AWS Container Day A Journey To Modern App

AWS Containers Day
A Journey to Modern Applications
Trung Đặng & Hưng Nguyễn

April 2020
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
§ Introduction
§ Container and Docker
Agenda § Elastic Container Service
§ Elastic Kubernetes Service
§ Customer Reference
§ Quiz
( 100 $ AWS Credit for top 3 )
NEW WORLD IT Employees at work
Online
marketing
Social media Continuous

supply tracking
Factories +
supply chain
Online sales Just in time

production
IoT connected + delivery
things
Personalization
Customer tracking
New Needs
New channels direct to customer
More things, more scale, rapid change
Cloud Native Principles
Pay as you go, afterwards
High utilization—turn idle resources off
Self service—no waiting
Globally distributed by default
Cross-zone/region availability models
Immutable code deployments
Why Containers?
• Speed
• Efficiency
• Easier packaging
• Less risky deployments
• Better Development
experience
• Microservices Photo & Licence
Introduction to Containers and Docker
Application environment components
Runtime Engine Code
Dependencies Configuration
It worked on my machine, why not in
prod?
v6.0.0 v7.0.0 v4.0.0 v7.0.0
Local Staging / Production On-Prem

Laptop QA
Docker to the rescue
Runtime Engine
Dependencies
Code
Four environments, same container
Local Staging / Production On-

Laptop QA
Prem
Docker container image
Read only image that is used as a

template to launch a container.
W
rit
ab
le
Start from base images that have
ad ad
Container
d
your dependencies, add your
ng
ix
custom code. Image
d
References
nod unt
parent
ej
image
s
Image
b
Docker file for easy, reproducable
u
builds. Base image
bootfs
kernel
Virtual machine versus Docker
VM App 2
App 1 App 2 App 3 Container
Bins/Libs Bins/Libs Bins/Libs App 1 App 2 App 3
Guest OS Guest OS Guest OS Bins/Libs Bins/Libs Bins/Libs
Hypervisor Docker
Host OS Host OS
Server (Host) Server (Host)
AWS Container Services Landscape
Amazon Elastic
MANAGEMENT Amazon Elastic
Kubernetes
Deployment, Scheduling, Container Service
Service
Scaling & Management of
containerized applications
HOSTING Amazon EC2 AWS Fargate

Where the containers run
IMAGE REGISTRY Amazon Elastic

Container Image Repository Container Registry
We Give You The Power To Choose:
ECS EKS
1. Choose your
orchestration tool
2. Choose your
launch type
EC2 Fargate EC2 Fargate
Amazon Elastic
Container Service
Amazon ECS - Architecture
EC2 instance
Task Task
ECS container
Elastic Load Balancing agent
Container Container
EC2 instance
Amazon ECS Service
Internet
Task Task • Agent
ECS container communication
agent service
Container Container
• API
• Cluster
EC2 instance management
Engine
• Key and value store
Elastic Load Balancing Task Task

ECS container
Container agent
Container
Amazon ECS - Agent
EC2 instance
Task Task
ECS container
Container Container
EC2 instance
Amazon ECS Service
Internet
Task Task • Agent
agent service
Container Container
• API
• Cluster
Engine

ECS container
Container agent
Container
Amazon ECS - Backplane
EC2 instance
Task Task
ECS container
Container Container
EC2 instance
Amazon ECS Service
Internet
Task Task • Agent
agent service
Container Container
• API
• Cluster
Engine

ECS container
Container agent
Container
Amazon ECS - Cluster
EC2 instance
Task Task
ECS container
Container Container
EC2 instance
Amazon ECS Service
Internet
Task Task • Agent
agent service
Container Container
• API
• Cluster
Engine

ECS container
Container agent
Container
Amazon ECS - Task
EC2 instance
Task Task
ECS container
Container Container
EC2 instance
Amazon ECS Service
Internet
Task Task • Agent
agent service
Container Container
• API
• Cluster
Engine

ECS container
Container agent
Container
Amazon ECS – Task Definition
Amazon ECS - Service
EC2 instance
Task Task
ECS container
Container Container
EC2 instance
Amazon ECS Service
Internet
Task Task • Agent
agent service
Container Container
• API
• Cluster
Engine

ECS container
Container agent
Container
Amazon ECS - Orchestration and Integration
Scheduling and Orchestration

