Using the Azure Terraform provider

Creating task definitions – Containers as a Service (CaaS) and Serverless Computing for Containers

ECS tasks are similar to Kubernetes pods. They are the basic building blocks of ECS and comprise one or more related containers. Task definitions are the blueprints for ECS tasks and define what the ECS task should look like. They are very similar to docker-compose files and are written in YAML format. ECS also uses all versions of docker-compose to allow us to define tasks. They help you define containers and their images, resource requirements, where they should run (EC2 or Fargate), volume and port mappings, and other networking requirements.

Tip

Using the docker-compose manifest to spin up tasks and services is a great idea, as it will help you align your configuration with an open standard.

A task is a finite process and only runs once. Even if it’s a long-running process, such as a web server, the task still runs once as it waits for the long-running process to end (which runs indefinitely in theory). The task’s life cycle follows the Pending -> Running -> Stopped states. So, when you schedule your task, the task enters the Pending state, attempting to pull the image from the container registry. Then, it tries to start the container. Once the container has started, it enters the Running state. When the container has completed executing or errored out, it ends up in the Stopped state. A container with startup errors directly transitions from the Pending state to the Stopped state.

Now, let’s go ahead and deploy an nginx web server task within the ECS cluster we just created.

To access the resources for this section, cd into the following directory:

$ cd ~/modern-devops/ch7/ECS/tasks/EC2/

We’ll use docker-compose task definitions here. So, let’s start by defining the following docker-compose.yml file:

version: ‘3’
services:
web:
image: nginx
ports:
“80:80”
logging: driver: awslogs options:
awslogs-group: /aws/webserver
awslogs-region: us-east-1
awslogs-stream-prefix: ecs

The YAML file defines a web container with an nginx image with host port 80 mapped to container port 80. It uses the awslogs logging driver, which streams logs into Amazon CloudWatch. It will stream the logs to the /aws/webserver log group in the us-east-1 region with the ecs stream prefix.

The task definition also includes the resource definition—that is, the amount of resources we want to reserve for our task. Therefore, we will have to define the following ecs-params.yaml file:

version: 1
task_definition:
services:
web:
cpu_shares: 100
mem_limit: 524288000

This YAML file defines cpu_shares in millicores and mem_limit in bytes for the container we plan to fire. Now, let’s look at scheduling this task as an EC2 task.

Installing the AWS and ECS CLIs – Containers as a Service (CaaS) and Serverless Computing for Containers

The AWS CLI is available as a deb package within the public apt repositories. To install it, run the following commands:

$ sudo apt update && sudo apt install awscli -y

$ aws –version

aws-cli/1.22.34 Python/3.10.6 Linux/5.19.0-1028-aws botocore/1.23.34

Installing the ECS CLI in the Linux ecosystem is simple. We need to download the binary and move to the system path using the following command:

$ sudo curl -Lo /usr/local/bin/ecs-cli \ https://amazon-ecs-cli.s3.amazonaws.com/ecs-cli-linux-amd64-latest $ sudo chmod +x /usr/local/bin/ecs-cli

Run the following command to check whether ecs-cli has been installed correctly:

$ ecs-cli –version

ecs-cli version 1.21.0 (bb0b8f0)

As we can see, ecs-cli has been successfully installed on our system.

The next step is to allow ecs-cli to connect with your AWS API. You need to export your AWS CLI environment variables for this. Run the following commands to do so:

$ export AWS_SECRET_ACCESS_KEY=…

$ export AWS_ACCESS_KEY_ID=…

$ export AWS_DEFAULT_REGION=…

Once we’ve set the environment variables, ecs-cli will use them to authenticate with the AWS API.

In the next section, we’ll spin up an ECS cluster using the ECS CLI.

Spinning up an ECS cluster

We can use the ECS CLI commands to spin up an ECS cluster. You can run your containers in EC2 and Fargate, so first, we will create a cluster that runs EC2 instances. Then, we will add Fargate tasks within the cluster.

To connect with your EC2 instances, you need to generate a key pair within AWS. To do so, run the following command:

$ aws ec2 create-key-pair –key-name ecs-keypair

The output of this command will provide the key pair in a JSON file. Extract the JSON file’s key material and save that in a separate file called ecs-keypair.pem. Remember to replace the \n characters with a new line when you save the file.

Once we’ve generated the key pair, we can use the following command to create an ECS cluster using the ECS CLI:

$ ecs-cli up –keypair ecs-keypair –instance-type t2.micro \ –size 2 –cluster cluster-1 –capability-iam

INFO[0002] Using recommended Amazon Linux 2 AMI with ECS Agent 1.72.0 and Docker version 20.10.23

INFO[0003] Created cluster cluster=cluster-1 region=us-east-1 INFO[0004] Waiting for your cluster resources to be created…

INFO[0130] Cloudformation stack status stackStatus=CREATE_IN_PROGRESS VPC created: vpc-0448321d209bf75e2

Security Group created: sg-0e30839477f1c9881

Subnet created: subnet-02200afa6716866fa

Subnet created: subnet-099582f6b0d04e419

Cluster creation succeeded.

