Elastic Container Services

  Amazon Web Services (AWS), Overview

Part 1 – What is Docker?

https://www.udemy.com/aws-certified-solutions-architect-associate/learn/v4/t/lecture/7626514?start=0

  • Docker started as an open source version of Linux containers.
  • Docker is a software platform that allows you to build, test and deploy applications quickly and uniformly (all the same)
  • Docker is highly reliable.  You can quickly deploy and scale applications into any environment and know your code will run.
  • Docker is infinitely scalable.  Running Docker on AWS is a great way to run distributed applications at any scale.
  • Docker packages software into standardized units called Containers.
    • Containers allow you to easily package an applications’ code, configurations and dependencies into easy to use building blocks that deliver environmental consistency, operational efficiency, developer productivity and version control.

Virtualization vs Containerization

  • Virtualization
    • Contains the entire virtual machine as an entity
    • Requires a ‘Guest OS’ to run
      • This may take up to 80% of available resources just to run
    • Multiple virtual machines = multiple copies of the OS
  • Containerization
    • Uses the existing OS
    • Virtually 100% of the container size is used by the application
    • Multiple Containers = 0 additional copies of the OS
    • Since there is no OS to boot, containers tend to start much faster

Containerization Benefits

  • Escape from “Dependency Hell”
    • Each container can run it’s own version of PHP, so no worries about version compatibility with other systems.
  • Consistent progression from Dev -> Test -> QA -> Prod
  • Isolation
    • Performance or stability issues with App A in Container A will not impact App B in Container B
  • Better resource management (no Guest OS to contend with)
  • Makes code extremely portable
  • Micro-Services
    • App A could be a sign up form
    • App B could process that information
    • Changes to 1 will not affect the other

Docker Components

  • Docker Image
    • Similar to an .iso file
    • Contains only the files required to boot the container (Relatively small)
  • Docker Container
    • Holds everything that is needed for an application to run.
    • Containers can be started, stopped, moved and deleted.
    • Each container is an isolated and secure application platform.
  • Layers / Union File System
    • Docker Images are Read Only templates from which the Docker Containers are launched
    • Each image consists of a series of layers.  Docker uses the Union File System to combine these layers into a single image.
    • UFS allow files and directories of separate file systems (known as branches) to be transparently overlayed forming a single coherent file system.
      • This is one of the reasons Docker is so lightweight.
      • Each application in a container can be on a ‘layer’
      • Changes to that layer can be pushed out as updates instead of sending the entire container.
  • DockerFile
    • Built from a completed template using a simple set of steps known as ‘Instructions’
    • Each instruction creates a new layer in the image
    • These instructions include commands like ‘Run a file’ or ‘Create a directory’
  • Docker Daemon / Engine
    • Runs on Linux
    • Communicates with the Docker client to build, ship and run containers.
  • Docker Client
    • Interface between user and the Docker Engine
    • Allows creation, manipulation and deletion, etc. of Docker Containers and control of the Docker Daemon
  • Docker Registries / Docker Hub
    • Hold Container Images
    • Public or Private ‘Stores’ from which you can upload or download images.

What is ECS

Amazon ECS (EC2 Container Service) is a highly scalable, fast, container management service that makes it easy to run, stop and manage Docker containers on a cluster of EC2 instances.  ECS lets you launch and stop container based applications with simple API calls, allows you to get the state of your cluster from a centralized service and gives you access to many familiar EC2 features.

It is Amazon’s Managed version of Docker.

Part 2 – What is ECS

https://www.udemy.com/aws-certified-solutions-architect-associate/learn/v4/t/lecture/7626518?start=0

  • ECS (EC2 Container Service) is a Regional service that you can use in one or more AZs across a new or existing VPC to schedule the placement of containers across your cluster based on your resource needs, isolation policies and availability requirements.
  • ECS eliminates the need for you to operate your own cluster management and configuration management systems, or to worry about scaling your management infrastructure.
  • ECS can also be used to create a consistent deployment and build experience, manage and scale batch and ETL (Extract, Transform and Load) workloads, and build sophisticated application architectures on a microservices model.

About Containers

  • Containers are a method of operating system virtualization that allow you to run an application and its dependencies in resource-isolated processes.
  • Containers have everything the software needs to run – including libraries, system tools, code and runtime.
  • Containers are created from a read-only template called an Image.

What is a Docker Image

  • An Image is a read-only template with instructions for creating a Docker Container.  It contains:
    • an ordered collection of root file system changes and
    • the corresponding execution parameters for use withing a container runtime.
  • An Image is created from a Dockerfile, a plain text file that specifies the components that are to be included in the container.
    • Very similar to CloudFormation
  • Images are stored in a Registry, such as DockerHub or AWS ECR (EC2 Container Repository)

What is ECR (EC2 Container Registry)

  • ECR is a managed AWS Docker registry service that is secure, scalable and reliable.  ECR supports private Docker repositories with resource-based permissions using AWS IAM so that specific users or EC2 instances can access repositories and images.  Developers can use the Docker CLI to push, pull and manage images.