ECS
Cluster Manager Placement Engine
Amazon ECS - Task placement
Task requirements Satisfy CPU, Memory and Networking

requirements
Filter for location, instance type, AMI
Custom constrains or other custom attribute constraints
Identify instances that satisfy with
Placement
Strategies placement strategies (Binpack, Spread,
Affinity, Distance instance)
Apply filters Select final container instances for

placement
AWS Fargate
Without Fargate, you end up managing more than just containers
EC2 Instance
Docker ECS
OS
Agent Agent
- Patching and Upgrading OS, agents, etc.
- Scaling the instance fleet for optimal utilization
Amazon Elastic Container Service
AWS Fargate
run serverless containers
AWS Fargate
Managed by AWS
No EC2 Instances to provision, scale or manage
Elastic
Scale up & down seamlessly. Pay only for what you use
Your
containerized
applications
Integrated
with the AWS ecosystem: VPC Networking, Elastic Load
Balancing, IAM Permissions, CloudWatch and more
How EKS / ECS works on EC2
AWS Run a container on EC2 Customer Account
for me, please
VPC
Control Plane
ENI
Service Pod
You have to manage this

capacity (e.g., with ASGs)
Amazon EC2
How EKS / ECS works on Fargate
AWS Run a container on Customer Account
FARGATE for me, please
VPC
Control Plane
ENI
Service Pod
You don’t have to

manage capacity
AWS Fargate
McDonald’s Home Delivery: Why Amazon ECS?
Speed to market
Scalability and reliability
Security
DevOps—CI / CD
Monitoring
DEMO
ECS with Fargate
Three Tier architecture
Demo process
• Setup Cloud9
• Setup Infrastructure
• FrontEnd Rails App
• Node.js backend api
• Crystal backend api
We Give You The Power To Choose:
ECS EKS
1. Choose your
orchestration tool
2. Choose your
launch type
EC2 Fargate EC2 Fargate
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What is Kubernetes?
Gives you primitives

Open source container Helps you run
for building
management platform containers at scale
modern applications
But where you run K8s matters
QUALITY OF THE QUALITY OF THE

YOUR USERS
C L O U D P L AT F O R M A P P L I C AT I O N S
57% of Kubernetes workloads
run on AWS today
—CNCF survey
Kubernetes master
API Controller Cloud
server manager controller
Scheduler KubeDNS Add-ons
3x Kubernetes masters for HA
Master Master Master
Etcd Etcd Etcd
Availability Availability Availability

Zone 1 Zone 2 Zone 3
Master Master Master
Etcd Etcd Etcd

EKS - reduce the complexity of self manage K8s
0.10 USD per hour per EKS cluster.

EKS – Fully Managed Master Node.
Kubectl mycluster.eks.amazonaws.com

EKS is Kubernetes Certified
1. Guaranteed Portability
2. Interoperability
3. Timely Updates
4. Confirmability
"Action": "eks:Describe*”
"Resource":
IAM Authentication + Kubectl "arn:aws:eks:region-
code:123456789012:cluster/d
ev"
1) Passes AWS Identity
2) Verifies AWS Identity
Kubectl K8s API AWS Auth

4) K8s action
allowed/denied
3) Authorizes AWS Identity with RBAC
mapUsers: | - userarn:
arn:aws:iam::${ACCOUNT_ID}:user/rbac-user
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. username: rbac-user
Pod networking
{…}
Pods have the same VPC

Native VPC networking Open source and
address inside the pod Simple, secure networking
with CNI plugin on Github
as on the VPC
https://github.com/aws/amazon-vpc-cni-k8s
ec2.associateaddress()
ENI
Secondary IPs:
10.0.0.20
10.0.0.22 Nginx Pod
Nginx Pod
Veth IP: 10.0.0.20
Veth IP: 10.0.0.1
Secondary IPs:
Java Pod 10.0.0.1
10.0.0.2 Java Pod
Veth IP: 10.0.0.2 Veth IP: 10.0.0.22
Instance 1 ENI Instance 2
VPC Subnet – 10.0.0.0/24
Kubernetes Network Calico is the leading Open source, active
Commercial support
Policies enforce network implementation of the development (>100
available from Tigera
security rules network policy API contributors)
S TA G E “TENANT” FINE-GRAINED
COMPLIANCE
S E PA R AT I O N S E PA R AT I O N FIREWALLS
Isolate dev, test, and prod E.g., typically use namespaces Reduce attack surface within E.g., PCI, HIPAA
for different teams within microservice-based applications
a company—but without
network policy, they are
not network isolated
Kubernetes Upgrades
eksctl update cluster --name “clustername” --approve
Version Version
1.10 1.9.2 1.9.1 1.9
Auto Scaling – Cluster
• AWS Auto Scaling
• K8s Cluster Auto Scaler
Auto Scaling - Application
• Horizontal or Vertical Pod Autoscaler – scales pods in

response to K8s generated metrics (CPU)
• Has support for custom metrics
Load Balancing
Amazon EKS supports the Network Load Balancer and the

