ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Amazon EC2 Container Service (ECS) &&
Amazon EC2 Container Registry (ECR)
- Dive Deep(?)
김기완, 솔루션스 아키텍트, 아마존웹서비스 코리아
Dec 14, 2015

Some Facts on Docker (Sample of 7,000 compaines)
5 times grow in
ONE year
2014.9 : 1.8% à
2015.9 : 8.3%

0% à 6% in ONE year!

Larger Companies Are
the Early Adopters

Server
Guest OS
Bins/Libs Bins/Libs
App2App1
Managing one resource is straightforward

Server
Guest OS
Bins/Libs Bins/Libs
App2App1
Managing one resource is straightforward
$ docker run myimage

Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Server
Guest OS
Managing a cluster is hard !!

Fleet management
• Monitor utilization
• Grow capacity
• Security

State Management
Availability Zone 1 Availability Zone 2

Amazon EC2 Container Service (ECS)

Cluster Management Made Easy
• No cluster software to install and manage
• Manages cluster state
• Manages containers
• Control and monitoring
• Scale from one to tens of thousands of
containers

Flexible Container Placement
Applications
Batch jobs
Multiple schedulers

Designed for use with other AWS services
Elastic Load Balancing
Amazon Elastic Block Store
Amazon Virtual Private Cloud
AWS Identity and Access Management
AWS CloudTrail

Extensible
Comprehensive APIs
Open source agent
Custom schedulers

• Container Instance
• Cluster
• Task Definitions
• Tasks
• Service
Container
Instance
Container
Instance
…
Container
Instance
Cluster
Task
definition
Task
Service
Components

Overall Steps
• Create Cluster in ECS Console or CLI
• Prepare Cluster Instances
• Prepare Task Definitions
• Configure the scheduler (services, …)

Container Instances
#!/bin/bash
echo ECS_CLUSTER=containerday >> /etc/ecs/ecs.config
EOF
• Use ‘ecs-optimized’AMI
• One line in the user data section

{
"environment": [],
"name": "simple-demo",
"image": "my-demo",
"cpu": 10,
"memory": 500,
"portMappings": [
{
"containerPort": 80,
"hostPort": 80
}
],
"mountPoints": [
{
"sourceVolume": "my-vol",
"containerPath": "/var/www/my-
vol"
}
],
"entryPoint": [
"/usr/sbin/apache2",
"-D",
"FOREGROUND"
],
"essential": true
},
Task Definitions
[
{
"image": "mysql",
"name": "db",
"cpu": 10,
"memory": 500,
"essential": true,
"entryPoint": [
"/entrypoint.sh"
],
"environment": [
{
"name": "MYSQL_ROOT_PASSWORD",
"value": "pass"
}
],
"portMappings": []
}
]
Essential to our Task
Create and mount volumes
Expose port 80 in container
to port 80 on host
10 CPU Units (1024 is full CPU),
500 Megabytes of Memory

Tasks
Container
Instance
Schedule
Shared Data Volume
PHPApp Time of day App
Shared Data Volume
PHPApp Time of
day App

Scheduling Amazon ECS Tasks
• The Amazon ECS schedulers leverage cluster state information provided by the
Amazon ECS API to make an appropriate placement decision.
• Services (Service Scheduler)
– Long running stateless services and applications
– Ensures that the specified number of tasks are constantly running and reschedules when a task fails
– ELB
– Can be dynamically changed (new task, # of desired tasks, …)
• Running Tasks (Runtask)
– Batch jobs
– Randomly distributes tasks across the cluster, but try to balance it
• The StartTask API
– Write or use your own schedulers
– AWS CLI, AWS SDK, and the Amazon ECS API
– List/Describe to get the state of your cluster, and using StartTask, place tasks on the appropriate container instance

Services (Service Scheduler)
• If a task in a service becomes unhealthy or unresponsive, the task is
killed and restarted. This process continues until your service reaches
the number of desired running tasks.
• You can optionally run your service behind a load balancer
• When the service scheduler launches new tasks, it attempts to balance
them across the Availability Zones in your cluster with the following
logic (AZ aware scheduling) :
– Determine which of the container instances in your cluster can support your service's task definition (for
example, they have the required CPU, memory, ports, and container instance attributes).
– Sort the valid container instances by the fewest number of running tasks for this service in the same
Availability Zone as the instance. For example, if zone Ahas one running service task and zones B and C
each have zero, valid container instances in either zone B or C are considered optimal for placement.
– Place the new service task on a valid container instance in an optimalAvailability Zone (based on the
previous steps), favoring container instances with the fewest number of running tasks for this service.

