AWS
Quick guide on aws for beginners Understanding network concepts in aws How to achieve CI/CD in aws CI/CD in aws managed resources with Jenkins Push Image to aws ECR Using GitHub Actions Setup an EventBridge Rule in aws How ECS & ECR works in aws EKS with Fargate Profile Launch EKS using eksctl in aws Container insight for EKS-Fargate in cloudwatch Deploy aws resources with CloudFormation AWS secrets scanning by GitHub Setup Site to Site VPN Connection in AWS
AZURE
Gateways in Azure Understanding network concepts in Azure Ingress in Azure Kubernetes Service
GCP
Architecting hybrid infrastructure with Anthos

ANSIBLE
Ansible a configuration management tool Runbook Automation tool for playbooks
DOCKER
Docker a containerization Tool Networking in Docker Multi-stage build in Docker what is docker-compose All about Docker swarm
GITHUB
CLI instruction to work with GitHub Integrating Jenkins with GitHub Push Image to ECR Using GitHub Actions
JENKINS
Jenkins a continuous integration tool Acheive CI/CD using Jenkins in AWS Configuring weblogic deployer plugin in Jenkins
KUBERNETES
Kubernetes an orchestration framework Launch kubernetes cluster in Different ways Debugging your kubernetes cluster Certificates renewal of kubernetes cluster Deploying application on Kubernetes cluster api versions to use in manifest file RBACs in Kubernetes Health check of containers in Kubernetes Rancher a cluster management platform Understanding ISTIO as a service mesh
TERRAFORM
Deploying IaC using Terraform Terraform module EKS cluster using Terraform

APACHE
Things to know in Apache How to Configure Apache-httpd Server Setup httpd as os-service on OL8 SiteMinder and its Integration with WebServer Apache SSL Installation Instructions NO_RESOURCES Errors in APACHE with WLS
WEBLOGIC
Installing WebLogic 12.1.3 without GUI WebLogic Server as a managed Azure service WLS domain extension to include JRF template All about OPatch in WLS How to define WorkManager in Weblogic Some known Weblogic exceptions Different OutOfMemory issues Some known Weblogic exceptions Play with WLST Persistent store in WLS Configuration of NodeManager

JAVA
JAVA_OPTIONS Study on JAVA_HEAP Native OOM in Java Heap Types of Threads Various Java-options to use in Java apps How to run Java Flight Recorder dbping a java-weblogic utility
SSL
When & why to use SSL certificates SSLv3 to TLS1.* SHA2 on Oracle https Server Weblogic SSL Renewal Steps
CHEATSHEETs
Linux Cheatsheet Linux Log parsing cheetsheet SSL Cheatsheet MySQL Cheatsheet PostgreSQL Cheatsheet WebLogic Cheatsheet Python Cheatsheet Kubernetes Cheatsheet Terraform Cheatsheet Hashicorp-vault Cheatsheet GCP Cheatsheet
OTHER
All about Messaging Queue small guide on Python WLSDM monitoring agent in WLS Register driver for MSSqlServer Understanding YAML

03 February 2021

How ECS & ECR works in AWS

Elastic Container Service is a container orchestration service provided by AWS that will provision and manage your cluster of containers on your behalf. It comprises all the services that you need to manage services. Control Plane is one of them that allows you to schedule and orchestrate your containers.
Secondly, you have worker nodes where your application containers actually run and these worker nodes are nothing but your EC2 or Fargate instances which has Docker/container runtime & ECS agent installed in it which is connected to ECS.

So in ECS, you are deligating the complex task of managing and orchestrating containers to a service that will take care of your cluster but you do need to do the following task in order to use it

  • Create EC2 instances for worker nodes to host containers
  • Connect EC2 instances to ECS cluster
  • Check whether you have enough resources like CPU/ram in EC2-I's to host new containers
  • You are required to manage the operating system
  • Each worker nodes should have a container runtime & ECS agent installed
this way you are deligating all the complex task of managing containers to an AWS service however you are still required to manage your infrastructure used during it.

EC2 & Fargate
what if you want to delegate your infrastructure of AWS as well used during ECS
i.e. management of container orchestration by AWS using ECS
&   management of hosting infrastructure also by AWS using FARGATE

Basically, it is an alternative of creating any EC2 instances and connecting them to the ECS cluster instead, you use the fargate interface that will spin up all the required VM to host our containers.

