LASTconf 2017 - Simplifying Amazon ECS by Weaving overlay networks

•Transferir como PPTX, PDF•

1 gostou•215 visualizações

An examination of a journey to simplify Amazon ECS network environments through use of Weave networking; regaining environment parity with local docker-compose configurations, and some possibilities for hybrid cloud and multi-region transparent network configurations.

Tecnologia

@cevoaustralia
Simplifying Amazon ECS by
Weaving overlay networks
Colin Panisset, Cevo
@nonspecialist

@cevoaustralia
Who am I, and why are you here?
“Specialization is for insects” - Robert A. Heinlein
Hear a tale of a journey from innocence to experience?
Learn a bit about containers, networking, and how we dug up
from a tangly mess so that you don’t have to

@cevoaustralia
A quick summary
Docker in 60 seconds (and why)
ECS in 60 seconds
A story of a journey through complexity
Why this is a reasonable thing to do
Power-ups, bells and whistles
Caveats
And live demos (demo gods willing)

@cevoaustralia
Docker in ~60 seconds, and why you should care
Servers VMs Containers Functions

@cevoaustralia
What’s this ECS thing, then?
Container
Orchestration
AWS-integrated
Photo by Guillame Bolduc on Unsplash

@cevoaustralia
Tangled in string (how did we get there???)
Migrating legacy
No re-architecting
Many containers
ECS constraints
Photo by Khara Woods on Unsplash

@cevoaustralia
Our first workaround
“Ambassador”
pattern
Introduced
complexity
Loss of environment
parity
Photo by Luciano Ribas on Unsplash

@cevoaustralia
What other options do we have?
docker-compose
swarm
Kubernetes,
Mesos,
Rancher, …
rewrite ecs-task-kite
DNS-based
discovery
urk … Photo by Ishan @seefromthesky on Unsplash

@cevoaustralia
An example of the ambassador pattern

@cevoaustralia
Then, a light!
“weave”!
Open source
Container-
transparent
Fast, resilient …
Photo by Steve Halama on Unsplash

@cevoaustralia
Imagine how horrible this would be ...

@cevoaustralia
Mesh networks make routing simple

@cevoaustralia
Yeah, nah
AutoScaling is
your friend!
Public pre-installed
AMI
It’s tricky to set up though, right?
Photo by Austin Neill on Unsplash

@cevoaustralia
Auto-discovery based on AutoScaling groupName

@cevoaustralia
Environment parity
Principle of
least surprise
Reduce risk of
promotion
Support custom or
legacy protocols
Hides complex
network
shenanigans
OK, this is all lovely … but why?
Photo by Emily Morter on Unsplash

@cevoaustralia
But that’s not all, folks!

@cevoaustralia
Connecting
containers
between
Sydney and Tokyo
with zero fuss
or bother
Cross-region demo
Photo by Cristina Munteanu on Unsplash

@cevoaustralia
Visibility and control as well

@cevoaustralia
Just because you
can …
Network and
config complexity
beyond MVP
Well-decoupled
systems might not
need it
Existing solutions
may be sufficient
Magic ... but not all unicorns and rainbows
Photo by Annie Spratt on Unsplash

@cevoaustralia
Key takeaways
Useful for dev-test
environment
parity as well as
solving some key
legacy issues
Pretty simple to set
up and use
Free! (speech and
beer)
Photo by Clem Onojeghuo on Unsplash

@cevoaustralia
Thank you - and some references
https://www.weave.works/
https://github.com/weaveworks/weave
https://aws.amazon.com/ecs/
https://unsplash.com/

Mais conteúdo relacionado

Último

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Dubai, known for its towering skyscrapers, luxurious lifestyle, and relentless pursuit of innovation, often finds itself in the global spotlight. However, amidst the glitz and glamour, the emirate faces its own set of challenges, including the occasional threat of flooding. In recent years, Dubai has experienced sporadic but significant floods, disrupting normalcy and posing unique challenges to its infrastructure. Among the critical nodes in this bustling metropolis is the Dubai International Airport, a vital hub connecting the world. This article delves into the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Orbitshub

