amazon ecs with docker | aws public sector summit 2016
TRANSCRIPT
![Page 1: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/1.jpg)
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Chad Schmutzer, Solutions Architect, AWS
June 21, 2016
Amazon ECS with DockerIt’s All About Containers
![Page 2: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/2.jpg)
Agenda
Why containers?
What is Docker?
Amazon EC2 Container Service (Amazon ECS)
• Cluster management
• Benefits
• Running services
![Page 3: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/3.jpg)
Why Containers?
![Page 4: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/4.jpg)
The Problem
Different application stacks
Different hardware deployment environments
How to run all applications across different environments?
How to easily migrate from one environment to another?
Static website
Web front end
Background workers
User DB
Analytics DB
Queue
Develop-ment VM
QA server
Single prod
server
On-site cluster
Public cloud
Contributor’s laptop
Customer servers
![Page 5: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/5.jpg)
Static website
Webfront end
Background workers
User DB
Analytics DB
Queue
Develop-ment VM
QA server
Single prod
server
On-site cluster
Public cloud
Contributor’s laptop
Customer servers
The Solution
Unit of software delivery
Lightweight, portable, consistent
Deploy and run everywhere
Deploy and run anything
![Page 6: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/6.jpg)
Containers
User space running on OS kernel
Little overhead
Guest OS choices limited to host OS kernel
Been around for a while: chroot, FreeBSD jails, Solaris containers, OpenVZ, LXC
![Page 7: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/7.jpg)
VMs vs. Containers
VMs Containers
https://www.docker.com/what-docker
![Page 8: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/8.jpg)
Container Advantages
Portable
Flexible
Fast
EfficientServer
Guest OS
Bins/Libs Bins/Libs
App2App1
![Page 9: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/9.jpg)
Benefits
Portable runtime application environment
Package application and dependencies in a single artifact
Run different application versions (different dependencies) simultaneously
Faster development & deployment cycles
Better resource utilization
![Page 10: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/10.jpg)
Use Cases
Consistent environment between development & production
Service-oriented architectures / microservices
Short lived workflows
Isolated environments for testing
![Page 11: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/11.jpg)
Services Evolve to Microservices
Monolithic Application
Order UI User UI Shipping UI
OrderService
UserService
ShippingService
DataAccess
Host 1
Service A
Service B
Host 2
Service B
Service D
Host 3
Service A
Service C
Host 4
Service B
Service C
![Page 12: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/12.jpg)
Containers Are Natural for Microservices
Simple to model
Any app, any language
Image is the version
Test & deploy same artifact
Stateless servers decrease change risk
![Page 13: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/13.jpg)
What is Docker?
![Page 14: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/14.jpg)
Docker
Lightweight container virtualization platform
Tools to manage and deploy your applications
Licensed under the Apache 2.0 license
Built by Docker, Inc.
