Top Banner
Amazon EC2 Container Service (ECS) && Amazon EC2 Container Registry (ECR) - Dive Deep(?) 김기완, 솔루션스 아키텍트, 아마존웹서비스 코리아 Dec 14, 2015
46

ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Jan 06, 2017

Download

Technology

Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Amazon EC2 Container Service (ECS) &&Amazon EC2 Container Registry (ECR)

- Dive Deep(?)

김기완,솔루션스아키텍트,아마존웹서비스코리아Dec 14, 2015

Page 2: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Some Facts on Docker (Sample of 7,000 compaines)

5 times grow in ONE year

2014.9 : 1.8% à2015.9 : 8.3%

Page 3: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Some Facts on Docker (Sample of 7,000 compaines)

0% à 6% in ONE year!

Page 4: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Some Facts on Docker (Sample of 7,000 compaines)

Larger Companies Are the Early Adopters

Page 5: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Server

Guest OS

Bins/Libs Bins/Libs

App2App1

Managing one resource is straightforward

Page 6: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Server

Guest OS

Bins/Libs Bins/Libs

App2App1

Managing one resource is straightforward

$ docker run myimage

Page 7: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Server

Guest OS

Managing a cluster is hard !!

Page 8: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Fleet management

• Monitor utilization

• Grow capacity

• Security

Page 9: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

State Management

Availability Zone 1 Availability Zone 2

Page 10: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Amazon EC2 Container Service (ECS)

Page 11: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Architecture

Page 12: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Cluster Management Made Easy

• No cluster software to install and manage

• Manages cluster state• Manages containers• Control and monitoring• Scale from one to tens of thousands of

containers

Page 13: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Flexible Container Placement

Applications

Batch jobs

Multiple schedulers

Page 14: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Designed for use with other AWS services

Elastic Load BalancingAmazon Elastic Block StoreAmazon Virtual Private CloudAWS Identity and Access ManagementAWS CloudTrail

Page 15: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Extensible

Comprehensive APIs

Open source agent

Custom schedulers

Page 16: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

• Container Instance

• Cluster

• Task Definitions

• Tasks

• ServiceContainer Instance

Container Instance

Container Instance

Cluster

Task definition

Task

Service

Components

Page 17: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Overall Steps

• Create Cluster in ECS Console or CLI

• Prepare Cluster Instances

• Prepare Task Definitions

• Configure the scheduler (services, …)

Page 18: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Container Instances

#!/bin/bash echo ECS_CLUSTER=containerday >> /etc/ecs/ecs.configEOF

• Use ‘ecs-optimized’ AMI

• One line in the user data section

Page 19: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Container Instances

Page 20: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

{"environment": [],"name": "simple-demo","image": "my-demo","cpu": 10,"memory": 500,"portMappings": [

{"containerPort": 80,"hostPort": 80

}],"mountPoints": [

{"sourceVolume": "my-vol","containerPath": "/var/www/my-

vol"}

],"entryPoint": [

"/usr/sbin/apache2","-D","FOREGROUND"

],"essential": true

},

Task Definitions[{

"image": "mysql","name": "db","cpu": 10,"memory": 500,"essential": true,"entryPoint": ["/entrypoint.sh"

],"environment": [{"name": "MYSQL_ROOT_PASSWORD","value": "pass"

}],"portMappings": []

}]

Essential to our Task

Create and mount volumes

Expose port 80 in containerto port 80 on host

10 CPU Units (1024 is full CPU),500 Megabytes of Memory

Page 21: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Tasks

Container Instance

Schedule

Shared Data Volume

PHP App Time of day App

Shared Data Volume

PHP App Time of day App

Page 22: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Scheduling Amazon ECS Tasks

• The Amazon ECS schedulers leverage cluster state information provided by the Amazon ECS API to make an appropriate placement decision.

• Services (Service Scheduler)– Long running stateless services and applications– Ensures that the specified number of tasks are constantly running and reschedules when a task fails– ELB– Can be dynamically changed (new task, # of desired tasks, …)

• Running Tasks (Runtask)– Batch jobs– Randomly distributes tasks across the cluster, but try to balance it

• The StartTask API – Write or use your own schedulers– AWS CLI, AWS SDK, and the Amazon ECS API– List/Describe to get the state of your cluster, and using StartTask, place tasks on the appropriate container instance

Page 23: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Services (Service Scheduler)

• If a task in a service becomes unhealthy or unresponsive, the task is killed and restarted. This process continues until your service reaches the number of desired running tasks.

