Containing the Chaos Part 1 of 3: Docker | Amazon Elastic Container Registry (ECR)

This article is part of a three-part series:

Containing the Chaos Part 1 of 3: Docker | Amazon Elastic Container Registry (ECR)
In part 1, the application will be placed into a container image. The container image will then be stored in the Amazon Elastic Container Registry (ECR).

Containing the Chaos Part 2 of 3: Amazon DynamoDB | Amazon Simple Storage Service (S3) | Amazon Elastic Container Services (ECS) | AWS Fargate | Terraform
In part 2, the DynamoDB table and Amazon S3 buckets will created using Terraform. Further the Amazon Elastic Container Services (EC2) cluster will be initiated on AWS Fargate.

Containing the Chaos Part 3 of 3: Amazon Elastic Container Service (EC2) | Amazon Elastic Load Balancing (ELB) | Terraform
In part 3 (the final part), the task definition will be created for the cluster. A service will be created to handle running the defined tasks. The application will then be tested. Finally, will decommission the resources.

For background on this series, go here:

Containing the Chaos! | A Three-Part Series Demonstrating the Usefulness of Containerization to HumanGov

1 of 9. Open AWS Cloud9

2 of 9. Create IAM role for ECS

Used for creating ECS Cluster and service

Identity and Access Management (IAM) -/- Access Management -/- Roles -/- [Create role] Trusted entity type: AWS service Use case: Elastic Container Service -/- Elastic Container Service Task [Next] Permissions policies: - AmazonS3FullAccess - AmazonDynamoDBFullAccess - AmazonECSTaskExecutionRolePolicy [Next] Role name: HumanGovECSExecutionRole [scroll down, make sure that you have all three permissions policies you chose earlier] [Create role]

3 of 9. Clean-up Cloud9

Note: This is because we have so many folders here cluttering up the place. I did not remove my docker-demo directory because I have a couple other things I want to try with that one.

rm -rf hands-on-tasks-terraform rm -rf terraform-module-ec2 rm -rf terraform-provisioners-example rm -rf terraform-remote-state-example rm -rf local-repo rm -rf local-repo2 rm -rf ansible-tasks

4 of 9. Create Dockerfile for application

place "Dockerfile" in human-gov-application/src folder

cd human-gov-application/src vi Dockerfile # Use Python as a base image FROM python:3.8-slim-buster # Set working directory WORKDIR /app # Copy requirements and install dependencies COPY requirements.txt ./ RUN pip install --no-cache-dir -r requirements.txt # Copy the Flask application COPY . /app # Start Gunicorn CMD ["gunicorn", "--workers", "1", "--bind", "0.0.0.0:8000", "humangov:app"]

5 of 9. Create public ECR repository named humangov-app

Warning: you typically would use a private registry in production.

Amazon Elastic Container Registry (ECR) -/- Public Registry -/- Repositories [Create repository] Visibility settings: Public Repository name: humangov-app [Create repository]

6 of 9. Create docker image and push to the registry

Look up the push commands in the container registry. In Cloud 9, you will run the push commands. [Make sure you're in the folder with the 'Dockerfile' you created earlier.

Amazon Elastic Container Registry (ECR) -/- Public Registry -/- Repositories -/- humangov-app [View push commands] #Retrieve an authentication token and authenticate your Docker client to your registry. aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/i7y0m4q9 # Build your Docker image using the following command. For information on building a Docker file from scratch see the instructions here . You can skip this step if your image is already built: docker build -t humangov-app . # After the build completes, tag your image so you can push the image to this repository: docker tag humangov-app:latest public.ecr.aws/i7y0m4q9/humangov-app:latest #Run the following command to push this image to your newly created AWS repository: docker push public.ecr.aws/i7y0m4q9/humangov-app:latest

7 of 9. Create nginx configuration files and Dockerfile

Will use a different directory: human-gov-application/nginx

cd .. mkdir nginx vi nginx.conf vi proxy_params vi Dockerfile

nginx.conf

server { listen 80; server_name humangov www.humangov; location / { include proxy_params; proxy_pass http://localhost:8000; } }

proxy_params

proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

Dockerfile

# Use NGINX alpine as a base image FROM nginx:alpine # Remove the default NGINX configuration file RUN rm /etc/nginx/conf.d/default.conf # Copy custom configuration file COPY nginx.conf /etc/nginx/conf.d # Copy proxy parameters COPY proxy_params /etc/nginx/proxy_params # Expose port 80 EXPOSE 80 # Start NGINX CMD ["nginx", "-g", "daemon off;"]

8 of 9. Create public ECR repository named humangov-nginx

Warning: you typically would use a private registry in production.

