Containers on AWS Overview: ECS | EKS | Fargate | ECR

00:00

in this video i will give you a high

00:02

level overview of all the different

00:05

container services you can use on aws

00:08

so if you want to run a containerized

00:11

application on aws you have multiple

00:14

options to choose from depending on your

00:16

application requirements

00:18

so we'll go through all of these options

00:20

one by one we will see what ecs elastic

00:24

container service is and what it's used

00:27

for

00:28

then we'll compare it and talk about eks

00:31

which is elastic kubernetes service

00:33

we will also see different ways of

00:36

running containers with ec2 or aws far

00:40

gate and finally we will see the ecr

00:43

service which stands for elastic

00:46

container registry

00:51

now think about a micro service

00:54

application scenario

00:56

if you're developing microservices

00:59

you would need containers for each and

01:01

containers scale pretty quickly

01:04

maybe you create replicas you have

01:07

different third-party

01:09

services and applications for your micro

01:11

service application this could be

01:13

messaging systems authentication

01:16

services etc so you end up with a bunch

01:20

of containers

01:21

that you need to deploy on some

01:24

environment in this case we're talking

01:26

about aws virtual service

01:29

so let's say we have created

01:32

10 containers for each our 10 micro

01:34

services plus we have five other

01:37

containers that our micro services use

01:40

which run different applications and

01:43

let's say we deploy all of those

01:45

on our ec2 instances

01:48

which have docker installed on them now

01:51

once you have deployed them how do you

01:53

manage them so you have an

01:54

infrastructure of all these virtual

01:56

servers that are running all your docker

01:58

containers how do you know how much

02:00

resources you still have remaining on

02:03

these machines how do you know where to

02:05

schedule the next container how do you

02:07

know by looking across your

02:09

infrastructure whether some of your

02:12

docker containers are not running

02:13

anymore whether servers ran out of

02:16

resources and

02:18

when you see that some containers have

02:20

died do you manually restart each

02:23

container if you have maybe five

02:26

replicas of

02:27

one application container you don't need

02:30

any more how do you get rid of all those

02:32

containers do you stop them and remove

02:35

them one by one and these are all

02:38

things

02:39

that you need to manage when you have

02:41

tens of containers maybe hundreds of

02:44

containers that you need to manage on

02:47

your infrastructure so obviously you

02:49

need some kind of automation some kind

02:52

of tool that can help you with all these

02:56

issues

02:57

and all these things that i just

02:58

mentioned are features of a container

03:02

orchestration tool so you probably

03:04

already know one of them which is the

03:06

most popular orchestration tool

03:09

kubernetes but of course there are

03:11

multiple orchestration tools out there

03:14

docker swarm is one of them which is

03:16

for less complex a bit smaller

03:20

containerized applications you also have

03:23

mesos apache mesos you also have

03:26

hashicorp

03:28

nomad and you also have an aws service

03:32

called amazon elastic container service

03:35

ecs so ecs is one of the container

03:40

services that aws offers and it is

03:43

essentially a container orchestration

03:46

service

03:50

so ecs being an orchestrator for

03:53

containers will manage the whole life

03:55

cycle of a container when you start the

03:58

container if it needs to get rescheduled

04:00

somewhere if it needs to get restarted

04:03

load balanced etc

04:05

so how does this service actually work

04:08

on aws if you wanted to create a cluster

04:13

a container cluster basically that is

04:16

managed by aws ecs service you would

04:20

create an ecs cluster

04:23

and that ecs cluster will basically

04:26

contain all the services

04:28

that are necessary for managing the

04:31

individual containers so ecs cluster

04:35

basically represents a control plane for

04:38

all your

04:39

virtual machines that are running

04:42

containers

04:44

and that control plane and the services

04:47

the managing services

04:49

in that control plane then can manage

04:51

these individual containers

04:54

and essentially managing the whole life

04:56

cycle of a container from being started

04:58

scheduled to being removed when you