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

ICT role in 21st century education and its challenges

rafiqahmad00786416

Accelerating FinTech Innovation: Unleashing API Economy and GenAI Vasa Krishnan, Chief Technology Officer - FinResults Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

apidays

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

DBX First Quarter 2024 Investor Presentation

Dropbox

Angeliki Cooney has spent over twenty years at the forefront of the life sciences industry, working out of Wynantskill, NY. She is highly regarded for her dedication to advancing the development and accessibility of innovative treatments for chronic diseases, rare disorders, and cancer. Her professional journey has centered on strategic consulting for biopharmaceutical companies, facilitating digital transformation, enhancing omnichannel engagement, and refining strategic commercial practices. Angeliki's innovative contributions include pioneering several software-as-a-service (SaaS) products for the life sciences sector, earning her three patents. As the Senior Vice President of Life Sciences at Avenga, Angeliki orchestrated the firm's strategic entry into the U.S. market. Avenga, a renowned digital engineering and consulting firm, partners with significant entities in the pharmaceutical and biotechnology fields. Her leadership was instrumental in expanding Avenga's client base and establishing its presence in the competitive U.S. market.

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Angeliki Cooney

Following the popularity of “Cloud Revolution: Exploring the New Wave of Serverless Spatial Data,” we’re thrilled to announce this much-anticipated encore webinar. In this sequel, we’ll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you’re building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Understanding the FAA Part 107 License ..

Christopher Logan Kennedy

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Whatsapp Number Escorts Call girls 8617370543 Available 24x7 Mcleodganj Call Girls Service Offer Genuine VIP Model Escorts Call Girls in Your Budget. Mcleodganj Call Girls Service Provide Real Call Girls Number. Make Your Sexual Pleasure Memorable with Our Mcleodganj Call Girls at Affordable Price. Top VIP Escorts Call Girls, High Profile Independent Escorts Call Girls, Housewife Women Escorts Call Girl, College Girls Escorts Call Girls, Russian Escorts Call girls Service in Your Budget.

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model

Deepika Singh

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

[BuildWithAI] Introduction to Gemini.pdf

Sandro Moreira

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

Keynote 2: APIs in 2030: The Risk of Technological Sleepwalk Paolo Malinverno, Growth Advisor - The Business of Technology Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

apidays

Destaque

Product Design Trends in 2024 | Teenage Engineerings

Pixeldarts

Mental health has been in the news quite a bit lately. Dozens of U.S. states are currently suing Meta for contributing to the youth mental health crisis by inserting addictive features into their products, while the U.S. Surgeon General is touring the nation to bring awareness to the growing epidemic of loneliness and isolation. The country has endured periods of low national morale, such as in the 1970s when high inflation and the energy crisis worsened public sentiment following the Vietnam War. The current mood, however, feels different. Gallup recently reported that national mental health is at an all-time low, with few bright spots to lift spirits. To better understand how Americans are feeling and their attitudes towards mental health in general, ThinkNow conducted a nationally representative quantitative survey of 1,500 respondents and found some interesting differences among ethnic, age and gender groups. Technology For example, 52% agree that technology and social media have a negative impact on mental health, but when broken out by race, 61% of Whites felt technology had a negative effect, and only 48% of Hispanics thought it did. While technology has helped us keep in touch with friends and family in faraway places, it appears to have degraded our ability to connect in person. Staying connected online is a double-edged sword since the same news feed that brings us pictures of the grandkids and fluffy kittens also feeds us news about the wars in Israel and Ukraine, the dysfunction in Washington, the latest mass shooting and the climate crisis. Hispanics may have a built-in defense against the isolation technology breeds, owing to their large, multigenerational households, strong social support systems, and tendency to use social media to stay connected with relatives abroad. Age and Gender When asked how individuals rate their mental health, men rate it higher than women by 11 percentage points, and Baby Boomers rank it highest at 83%, saying it’s good or excellent vs. 57% of Gen Z saying the same. Gen Z spends the most amount of time on social media, so the notion that social media negatively affects mental health appears to be correlated. Unfortunately, Gen Z is also the generation that’s least comfortable discussing mental health concerns with healthcare professionals. Only 40% of them state they’re comfortable discussing their issues with a professional compared to 60% of Millennials and 65% of Boomers. Race Affects Attitudes As seen in previous research conducted by ThinkNow, Asian Americans lag other groups when it comes to awareness of mental health issues. Twenty-four percent of Asian Americans believe that having a mental health issue is a sign of weakness compared to the 16% average for all groups. Asians are also considerably less likely to be aware of mental health services in their communities (42% vs. 55%) and most likely to seek out information on social media (51% vs. 35%).

