rights reserved. T I F F A N Y F A Y J AMAZON ELASTIC CONTAINER SERVICE Cluster Management as a hosted service Scheduling and Orchestration Cluster Manager Placement Engine
rights reserved. T I F F A N Y F A Y J PRODUCTION WORKLOADS ON AWS DEEP INTEGRATION WITH AWS SERVICES AWS VPC networking mode IAM roles Load Balancers CloudWatch Service Discovery ADVANCED TASK PLACEMENT AND SCHEDULING MANAGE VIA CONSOLE OR CLI
rights reserved. T I F F A N Y F A Y J INTRODUCING AWS FARGATE MANAGED BY AWS No EC2 Instances to provision, scale or manage ELASTIC Scale up & down seamlessly Pay only for what you use INTEGRATED with the AWS ecosystem: VPC Networking, Elastic Load Balancing, IAM Permissions, CloudWatch, Service Discovery, and more
rights reserved. T I F F A N Y F A Y J AWS CONTAINER SERVICES LANDSCAPE MANAGEMENT Deployment, Scheduling, Scaling & Management of containerized applications HOSTING Where the containers run Amazon Elastic Container Service Amazon Elastic Container Service for Kubernetes Amazon EC2 AWS Fargate IMAGE REGISTRY Container Image Repository Amazon Elastic Container Registry
rights reserved. T I F F A N Y F A Y J FOCUS FOR THIS TALK MANAGEMENT Deployment, Scheduling, Scaling & Management of containerized applications HOSTING Where the containers run Amazon Elastic Container Service AWS Fargate
rights reserved. T I F F A N Y F A Y J HOW DO I RUN CONTAINERS ON FARGATE? • Primitives • Compute • Networking • IAM • Container Registries • Cloudformation • Visibility & Monitoring • Storage
rights reserved. T I F F A N Y F A Y J Define application containers: Image URL, CPU & Memory requirements, etc. register Task Definition create Cluster • Infrastructure Isolation boundary • IAM Permissions boundary run Task • A running instantiation of a task definition • Use FARGATE launch type create Service Elastic Load Balancer • Maintain n running copies • Integrated with ELB • Unhealthy tasks automatically replaced PRIMITIVES
rights reserved. T I F F A N Y F A Y J RUNNING FARGATE CONTAINERS WITH ECS Use ECS APIs to launch Fargate containers Easy migration – Run Fargate and EC2 launch type tasks in the same cluster Same Task Definition schema
rights reserved. T I F F A N Y F A Y J { "family": “nginx-demo", "containerDefinitions": [ { "name":“nginx", "image":”nginx" } ] } JSON document Contains a list of up to 10 container definitions All containers are co-located on the same host Each container definition has: • A name • Image URL (Amazon ECR or public images) • And more…stay tuned! Task Definition Snippet TASK DEFINITION
rights reserved. T I F F A N Y F A Y J CPU & MEMORY { ”cpu": “1 vCPU”, ”memory": “2 gb”, "networkMode": “awsvpc", "compatibilities": [”FARGATE", ”EC2"], "placementConstraints": [], "containerDefinitions": [ { ... Task level resources • Configurable independently (within a range) Dimensions: Task level CPU and memory Per-second billing Task Level Resources
rights reserved. T I F F A N Y F A Y J TASK CPU & MEMORY CONFIGURATIONS Flexible configuration options – 50 CPU/memory configurations CPU Memory 256 (.25 vCPU) 512MB*, 1GB, 2GB 512 (.5 vCPU) 1GB to 4GB (1GB increments) 1024 (1 vCPU) 2GB to 8GB (1GB increments) 2048 (2 vCPU) 4GB to 16GB (1GB increments) 4096 (4 vCPU) 8GB to 30GB (1GB increments)
rights reserved. T I F F A N Y F A Y J VPC INTEGRATION Subnet Internet Other Entities in VPC LB DB etc. • AWS VPC Networking Mode – each task gets its own interface • All Fargate Tasks run in customer VPC and subnets • Configure security groups to control inbound & outbound traffic • Public IP support ENI Fargate Task
rights reserved. T I F F A N Y F A Y J VPC CONFIGURATION { "family": ”nginx-demo", "cpu": "1 vCpu", "memory": "2 gb", "networkMode": "awsvpc", "containerDefinitions": [ { … $ aws ecs run-task ... -- task-definition nginx-demo:1 -- network-configuration “awsvpcConfiguration = { subnets=[subnet1-id, subnet2-id], securityGroups=[sg-id] }” Enables ENI creation & attachment to Task Run Task Task Definition Snippet
rights reserved. T I F F A N Y F A Y J ECS MANAGED SERVICE DISCOVERY • Service registry: • Predictable Names for services • Auto updated with latest, healthy IP, port • Managed: No overhead of installation or monitoring • High availability, high scale • Extensible: Flexible boundaries for auto discovery NEW!
rights reserved. T I F F A N Y F A Y J PERMISSION TIERS Cluster Permissions Task Role Task Execution Role Cluster Fargate Task CLUSTER Control who can launch/describe tasks in your cluster APPLICATION: TASK ROLE Allows your application containers to access AWS resources securely HOUSEKEEPING: TASK EXECUTION ROLE Allows us to perform housekeeping activities around your task: • ECR Image Pull • CloudWatch Logs pushing • ENI creation • Register/Deregister targets into ELB
rights reserved. T I F F A N Y F A Y J REGISTRY SUPPORT 3rd Party Private Repositories (coming soon!) Public Repositories supported Amazon Elastic Container Registry (ECR)
rights reserved. T I F F A N Y F A Y J ECS TASK METADATA ENDPOINT • Query environmental data and statistics for running tasks • Enables third party monitoring tools like Datadog, etc. NEW!
rights reserved. T I F F A N Y F A Y J STORAGE Writable Layer Storage – 10GB EBS backed non-persistent storage provided in the form of: Volume Storage – 4GB
rights reserved. T I F F A N Y F A Y J TAKE AWAYS • Fargate is a launch type within ECS to run containers without having to manage EC2 instances • If you’re debating between EC2 and Fargate mode, start architecting with Fargate. It forces good design practice by keeping your application containers truly independent of the underlying host. • If you think you must have access to the underlying host, think again. • There are some good reasons: special instance type needs, EC2 dedicated instances, utilizing EC2 reserved instances • And tell us about your use case, we want to support it on Fargate! • Start using Fargate today! • Fargate works with most Docker container images • You can run existing task definitions on Fargate with only minor modifications.
rights reserved. T I F F A N Y F A Y J WANT TO LEARN MORE? https://aws.amazon.com/fargate/ https://aws.amazon.com/blogs/compute/category/compute/aws-fargate/ https://youtu.be/wrZvlJlcZio https://github.com/aws-samples/eb-java-scorekeep/tree/fargate
rights reserved. tiffanyfayj http://bit.ly/codeeuropetfj Special thanks to: Deepak Dayama, Anthony Suarez, Archana Srikanta, Dan Gerdesmeier, and many more… THANK YOU
tiffanyfay
eventhub
fumiyasac0921
sugamasao
tacck
ysknsid25
emiki
niwatakeru
.jpeg){kind=avatar}
arthur1
isaoshimizu
recruitengineers
cyberagentdevelopers
blueb
addyosmani
iamctodd
dougneiner
quramy
colly
keathley
garrettdimon
chrislema
eileencodes
maggiecrowley
hatefulcrawdad
