
AWS EC2 Container Service - nitinag
http://aws.amazon.com/blogs/aws/cloud-container-management/
======
Animats
"All problems in computer science can be solved by another level of
indirection" \- David Wheeler

That's what "containers" are, of course. There's so much state in OS file
namespaces that running any complex program requires "installation" first.
That's such a mess that virtual machines were created to allow a custom OS
environment for a program. Then that turned into a mess, with, for example, a
large number of canned AWS instances to choose from. So now we have another
level of indirection, "containers".

Next I expect we'll have container logistics management startups. These will
store your container in a cloud-based "warehouse", and will continuously take
bids for container execution resources. Containers will be automatically moved
around from Amazon to Google to Rackspace, etc. depending on who's offering
the lowest bid right now.

~~~
arohner
IMO, the problem is that your standard OS has way too much stuff running.

A SaaS app running in production should be about the size of your binary, and
the libraries it uses. Instead, we have X, smtp, terminals and a full
filesystem running. home directories and uids make no sense in an app that
uses no unix users except for the one you're forced to use.

I'd really like to see a much smaller, simpler, non-posix OS for running
server apps.

~~~
kelleyk
I haven't had a chance to play with it, but I ran across this project the
other day: [https://github.com/cloudius-
systems/osv](https://github.com/cloudius-systems/osv)

"OSv was designed from the ground up to execute a single application on top of
a hypervisor... OSv... runs unmodified Linux applications (most of Linux's ABI
is supported) and in particular can run an unmodified JVM, and applications
built on top of one."

~~~
emmanueloga_
This article [1] lists a couple of other "cloud OS" systems. OSv and mirage
[2] seem to be the two most promising ones right now.

1: [http://www.linux.com/news/enterprise/cloud-
computing/751156-...](http://www.linux.com/news/enterprise/cloud-
computing/751156-are-cloud-operating-systems-the-next-big-thing-) 2:
[http://www.openmirage.org/](http://www.openmirage.org/)

------
beat
Docker in general is just another swing of the granularity pendulum. Since the
rise of distributed environments in the late 1980s, the pendulum has swung
back and forth between microservices (which become a version control tangle as
they move independently) and monolithic applications (which become a bloatware
problem as they have whole kitchen sinks to move around). The core problem is
that software is complex, and at a certain level, you can't take complexity
away - just push it around here and there. A large number of small pieces, or
a small number of large pieces. Which kneecap do you want shot in?

After a few years of trending toward monoliths via chef/puppet/ansible DevOps
automation, Docker is going in a different direction, toward fragmented SOA.
It'll go that way for a while until it becomes too painful, and then new tech
will come to push us back to the monolithic approach, until that hurts too
much...

The good thing is, these cycles come in response to improvements in technology
and performance. Our tools get better all the time, and configuration
management struggles to keep up. It's awesome! Docker will rule for a while
and then be passed by in favor of something new, but it'll leave a permanent
mark, just as Chef did, and Maven, and Subversion, and Ant, and Make, and CVS,
and every other game-changer.

------
St-Clock
Security-wise, if I understand correctly, this is a very interesting offering.

1\. The containers live on "your" VMs so you get the isolation of a virtual
machine and do not worry about the other tenants' containers.

2\. The VMs are part of a "private cloud", i.e., the internal network is not
accessible by other tenants' VMs and containers.

#2 is what worried me the most in other container service offerings. It's easy
to overlook protecting your internal ip when you manage VMs, it's even easier
(and expected) when you deploy containers.

~~~
kalgen
These are also properties of Google Container Engine. Which other container
service offerings were you thinking of?

~~~
dividuum
Digital Ocean has something called "Private Networking" that's internal to the
data center but shared with all other customers. It's not obvious from reading
the website that this is the case.

~~~
estsauver
I actually think they're almost intentionally a touch deceptive. "Private" is
a really loaded term to use there.

~~~
inopinatus
When a door is marked "Private", then the room beyond is generally a shared
space for all those authorized to access.

------
incision
I'm disappointed that this requires an invite, particularly so close after
Container Engine which I was able to try out immediately while still watching
Cloud Platform Live the other day.

Is this typical for new AWS offerings?

It makes me wonder if it's something that truly isn't ready for prime time,
but is being rushed / forced by the mounting Docker hype and GKE announcement.