How Race, Age and Gender Shape Attitudes Towards Mental Health

ThinkNow

AI Trends in Creative Operations 2024 by Artwork Flow.pdf

marketingartwork

Skeleton Culture Code

Skeleton Technologies

PEPSICO Presentation to CAGNY Conference Feb 2024

Neil Kimberley

Content Methodology: A Best Practices Report (Webinar)

contently

How to Prepare For a Successful Job Search for 2024

Albert Qian

A report by thenetworkone and Kurio. The contributing experts and agencies are (in an alphabetical order): Sylwia Rytel, Social Media Supervisor, 180heartbeats + JUNG v MATT (PL), Sharlene Jenner, Vice President - Director of Engagement Strategy, Abelson Taylor (USA), Alex Casanovas, Digital Director, Atrevia (ES), Dora Beilin, Senior Social Strategist, Barrett Hoffher (USA), Min Seo, Campaign Director, Brand New Agency (KR), Deshé M. Gully, Associate Strategist, Day One Agency (USA), Francesca Trevisan, Strategist, Different (IT), Trevor Crossman, CX and Digital Transformation Director; Olivia Hussey, Strategic Planner; Simi Srinarula, Social Media Manager, The Hallway (AUS), James Hebbert, Managing Director, Hylink (CN / UK), Mundy Álvarez, Planning Director; Pedro Rojas, Social Media Manager; Pancho González, CCO, Inbrax (CH), Oana Oprea, Head of Digital Planning, Jam Session Agency (RO), Amy Bottrill, Social Account Director, Launch (UK), Gaby Arriaga, Founder, Leonardo1452 (MX), Shantesh S Row, Creative Director, Liwa (UAE), Rajesh Mehta, Chief Strategy Officer; Dhruv Gaur, Digital Planning Lead; Leonie Mergulhao, Account Supervisor - Social Media & PR, Medulla (IN), Aurelija Plioplytė, Head of Digital & Social, Not Perfect (LI), Daiana Khaidargaliyeva, Account Manager, Osaka Labs (UK / USA), Stefanie Söhnchen, Vice President Digital, PIABO Communications (DE), Elisabeth Winiartati, Managing Consultant, Head of Global Integrated Communications; Lydia Aprina, Account Manager, Integrated Marketing and Communications; Nita Prabowo, Account Manager, Integrated Marketing and Communications; Okhi, Web Developer, PNTR Group (ID), Kei Obusan, Insights Director; Daffi Ranandi, Insights Manager, Radarr (SG), Gautam Reghunath, Co-founder & CEO, Talented (IN), Donagh Humphreys, Head of Social and Digital Innovation, THINKHOUSE (IRE), Sarah Yim, Strategy Director, Zulu Alpha Kilo (CA).

