Getting Started with Containers on AWS: Collision 2018

Getting started with
containers on AWS
Abby Fuller, AWS
@abbyfuller

First things first…
What are containers and why are customers using them?

What are containers?
A container is an atomic, self-contained package of software that
includes everything it needs to run (code, runtime, libraries,
packages, etc.).
A popular, widely-used container platform is Docker. More on that
here: https://www.docker.com

Why are containers so popular?
• Portable
• Lightweight
• Standardized
• Easy to deploy
• Along with containers, comes the “monolith to microservices” story:
containers and microservices go hand in hand (more on that in a second)

OK, so what are microservices?
”Service oriented architecture
composed of loosely coupled elements
that have bounded contexts.”
- Adrian Cockroft

webserver
.package
Order UI
Order Service
Inventory Service
Shipping Service
OrderUI
Shipping Service
Order Service
Inventory
Service

© 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved.
Running one container is easy

But there are still moving pieces
Server
Guest OS
Bins/Libs Bins/Libs
App2App1

Managing many containers is hard
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS

Enter container orchestration tools

What are container orchestration tools?
Framework for managing, scaling, deploying containers.

We’ve had customers running Docker on
EC2 from the very beginning…

But there were pain points.
Things like scheduling, placing, managing and
deploying containers were difficult. They wanted
something to make those pain points better.

So we built ECS
Highly scalable, high
performance container
management system
A managed platform
ECS
Cluster
management
Container
orchestration
Deep AWS
integration

Marketing data startup
Majority of services on ECS

160 billion analytics events per
month
Up to 270,000 events per second
Autoscaling allows them to burst to
thousands of containers to seamlessly
handle demand
ECS

ECS
ECS is not just for event processing
Redshift
Running ETL jobs on ECS

But ECS isn’t the only way to run containers in
production
More customers running Kubernetes on
AWS than anywhere else.

UK FinTech startup
Kubernetes on AWS

More than 350 microservices
Kubernetes on EC2

Multi-master Hundreds of workers
Highly-available backing store of etcd
High availablity at
every level

Security first
VPC
DirectConnect

“Deploying Kubernetes in a highly
available configuration on AWS is not for the faint of
heart and requires you to get familiar with its
internals, but we are very pleased with the results”

So we built EKS
Platform for
enterprises to run
production-grade
Kubernetes-grade
installations
EKS
Managed and
upstream
experience
Seamless, native
integration with
AWS services
Contributes back
to open source
community

There’s a theme here: “run my
containers FOR me”

Containers are great!
...but they’re a lot of heavy
lifting

AWS Fargate
No cluster or
infrastructure to
manage or scale
Everything is
handled at the
container level
Scale seamlessly
on demand
Underlying technology for container
management

What does Fargate mean?
No worrying about scaling, service mesh, underlying infrastructure, cluster
resources, capacity, setup.
Just give it a task definition or pod (in 2018), set some resource limits, and
away you go.

How does this work in practice?
• Two launch types for ECS and EKS:
• EC2 (traditional, manage your cluster infrastructure)
• Fargate

With Fargate: focus on your
workload (job, container, function,
task) first. Full stop.

How everyone thinks about
compute is changing.

Treat containers as a fundamental, compute
primitive.

IAM Roles for Tasks
Task Auto Scaling
Task Load Balancers
Task Networking

This all enable you to focus on your
workload first, at a really granular
level. Your infrastructure supports
that.

What are people building with
containers on AWS?

So what does all of this mean for
you?

Bottom line: lots of options for
running container workloads on
AWS

OK, so why do you want options?
• Options are good! They make the community stronger.
• Use what works for you and your workload -> all choices are good! Use
what you can manage.
• You don’t have to pick just one- benefits of containers are that they
support polyglot architectures, many tools, and portability. Build in the
language, choose the tool/orchestration platform that works for YOU.
• With Fargate, run hybrid clusters!
We want AWS to be the best place for you to run your container workloads,
however you want to run them.

What does the landscape look like all together?
Amazon ECS
(available now)
Amazon EKS
(preview)
Fargate mode for
ECS
(available now)
Fargate mode
for EKS
(available
2018)

ECS
Easiest way to deploy and manage
containers
Integration with entire AWS platform
ALB, Auto Scaling, Batch, Elastic Beanstalk,
CloudFormation, CloudTrail, CloudWatch Events,
CloudWatch Logs, CloudWatch Metrics, ECR, EC2 Spot,
IAM, NLB, Parameter Store, and VPC
Scales to support clusters of any size
Service integrations (like ALB and NLB) are at
container level
1
2
3

What we did with ECS in 2017
Container access to
environmental metadata
Network Load Balancer support
Console support for
SpotFleet
Override parameters for
RunTask and StartTask APIs
Task Elastic Network
Interface
Application Load Balancer Support
HIPAA eligibility
Console UX improvements
CLI V1.0
Container instance draining
Windows containers
Cron and Cloudwatch Event
Task scheduling
Support for Docker Privileged
Mode Lifecycle Policies for container images
Beijing Region
Support for Device and Init
flags
Add attributes during boot
Seoul Region
Linux capabilities

EKS
Managed Kubernetes on AWS
Highly available Automated
version upgrades
Integration with
other AWS
services
Etcd
Master
Managed
Kubernetes
control plane
CloudTrail, CloudWatch,
ELB, IAM, VPC, PrivateLink

Fargate
Launch quickly
Scale easily
No infrastructure
Resource based pricing
Containers on demand
Manage everything at
container level

What does Fargate mean?
No worrying about scaling, service mesh, underlying infrastructure,
cluster resources, capacity, setup.
Just give it a task definition or pod (in 2018), set some resource
limits, and away you go.

