In this blog, I will cover 5 different options to deploy Docker Containers in AWS infrastructure. There are pros and cons of each option and the goal in this blog is not to suggest that some options are better than others, but to highlight the suitable option for a particular use case. I have taken a sample multi-container application and deployed in all the 5 different models to illustrate this. Following are the 5 options/models discussed in this blog:
I have separate blog for each of the above deployment options which are linked to this blog.
Following is the sample application used in this blog:
“client” service has 1 client container task. “vote” service has multiple vote container tasks. Both these services are deployed on a multi-node cluster. “client” service is used to access multi-container “vote” service. “vote” service can also be accessed through external load balancer. The goal of the sample application is to illustrate multi-node cluster, multi-container application, orchestration, container networking across hosts, external load balancing, service discovery and internal load balancing.
Docker Machine for AWS
Docker-machine has EC2 driver for creating a Docker node out of AWS. Docker node in this context means a AWS VM instance with Docker pre-installed. Docker-machine also sets up secure ssh access to the EC2 instance. Once the basic node setup is done, the user can either use traditional Swarm or Swarm mode for orchestration. In terms of integration, this approach provides minimal integration with AWS. This option is very easy to start with and useful for developers who want to try out Docker Containers in the AWS cloud. For more details on Docker-machine for AWS, please refer here.
Docker for AWS
As part of Docker 1.12 announcement, Docker released AWS Docker integration as beta software. With this software, Docker is trying to simplify AWS integration by better integrating Docker with AWS services like load balancer, security groups, cloudwatch etc. Compared to docker-machine, this option provides close integration with AWS services. System containers running in the EC2 instances provides tight integration between user containers and AWS services. These system containers are added by Docker. For example, 1 of the system container listens to host exposed ports and automatically adds it to the AWS ELB. Currently, there are limited options to change the configuration setup. Hopefully, this will be improved when this comes out of beta phase. This option is useful for developers and operations folks who are used to both Docker tools as well as AWS services. For more details on Docker for AWS, please refer here.
Docker Cloud for AWS
Docker cloud is a paid hosted service from Docker to manage Containers. Docker cloud can be used to manage nodes in the cloud or in local data center. By providing AWS credentials, Docker cloud can create and manage AWS EC2 instances and Docker containers will be created on these EC2 instances. Since Docker cloud was an acquisition, it does not use some of the Docker ecosystem software. In terms of integration with AWS, Docker cloud provides minimal integration at this point. Docker cloud provides a lot of value in terms of simplifying infrastructure management and deployment of complex micro-services. This option is useful for folks who want a simple hosted solution with minimal integration around AWS services. For more details on Docker cloud for AWS, please refer here.
Docker Datacenter for AWS
Docker Datacenter is Docker’s enterprise grade CaaS(Container as a service) solution where they have integrated their open source software with some proprietary software and support to make it into a commercial product. Docker Datacenter is an application comprised of Universal control plane(UCP), Docker Trusted registry(DTR), Docker engine and supporting services running as Containers. Docker Datacenter for AWS means running these system services on AWS EC2 instances along with running the application containers which the system services manages. Docker Datacenter is an enterprise grade solution with multi-tenancy support and it provides nice integration with Light weight directory access protocol(LDAP) and Role based access control(RBAC). Docker Datacenter for AWS provides a secure solution with clear separation between private and public subnet. Docker Datacenter also provides high availability with multiple UCP controllers and DTR replicas. This option is useful for Enterprises who want a production grade Docker deployment with tight integration around AWS services. For more details on Docker Datacenter for AWS, please refer here.
AWS has EC2 Container service(ECS) for folks who want to deploy Docker containers in AWS infrastructure. With ECS, Amazon provides its own scheduler to manage Docker containers. ECS integrates very well with other AWS services including load balancer, cloudwatch, cloudformation templates etc. The workflow is little different for folks used to Docker tools. For folks who want to use the Docker ecosystem tools, this option is not suitable.This option can be very powerful once ECS integrates with all AWS services, it can allow seamless movement between VMs and Containers. The task and service definition file formats does not seem flexible. The good thing with ECS is users are not charged for Containers or for ECS, but charged only for the EC2 instances. This option seems more suitable for folks who have been using AWS for a long time and want to try out Docker containers. For more details on AWS ECS, please refer here.
Following table is a brief comparison between the 5 solutions:
|Property/Solution||Docker Machine for AWS||Docker for AWS||Docker Cloud for AWS||Docker Datacenter for AWS||AWS ECS|
|Docker version||Latest Docker version(1.12.1 in my case), no flexibility to select Docker version||Latest Docker version(1.12 in my case), no flexibility to select Docker version||Uses 1.11, no flexibility to select Docker version||Uses 1.11, no flexibility to select Docker version||Uses 1.11, no flexibility to select Docker version|
|Orchestration||Traditional Swarm using external discovery or Swarm mode can be used. Needs to be setup manually.||Swarm mode is integrated and available automatically.||Uses proprietary scheduler.||Traditional Swarm is used. KV store is automatically setup.||Uses AWS proprietary scheduler. There is a plan to integrate external schedulers.|
|Networking||Docker Libnetwork||Docker Libnetwork||Uses Weave.||Docker Libnetwork||AWS VPC based networking|
|Application definition||Compose and DAB||Compose and DAB||Stackfile||Compose||Task and Service definition files|
|Integration with AWS Services||Very minimal integration||Good integration. VPC, ELB, Security groups, IAM roles gets automatically setup.||Minimal integration.||Good integration. Availability zones, VPC, ELB, Security groups, IAM roles gets automatically setup.||Very good integration. Integration available with classic or application load balancer, Cloudwatch logs, autoscaling groups.|
|Cost (This is in addition to EC2 instance cost)||Free||Beta phase currently, not sure of the cost.||1 node and 1 private repository free, charges applicable after that.||Paid service, free for 30 day trial period||Free|
Following are some things that I would like to see:
- AWS ECS allowing an option to use Swarm scheduler.
- Docker for AWS, Docker cloud and Docker Datacenter using a common networking and orchestration solution.
- It will be good to have a common task definition format for applications or an option to automatically convert between the formats internally. This allows for users to easily move between these options and use the same task definition format.