Social Media Marketing Trends 2024 // The Global Indie Insights

Kurio // The Social Media Age(ncy)

The search marketing landscape is evolving rapidly with new technologies, and professionals, like you, rely on innovative paid search strategies to meet changing demands. It’s important that you’re ready to implement new strategies in 2024. Check this out and learn the top trends in paid search advertising that are expected to gain traction, so you can drive higher ROI more efficiently in 2024. You’ll learn: - The latest trends in AI and automation, and what this means for an evolving paid search ecosystem. - New developments in privacy and data regulation. - Emerging ad formats that are expected to make an impact next year. Watch Sreekant Lanka from iQuanti and Irina Klein from OneMain Financial as they dive into the future of paid search and explore the trends, strategies, and technologies that will shape the search marketing landscape. If you’re looking to assess your paid search strategy and design an industry-aligned plan for 2024, then this webinar is for you.

Trends In Paid Search: Navigating The Digital Landscape In 2024

Search Engine Journal

From their humble beginnings in 1984, TED has grown into the world’s most powerful amplifier for speakers and thought-leaders to share their ideas. They have over 2,400 filmed talks (not including the 30,000+ TEDx videos) freely available online, and have hosted over 17,500 events around the world. With over one billion views in a year, it’s no wonder that so many speakers are looking to TED for ideas on how to share their message more effectively. The article “5 Public-Speaking Tips TED Gives Its Speakers”, by Carmine Gallo for Forbes, gives speakers five practical ways to connect with their audience, and effectively share their ideas on stage. Whether you are gearing up to get on a TED stage yourself, or just want to master the skills that so many of their speakers possess, these tips and quotes from Chris Anderson, the TED Talks Curator, will encourage you to make the most impactful impression on your audience. See the full article and more summaries like this on SpeakerHub here: https://speakerhub.com/blog/5-presentation-tips-ted-gives-its-speakers See the original article on Forbes here: http://www.forbes.com/forbes/welcome/?toURL=http://www.forbes.com/sites/carminegallo/2016/05/06/5-public-speaking-tips-ted-gives-its-speakers/&refURL=&referrer=#5c07a8221d9b

5 Public speaking tips from TED - Visualized summary

SpeakerHub

Everyone is in agreement that ChatGPT (and other generative AI tools) will shape the future of work. Yet there is little consensus on exactly how, when, and to what extent this technology will change our world. Businesses that extract maximum value from ChatGPT will use it as a collaborative tool for everything from brainstorming to technical maintenance. For individuals, now is the time to pinpoint the skills the future professional will need to thrive in the AI age. Check out this presentation to understand what ChatGPT is, how it will shape the future of work, and how you can prepare to take advantage.

ChatGPT and the Future of Work - Clark Boyd

Clark Boyd

Getting into the tech field. what next

Tessa Mero

Google's Just Not That Into You: Understanding Core Updates & Search Intent

Lily Ray

How to have difficult conversations

Rajiv Jayarajah, MAppComm, ACC

Introduction to Data Science

Christy Abraham Joy

Time Management & Productivity - Best Practices

Vit Horky

The six step guide to practical project management If you think managing projects is too difficult, think again. We’ve stripped back project management processes to the basics – to make it quicker and easier, without sacrificing the vital ingredients for success. “If you’re looking for some real-world guidance, then The Six Step Guide to Practical Project Management will help.” Dr Andrew Makar, Tactical Project Management

The six step guide to practical project management

MindGenius

Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...

RachelPearson36

During this webinar, Anand Bagmar demonstrates how AI tools such as ChatGPT can be applied to various stages of the software development life cycle (SDLC) using an eCommerce application case study. Find the on-demand recording and more info at https://applitools.info/b59 Key takeaways: • Learn how to use ChatGPT to add AI power to your testing and test automation • Understand the limitations of the technology and where human expertise is crucial • Gain insight into different AI-based tools • Adopt AI-based tools to stay relevant and optimize work for developers and testers * ChatGPT and OpenAI belong to OpenAI, L.L.C.

Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...