“When someone asks you for a sandwich,
they aren’t asking you to put them in charge
of a global sandwich logistic chain. They just
want a sandwich”

AMAZON CONTAINER SERVICES
So you want to run a (managed) container on AWS
Choose your orchestration tool1
Choose your launch type2
ECS EKS
EC2 Fargate EC2 Fargate

How do I know when to use Fargate vs EC2 mode?
Depends on your workload.
For Fargate: if you have a Task Definition, and you’re ok with awsvpc
networking mode, try Fargate. Some caveats: can’t exec into the
container, or access the underlying host (this is also a good thing)
For EC2 mode: good if you need to customize!

What are the differences between ec2 mode and Fargate?
• Change in networking mode: "networkMode": "awsvpc”
• Only specify container port, no host port:
• "portMappings":
[{"containerPort": ”8081"}]
• No links (only local loopback)
• No ELB Classic, only ALB or NLB. ALB needs to use target type IP,
not instance.
• Launch Type: Fargate

New and important!
requiresCompatibilities parameter.
"requiresCompatibilities": ["FARGATE"]
You can have tasks that have multiple compatibilities:
"requiresCompatibilities": ["FARGATE”,
“EC2”]

Hang on, what’s awsvpc?
New task level networking type.
Each Task is assigned an ENI (Elastic Network Interface), and a private
IP (and optionally a public IP, if you’re using Fargate) from your
subnet.
This allows for simplified container networking: containers that are
part of the same task (and thus on the same host) can use the local
loopback interface. Containers not on the same host use the
ENI/hostname/IP

Need some more info on working with awsvpc?
https://aws.amazon.com/blogs/compute/task-
networking-in-aws-fargate/
https://aws.amazon.com/blogs/compute/introdu
cing-cloud-native-networking-for-ecs-
containers/

Need help migrating between Fargate and EC2?
https://aws.amazon.com/blogs/compute/migr
ating-your-amazon-ecs-containers-to-aws-
fargate/

ECS: can be totally managed, or can customize resource usage, networking, task placement
etc. to fit your application needs. Shared responsibility with AWS (because managed service).
ecs-agent is open source. Easy integration with other AWS services.
EKS: managed, upstream Kubernetes. Can connect to clusters through kubectl and use
existing tooling. Can opt in to managed version upgrades. Add resources to your cluster
through EC2 (now), or with Fargate mode (2018).
Fargate: underlying technology for containers on demand. Pass a Task Definition or
Kubernetes Pod, set resource limits, and Fargate manages everything else. NO access to
underlying host, no managing of resources. Great if you don’t want to handle scaling,
orchestration, deployments, upgrades yourself. Not for those of you that are making changes
to your infrastructure (i.e., bringing custom AMIs, or installing things through EC2 user-data)
tl;dr

https://medium.com/containers-on-
aws/choosing-your-container-environment-
on-aws-with-ecs-eks-and-fargate-
cfbe416ab1a
Need more info on how to choose?

We want to hear from all of you!
• More focus on supporting Tasks as compute primitive, more focus on
removing undifferentiated heavy lifting.
• Our roadmap is driven by feedback:

How can I get started?
• To join the EKS preview: https://aws.amazon.com/eks/
• To get started with Fargate: https://aws.amazon.com/fargate/
• Blogs: https://aws.amazon.com/blogs/aws/aws-fargate/
• https://aws.amazon.com/blogs/aws/amazon-elastic-container-service-for-kubernetes/
• Liz Rice from Aquasec on Fargate: https://blog.aquasec.com/securing-struts-in-aws-fargate
• Nathan Peck from AWS: https://medium.com/containers-on-aws/choosing-your-container-environment-on-
aws-with-ecs-eks-and-fargate-cfbe416ab1a
• Deepak Singh (containers GM at AWS): https://www.slideshare.net/AmazonWebServices/containers-on-aws-
state-of-the-union-con201-reinvent-2017

Need a little help?
Community Slack channels:
awsdevelopers.slack.com
amazon-ecs.slack.com
Or reach out to one of us directly:
@abbyfuller or abbyfull@amazon.com
@nathankpeck
@brentcontained
@paulmaddox
@ric_harvey

Go build (and tell us about it)!

Getting Started with Containers on AWS: Collision 2018

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a Getting Started with Containers on AWS: Collision 2018

Semelhante a Getting Started with Containers on AWS: Collision 2018 (20)

Mais de Amazon Web Services

Mais de Amazon Web Services (20)

Getting Started with Containers on AWS: Collision 2018