• You can optionally run your service behind a load balancer

• When the service scheduler launches new tasks, it attempts to balance them across the Availability Zones in your cluster with the following logic (AZ aware scheduling) :

– Determine which of the container instances in your cluster can support your service's task definition (for example, they have the required CPU, memory, ports, and container instance attributes).

– Sort the valid container instances by the fewest number of running tasks for this service in the same Availability Zone as the instance. For example, if zone A has one running service task and zones B and C each have zero, valid container instances in either zone B or C are considered optimal for placement.

– Place the new service task on a valid container instance in an optimal Availability Zone (based on the previous steps), favoring container instances with the fewest number of running tasks for this service.

Page 24: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Service Load Balancer

Page 25: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Service Load Balancer

• One Load Balancer per service.

• One Load Balancer can support multiple ports, if containers in the task definitions require multiple ports for the service. (e.g. a task definition consists of Elasticsearch using port 3030 on the container instance, with Logstash and Kibana using port 4040 on the container instance, the same load balancer can route traffic to Elasticsearch and Kibana through two listeners)

• Load balancer subnet configuration must include all subnets that your container instances reside in.

• If a service’s task fails the load balancer health check criteria, the task is killed and restarted. This process continues until your service reaches the number of desired running tasks.

Page 26: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Updating a Service

• Change the number of tasks that are maintained by a service.

• Scale up or down. (as long as the container instances are available)

• If the Docker image is updated, create a new task definition with that image, and deploy it to the service.

• The service scheduler creates a task with the new task definition (provided there is an available container instance to place it on), and after it reaches the RUNNING state, a task that is using the old task definition is drained and stopped. This process continues until all of the desired tasks in your service are using the new task definition.

Page 27: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Services

• Load Balance traffic across containers• Automatically recover unhealthy containers• Discover services

Shared Data Volume

PHP App

Time of day App

Shared Data Volume

PHP App

Time of day App

Shared Data Volume

PHP App

Time of day App

Elastic Load Balancing

Page 28: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Update Service

• Scale up• Scale down

Elastic Load Balancing

Shared Data Volume

PHP App

Time of day App

Shared Data Volume

PHP App

Time of day App

Shared Data Volume

PHP App

Time of day App

Shared Data Volume

PHP App

Time of day App

Page 29: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Update Service

• Deploy new version• Drain connections

Elastic Load Balancing

Shared Data Volume

PHP App

Time of day App

Shared Data Volume

PHP App

Time of day App

Shared Data Volume

PHP App

Time of day App

Page 30: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Running Tasks (RunTask)

• One-time or periodic batch job.

• If you want a specified number of tasks to always remain running or if you want to place your tasks behind a load balancer, you should use the Amazon ECS service scheduler.

Page 31: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Task Life Cycle

Page 32: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Auto Scaling in ECS?

https://aws.amazon.com/blogs/compute/scaling-amazon-ecs-services-automatically-using-amazon-cloudwatch-and-aws-lambda/

Page 33: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

So, Happy Enough?

Page 34: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Some Facts on Docker (Sample of 7,000 compaines)

Hmmmm, Registry??

Page 35: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Remaining Pain-points

• “We don’t want to be in the business of hosting our own infrastructure for a container registry”

• “Need a service that has better up time and can handle hundreds of image pulls at once”

• “Need to keep images private with fine-grained access control without managing certificates or credentials”

Page 36: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day
Page 37: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day
Page 38: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Overview

• Security– IAM Resource-based Policies– Images encrypted at transit and at rest

• Easily Manage & Deploy Images– Tight Integration with ECS– Standalone Service– Integration with Docker Toolset– Management Console & AWS CLI

• Reliability & Performance– S3 Backed– Regional Endpoints– Expect to handle hundreds of concurrent pulls

Page 39: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Pricing

• $0.10 per GB/month Docker image storage pricing

• Data transfer pass-through pricing (customary AWS rates)– Free data in– Charge for data out to internet and data out from one region to

another

• 12-month free tier for 500MB image storage

Page 40: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Amazon ECR Default Service Limits

Resources Default LimitNumber of repositories per account 10Number of images per repository 50

Number of layers per image 127 (Current Docker limit)Layer size 1GiB

Page 41: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

AWS Console for ECR

Page 42: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

AWS Console for ECR

Page 43: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

AWS Console for ECR

Page 44: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Demo

Page 45: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Q&A

Page 46: ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

THANK YOU!