Real-time Container Monitoring Best Practices Presented by AWS & Datadog
Real-time Container Monitoring Best Practices Presented by AWS & Datadog
Today’s Speakers Daniel Maher Developer Advocate Datadog Igor Alekseev Data & Analytics Partner AWS
Agenda – Introduction & Session Overview – Containers at AWS – Real-world Containers Best Practices & Use Cases – What’s Next? – Audience Q&A
Poll Question What container runtime are you currently using? – Docker – Containerd – CRI-O – Other
Containers at AWS More options and power than ever before © 2022, Amazon Web Services, Inc. or its Affiliates.
What customers ask for Build applications, not infrastructure © 2022 Amazon Web Services, Inc. or its Affiliates. Manage infrastructure to their requirements Scale quickly and seamlessly Security and isolation by design
What are our customers building? © 2022, Amazon Web Services, Inc. or its Affiliates.
Applications Shared services platform Enterprise app migration Machine learning Mobile & web applications CI/CD .NET Classic Windows apps Autonomous vehicle Back-end web services IaaS Linux apps Recommendation engines IoT Management, security, & governance Third-party applications Fraud detection Data processing Logging & monitoring © 2020, 2022, Amazon Web Services, Inc. or its Affiliates. Chatbots
How are customers building? © 2022, Amazon Web Services, Inc. or its Affiliates.
Compute operational models Least AWS Lambda Serverless functions AWS manages Customer manages Data source integrations Application code Physical hardware, software, networking, and facilities Provisioning Application code What you manage Container orchestration, provisioning AWS Fargate Cluster scaling Data source integrations Serverless containers Physical hardware, host OS/kernel, networking, and facilities Security config and updates Network config Management tasks Application code Amazon ECS/EKS Container-management -as-a-service Container orchestration control plane Physical hardware software, networking, and facilities Data source integrations Work clusters Security config and updates, network config, firewall, management tasks Application code Amazon EC2 Infrastructure-as-a-Service Most © 2022 Amazon Web Services, Inc. or its Affiliates. Physical hardware software, networking, and facilities Data source integrations Scaling Security config and updates Network config Management tasks Provisioning, managing scaling and patching of servers
Poll Question Are you using or have aspirations to have aspirations to use AWS serverless technologies such as Fargate or Lambda? - Yes - No - Not yet, but we are planning to implement © 2022 Amazon Web Services, Inc. or its Affiliates.
The containers stack on AWS CONTAINERS CONTAINER SERVICE MANAGED KUBERNETES STORE & RETRIEVE DOCKER IMAGES COMPUTE AUTO SCALING HYBRID ARCHITECTURE AWS-SERVICES ON-PREMISES ACCESS CONTROL DATA INTEGRATION APPLICATION LIFECYCLE MANAGEMENT ASSESSMENT & REPORTING INTEGRATED DEVICES & EDGE SYSTEMS AUTHORING CONFIGURATION COMPLIANCE INTEGRATED IDENTITY & ACCESS BUILD & TEST DATA PROTECTION INTEGRATED NETWORKING CONTAINERS DDOS PROTECTION INTEGRATED RESOURCE & DEPLOYMENT MANAGEMENT DEVOPS RESOURCE MANAGEMENT IDENTITY MANAGEMENT VMWARE CLOUD ON AWS ONE CLICK APP DEVELOPMENT KEY MANAGEMENT & STORAGE PATCHING MONITORING & LODGING PIPELINE ORCHESTRATION RESOURCE MANAGEMENT RESOURCE TEMPLATES THREAT DETECTION TRIGGERS BATCH JOBS EVENT-DRIVEN SERVERLESS COMPUTING INFRASTRUCTURE INSTANCE TYPES AVAILABILITY ZONES MANAGED REPOSITORY FOR SERVERLESS APPS CUSTOM HARDWARE RUN & MANAGE WEB APPS DATA CENTER INFRASTRUCTURE SERVERLESS COMPUTE POINT OF PRESENCE ISOLATED COMPUTE ENVIRONMENTS (FOR NITRO ENCLAVES) ANALYSE & DEBUG WEB APPLICATION FIREWALL MANAGED VIRTUAL PRIVATE SERVERS VIRTUAL SERVERS GLOBAL NETWORK BACKBONE THREAT DETECTION & INVESTIGATION FOR AMAZON DETECTIVE AUTOMATED SECURITY POSTURE CHECKS FOR AWS SECURITY HUB DEVELOPMENT FRAMEWORK REGIONS STORAGE APPLICATION DELIVERY ARCHIVE STORAGE DEDICATED NETWORK CONNECTION BACKUP & RESTORE DOMAIN NAMING SERVICE BLOCK STORAGE LOAD BALANCING DATA TRANSFER MONITOR APIS EDGE