Fargate is a serverless way to launch containers, here we feed AWS fargate about our container and then its fargete job to spin up the most suitable VM after analyzing our container at various aspects like network, storage, RAM & other resource requirements, and provision a server to host this container and do the same every time you introduce it with a new container.
By using the fargate in place of launching EC2-I's manually you have the advantage of not worrying about creating separate EC2 instances and managing their lifecycle that way you will have the exact infrastructure resources needed to run your containers i.e. pay only for what you use.

ECS or fargate both have the capability to connect to other AWS resources like
  • cloudwatch for monitoring.
  • ELB for load balancing. 
  • IAM for users and permissions.
  • VPC for networking etc.
AWS does provide the flexibility to use a combination of both EC2 & fargate at the same time.

What is ECR
ECR stands for Elastic Container Registry, which is similar to any other container repository that stores and manages docker images like dockerHub, Nexus, Harbor, etc.

start setting up with your EC2 instance along with the Docker image


 launch an EC2 instance and do the following
 $ sudo yum update -y
 $ sudo amazon-linux-extras install docker
 $ sudo service docker start
 $ sudo usermod -a -G docker ec2-user
 $ docker info

 if it gives an error : 
 Server:ERROR: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. 
 Is the docker daemon running?
 
 try rebooting your instance

 if the error continues, check the status
 $ sudo systemctl status docker // if the status is inactive dead
 $ sudo systemctl start docker

 if still persist, do the following
 $ sudo gpasswd -a ec2-user docker 
 // or manually add ec2-user to docker group in /etc/group file
 and restart session error will go away and you are good to run docker commands

 Pick any Dockerfile of your choice and start creating an image out of it
 $ vi Dockerfile
 $ docker build -t ecrtest:1.0 .   // this will create an image from your Dockerfile
 $ docker run -d 80:80 ecrtest:1.0 // make sure your security group is updated with port 80

getting started with ECR (aws-doc)


 Now login to ECR by following the below command
 $ aws ecr get-login-password --region ap-south-1 \
 | docker login --username AWS --password-stdin 2827**735.dkr.ecr.ap-south-1.aws.com
 // here highlighted in green is your ECR-repository URL

 if you get an error you need to configure your AWS credentials by running
 $ aws configure
 
 once you able to connect successfully using the above command 
 create a repository and try pushing the image we just created
 $ aws ecr create-repository \
    --repository-name myrepo \
    --image-scanning-configuration scanOnPush=true \
    --region ap-south-1
 $ docker tag <imagetag> ecr-repositoryURL/apache:1.0
 $ docker push repositoryURL/apache:1.0


you should be able to see your image pushed into your container repository now

Once your image is available grab Image URI which will be used in ECS when we create a task definition to deploy this as a container.

Considering your ECS cluster is already up and running if not you can follow the steps here, it is straightforward to spin up one.

Next, you need to create a task definition from your ECS cluster either using FARGATE/EC2 or can attach an EXTERNAL instance type, so that when you run a task it will use this definition that will further be used to host your container fetching from ECR, and that's where you provide your image URI. 

Remember: launch type of task should be the same as the type of your task definition


follow the aws-doc to create a task definition. It's moderately easy to create one.

after the task is created & deployed you need to run it, on running the task it will deploy the container on EC2 instance linked with your ECS if the launch type is used as EC2, using an image from your ECR and you should be able to see your container up and running under task section.

Perhaps if launch type is used as FARGATE it will deploy your container to AWS-managed infrastructure, where no Amazon EC2 instances are involved and uses awsvpc as network mode. You should be able to see your container up and running the same way under the task section.

Few things to remember
  • You use/configure a Service when you want to introduce an Application Load Balancer for your containerized app in ECS Fargate. Here service will create task's for you and you can access them using the DNS name generated by your LB.
  • When you start an ECS optimized image, it starts the ECS agent on the instance by default. The ecs agent registers the instance with the default ecs cluster.
  • For your instance to be available on the cluster, you will have to create the default cluster.
  • if you have a custom ecs cluster, you can set the cluster name using the userdata section.
  • The ecs agent expects the cluster name inside the ecs.config file available at  ~/etc/ecs/ecs.config  

 You can set it up at instance boot up using userdata script.
 #!/bin/bash
 echo ECS_CLUSTER={cluster_name} >> /etc/ecs/ecs.config

Labels: ,

No comments:

Post a Comment