Applitools

12 Ways to Increase Your Influence at Work

GetSmarter

Destaque (20)

Product Design Trends in 2024 | Teenage Engineerings

How Race, Age and Gender Shape Attitudes Towards Mental Health

AI Trends in Creative Operations 2024 by Artwork Flow.pdf

Skeleton Culture Code

PEPSICO Presentation to CAGNY Conference Feb 2024

Content Methodology: A Best Practices Report (Webinar)

How to Prepare For a Successful Job Search for 2024

Social Media Marketing Trends 2024 // The Global Indie Insights

Trends In Paid Search: Navigating The Digital Landscape In 2024

5 Public speaking tips from TED - Visualized summary

ChatGPT and the Future of Work - Clark Boyd

Getting into the tech field. what next

Google's Just Not That Into You: Understanding Core Updates & Search Intent

How to have difficult conversations

Introduction to Data Science

Time Management & Productivity - Best Practices

The six step guide to practical project management

Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...

Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...

12 Ways to Increase Your Influence at Work

LASTconf 2017 - Simplifying Amazon ECS by Weaving overlay networks

1. @cevoaustralia

2. @cevoaustralia Simplifying Amazon ECS by Weaving overlay networks Colin Panisset, Cevo @nonspecialist

3. @cevoaustralia Who am I, and why are you here? “Specialization is for insects” - Robert A. Heinlein Hear a tale of a journey from innocence to experience? Learn a bit about containers, networking, and how we dug up from a tangly mess so that you don’t have to

4. @cevoaustralia A quick summary Docker in 60 seconds (and why) ECS in 60 seconds A story of a journey through complexity Why this is a reasonable thing to do Power-ups, bells and whistles Caveats And live demos (demo gods willing)

5. @cevoaustralia Docker in ~60 seconds, and why you should care Servers VMs Containers Functions

6. @cevoaustralia What’s this ECS thing, then? Container Orchestration AWS-integrated Photo by Guillame Bolduc on Unsplash

7. @cevoaustralia Tangled in string (how did we get there???) Migrating legacy No re-architecting Many containers ECS constraints Photo by Khara Woods on Unsplash

8. @cevoaustralia Our first workaround “Ambassador” pattern Introduced complexity Loss of environment parity Photo by Luciano Ribas on Unsplash

9. @cevoaustralia What other options do we have? docker-compose swarm Kubernetes, Mesos, Rancher, … rewrite ecs-task-kite DNS-based discovery urk … Photo by Ishan @seefromthesky on Unsplash

10. @cevoaustralia An example of the ambassador pattern

11. @cevoaustralia Unnecessary complexity …

12. @cevoaustralia Then, a light! “weave”! Open source Container- transparent Fast, resilient … Photo by Steve Halama on Unsplash

13. @cevoaustralia Simplified by weave

14. @cevoaustralia Imagine how horrible this would be ...

15. @cevoaustralia Mesh networks make routing simple

16. @cevoaustralia Yeah, nah AutoScaling is your friend! Public pre-installed AMI It’s tricky to set up though, right? Photo by Austin Neill on Unsplash

17. @cevoaustralia Auto-discovery based on AutoScaling groupName

18. @cevoaustralia Environment parity Principle of least surprise Reduce risk of promotion Support custom or legacy protocols Hides complex network shenanigans OK, this is all lovely … but why? Photo by Emily Morter on Unsplash

19. @cevoaustralia Demo o’clock!

20. @cevoaustralia But that’s not all, folks!

21. @cevoaustralia Connecting containers between Sydney and Tokyo with zero fuss or bother Cross-region demo Photo by Cristina Munteanu on Unsplash

22. @cevoaustralia And more ...