![Page 15: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/15.jpg)
Docker Engine
Docker daemon
Docker client
Image source - https://docs.docker.com/engine/introduction/understanding-docker/
Client DOCKER_HOST Registry
docker builddocker pull
docker run
Docker daemon
Containers Images
![Page 16: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/16.jpg)
Amazon ECS: Cluster Management
![Page 17: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/17.jpg)
Scheduling
![Page 18: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/18.jpg)
Server
Guest OS
Bins/Libs Bins/Libs
App2App1
Scheduling One Resource Is Straightforward
![Page 19: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/19.jpg)
Scheduling a Cluster Is Hard
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
![Page 20: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/20.jpg)
General Cluster Management: Resource Management
DockerTask
EC2 Instance
Container
DockerTask
EC2 Instance
Container
TaskContainer
Docker
EC2 Instance
TaskContainer
AZ 1 AZ 2
![Page 21: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/21.jpg)
General Cluster Management: Scheduling
DockerTask
EC2 Instance
Container
DockerTask
EC2 Instance
Container
TaskContainer
Docker
EC2 Instance
TaskContainer
AZ 1 AZ 2
![Page 22: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/22.jpg)
Amazon ECS: Resource Management
DockerTask
Container Instance
Container
TaskContainer
DockerTask
Container Instance
Container
TaskContainer
DockerTask
Container Instance
Container
TaskContainer
AZ 1 AZ 2
Cluster Management Engine
![Page 23: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/23.jpg)
Amazon ECS: Agent Communication
DockerTask
Container Instance
Container
ECS Agent
TaskContainer
DockerTask
Container Instance
Container
ECS Agent
TaskContainer
DockerTask
Container Instance
Container
ECS Agent
TaskContainer
AZ 1 AZ 2
Cluster Management Engine
Agent Communication Service
![Page 24: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/24.jpg)
Amazon ECS: Key/Value Store
DockerTask
Container Instance
Container
ECS Agent
ELB
Internet
ELB
TaskContainer
DockerTask
Container Instance
Container
ECS Agent
TaskContainer
DockerTask
Container Instance
Container
ECS Agent
TaskContainer
AZ 1 AZ 2
Key/Value Store
Cluster Management Engine
Agent Communication Service
![Page 25: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/25.jpg)
Amazon ECS: APIs
DockerTask
Container Instance
Container
ECS Agent
ELB
Internet
ELB
User / Scheduler
API
Cluster Management Engine
TaskContainer
DockerTask
Container Instance
Container
ECS Agent
TaskContainer
DockerTask
Container Instance
Container
ECS Agent
TaskContainer
AZ 1 AZ 2
Key/Value Store
Agent Communication Service
![Page 26: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/26.jpg)
Amazon ECS: Scheduling
DockerTask
Container Instance
Container
ECS Agent
ELB
Internet
ELB
User / Scheduler
API
Cluster Management Engine
TaskContainer
DockerTask
Container Instance
Container
ECS Agent
TaskContainer
DockerTask
Container Instance
Container
ECS Agent
TaskContainer
AZ 1 AZ 2
Key/Value Store
Agent Communication Service
![Page 27: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/27.jpg)
Amazon ECS: Benefits
![Page 28: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/28.jpg)
Easily Manage Clusters for Any Scale
Nothing to run
Complete state
Control and monitoring
Scale
![Page 29: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/29.jpg)
Scalable
![Page 30: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/30.jpg)
Flexible Container Placement
Applications
Batch jobs
Multiple schedulers
![Page 31: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/31.jpg)
Designed for Use with Other AWS Services
Elastic Load Balancing
Amazon Elastic Block Store
Amazon Virtual Private Cloud
Amazon CloudWatch
AWS Identity and Access Management
AWS CloudTrail
![Page 32: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/32.jpg)
Extensible
Comprehensive APIs
Custom schedulers
Open source agent and CLI
![Page 33: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/33.jpg)
Amazon ECS
DockerTask
Container Instance
Amazon ECS
Container
ECS Agent
ELB
Internet
ELB
User / Scheduler
API
Cluster Management Engine
TaskContainer
DockerTask
Container Instance
Container
ECS Agent
TaskContainer
DockerTask
Container Instance
Container
ECS Agent
TaskContainer
AZ 1 AZ 2
Key/Value Store
Agent Communication Service
![Page 34: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/34.jpg)
Amazon ECS: Running Services
![Page 35: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/35.jpg)
Task Definitions
Volume Definitions
Container Definitions
![Page 36: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/36.jpg)
Key Components: Task Definitions
![Page 37: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/37.jpg)
Key Components: Task Definitions
![Page 38: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/38.jpg)
Tasks
Shared Data Volume
Containers
scheduleContainer Instance
Volume Definitions
Container Definitions
![Page 39: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/39.jpg)
Unit of work
Grouping of related containers
Run on container instances
Tasks
![Page 40: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/40.jpg)
Create a Service
Good for long-running applications and services
![Page 41: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/41.jpg)
Create Service
Load balance traffic across containers
Automatically recover unhealthy containers
Discover services
Elastic Load Balancing
Shared Data Volume
Containers
Shared Data Volume
Containers
Shared Data Volume
Containers
![Page 42: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/42.jpg)
Scale Service
Scale up
Scale down
Elastic Load Balancing
Shared Data Volume
Containers
Shared Data Volume
Containers
Shared Data Volume
Containers
Shared Data Volume
Containers
![Page 43: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/43.jpg)
Update Service
Deploy new version
Drain connections
Shared Data Volume
Containers
Shared Data Volume
Containers
Shared Data Volume
Containers
new new new
Elastic Load Balancing
Shared Data Volume
Containers
Shared Data Volume
Containers
Shared Data Volume
Containers
old old old
![Page 44: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/44.jpg)
Update Service (cont.)