Service Load Balancer
• One Load Balancer per service.
• One Load Balancer can support multiple ports, if containers in the
task definitions require multiple ports for the service. (e.g. a task
definition consists of Elasticsearch using port 3030 on the container
instance, with Logstash and Kibana using port 4040 on the container
instance, the same load balancer can route traffic to Elasticsearch and
Kibana through two listeners)
• Load balancer subnet configuration must include all subnets that your
container instances reside in.
• If a service’s task fails the load balancer health check criteria, the task
is killed and restarted. This process continues until your service
reaches the number of desired running tasks.

Updating a Service
• Change the number of tasks that are maintained by a service.
• Scale up or down. (as long as the container instances are available)
• If the Docker image is updated, create a new task definition with that
image, and deploy it to the service.
• The service scheduler creates a task with the new task definition
(provided there is an available container instance to place it on), and
after it reaches the RUNNING state, a task that is using the old task
definition is drained and stopped. This process continues until all of
the desired tasks in your service are using the new task definition.

Services
• Load Balance traffic across containers
• Automatically recover unhealthy containers
• Discover services
Shared Data Volume
PHP
App
Time of
day
App
Shared Data Volume
PHP
App
Time of
day
App
Shared Data Volume
PHP
App
Time of
day
App

Update Service
• Scale up
• Scale down
Shared Data Volume
PHP
App
Time of
day
App
Shared Data Volume
PHP
App
Time of
day
App
Shared Data Volume
PHP
App
Time of
day
App
Shared Data Volume
PHP
App
Time of
day
App

Update Service
• Deploy new version
• Drain connections
Shared Data Volume
PHP
App
Time of
day
App
Shared Data Volume
PHP
App
Time of
day
App
Shared Data Volume
PHP
App
Time of
day
App

Running Tasks (RunTask)
• One-time or periodic batch job.
• If you want a specified number of tasks to always remain
running or if you want to place your tasks behind a load
balancer, you should use the Amazon ECS service
scheduler.

Auto Scaling in ECS?
https://aws.amazon.com/blogs/compute/scali
ng-amazon-ecs-services-automatically-using-
amazon-cloudwatch-and-aws-lambda/

Hmmmm, Registry??

Remaining Pain-points
• “We don’t want to be in the business of hosting our own
infrastructure for a container registry”
• “Need a service that has better up time and can handle
hundreds of image pulls at once”
• “Need to keep images private with fine-grained access
control without managing certificates or credentials”

ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

Overview
• Security
– IAM Resource-based Policies
– Images encrypted at transit and at rest
• Easily Manage & Deploy Images
– Tight Integration with ECS
– Standalone Service
– Integration with Docker Toolset
– Management Console & AWS CLI
• Reliability & Performance
– S3 Backed
– Regional Endpoints
– Expect to handle hundreds of concurrent pulls

Pricing
• $0.10 per GB/month Docker image storage
pricing
• Data transfer pass-through pricing (customary
AWS rates)
– Free data in
– Charge for data out to internet and data out from one region to
another
• 12-month free tier for 500MB image storage

Amazon ECR Default Service Limits
Resources Default Limit
Number of repositories per account 10
Number of images per repository 50
Number of layers per image 127 (Current Docker limit)
Layer size 1GiB

ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day

More Related Content

What's hot (20)

Viewers also liked (7)

Similar to ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day (10)

More from Amazon Web Services Korea (20)

Recently uploaded (20)

ECS & ECR Deep Dive - 김기완 솔루션즈 아키텍트 :: AWS Container Day