[[TOC]]
Intro to Containers
Virtualization should really be called OS virtualization. It's the process of running multiple operating systems on the same hardware. When you think about deploying your virtual machines as is in vCenter, you realize that you have a vCenter host machine that has 5-6 virtual machines running on it. Each one of those virtual machines probably has a 60GB C: drive that is 40% filled up with an identical copy of the operating system. Think about how much disk space is used across the entire datacenter on every single virtual machine for the same identical copy of the operating system. Now, take this example and apply it to other compute resources. CPU, RAM are all duplicated and there is a lot of wasted compute resources.
This is where containers fit in. They run the apps and programs in the individually isolated containers on top of one operating system. Containerization is the process of taking those programs and apps and running them compartmentalized on the same OS. You can take the apps that run on 6 virtual machines, containerize them and run them all on one virtual machine with one OS instance.
This diagram really doesn't accurately show the difference between hypervisor vs container virtualization. What it tries to depict is the fact that you have less resources being taken up by the container because you don't have 3 huge Guest OS instances consuming that compute and storage. In reality, the amount that is saved is much more because not all VMs run at 100% the entire time. Most are spooled down to roughly 30% or less.
Docker
Docker is a very popular container engine or runtime. A container engine is what enables containers to work across the entire host.
Docker takes a base OS image and then creates read only layers on top for each level of functionality that the Dockerfile requests.
- A docker file is basically the orchestrator for the Docker image's contents.
One thing to note is that the image is read-only. It never changes. So, you're probably asking, how do you use an image that is read-only? When the container is started, it adds another layer on top of it that IS read/write.
Container Registry
A container registry is where you place the built images for consumption. Multiple images might be used for an application stack.
Demo Creating container of Cats
ECS Concepts
- Container Definition - Container definitions are used in task definitions to describe the different containers that are launched as part of a task. Defines the images and the ports that will be used for the container.
- Task Definition - The details of a task definition which describes the container and volume definitions of an Amazon Elastic Container Service task. You can specify which Docker images to use, the required resources, and other configurations related to launching the task definition through an Amazon ECS service or task. Security (Roles) Containers, and resources.
- Task role - The IAM role that the task assumes.
- Service Definition - Defines how a task scales or runs. How many copies, high availability and restarts of the containers
#ECS - Cluster Mode
Two types: EC2 and Fargate.
EC2
THese are container services deployed as EC2 instances inside of your account that are managed by the ECS cluster
- You can log into these EC2 instances and you will pay for them just like any other EC2 instance.
Fargate
Shared hardware with other customers, but are isolated so that you can't see other customers.
- Don't need to manage hosts
- simply pay for the costs of consuming the container's compute resources.
When to use
- If you just use containers, use ECS
- Large workload - price conscious - EC2 mode
- large workload - overhead conscious - Fargate
- Small/Burstable loads - Fargate
- Batch/periodic workloads - Fargate