PROCESSING & COMPUTING MONITOR MICROSERVICES FILE STORAGE NETWORK TOPOLOGY HIGH PERFORMANCE FILE SYSTEM NETWORKING HUG HYBRID CLOUD STORAGE PRIVATE CONNECTION TO APPS OBJECT STORAGE SCALE VPS & ACCOUNT CONNECTIONS WINDOWS FILE SYSTEM © SERVICE 2022 Amazon Web Services, Inc. or its Affiliates. DISCOVERY VIRTUAL PRIVATE CLOUD MOBILE API GATEWAY POWER INFRASTRUCTURE IDENTITY MANAGEMENT & GOVERNANCE NETWORKING & CONTENT DELIVERY DEV TOOLS SECURITY, IDENTITY, & COMPLIANCE MOBILE ANALYTICS MOBILE APP TESTING ACTIVITY & API USAGE TRACKING SINGLE INTEGRATED CONSOLE CHATBOT SYNC CONFIGURATION TRACKING TARGETED PUSH NOTIFICATIONS GOVERNANCE INVENTORY TRACKING LICENSE MANAGER MANAGE POLICIES MANAGE RESOURCES MONITORING PROVISIONING RESOURCE TEMPLATES SECURITY RECOMMENDATIONS SERVER MANAGEMENT SERVICE CATALOG SYSTEM MANAGER APPLICATION INTEGRATION EMAIL MESSAGE BROKER QUEUING & NOTIFICATIONS SEARCH TRANSCODING WORKFLOW
AWS has the richest container portfolio anywhere APPLICATION NETWORKING Service discovery and service mesh MANAGEMENT Deployment, scheduling, scaling, and management of containerized applications HOSTING Where the containers run IMAGE REGISTRY Container image repository © 2022, Amazon Web Services, Inc. or its Affiliates. AWS Cloud Map AWS App Mesh Amazon Elastic Container Service (Amazon ECS) Amazon Elastic Kubernetes Service (Amazon EKS) Amazon Elastic Compute Cloud (Amazon EC2) AWS Fargate Amazon Elastic Container Registry (Amazon ECR) Red Hat OpenShift Service for AWS (ROSA)
Container technology © 2022, Amazon Web Services, Inc. or its Affiliates.
Management: Amazon EKS, Amazon ECS and now ROSA ECS EKS ROSA Powerful simplicity Open flexibility Opinionated platform © 2022, Amazon Web Services, Inc. or its Affiliates.
Powerful simplicity AWS-opinionated way to run containers at scale Reduce decisions without sacrificing scale or features ECS © 2022, Amazon Web Services, Inc. or its Affiliates. Reduce time to build, deploy, and migrate applications
Open flexibility Gain agility and efficiency with AWS-optimized Kubernetes, and standardize operations everywhere Secure, highly available, with observability across all Kubernetes deployments EKS © 2022, Amazon Web Services, Inc. or its Affiliates. Build with choice of solutions from the broader community around Kubernetes
Opinionated container platform Leverage integrated tools and services for developers and operators Transfer OpenShift skills and processes from on-prem environments ROSA © 2022, Amazon Web Services, Inc. or its Affiliates. Simplify management, support and billing of OpenShift environments
Customers usually mix and match Team GitHub Jenkins ECR Flux CloudWatch ALB, NLB, NGINX, Traefik AWS App Mesh EKS Fargate © 2022, Amazon Web Services, Inc. or its Affiliates. OR ECS EC2 CloudFormation Application User
AWS App Runner Fully managed service for web applications AWS App Runner Web application Serverless Platform Backend server provides a highly abstracted and simple managed experience for running web applications and API hosting services © 2022 Amazon Web Services, Inc. or its Affiliates. • https://www.datadoghq.com/blog/aws-app-runner-monitoring
Run your containers anywhere based on your workload needs Serverless EC2 options AWS Fargate Amazon EC2 Spot instance © 2022 Amazon Web Services, Inc. or its Affiliates. Edge and 5G AWS Local Zones AWS Wavelength On-premises AWS Outposts ECS EKS Anywhere Anywhere
Containers are worth looking at
Containers monitoring is not magic
Kubernetes is sort of magic though…
10 Trends in Real World Containers https://datadoghq.com/container-report/
EKS had a 20% increase in adoption among AWS orgs
Stateful workloads, containers, and you
Images: the hot top ten!
Images: the hot top ten (DJ k8s remix!)
Docker is champ, but new challengers are rising…
How it started vs. how it’s going
It’s Speculation Time! – Edge computing (containers on the edge) – Increased importance of orchestration / mesh technology – Docker for dev, containerd (or other) for prod? – Moving towards higher levels of abstraction – Containers as a packaging and dependency mechanism