05:01

create ecs cluster as i said you have

05:05

the control plane but the containers

05:07

need to run somewhere right so

05:09

containers need to run on actual

05:11

machines on virtual machines so where do

05:14

these virtual machines come from these

05:17

virtual machines

05:19

will be the ec2 instances we would

05:22

create an ec2 instance that will

05:25

basically host the containers the ec2

05:28

will not be isolated and managed by us

05:31

completely but ec2 instance will be

05:34

connected to this ecs cluster that we

05:37

created and on those ec2 instances you

05:40

will have the docker runtime or

05:42

container runtime generally

05:44

so that containers can run and also

05:46

you're going to have ecs agents

05:49

installed and this way the control plane

05:52

or ecs processes can communicate with

05:56

each individual ec2 instance and manage

05:59

them

06:00

so at the end it means that you have a

06:03

control plane that helps you

06:05

manage all your containers and automate

06:08

some of these

06:09

complex things that you don't want to do

06:12

manually and repeatedly so you have

06:14

delegated the management of your

06:17

containers to an aws service so you

06:19

don't have to worry about that however

06:22

you still have to

06:23

manage

06:24

the actual virtual machines

06:27

the ec2 instances

06:30

meaning you have to create the ec2

06:32

instances you have to join them to the

06:35

ecs cluster and when you schedule a new

06:38

container you have to make sure that you

06:41

have enough ec2 instances and resources

06:44

to schedule the next container you also

06:47

have to manage the server operating

06:50

system

06:51

and you also have docker runtime and the

06:53

ecs agent as i mentioned so all these

06:56

are basically part of

06:58

a virtual machine that you have to still

07:01

manage

07:02

on the upside of course you

07:05

have

07:06

full access to your infrastructure which

07:08

is an advantage if you need full

07:11

configuration access and power of the

07:14

infrastructure that's running your

07:15

containers

07:16

so now you have delegated the management

07:20

of your containerized application or

07:22

your containers basically to the aws

07:25

service which of course makes your

07:26

operations easier however you still have

07:29

the infrastructure to manage the virtual

07:33

servers

07:37

now what if you wanted to delegate

07:40

management of the infrastructure also to

07:44

aws

07:45

so you want the container lifecycle to

07:47

be managed by aws and you want the

07:51

hosting infrastructure to also be

07:53

managed by aws now there is an option

07:56

for that and it is called

07:58

aws far gate so far gate is basically an

08:02

alternative to ec2 instances so instead

08:05

of creating a provisioning ec2 instances

08:08

and connecting that to the ecs cluster

08:11

you don't need to provision any virtual

08:13

machines you use fargate interface and

08:16

fargate will take care of spinning up

08:19

the vm to run your container

08:22

so how does fargate work

08:24

fargate is a serverless way to launch

08:27

containers so you take a container that

08:31

you want to deploy on aws

08:35

and you tell aws here's my container

08:38

please run it and you hand it over to

08:41

fargate now at this point you don't have

08:43

any virtual machine that will run your

08:46

container you haven't provisioned

08:48

anything

08:49

or any server yet you just have the

08:52

control plane of ecs and you have the

08:55

far gate interface so you give your

08:56

container to fargate and you say please

08:59

schedule this fargate will then take

09:02

your container

09:03

it will analyze by looking at your

09:05

container how much resources your

09:08

container needs to run how much cpu how

09:11

much ram how much storage it needs to be

09:14

deployed and to run

09:16

and then fargate will itself

09:19

automatically provision a server

09:22

resources for that specific container

09:25

and then it will deploy and run that

09:27

container on the provisioned server

09:30

resources so this happens automatically

09:33

and every time you add or you hand over

09:36

a new container to deploy to fargate

09:39

fargate will do the same you go and

09:41

provision server resources to run that

09:43

specific container

09:45

so advantages are obviously you don't

09:48

need to worry about having enough ec2

09:51

instances and resources to schedule a

09:53

new container because you don't have to

09:54

provision anything beforehand and

09:56