23. @cevoaustralia Visibility and control as well

24. @cevoaustralia Just because you can … Network and config complexity beyond MVP Well-decoupled systems might not need it Existing solutions may be sufficient Magic ... but not all unicorns and rainbows Photo by Annie Spratt on Unsplash

25. @cevoaustralia Key takeaways Useful for dev-test environment parity as well as solving some key legacy issues Pretty simple to set up and use Free! (speech and beer) Photo by Clem Onojeghuo on Unsplash

26. @cevoaustralia Thank you - and some references https://www.weave.works/ https://github.com/weaveworks/weave https://aws.amazon.com/ecs/ https://unsplash.com/

Notas do Editor

I’m Colin! I work for Cevo, and we help companies develop and use DevOps mindsets, infrastructure automation, and software delivery process improvements I’ve done many things; I don’t claim to be excellent at any of them, but I’m ok at some of them, and solving interesting problems in novel ways is one thing I’m not bad at. I hope you’re here to hear a bit of a story of discovery, and I hope that when you leave, you’ve either got another tool in your belt for dealing with network complexity in containerised applications, or you’ve at least had a pleasant time listening to me tell everyone else about it. Let’s get cracking
So, no pressure
In the old days, we had physical machines like factories; everything in the one box. If you needed another factory, you had to build one (or buy one). As system power and technology grew, we developed the ability to virtualise factories. One physical box could now host multiple virtual machines, but each VM still runs a complete operating system, with the associated boot times, configuration management challenges, etc. Containers are the next logical step; instead of providing whole-(virtual)-operating system isolation, they provide per-process isolation The step beyond that, Functions-as-a-service (or “serverless”) is not the subject of this talk, but I mention them for completeness No process runs independently of a filesystem, libraries, etc, and that brings versioning and config management challenges; containers provide a fully-resolved artifact that encapsulates versioned dependencies, and give a reasonably consistent interface for config management They simplify immutable infrastructure, development-to-deployment consistency Consistency -> confidence to release -> increase throughput, reduce time-to-value
Containers require orchestration -- where and when to run, connections to other containers, resource constraints, how many to run, restarts, etc … There are many container orchestration frameworks -- Kubernetes, Mesos, Marathon, Rancher, Docker Swarm … ECS is one of them, from Amazon Integrated into the AWS ecosystem, though you could use it outside AWS if you were sufficiently perverse Ok, so now you have the background
Iterative migration of a legacy application; components into containers, containers into ECS, with a goal of automating test environment provisioning, for inclusion in build pipelines. The process of discovery (no one person actually knew how the application worked) resulted in more and more containers, with more coupling between them No ability to re-architect the application One working “stack” of application components -> 35 containers (eeek!) ECS imposes some constraints: “Service” -> multiple “Task Definitions” -> 10 containers per Task Definition Communication between containers in different task definitions can’t use container-name as a hostname! Therefore: communication between task definitions requires some kind of routing or proxying capability.
Used the “ambassador” pattern, as described by the Docker documentation: basically, a proxy container AWS has an “example” one that we tried, called “ecs-task-kite” -- fine for proof of concept, but not supported for prod. Can also only proxy to one service at a time. For smaller, low-complexity systems, this is fine. However, every task definition that had a container that needed to connect to a container in a different task definition, needed an ambassador container; and with the limit of 10 containers per task definition, we saw a rapid explosion in the number of task definitions, and the number of ambassador containers At the point where we had only 23 of our 35 final application components containerised, we were running over 52 containers in ECS Because we didn’t have this limitation on the local system (we were using docker-compose), we had introduced differences between local and ECS-based environments. Exactly the opposite of what we set out to do! So that was clearly inadequate ...
Docker-compose on EC2 would have worked, but changing or updating an already-running system with a different version of a container would have required fragile cleverness Swarm was quite immature, and undergoing some fairly rapid change which meant that we would have been tracking a moving target Organisation had no experience of Kubernetes, Mesos … and poor prior experiences with Rancher … so choosing a different orchestration framework would add complexity, not reduce it We investigated rewriting or extending ecs-task-kite, but limitations of how the application was written (specific ports, etc) would have made it futile We looked at using DNS for service discovery, but poor infrastructure (out of our control or influence) would have introduced unpredictable failures So … were we screwed?