When we issue this command, in the background, AWS spins up a stack of resources using CloudFormation. CloudFormation is AWS’s Infrastructure-as-Code (IaC) solution that helps you deploy infrastructure on AWS through reusable templates. The CloudFormation template consists of several resources such as a VPC, a security group, a subnet within the VPC, a route table, a route, a subnet route table association, an internet gateway, an IAM role, an instance profile, a launch configuration, an ASG, a VPC gateway attachment, and the cluster itself. The ASG contains two EC2 instances running and serving the cluster. Keep a copy of the output; we will need the details later during the exercises.

Now that our cluster is up, we will spin up our first task.

2022-09-05 by Clara Pinder Deleting an ECS service Exams of Cloud Providing variable values Using the Azure Terraform provider 0

The need for serverless offerings – Containers as a Service (CaaS) and Serverless Computing for Containers

Numerous organizations, so far, have been focusing a lot on infrastructure provisioning and management. They optimize the number of resources, machines, and infrastructure surrounding the applications they build. However, they should focus on what they do best—software development. Unless your organization wants to invest heavily in an expensive infrastructure team to do a lot of heavy lifting behind the scenes, you’d be better off concentrating on writing and building quality applications rather than focusing on where and how to run and optimize them.

Serverless offerings come as a reprieve for this problem. Instead of concentrating on how to host your infrastructure to run your applications, you can declare what you want to run, and the serverless offering manages it for you. This has become a boon for small enterprises that do not have the budget to invest heavily in infrastructure and want to get started quickly without wasting too much time standing up and maintaining infrastructure to run applications.

Serverless offerings also offer automatic placement and scaling for container and application workloads. You can spin from 0 to 100 instances in minutes, if not seconds. The best part is that you pay for what you use in some services rather than what you allocate.

This chapter will concentrateon a very popular AWS container management offering called ECS and AWS’s container serverless offering, AWS Fargate. We will then briefly examine offerings from other cloud platforms and, finally, the open source container-based serverless solution known as Knative.

Now, let’s go ahead and look at Amazon ECS.

2022-05-22 by Clara Pinder Building the Python Flask app Cloud Certifications Exams of Cloud Providing variable values Using the Azure Terraform provider 0

Technical requirements – Containers as a Service (CaaS) and Serverless Computing for Containers

In the last two chapters, we covered Kubernetes and how it helps manage your containers seamlessly. Now, let’s look at other ways of automating and managing container deployments—Containers as a Service (CaaS) and serverless computing for containers. CaaS provides container-based virtualizationthat abstracts away all management behind the scenes and helps you manage your containers without worrying about the underlying infrastructure and orchestration.

For simple deployments and less complex applications, CaaS can be a savior. Serverless computing is a broad term that encompasses applications that can be run without us having to worry about the infrastructure behind the scenes. It has an additional benefit that you can focus purely on the application. We will discuss CaaS technologies such as Amazon Elastic Container Service (Amazon ECS) with Amazon Web Services Fargate (AWS Fargate) in detail and briefly discuss other cloud-based CaaS offerings such as Azure Kubernetes Services (AKS), Google Kubernetes Engine (GKE), and Google Cloud Run. We will then delve into the popular open source serverless CaaS solution known as Knative.

In this chapter, we’re going to cover the following main topics:

The need for serverless offerings

Amazon ECS with Elastic Compute Cloud (EC2) and Fargate

Other CaaS services

Open source CaaS with Knative

Technical requirements

You will need an active AWS subscription for this chapter’s exercises. AWS is the market’s most popular, feature-rich cloud platform. Currently, AWS is offering a free tier for some products. You can sign up for this at https://aws.amazon.com/free. This chapter uses some paid services, but we will try to minimize how many we use as much as possible during the exercises.

You will also need to clone the following GitHub repository for some of the exercises:

https://github.com/PacktPublishing/Modern-DevOps-Practices-2e

Run the following command to clone the repository into your home directory. Then, cd into the ch7 directory to access the required resources:

$ git clone https://github.com/PacktPublishing/Modern-DevOps-Practices-2e.git \ modern-devops

$ cd modern-devops/ch7

As the repository contains files with placeholder strings, you must replace the <your_dockerhub_ user> string with your actual Docker Hub user. Use the following commands to substitute the placeholders:

$ find ./ -type f -exec sed -i -e \

‘s/<your_dockerhub_user>/<your actual docker hub user>/g’ {} \;

So, let’s get started!