What is an ECS Task Definition

  • A Task Definition is required to run Docker containers in ECS.
  • Task Definitions are text files in JSON format that describe one or more containers that form your application.
  • Some of the parameters you can specifiy in a task definition include:
    • Whiche Docker images to use with the containers in your task
    • How much CPU and memory to use with each container
    • Whether containers are linked together in a task.
    • The Docker networking mode to use for the containers in your task
    • What (if any) ports from the container are mapped to the host container instance
    • Whether the task should continue to run if the container finishes or fails
    • The command the container should run when it is started
    • What (if any) environment variables should be passed ot the container when it starts
    • Any data volumes that should be used with the containers in the task
    • What (if any) IAM role your taks should use for permissions.

ECS Services (EC2 Container Service Services?)

  • ECS Service allows you to run and maintain a specified number (or ‘desired count’) of instances of a task definition simultaneously in an ECS cluster.
  • Think of ECS services like Auto-Scaling groups for ECS.
  • If a task should fail or stop, the ECS service schedule launches another instance of your task definition to replace it and maintain the desired count of tasks in the service.

ECS Clusters

  • An ECS cluster is a logical grouping of container instances that you can place tasks on.  When you first use the ECS service, a default cluster is created for you, but you can create multiple clusters in an account to keep your resources separate.
  • Concepts
    • Clusters can contain multiple different container instance types.
    • Clusters are Region specific
    • Container instances can only be part of one cluster at a time.
    • You can create IAM policies for your clusters to allow or restrict users’ access to specific clusters.

ECS Scheduling

  • Service Scheduler
    • Ensures that the specified number of tasks are constantly running and reschedules tasks when a task fails (for example, if the underlying container instance fails for some reason.)
    • Can ensure tasks are registered against an ELB.
  • Custom Scheduler
    • You can create your own schedulers that meet your business needs.
    • Leverage 3rd party schedules such as Blox
  • The ECS Schedulers leverage the same cluser state information provided by the ECS API to make appropriate placement decisions.

ECS Container Agent

  • The ECS Container agent allows container instances to connect to your cluster.  The ECS container agent is included in the ECS-optimized AMI, but you can also install it on any EC2 instance that support the ECS specification.  The ECS container agent is only supported on EC2 instances.
    • Pre-installed on special ECS AMIs
    • Linux Based:
      • Works with Amazon Linux, Ubuntu, Red Hat, CentOS
      • Will not work with Windows.

ECS Security

  • IAM Roles
    • EC2 instances use an IAM role to access ECS
    • ECS tasks use an IAM role to access services and resources.
  • Security Groups attach at the instance-level (i.e. the host … not the taks or container)
  • You can access and configure the OS of the EC2 instances in your ECS cluster.

ECS Limits

  • Soft Limits
    • 1000 Clusters per Region
    • 1000 Instances per Cluster
    • 500 Services per Cluster
  • Hard Limits
    • One Load Balancer per Service
    • 1000 Tasks per Service (“The Desired Count”)
    • 10 Containers per Task Definition
    • 10 Tasks per instance (Host)

Exam Tips

  • ECS – Amazon’s managed EC2 container service.  Allows you to manage Docker containers on a cluster of EC2 instances.
  • Containers are a method of operating system virtualization that allow you to run an application.and its dependencies in resource-isolated processes.
    • A container contains your application.
  • Containers are created from a read-only template called an Image
  • An Image is a read-only template with instructions for creating a Docker Container.
  • Images are stored in a Registry, such as DockerHub, or AWS ECR.
  • Amazon EC2 Container Registry (ECR) is a managed AWS Docker registry service.
  • A Task Definition is required to run Docker containers in ECS.
  • Task Definitions are text files in JSON format that describe one or more containers that form your application.
  • Think of a task definition as a cloud formation template, but for docker.  Configure things such as the amount of CPU, RAM, etc.
  • An ECS service allows you to run and maintain a specified number (Desired Count) of instances of a task definition simultaneously in an ECS cluster.
  • Think of ECS Services like Auto Scaling for ECS.
  • An ECS Cluster is a logical grouping of container instances that you can place tasks on.
  • Clusters can contain multiple different container instance types.
  • Clusters are region specific.
  • Container instances can only be part of one cluster at a time.
  • You can create IAM policies for your clusters to allow or restrict users’ access to specific clusters.
  • You can schedule ECS in two ways
    • Service Scheduler
    • Customer Scheduler (3rd Party)
  • ECS agent to connect EC2 instances to your ECS cluster.  Linux Only
  • Use IAM with ECS to restrict access
  • Security groups operate at the instance level, not at the task or container level.

 

 

LEAVE A COMMENT