The ambassador container, in this case, ecs-task-kite, first queries the AWS APIs in order to find out the IP address and port of the “actual” container Connections using the local namespace are proxied via the ambassador container to the “actual” destination Some advantages: Destination container could be in another ECS cluster, even potentially in another region; Multiple destination containers could be load-balanced Significant drawbacks: Number of containers goes up, number of ambassadors grows as well API rate limits from AWS become a problem -- and because they are account-wide, one stack can impact others
This slide is about 1 month into the migration to ECS -- the blue bits are load balancer components, the green bits are actual application components, and the red bits are ambassador containers. Ick!
Remembered this thing called “weave” -- encountered it in passing a few years ago, remembered it was some kind of inter-container network thing for Docker It’s Open Source (they have a paid offering based on support, monitoring, and more advanced UI) It’s transparent to containers -- they don’t know it’s there, they can just “magically” connect to another container by name, which means that service discovery is taken care of It’s pretty fast, and it’s resilient to failures
No need for additional “ambassador” containers AWS API rate limits are no longer a problem Same “load balancing” capability via DNS lookups (multiple destination containers of the same name would just return as multiple IP addresses to a single DNS lookup)
… if we didn’t have Weave! There are zero ambassador containers in this diagram
It does clever things to route traffic, so you don’t need hub-and-spoke configurations -- the network is a mesh If there’s a path from one node to another, traffic can flow along it All traffic _within_ a node between containers never goes outside the host -- so it’s fast
It’s not! At least, not for the minimal case using Amazon AutoScaling groups Weave provide an AMI (Amazon Machine Image) free of charge, which is the basic Amazon ECS AMI plus the weave setup steps already configured (it’s about 7 lines of shell script)
Uses tags applied by AutoScaling to find other instances in the same ASG, and creates the overlay network between them If you want to connect instances between different autoscaling groups, just use the weave:peerGroupName tag
It made our ECS configuration look exactly like our docker-compose configuration and we get scale-out DNS-based load balancing for free Keeping local dev and in-cloud dev/test environments (and, eventually, prod) looking the same means that we’re testing the same kind of config that’s being deployed -- risk management Some applications can’t be migrated to AWS because they require custom IP protocols; overlay network enables that Security, encryption, route discovery, NAT traversal -- all taken care of
Everyone loves a live demo! In this one, I’ll show you how two containers, running on two different EC2 instances, can communicate with each other with no special dockery configuration, if they’re on a weave cluster.
Weave allows you to configure mesh networks across more than just instances in the same AWS region. You can: Create networks that span regions, transparent to the containers (with the exception of latency, of course)
You can configure networks that span multiple cloud providers, or are even hybrid-cloud, with a little more work Implications are potentially significant if you want to have cross-cloud data flows for resilience, performance, or any other reason Simple to connect legacy on-prem applications to containerised systems in cloud
‘Scope’ allows you to monitor the containers in a topology, and interact with them You can monitor connections, workloads, and resource utilisation Scope also allows you to interact with the container in the browser!
Just because you can, doesn’t mean you should Enabler of bad patterns if not watched carefully -- excessive coupling and poor architectures become easy There’s complexity beyond the MVP -- network configuration, cross-cloud and cross-region discovery, and so forth; security and access control require key distribution and credential management systems; this is not unique to Weave, any complex system has these challenges I would not use this: If you don’t need a transparent overlay network -- eg if your system architecture is well-decoupled If your container environment is simple, or you already have a service discovery setup that you like, or is well-established within your team or organisation (the cost of changing must be factored in)
Any questions?

LASTconf 2017 - Simplifying Amazon ECS by Weaving overlay networks

Recomendados

Recomendados

Mais conteúdo relacionado

Último

Último (20)

Destaque

Destaque (20)

LASTconf 2017 - Simplifying Amazon ECS by Weaving overlay networks

Notas do Editor