~~~
swordwield
Considering they've been tweeting about it [1] since before their competitors
announced things I'd say it's unlikely to be a "response". It's far more
likely that Docker has now been out long enough for the various providers to
build services around it. AWS already had some docker support built in in
April [2]. It's also pretty common to release services as previews. GCE lists
theirs as an Alpha quality product.

[1]
[https://twitter.com/jeffbarr/status/529493907839533056](https://twitter.com/jeffbarr/status/529493907839533056)

[2] [http://blog.docker.com/2014/04/aws-elastic-beanstalk-
launche...](http://blog.docker.com/2014/04/aws-elastic-beanstalk-launches-
support-for-docker/)

~~~
bashtoni
Given that kubernetes (the project behind GCE) was open sourced in early June,
I hardly think a tweet from a week and a half ago shows it's not a response to
Google.

~~~
gruvector
He also mentions the elastic beanstalk support for Docker from April. It's
quite obvious that everyone has been working on Docker support for a while now
anyway.

------
hammerdr
Anyone have any insight about if this handles service discovery? It claims
"cluster management" which usually means discovery, but there is no mention of
it. Maybe Amazon is expecting you to handle that?

~~~
jhappoldt
From:
[https://aws.amazon.com/ecs/details/](https://aws.amazon.com/ecs/details/)

...including the Docker repository and image, memory and CPU requirements, and
how the containers are linked to each other. You can launch as many tasks as
you want from a single task definition file that you can register with the
service.

Very few details but it looks like container lifting across hosts. If so this
is great news.

~~~
zenlikethat
Yes but there are a lot of ways that "the containers are linked together"
could be implemented and some of them e.g. key value store require modifying
application code quite a bit whereas e.g. DNS does not.

~~~
derefr
Wasn't there just an AWS announcement yesterday about the ability to register
VPC-private DNS records in Route 53? It screamed "SkyDNS competitor" to me but
I couldn't figure out what Amazon wanted such a thing for. Makes sense now.

~~~
donavanm
Route 53 launched private (vpc) dns last week. Its actually a common pattern
to manage ec2 instances via dns records. Many people had built this on top of
the public route53 offering, see zonify from airbnb as an example. Private dns
improves on that model as the vpc instances never have to communicate with the
public internet now.

------
jpgvm
No mention of Elastic Load Balancing integration or even EBS integration. Thus
avoiding the 2 hardest problems in container management.

To make this not suck you will still need a proxy layer that maps ELB
listeners to your containers and if you intend to run containers with
persistent storage you are going to be in for a fun ride.

Probably best to integrate functionality for interacting with storage systems
into Docker itself, probably as a script hook interface similar to the way Xen
works.

------
nitinag
Direct link to product as well:
[http://aws.amazon.com/ecs/](http://aws.amazon.com/ecs/)

------
SEJeff
So Azure, GCE, and now EC2 all support docker natively. Sorry Canonical and
LXD, but docker has basically won at this point. There simply isn't a good
reason to "compete" when you can just add features to docker at this point.

------
LeonidBugaev
I guess it is like hosted Mesos. They provide Masters and API similar to
Marathon, and you just have to run slave instances. Looks nice :)

------
gtaylor
Is anyone else seeing a blank confirmation page when trying to sign up?
[http://i.imgur.com/faztegP.png](http://i.imgur.com/faztegP.png)

~~~
sync
I got that too. Pretty awesome. May not be production ready for quite some
time...

------
sshillo
I wonder if this is built off apache mesos

------
j2d3
This destroys heroku, right?

~~~
general_failure
No, I think deis and dokku

~~~
j2d3
Them too, but heroku runs on aws and basically provides this, too, but instead
of free, it's very very expensive

~~~
general_failure
It's expensive comparatively. The convenience heroku provides is vastly
overweighs the price.

------
garblegarble
Weird, I'm getting a 404 when visiting this page, did Amazon pull it?

~~~
pm90
working fine for me

------
waitingkuo
When can we start to use this service?

------
ing33k
one more reason to use docker .

