group = 'docker'
description = 'Push a docker image'
commandLine 'docker', 'push', "${project.ext.dockerRegistry}/${dockerImageName}"
doFirst {
println ">> Checking dockerRepository"
if (!project.ext.dockerRegistry) {
throw new GradleException("Unable to push image, please provide correct 'dockerRegistry'")
}
println ">> Pushing image: ${dockerImageName}"
}
}

19. Running the image using Docker Compose
// file: docker-compose.yml
version: '2'
services:
springboot-demo: → name if container
image: spring-boot-docker-helloworld:latest → the image that is going to be used
ports:
- "8080:8080” → port mapping 8080 host -> 8080 container

20. Demo:
Build & Run Docker Image using
Spring Boot

21. But wait… we have images now
how do we run our containers?
We need some help!
Container Storage, Scheduling
& Orchestration

22. Container Services

23. Container Services
● Most used Container Services
○ Amazon ECS
○ Kubernetes by Google
○ Docker Swarm
○ Hashicorp Nomad
○ Azure Container Service
All have the some focus:
Run your Services / Containers

24. Container Services
● Storage
● Clustering support
● Control & Monitoring
● Scale up/down
● Scheduling & Orchestration
○ Flexible Container placement

25. Placement Strategies
● Strategy name
○ node selected
● Spread
○ has the fewest containers,
disregarding their states
● Binpack
○ most packed (i.e. has the minimum
amount of free CPU/RAM)
● Random
○ chosen randomly

27. Components of AWS ECS
comparable
to Docker
Hub

28. Amazon EC2 Container Service (ECS)
“ECR → Pushing and Pulling containers”

29. ● Amazon’s version of a Docker Registry
● Registry contains Repositories
○ unique namespace
● Logins generated on demand with
limited session length
● Images:
○ can be shared with AWS accounts
○ at rest are encrypted and stored in S3
○ transmitted over HTTPS
Container Registry

30. Publishing
to ECR

31. Demo:
Push/Pull image(s) to/from ECR

32. Amazon EC2 Container Service (ECS)
“ECS → Deploying containers”

33. Container
Service
Detail
Docker Container
The result of starting a
Docker Image by the
Scheduler

34. Container
Service
Detail
EC2 Container Instance
EC2 instance with Docker &
the ECS Agent installed
ECS Agent
Allows EC2 container
instances to connect to a
cluster

35. Container
Service
Detail
ECS Cluster
A logical grouping of EC2
Container Instances

36. Container
Service
Detail

37. Demo Description
● Create the infrastructure
● Deploy “HelloWorld”
container to an
ECS Container Instance
● Make the endpoint
publicly available via
ALB
● Scale the container
instances

38. How to create the environment?
“Infrastructure as Code”

39. Terraform
● Provision resources
○ Compute / Storage / Network
● Manage resource lifecycles
● Manage different resource providers (AWS, Google, Azure, …)
● Automate deployments and configurations
Infrastructure as Code

40. Tip
Considering using TFENV
to manage Terraform versions

41. // file: main.tf ~ some code intentionally removed
module "vpc" {
source = "github.com/terraform-community-modules/tf_aws_vpc"
name = "my-vpc"
cidr = "10.0.0.0/16"
public_subnets = ["10.0.1.0/24", "10.0.2.0/24"]
private_subnets = ["10.0.101.0/24", "10.0.102.0/24"]
}
module "bastion" { ... }
module "ecs-cluster" {
source = "./ecs-cluster"
cluster_name = "demo"
vpc_id = "${module.vpc.vpc_id}"
subnet_ids = "${module.vpc.private_subnets}"
}

42. Demo:
Overview of AWS Infrastructure

43. All fine, we have the infrastructure
Now get some apps deployed :)
Deployment of a Dockerized
app on ECS

44. Describing your Docker deployment
Describes one or more Docker
Containers that form your
application (blueprint)
Runs and maintains a desired
number of tasks from a
specified task definition
Running container with
the settings defined in
the Task Definition

45. Example: Task Definition
45
{ "family": "webserver", → family of containers
"containerDefinitions": [{
"name": "web", → name of the container
"image": "nginx", → the image used for the container
"cpu": 99, → cpu + memory credits
"memory": 100,
"portMappings": [{ → port mappings (expose port 80 in container to port 80 on host)
"containerPort": 80,
"hostPort": 80
}],
"environment": [{ → environment variables, used in the container
"name": "MYSQL_ROOT_PASSWORD",
"value": "password"
}]
}]
}
Can you spot the problem?