Amazon Elastic Container Registry (ECR) -/- Public Registry -/- Repositories [Create repository] Visibility settings: Public Repository name: humangov-nginx [Create repository]

9 of 9. Create docker image and push to the registry

Look up the push commands in the container registry. In Cloud 9, you will run the push commands. Make sure you're in the folder with the 'Dockerfile' you created for 'humangov-nginx'.

Amazon Elastic Container Registry (ECR) -/- Public Registry -/- Repositories -/- humangov-nginx [View push commands] # Retrieve an authentication token and authenticate your Docker client to your registry. aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/i7y0m4q9 # Build your Docker image using the following command. For information on building a Docker file from scratch see the instructions here . You can skip this step if your image is already built: docker build -t humangov-nginx . #After the build completes, tag your image so you can push the image to this repository: docker tag humangov-nginx:latest public.ecr.aws/i7y0m4q9/humangov-nginx:latest #Run the following command to push this image to your newly created AWS repository: docker push public.ecr.aws/i7y0m4q9/humangov-nginx:latest

References

Amazon ECS on AWS Fargate

Amazon Elastic Container Registry Documentation

Amazon Elastic Container Service Documentation

Amazon Elastic Compute Cloud Documentation

Amazon DynamoDB Documentation

Amazon Simple Storage Service Documentation

AWS Cloud9 Documentation

Elastic Load Balancing Documentation

AWS Identity and Access Management Documentation

Docker Docs

Documentation | Terraform | HashiCorp Developer

Python 3.12.1 documentation

nginx documentation

Lewis Lampkin, III - Blog

Lewis Lampkin, III - LinkedIn

Lewis Lampkin, III - Medium

Comments

Post a Comment

Popular posts from this blog

Orphaned No More: Adopting AWS Lambda

Image
Background HumanGov is a Model Automated Multi-Tenant Architecture (MAMA) that is meant to be used by the 50 states for personnel tracking. Currently the architecture is fully automated on AWS. The architecture is not ready for go-live. All actions so far are for a proof-of-concept that is presented to the Chief Technical Officer (CTO) for review. During the weekly team meeting, Ko (User Experience Lead) reports that his team has performed thousands of tests against the infrastructure, with moves, adds, and changes, and is not finding any issues in the application user interface. Woo (Infrastructure Lead) reports that there are hundreds of 'orphaned' files in the S3 bucket. (These files are considered 'orphaned' because they do not have corresponding records in the DynamoDB table.) Kim (Tech Lead) reports that there is not a trigger to delete the file from the bucket when a user is deleted from the DynamoDB database. Brady (Lawyer) reports that not deleting t...
Read more

Containing the Chaos! | A Three-Part Series Demonstrating the Usefulness of Containerization to HumanGov

Background HumanGov is a Model Automated Multi-Tenant Architecture (MAMA) that is meant to be used by the 50 states for personnel tracking. Currently the architecture requires Amazon Elastic Compute Cloud (EC2) instances that are maintained by the HumanGov systems administrators. The systems administrators handle all the patching, operations, etc. Due to states wanting their data separate from each other, each state gets a separate set of EC2 instances, which means that as the application scales from one state up to 50 states, the systems administrators will have to patch 50x as many EC2 instances. The system administrators report that they have begun to schedule more and more overtime to handle the maintenance windows for updating the EC2 instances. The lead developer remarked that it was taking longer and longer for new application deployments to get rolled out as the infrastructure grew and more states came on board. By the way, the development environment does not have standa...
Read more

Ansible is the Answer! | A Three-Part Series Demonstrating the Usefulness of Ansible to HumanGov

This is a three (3) part series that demonstrates how Ansible can be useful/leveraged for configuring your infrastructure. The background story here is that HumanGov is a multi-tenant cloud application that requires that each of the fifty (50) states has its own separate infrastructure. The HumanGov Infrastructure Engineers are trying to figure out how they can get it done, and they are considering using Ansible to help them deploy the application. Part 1 sets up the base infrastructure for the scenario. The HumanGov Infrastructure Engineers are accustomed to using Terraform to efficiently deploy infrastructure, but they are not very experienced with Ansible. Part 1 of 3: HumanGov: Ansible is the Answer! | Terraform | AWS Cloud9 | AWS IAM | AWS EC2 | AWS DynamoDB | AWS S3 Part 2 attempts to setup HumanGov via a MANUAL process. Part 2 goes through the steps to MANUALLY install Python, Nginx AND application files as well as MANUALLY configuring the firewall in Ubuntu. After g...
Read more