
AWS App2Container - lowmemcpu
https://aws.amazon.com/app2container/
======
filleokus
> App2Container (A2C) currently supports the following application types:

> 1) ASP.NET (.NET 3.5+) web applications running in IIS 7.5+ on Windows. A2C
> packages these applications with Windows containers.

Do people actually run Windows containers successfully?

Right now I'm working with get ASP.NET apps into containers, by first getting
them ported to ASP.NET Core and then into Linux containers. The decision to
skip Windows all-together was made before I joined, but I'm a nix guy so I
don't complain.

One of the hiccups I've encountered on Linux is the lack of support for
Windows Authentication. It gives you AD backed SSO basically for free (as a
developer) - you just need one line of config to turn it on and the magic of
IIS solves it for you.

We moved to ADFS instead, which worked well. But I'm guessing there are many
of these deeply integrated services that make Windows containers attractive.

~~~
nullify88
Unless I'm mistaken, you should be able to get working Windows Authentcation
if you have Kerberos libs installed, a valid krb5.conf and a keytab or service
account credentials.

It was suprisingly easy to get working.

What Windows containers offers are Group Managed Service Accounts which
reduces the administrative overhead managing service accounts for Linux
containers and makes them completely transparent to the container.

~~~
filleokus
Yeah, we investigated that route, but on stateless containers it seemed really
cumbersome?

I don't remember exactly why now, but isn't there some problem with the
ephemeral nature of the container? Like that each instance of the container
needs their own service account or something?

> What Windows containers offers are Group Managed Service Accounts which
> reduces the administrative overhead managing service accounts for Linux
> containers and makes them completely transparent to the container.

Aah, yeah, that seems nice.

~~~
nullify88
> Yeah, we investigated that route, but on stateless containers it seemed
> really cumbersome?

I agree, it could be cumbersome without something to manage the secrets. I use
OpenShift / k8s at work so injecting these secrets is trivial.

------
jontro
If you want to containerize a java app check out jib. Really easy to use and
integrates well with gradle

~~~
radarsat1
Can I ask, what is it really to "containerize" and why does it need a special
tool?

From what I can tell "containerization" is mostly just starting up a Docker
image, running apt-get or equivalent to install tools (in this case, a JVM),
and specifying a launch script or entry point. You might give it some
arguments for what ports and volumes to mount.

Is there more to it? Because that kind of thing doesn't seem to require more
than a simple script or two, and I have a hard time understanding why you need
dedicated tools for this.

~~~
jacques_chester
The main reason for specialisation is efficiency. The selection of the
contents and ordering of layers has an effect on how quickly the can be
rebuilt/updated, how big they need to be, how much deduplication you can get
between images etc.

A few years ago I wrote up a scheme (which wasn't pursued) for automatic image
construction[0]. The first half of the writeup enumerated a bunch of problems
with relying purely on Dockerfiles.

[0]
[https://docs.google.com/document/d/1M2PJ_h6GzviUNHMPt7x-5POU...](https://docs.google.com/document/d/1M2PJ_h6GzviUNHMPt7x-5POUaadcvK3ZNT9QEGDZhPk/edit)

~~~
radarsat1
Thanks for the write-up!

~~~
jacques_chester
Happy to help.

------
erulabs
I’m not a .net or java user these days but I love the “guess what’s in a repo
and try your best” strategy. I’ve been working on “deploy-node-app” for
JavaScript applications that does similar: try to scan for dependencies,
services, etc and “guess” as much of the Kubernetes configuration as a
possible. It’s a fun project! Glad I don’t have to make it support .NET now ;)

~~~
jacques_chester
You might be interested in Cloud Native Buildpacks, particularly the Paketo
buildpacks: [https://paketo.io/](https://paketo.io/)

They do the "read the repo" thing in a uniform, composable way. So you don't
need Java-but-also-some-special-case-for-front-end code. It's just buildpacks.
Mix and match however makes sense.

Disclosure: I worked on CNBs for a while, as well as the ancestors of Paketo
buildpacks.

~~~
erulabs
Cool! I plan on supporting BuildPacks eventually in my project - unfortunately
the goal is teaching developers DevOps best practices and Kubernetes concepts
- so build packs is a bit too down the rabbit hole compared to generating a
Dockerfile. Eventually tho, buildpacks are exciting!

~~~
jacques_chester
I'm biased, but I disagree about the balance of rabbit hole depths.

Generating _good_ Dockerfiles is harder than it looks and, in my experience,
folks more or less wind up reimplementing Buildpack-like logic anyhow.

All you need to do is type `pack build` and someone else solves it. I've
always liked that experience, going back to `cf push` and Heroku.

~~~
erulabs
Yes, but buildpacks and Heroku have a similarity: incredibly simple to do the
simple thing, incredibly opaque to do the complex thing. With a dockerfile,
people can just install what they need. Sure - it could potentially be more
efficient, but I like to focus on human efficiency rather than machine
efficiency. Happy developers > fast CI systems :)

~~~
jacques_chester
But Cloud Native Buildpacks are intended for the happiness of humans as well
as machines. They can update an image faster than docker build can, because of
careful selection of layers and by performing operations directly against a
registry (rebasing). A developer can achieve some the same things with
artfully-designed Dockerfiles, but then they're back to "what buildpacks can
already do for me".

CNBs are a ground-up redesign of buildpacks, taking advantage of new
foundations, with specific efforts to remedy the things that used to suck.
They're composible instead of being giant monoliths, they update super fast
and then you still get all the other niceties you used to have. Plus someone
else maintains them and you'll never need to run a zillion rebuilds for every
CVE that affects your OS, it's a simple rebase operation.

In my wildly biased opinion, I think they are worth another look, once you
find time.

~~~
erulabs
Oh I agree with you - build packs are excellent! It's more about introducing
one technology at a time. People who know about cloud native build packs
typically don't need help writing dockerfiles or getting going on Kubernetes.
On step at a time is all :)

------
fowl2
Funny this doesn't come out of Microsoft.

Vaguely relatedly, MS seems to be making another little push into Windows
Containers after seemingly forgetting about them. 29 days ago a new Github
issue tracker! [https://github.com/microsoft/Windows-
Containers](https://github.com/microsoft/Windows-Containers)

------
tersers
Does this work with .NET Core? As someone writing an ASP.NET Core app for a
backend this looks promising.

~~~
filleokus
As far as I can read it does not work with .NET Core.

But a "simple" ASP.NET Core app (i.e not dependent on Windows specific
features) is really is to get running on Linux, and it's not tricky to write a
Dockerfile for that. Probably not hard to get running on a Windows container
either, but I have not tried that.

If you are running Visual Studio I can recommend their Dockerfile-generator as
a starting point, it have worked surpassingly well for me!

------
o_____________o
I know naming products is tough, but aws, are you try to confuse?
"App2Container" is so ambiguous that it's guaranteed to be misunderstood. Was
that a strategy to get more clicks or just reflective of the difficulty in
succinct branding strategies?

~~~
conradludgate
From a native English speaking standpoint. App2Container seems pretty standard
to be 'App To Container', which is exactly what it says it does

~~~
SwiftyBug
While I agree it's very clear what "2" means in this context, it's off the
pattern AWS has set with EC2 (Elastic Compute Cloud) and S3 (Simple Storage
Service) where the numbers are part of an arithmetic expression (S* 3 and E +
C * 2).