because you don't have to provision the

09:58

infrastructure before you deploy

10:00

containers you always have

10:03

only the amount of infrastructure

10:05

resources needed to run your containers

10:08

and that means

10:10

you pay only for the resources that your

10:12

containers are actually consuming

10:15

and also

10:16

it really easily scales without fixed

10:19

set of ec2 resources defined beforehand

10:23

since every new container gets new

10:24

resources the pricing is based on how

10:28

long the container

10:29

runs

10:31

and how much cpu and memory was

10:34

requested for that container

10:37

so for comparison for ec2 you obviously

10:40

pay for the whole server even though you

10:42

might not be running any containers on

10:44

it or just a few maybe

10:46

and for fargate you only pay for the

10:48

resources that container is consuming

10:51

so now you have your

10:54

infrastructure managed by aws using the

10:57

fargate service and the containers that

11:01

are running that were scheduled through

11:03

fargate are now also managed by ecs so

11:07

you have multiple levels of your

11:10

infrastructure and the application on it

11:12

being managed by aws services now the

11:15

only thing that you have to worry about

11:18

and manage

11:20

is the actual application itself so

11:23

you develop the application you create

11:25

containers and that's it and then you

11:27

just deploy the containers on aws

11:30

infrastructure

11:32

which obviously is a great thing however

11:34

again if you need

11:36

more access to the underlying

11:38

infrastructure you need access to the

11:40

actual infrastructure

11:42

running your containers then you have

11:44

the flexibility and access with ec2

11:47

instances

11:49

and of course when you run your

11:50

containerized application on aws

11:53

infrastructure using the aws services

11:57

you have advantage of using

11:59

any other aws services from the aws

12:02

ecosystem right so

12:04

both ec2 and fargate and ecs and all

12:08

these services obviously fully integrate

12:11

with

12:11

the whole aws ecosystem right so this

12:14

could be cloud watch for monitoring

12:17

elastic load balancer for load balancing

12:20

iam for permissions and users vpc for

12:24

networking and so on

12:30

now this is how you can let aws manage

12:33

your containerized applications using

12:36

ecs

12:37

now what if

12:39

you want to use kubernetes as you know

12:41

kubernetes is the most popular container

12:44

orchestration tool currently so a lot of

12:47

projects a lot of companies actually use

12:49

kubernetes so can you still use aws

12:54

infrastructure

12:55

if you want to use kubernetes and how

12:58

can you use that aws actually has

13:01

another service which is for

13:04

managing kubernetes cluster on aws

13:08

infrastructure so alternative to ecs you

13:12

have a service called eks which stands

13:15

for elastic kubernetes service that lets

13:18

you manage kubernetes cluster

13:21

so the difference or advantage of using

13:24

eks is the first thing that i just

13:26

mentioned which is if you're using

13:29

kubernetes already and your project

13:31

wants to deploy their kubernetes cluster

13:34

on aws

13:35

infrastructure obviously you want to be

13:38

able to keep your kubernetes tool and

13:41

not use

13:42

a proprietary container orchestration

13:45

of aws you have an option of doing that

13:49

using eks

13:50

so that's the first obvious reason

13:53

another reason if you

13:55

do not necessarily think about using

13:57

kubernetes or you don't already use

13:59

kubernetes in your project making

14:01

decision between ecs and eks is

14:04

basically ecs is specific to aws right

14:08

so if you decide at some later point to

14:11

migrate to another platform you will not

14:13

be able to move that cluster to another

14:16

platform because it is really integrated

14:19

and based on aws with eks though because

14:23

it's managing the kubernetes cluster you

14:25

can easily migrate kubernetes because

14:27

it's not specific to aws right it's an

14:30

independent tool which you can use

14:32

anywhere so you can migrate or much

14:35

easily migrate kubernetes cluster on

14:38

another platform or maybe even on

14:41

premise right if you have your own

14:43

infrastructure in your company then

14:45

you can use the same configuration same

14:48

tools across multiple platforms so

14:51

that's a major advantage of using eks

14:55

versus ecs now i have to mention here

14:58

that even though kubernetes is an

