Join me here :

http://tiny.cc/awscont

CONTAINERS on AWS

  • INTRODUCTION

  • AWS NATIVE STACK

  • Kubernetes on AWS

  • AWS NATIVE STACK V2

  • Demo

  • WRAP-UP

Mohamed BOUCHENAFA

DevOps/Cloud Lead Consultant

Docker Geneva Community Leader

THE TEAM

7 consultants

  • Support to DevOps transition 
  • Support to container transition
  • CI/CD expertise
  • Deployment expertise
  • Release management expertise
  • Provisioning automation
  • Monitoring
  • Cloud migration
  • Cloud audit & optimization

Join me here :

http://tiny.cc/awscont

EC2

VPC

S3

EBS

EFS

IAM

CLOUDFORMATION

ELB

CERTIFICATE MANAGER

REGIONS AND AVAILABILITY ZONES

High Availability

an open-source system for packaging software into standardized units (called containers) for development, shipment and deployment

> ssh -i my-ec2-key-pair.pem ec2-user@<EC2-INSTANCE-PUBLIC-IP-ADDRESS>

[ec2-user]$ sudo yum update -y
[ec2-user]$ sudo yum install -y docker
[ec2-user]$ sudo service docker start
[ec2-user]$ sudo usermod -a -G docker ec2-user

[ec2-user]$ docker run -d -p 80:5000 training/webapp:latest python app.py
[ec2-user]$ curl http://localhost

Hello world!

AT THE BEGINNING

THIS MEANS

THEN

MUST BE A BETTER SOLUTION ?

Container definition
Task definition
Service
Cluster

ECS OBJECTS

{"ipcMode": null,
  "executionRoleArn": null,
  "containerDefinitions": [
    {
      ******
      "portMappings": [
        {
          "hostPort": 8081,
          "protocol": "tcp",
          "containerPort": 8081
        }
      ],
      ******
      "mountPoints": [
        {
          "readOnly": null,
          "containerPath": "/var/opt/jfrog/artifactory/data",
          "sourceVolume": "data"
        }
      ],
      "cpu": 744,
      "memory": 812,
      "memoryReservation": null,
      "volumesFrom": [],
      "image": "************.dkr.ecr.eu-west-1.amazonaws.com/sw_artifactory",
      "disableNetworking": null,
      "interactive": null,
      "healthCheck": null,
      "essential": true,
      "links": null,
      "hostname": null,
      "extraHosts": null,
      "pseudoTerminal": null,
      "user": null,
      "readonlyRootFilesystem": null,
      "dockerLabels": null,
      "systemControls": null,
      "privileged": true,
      "name": "artifactory"
    }
  ],
  "placementConstraints": [],
  "memory": null,
  "taskRoleArn": null,
  "compatibilities": [
    "EC2"
  ],
  "taskDefinitionArn": "arn:aws:ecs:eu-west-1:************:task-definition/artifactory:6",
  "family": "artifactory",
  "requiresAttributes": [
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "com.amazonaws.ecs.capability.privileged-container"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "com.amazonaws.ecs.capability.ecr-auth"
    }
  ],
  "pidMode": null,
  "requiresCompatibilities": [],
  "networkMode": "bridge",
  "cpu": null,
  "revision": 6,
  "status": "ACTIVE",
  "volumes": [
    {
      "name": "data",
      "host": {
        "sourcePath": "/mnt/data/artifactory/data"
      },
      "dockerVolumeConfiguration": null
    },
    {
      "name": "logs",
      "host": {
        "sourcePath": "/mnt/data/artifactory/logs"
      },
      "dockerVolumeConfiguration": null
    },
    {
      "name": "etc",
      "host": {
        "sourcePath": "/mnt/data/artifactory/etc"
      },
      "dockerVolumeConfiguration": null
    }
  ]
}
  "placementConstraints": [],
  "memory": null,
  "taskRoleArn": null,
  "compatibilities": [
    "EC2"
  ],
  "taskDefinitionArn": "arn:aws:ecs:eu-west-1:************:task-definition/artifactory:6",
  "family": "artifactory",
  "requiresAttributes": [
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "com.amazonaws.ecs.capability.privileged-container"
    },
    {
      "targetId": null,
      "targetType": null,
      "value": null,
      "name": "com.amazonaws.ecs.capability.ecr-auth"
    }
  ],
  "pidMode": null,
  "requiresCompatibilities": [],
  "networkMode": "bridge",
  "cpu": null,
  "revision": 6,
  "status": "ACTIVE",
  "volumes": [
    {
      "name": "data",
      "host": {
        "sourcePath": "/mnt/data/artifactory/data"
      },
      "dockerVolumeConfiguration": null
    }
  ]
}

Container Registry

 

  • Fully Managed
  • Secure
  • Highly Available
  • Simplified Workflow
$(aws ecr get-login --no-include-email --region us-east-1)

an open-source system for automating deployment, scaling, and management of containerized applications across clusters of machines ​

of Kubernetes workloads

run on AWS today

— Cloud Native Computing Foundation

57%

+

USER

CONTROL PLANE

No instances to manage

Task native API

Resource based price

Simple, easy to use, powerful and new consumption model

  • IAM Roles for Tasks

  • Task Auto Scaling

  • Task Load Balancers

  • Task Networking

  • Applications invoked by name
  • Automatically resolved to IP or port
  • Native to Amazon ECS services
  • No infrastructure to manage

SERVICE DISCOVERY

WRAP UP

Large workload, optimized for price

 

Large workload, optimized for low overhead

 

Small workload, with occasional bursts

 

Tiny workload

 

Batch workloads

 

Fargate mode for EKS : coming soon

@AWSreInvent

follow @AWSreInvent or join the recap

CREDITS

  • aws.amazon.com
  • @nathankpeck
  • @ric__harvey
  • @tiffanyfayj

 

Containers on AWS

By Mohamed BOUCHENAFA

Containers on AWS

  • 1,618