Deploy new version
Drain connections
Shared Data Volume
Containers
Shared Data Volume
Containers
Shared Data Volume
Containers
new new new
Elastic Load Balancing
Shared Data Volume
Containers
Shared Data Volume
Containers
Shared Data Volume
Containers
old old old
![Page 45: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/45.jpg)
Update Service (cont.)
Deploy new version
Drain connections
Elastic Load Balancing
Shared Data Volume
Containers
Shared Data Volume
Containers
Shared Data Volume
Containers
new new new
![Page 46: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/46.jpg)
Thank You!
![Page 47: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/47.jpg)
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Chris MalekAssociate Director of Academic Development
June 21, 2016
access.caltech in AWS
![Page 48: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/48.jpg)
• California Institute of Technology• Pasadena, CA• Top tier university: #1 in Times Higher
Education world rankings• Small: 6400 people (1000 undergrads,
1200 grads, 300 faculty, 3900 staff)• 3:1 undergrad-faculty ratio• JPL: Founded by Caltech in 30’s,
managed for NASA since 1958
![Page 49: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/49.jpg)
• Part of IMSS, the central IT org• Lean, 6 people, all developers, even management• 35 years of collective systems administration experience• 50 years of collective development experience• ~130 websites and web applications, including www.caltech.edu and
the campus intranet portal• Much smaller than counterparts at peer institutions
Our job: Enable research and instruction through software
Academic Development Services
![Page 50: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/50.jpg)
Upper management, operations and developers pro-cloudMove all on-premise services to cloud within 3 yearsWe've been production in AWS since 2010Many Caltech production workloads currently in AWS
Strategy: DevOps, public data, low-hanging fruit, Field of Dreams model
Cloud Adoption (2010-present)
![Page 51: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/51.jpg)
Leverage AWS scale, expertise, and capabilities
• AZs, APIs, Infrastructure as code• AWS better than us at many things• AWS allows us to do things we can’t on-premises• Don’t have to run low level services
Allows us to concentrate on how we add value
Why cloud?
![Page 52: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/52.jpg)
access.caltech in AWS
![Page 53: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/53.jpg)
• Distributed system comprised of many interconnected systems.