15:00

independent tool if you're using it on

15:03

aws and you use a lot of additional

15:07

tools and services from the aws

15:09

ecosystem in your kubernetes cluster

15:12

then of course when you migrate your

15:14

kubernetes cluster you'll have to

15:16

replace those services with some other

15:18

tools because they will not be available

15:20

on another platform right because these

15:22

services are again specific to aws so

15:26

just know that it's not 100

15:28

easily migratable especially if you're

15:30

using aws specific services in your

15:33

cluster so that's maybe one thing to

15:35

consider another also important reason

15:38

for using eks versus ecs is

15:42

that if you use kubernetes which is

15:44

again a much more popular orchestration

15:46

tool than ecs you also have access to

15:50

all the kubernetes tools and plugins and

15:52

things are developing in the kubernetes

15:55

ecosystem like helm and some other tools

15:58

that integrate well with kubernetes now

16:01

on the side of ecs a more suitable

16:04

use case for ecs

16:07

is if you have less complex

16:08

containerized applications that maybe

16:11

don't need this full-fledged kubernetes

16:13

cluster to run in in this case you can

16:16

actually deploy it on ecs cluster and

16:19

also you don't pay for the ecs control

16:22

plane compared to eks cluster control

16:26

plane

16:27

but generally i think eks is much better

16:31

choice

16:32

for managing and orchestrating your

16:34

cluster on aws infrastructure now how

16:38

does eks work it's actually pretty

16:40

similar to how ecs works with eks you

16:44

create a cluster

16:46

which represents the control plane in

16:49

kubernetes world these are going to be

16:51

the masternodes so when you create an

16:53

eks service or eks cluster aws will

16:58

provision in the background kubernetes

17:00

masternodes

17:02

that already have all the kubernetes

17:04

master services installed on them so all

17:07

of that is managed and provisioned for

17:10

you you don't have to worry about

17:11

masternodes for your kubernetes cluster

17:14

also because it's managed by aws

17:18

these master nodes it will automatically

17:21

replicate the master nodes across

17:24

multiple availability zones so if you're

17:26

creating eks in region

17:29

eu west 3 that has three availability

17:32

zones then you will get automatic

17:35

replication of your masternodes on all

17:38

those azs and of course then you have

17:41

the storage which is the lcd part of the

17:44

master processes which stores

17:47

the whole configuration

17:49

the current state basically of

17:51

kubernetes cluster and that storage

17:53

needs to be replicated and needs to be

17:55

backed up because you shouldn't or you

17:57

can't lose the data otherwise you lose

18:00

all your cluster configuration and again

18:03

because it's a managed service aws will

18:06

also take care of storing the data

18:09

replicating it and

18:11

backing it up properly so basically

18:13

masternodes of kubernetes is not your

18:16

worry anymore so with eks you have the

18:19

master nodes control plane configured

18:22

now you need the worker nodes right you

18:24

need infrastructure that actually runs

18:26

your containers again same way as in the

18:29

ecs you will create ec2 instances the

18:33

so-called compute fleet of multiple

18:36

virtual servers and then connect them to

18:39

the eks

18:41

and now you have the masternodes and

18:43

worker node group connected and that

18:46

gives you a complete kubernetes cluster

18:49

and once that's done you can simply

18:52

connect to the cluster using cubectl

18:55

command and start deploying containers

18:57

inside that cluster in the example of

18:59

ecs we saw that these ec2 instances this

19:02

compute fleet each server had the ecs

19:06

agent installed this way the control

19:09

plane could communicate with the

19:10

individual nodes in this case we're in

19:14

the kubernetes world so worker nodes

19:16

will have kubernetes processes so this

19:18

way control plane or kubernetes

19:20

masternodes can communicate with worker

19:23

nodes just like they do on any platform

19:25

right it's not specific to aws in this

19:28

case so you have the worker nodes made

19:30

out of ec2 instances

19:34

that are connected to the eks

19:37

cluster

19:38

however in this case also you need to

19:40

manage the ec2 instances yourself you

19:44

have to manage the operating system and

19:46

the process is running on them in eks

19:49