46. Host <> Container Port mapping

47. Host <> Container Port mapping

48. Run a task/service on ECS Container Service
● AWS Console
○ Use the AWS console and use the UI
● Manual
○ Using the AWS CLI / ECS CLI
● Automated
○ Using Cloudwatch or Terraform

49. Demo Description
● Create the infrastructure
● Deploy “HelloWorld”
container to an
ECS Container Instance
● Make the endpoint
publicly available via
ALB
● Scale the container
instances

50. // file: main.tf ~ some code intentionally removed
module "vpc" { ... }
module "bastion" { ... }
module "ecs-cluster" { ... }
module "helloworld-service" {
source = "./helloworld-service"
environment = "test-env"
vpc_id = "${module.vpc.vpc_id}"
ecs_cluster_id = "${module.ecs-cluster.ecs_cluster_id}"
docker_repository = "163079528612.dkr.ecr.us-east-1.amazonaws.com"
public_subnet_ids = "${module.vpc.public_subnets}"
iam_role = "${module.ecs-cluster.ecs_aws_iam_role_name}"
desired_count = 1
}

51. // file: task-definition.tpl
[
{
"name": "helloworld-service",
"essential": true,
"image": "${docker_repository}/springboot-docker-helloworld:${version}",
"memoryReservation": 256,
"portMappings": [
{ "ContainerPort": 8080 }
]
}
]

52. Demo:
Deploy Docker Container on ECS
Container Service using Terraform

53. Service Autoscaling

54. Autoscaling your containers
● Scaling is based upon metrics → Application Autoscaling
○ Metrics on ECS/Service
■ cpu load, memory usage, io, …
● CloudWatch Alarm
○ cpu > 80% for 1 minute
○ cpu < 50% for 1 minute
● Scaling Policy → “ChangeInCapacity”
○ up +1 instance
○ down -1 instance

55. Demo Description
● Create the infrastructure
● Deploy “HelloWorld”
container to an
ECS Container Instance
● Make the endpoint
publicly available via
ALB
● Scale the container
instances

56. Demo:
Autoscaling based on CPU

57. Service Discovery

58. Service Discovery
● DNS based Discovery
● Consul Service Discovery

59. Logging

61. Logging
Multiple Log Drivers
available

62. Configuring the Log Driver
62
{ "family": "webserver", → family of containers
"containerDefinitions": [{
"name": "web", → name of the container
"image": "nginx", → the image used for the container
// some intentionally omitted
"logConfiguration": { → log configuration
"logDriver": "awslogs", → to be used logdriver
"options": { → logdriver options
"awslogs-group": "awslogs-nginx",
"awslogs-region": "ap-northeast-1",
"awslogs-stream-prefix": "awslogs-example"
}
}
}]
}

63. Monitoring

64. ● Cloudwatch / InfluxDB / Prometheus / SysDig
Monitoring

65. Prometheus Overview

66. Demo:
Monitoring using Prometheus

67. Recap
● Running Docker containers on ECS is not hard
○ Build your Dockerized Spring Boot applications and push them to ECS
○ ECS Cluster with EC2 instances
● Use a “Infrastructure as Code” approach to keep a grasp on what needs to
be deployed
● Do not forget about Logging and Monitoring these steps are important
○ use CloudWatch or other monitoring tools to keep an eye on your infrastructure
● Service Discovery using DNS or Consul

68. That’s a wrap!
Question?
https://github.com/mpas/running-your-dockerized-application-on-aws-ec2-container-service
Marco Pas
Philips Lighting
Software geek, hands on
Developer/Architect/DevOps Engineer
@marcopas