2022-04-06 by Clara Pinder Cloud Certifications Exams of Cloud Load testing your app on Knative Using the Azure Terraform provider 0

Dynamic provisioning – Managing Advanced Kubernetes Resources

Dynamic provisioning is when Kubernetes provides storage resources for you by interacting with the cloud provider. When we provisioned the disk manually, we interacted with the cloud APIs using the gcloud command line. What if your organization decides to move to some other cloud provider later? That would break many existing scripts, and you would have to rewrite the storage provisioning steps. Kubernetes is inherently portable and platform-independent. You can provision resources in the same way on any cloud platform.

But then, different cloud providers have different storage offerings. How would Kubernetes know what kind of storage it needs to provision? Well, Kubernetes uses StorageClass resources for that. StorageClass resources are Kubernetes resources that define the type of storage they need to provide when someone uses it.

The following diagram illustrates dynamic provisioning:

Figure 6.10 – Dynamic provisioning

Let’s see an example storage class manifest, fast-storage-class.yaml, that provisions an SSD within GCP:

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: fast
provisioner: kubernetes.io/gce-pd
parameters:
type: pd-ssd

The StorageClass resource contains a provisioner and any parameters the provisioner requires. You may have noticed that I have kept the name fast instead of gce-ssd or similar. That is because we want to keep the names as generic as possible.

Tip

Keep generic storage class names such as fast, standard, block, and shared, and avoid names specific to the cloud platform. Because storage class names are used in Persistent Volume claims, if you migrate to another cloud provider, you may end up changing a lot of manifests just to avoid confusion.

Let’s go ahead and apply the manifest using the following command:

$ kubectl apply -f fast-storage-class.yaml

As the StorageClass resource is created, let’s use it to provision an nginx StatefulSet resource dynamically.

We need to create a Service resource manifest, nginx-dynamic-service.yaml, first:

apiVersion: v1
kind: Service
metadata:
name: nginx-dynamic
labels:
app: nginx-dynamic
spec:
ports:
port: 80
name: web
clusterIP: None
selector:
app: nginx-dynamic

The manifest is very similar to the manual Service resource. Let’s go ahead and apply it using the following command:
$ kubectl apply -f nginx-dynamic-service.yaml
Now, let’s look at the StatefulSet resource manifest, nginx-dynamic-statefulset.yaml:
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: nginx-dynamic
spec:
…
serviceName: “nginx-dynamic”
template:
spec:
containers:
name: nginx
image: nginx volumeMounts:
name: html
mountPath: /usr/share/nginx/html
…
volumeClaimTemplates:
metadata:
name: html
spec:
storageClassName: “fast”
accessModes: [ “ReadWriteOnce” ]
resources:
requests:
storage: 40Gi

The manifest is similar to the manual one, but this one contains the storageClassName attribute in the volumeClaimTemplates section and lacks the selector section, as we are dynamically provisioning the storage. Use the following command to apply the manifest:

$ kubectl apply -f nginx-dynamic-statefulset.yaml

As the StatefulSet resource is created, let’s go ahead and check the PersistentVolumeClaim and PersistentVolume resources using the following commands:

$ kubectl get pvc
NAME		STATUS	VOLUME	CAPACITY	ACCESS MODES STORAGECLASS
html-nginx-dynamic-0		Bound	pvc-6b78	40Gi	RWO	fast
$ kubectl get pv
NAME	CAPACITY	ACCESS MODES RECLAIM POLICY			STATUS	CLAIM
pvc-6b78	40Gi	RWO	Delete		Bound	default/html-nginx-dynamic-0

And we can see that the claim is bound to a Persistent Volume that is dynamically provisioned. Now, let’s proceed and run the following command to do similar tests with this StatefulSet resource.

Let’s create a file in the nginx-dynamic-0 pod using the following command:

$ kubectl exec -it nginx-dynamic-0 — bash

root@nginx-dynamic-0:/# cd /usr/share/nginx/html/ root@nginx-dynamic-0:/usr/share/nginx/html# echo ‘Hello, dynamic world’ > index.html root@nginx-dynamic-0:/usr/share/nginx/html# exit

Now, delete the pod and open a shell session again to check whether the file exists by using the following commands:

$	kubectl delete pod nginx-dynamic-0
$	kubectl get pod	nginx-dynamic-0
NAME		READY	STATUS	RESTARTS	AGE
nginx-dynamic-0		1/1	Running	0	13s

$ kubectl exec -it nginx-dynamic-0 — bash
root@nginx-dynamic-0:/# cd /usr/share/nginx/html/
root@nginx-dynamic-0:/usr/share/nginx/html# cat index.html
Hello, dynamic world
root@nginx-dynamic-0:/usr/share/nginx/html# exit

And as we can see, the file exists in the volume, even if the pod was deleted. That is dynamic provisioning in action for you!

You will have observed that we have used the kubectl command multiple times throughout this chapter. When you perform activities throughout the day, using shortcuts and best practices wherever you can makes sense. Let’s look at some best practices while using kubectl.

2021-12-06 by Clara Pinder Exams of Cloud Knative architecture Load testing your app on Knative Providing variable values Using the Azure Terraform provider 0