cluster however you have a possibility

19:52

to choose a semi-managed ec2 instances

19:57

for your cluster so basically you can

19:59

group your worker nodes into node groups

20:03

and that node group can actually handle

20:06

some of the heavy lifting for you and

20:08

basically make it easier for you to

20:11

configure new worker nodes for your

20:13

cluster for example worker nodes or ec2

20:17

instances manage my node group will get

20:20

all the processes

20:21

necessary installed on them so you don't

20:24

have to worry about installing container

20:26

runtime kubernetes worker processes

20:29

etc for them to make it into worker

20:32

nodes so that means you have an

20:34

alternative between completely

20:36

self-managed ec2 instances and

20:39

semi-managed ec2 instances through node

20:42

groups

20:43

and when working with eks cluster

20:47

it is actually a good practice to use

20:49

node groups because they make a lot of

20:51

things simpler and you can also

20:54

create multiple node groups to group

20:55

your worker nodes in different logical

20:58

groups but as i said it is still

21:00

semi-managed you still have to take care

21:03

of some other stuff for example auto

21:06

scaling right you don't have the auto

21:08

scaling configuration out of the box you

21:10

still need to configure things in

21:12

kubernetes and on the aws side to make

21:16

auto scaling possible so you have to

21:18

take care of

21:19

creating new ec2 instances removing them

21:22

etc

21:24

however if that's also something you

21:27

want to delegate to aws if you don't

21:30

want to worry about that you can also

21:32

for eks cluster use fargate instead and

21:37

in that case you would have fully

21:39

managed worker nodes in addition to

21:42

fully managed control plane so these are

21:45

the three steps of

21:47

worker node

21:49

infrastructure management you have

21:51

available in aws

21:54

or you can even use both ec2 and fargate

21:58

at the same time for the same eks

22:00

cluster

22:02

so basically from the hosting

22:04

perspective of where your containers are

22:06

running having ec2 and fargate as

22:09

alternatives this part is pretty much

22:12

the same whether you use ecs or eks

22:17

and this basically gives you the

22:20

combination of the services that you

22:23

have as an option if you want to run a

22:26

containerized application

22:28

on aws

22:30

using a container orchestration tool to

22:32

manage them

22:37

now we just saw two of the services

22:40

on aws that are specifically for

22:42

containers and there is one more

22:44

container service on aws and that is

22:48

amazon ecr which stands for elastic

22:52

container registry so basically this is

22:55

just

22:56

a repository for container images

22:59

alternative to docker hub or

23:02

nexus docker repository where you can

23:05

store your docker images for example

23:08

advantage

23:10

of using elastic container registry is

23:13

of course

23:15

because it's part of the whole aws

23:17

ecosystem it integrates well with other

23:20

services so for example if you use eks

23:24

with ec2 instances for example

23:27

then it will be easier to connect it and

23:30

configure

23:31

your cluster

23:33

with

23:34

ecr to fetch the instances but also to

23:37

do some other stuff like automatically

23:40

get notified when a new version of the

23:43

image gets pushed to the registry and

23:46

then automatically download that into

23:48

your cluster and also some other

23:52

additional features and of course you

23:53

have all those abilities because these

23:55

are all aws services so they are tightly

23:58

integrated with each other

24:00

and ecr is pretty easy and

24:02

straightforward to use

24:04

you basically create your private

24:06

repositories for your different

24:09

application images or docker images and

24:13

you can start pushing different versions

24:16

or different tags of that image to those

24:19

registries and then of course use that

24:21

endpoint

24:22

to download the images from the cluster

24:29

so to summarize on aws you have three

24:32

container services

24:34

first for storing container images in

24:37

private container repository and the

24:40

other two for orchestrating or managing

24:43

your complex containerized application

24:47

on aws infrastructure

24:49

and in this part we're gonna look at ecr

24:52

and ek services and use them in our ci

24:56

cd pipeline

24:57

to build and push

24:59

images to ecr and deploy them to elastic

25:03

kubernetes service

25:05

[Music]