• Authenticating proxy server with around 90 applications behind it
• Covers most of the academic and administrative apps people might use
Two parts: core system and proxied apps
access.caltech: Caltech’s intranet portal
![Page 54: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/54.jpg)
![Page 55: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/55.jpg)
![Page 56: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/56.jpg)
• Needs to be highly-available• Be performant at variable loads
• Typical traffic: 5-10 hits/s• Must scale to 800 hits/s during registration
• Protect and secure proxied apps and data• Certain core components should stay up during disaster• Be able to easily deploy new versions of core software• Need many DEV, TEST, QA and production support envs
access.caltech: key requirements
![Page 57: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/57.jpg)
user
AUTH SERVICE
REDIS
CONTROL SERVICEhaproxy
home
admin
prefs
my_account
loadapp
challenge_questions_api
LDAP
LEGACY LDAP
LDAP
LEGACY LDAP
Active Directory
mail servers
mailman API
mailman
MySQL
PROXY SERVERS
CORE SERVER
LDAP SLAVES LDAP MASTERS AD
~90 PROXIED APPS
ON-PREM ARCHITECTURE
![Page 58: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/58.jpg)
user
AUTH SERVICE
REDIS
CONTROL SERVICEhaproxy
home
admin
prefs
my_account
loadapp
challenge_questions_api
LDAP
LEGACY LDAP
LDAP
LEGACY LDAP
Active Directory
mail serversmailman API
mailman
MySQL
PROXY SERVERS
CORE SERVER
LDAP SLAVES LDAP MASTERS AD
~90 PROXIED APPS
CLOUD MIGRATION: PHASE 1
![Page 59: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/59.jpg)
• Move access.caltech core PROD to VPC in AWS• Continuous deployment system based on Jenkins,
Docker containers, and Consul• Be able to build DEV and TEST environments in AWS• Proxy from AWS to on-premises apps via VPN tunnel
Later phases: move proxied apps individually to AWS
access.caltech in AWS: phase 1
![Page 60: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/60.jpg)
ELB
NAT
NAT
RDS
AWS
VPN
VPC 1
AZ1ELASTICACHE
(REDIS)
AZ2
PROXY CORE
CONSUL
CONSUL
PROXY CORE
ELASTICACHE (REDIS)RDS
LDAPMASTER
LDAPSLAVE
VPC 2
AZ1
LDAPSLAVE
LDAPMASTER
LDAPSLAVE
AZ2
LDAPSLAVE
ELB ELB
ELASTICSEARCH
~90 PROXIED APPS
CAL TECH
PEERING
ECS MACHINE
AWS SERVICE
EC2 INSTANCE
PRIVATE
PUBLIC
SUBNETS
JENKINS
![Page 61: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/61.jpg)
Need a more rapid, consistent deployment mechanism• Our current process takes weeks to months to get new versions
to production, and deployments are rocky• Raw vs cooked. Cooked: build as much before deployment as
possible. • encapsulation of entire OS as a software artifact• guaranteed same code and OS build for DEV, TEST, PROD• easily replicate whole systems architectures in DEV
Docker image community
Why Docker?
![Page 62: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/62.jpg)
Deployment pipeline (Jenkins)
Build Test Image Run Tests Build and Push final image
Deploy to QA infrastructure
Run integration tests
HumanReview
Deploy to prod infrastructure
Run integration tests
Deploy to prod support
infrastructure
QA P ipeline
Developerpushescode
Promote to Prod pipeline
![Page 63: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/63.jpg)
No orchestration infrastructure to run• Container scheduling and placement are implicitly at cloud scale
— no need to plan for HA, throughput, etc.• Built in monitoring via CloudWatch and ECS event stream• Powerful ECS command line tools
AWS API for managing tasks and servicesAWS service integration, especially for load balancers and VPCsECS repositories
Why ECS? (vs Docker Swarm) PROS
![Page 64: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/64.jpg)
Painful to debug container launch failsdocker version lags behind current, sometimes significantlyNo equivalent to swarm overlay networkDifferent strategies for deploying containers
• Swarm has spread, binpack and random• ECS has task and service strategies, which both seem to be like
Swarm’s “spread” strategy• Although ECS allows you to develop your own strategies via
custom schedulers via StartTask API
Why ECS? (vs Docker Swarm) CONS
![Page 65: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/65.jpg)
The entire container is your software• not just your own code.• OS + code becomes a software artifact
Development team will need to have or develop systems experience
• Or work closely with systems people
Probably need to remediate your code in order to take advantage of the container environment
Docker/ECS Challenges
![Page 66: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/66.jpg)
Containers are truly disposable and anonymous• Figuring out which container is having issues is interesting• Entire OS is destroyed when re-deploying containers
Containers are not VMs• No ssh interface to containers• Containers are minimal systems: no ssh, no cron, no syslogd, etc.
Need to change your architecture and practicesLogging, monitoring
Docker/ECS Challenges, cont.
![Page 67: Amazon ECS with Docker | AWS Public Sector Summit 2016](https://reader036.vdocuments.us/reader036/viewer/2022081520/5880ca721a28abba3b8b71ad/html5/thumbnails/67.jpg)
Thank You!