Classic Load Balancer for pods running on Amazon EC2
instance worker nodes through the Kubernetes service of
type Load Balancer.
ALB Ingress Controller on Amazon EKS is recommended for

Fargate Launch type.
Load Balancing
Customers Reference - EKS
HSBC is an investment bank and financial services holding
company. One of the world’s largest banking and financial
services organizations, serving more than 40 million
customers through their global businesses: Wealth and
Personal Banking, Commercial Banking, and Global
Banking and Markets.
We explore solutions with the real-life example of how HSBC's cloud services team built a
secure multi-tenant platform for the company's application teams to run mission-critical
containerized applications on Amazon EKS.
Dean Delamont – Solution Architect, HSBC Global Cloud Services

Demo process
• Create EKS Cluster

• FrontEnd Rails App
• Node.js backend api
• Crystal backend api
• Scaling the service
• Failover test
• More on https://eksworkshop.com/
Summary
• New customer expectations are rapidly driving new capabilities.
• Containers, as part of a larger DevOps strategy, helps realize these goals.
• AWS provides the best experience with the broadest offerings in the
journey to modern Cloud Native Applications.
Next Steps:
• Immersion Day – Get you started
• Topic Specific Deep Dive Workshops
• Proof of Concept
• Stay on top of the latest Containers news:
• https://aws.amazon.com/containers/new/
• https://aws.amazon.com/new/#compute-services

AWS Container Day A Journey To Modern App

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AWS Container Day A Journey To Modern App

Uploaded by

Copyright:

Available Formats

AWS Containers Day

A Journey to Modern Applications

Trung Đặng & Hưng Nguyễn

Social media Continuous

Online sales Just in time

More things, more scale, rapid change

Runtime Engine Code

v6.0.0 v7.0.0 v4.0.0 v7.0.0

Local Staging / Production On-Prem

Local Staging / Production On-

Read only image that is used as a

App 1 App 2 App 3 Container

Bins/Libs Bins/Libs Bins/Libs App 1 App 2 App 3

Guest OS Guest OS Guest OS Bins/Libs Bins/Libs Bins/Libs

Server (Host) Server (Host)

HOSTING Amazon EC2 AWS Fargate

IMAGE REGISTRY Amazon Elastic

EC2 Fargate EC2 Fargate

Elastic Load Balancing Task Task

Elastic Load Balancing Task Task

Elastic Load Balancing Task Task

Elastic Load Balancing Task Task

Elastic Load Balancing Task Task

Elastic Load Balancing Task Task

Scheduling and Orchestration

Cluster Manager Placement Engine

Task requirements Satisfy CPU, Memory and Networking

Apply filters Select final container instances for

- Scaling the instance fleet for optimal utilization

You have to manage this

You don’t have to

Scalability and reliability

EC2 Fargate EC2 Fargate

Gives you primitives

QUALITY OF THE QUALITY OF THE

Scheduler KubeDNS Add-ons

3x Kubernetes masters for HA

Etcd Etcd Etcd

Availability Availability Availability

Etcd Etcd Etcd

Availability Availability Availability

0.10 USD per hour per EKS cluster.

Availability Availability Availability

1) Passes AWS Identity

2) Verifies AWS Identity

Kubectl K8s API AWS Auth

3) Authorizes AWS Identity with RBAC

Pods have the same VPC

Instance 1 ENI Instance 2

VPC Subnet – 10.0.0.0/24

eksctl update cluster --name “clustername” --approve

• AWS Auto Scaling

• K8s Cluster Auto Scaler

• Horizontal or Vertical Pod Autoscaler – scales pods in

• Has support for custom metrics

Amazon EKS supports the Network Load Balancer and the

ALB Ingress Controller on Amazon EKS is recommended for

Dean Delamont – Solution Architect, HSBC Global Cloud Services

• Create EKS Cluster

You might also like