compose/ecs
Nicolas De Loof ec58975524
Don't prepent docker.io to image URI. Let the container runtime apply default registry
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
2020-08-17 21:26:24 +02:00
..
cmd Fix setup command breaks if .aws/config does not exists 2020-08-17 21:26:23 +02:00
docs Document required AWS permissions 2020-08-17 21:26:17 +02:00
internal Customize SDK requests to AWS API with user-agent 2020-08-17 21:26:21 +02:00
pkg Don't prepent docker.io to image URI. Let the container runtime apply default registry 2020-08-17 21:26:24 +02:00
tests Set version by most recent Tag 2020-08-17 21:26:19 +02:00
Dockerfile Drop use of mockgen made obsolete as we use CloudFormation 2020-08-17 21:26:21 +02:00
LICENSE Project skaffloding 2020-04-10 16:10:52 +02:00
Makefile Set version by most recent Tag 2020-08-17 21:26:19 +02:00
README.md clarify project status 2020-08-17 21:26:21 +02:00
builder.Makefile Customize SDK requests to AWS API with user-agent 2020-08-17 21:26:21 +02:00
go.mod Reject compose file that uses incompatible features 2020-08-17 21:26:23 +02:00
go.sum Reject compose file that uses incompatible features 2020-08-17 21:26:23 +02:00
golangci.yaml Setup Github Action for CI 2020-04-28 10:50:27 +02:00

README.md

Docker CLI plugin for Amazon ECS

Status

The Docker ECS plugin is still in Beta. It's design and UX will evolve until 1.0 Final release.

Architecture

ECS plugin is a Docker CLI plugin root command ecs require aws profile to get API credentials from ~/.aws/credentials as well as AWS region - those will later be stored in a docker context

A compose.yaml is parsed and converted into a CloudFormation template, which will create all resources in dependent order and cleanup on down command or deployment failure.

  +--------------------------------------+
  | compose.yaml file                    |
  +--------------------------------------+
- Load
  +--------------------------------------+
  | compose Model                        |
  +--------------------------------------+
- Validate
  +--------------------------------------+
  | compose Model suitable for ECS       |
  +--------------------------------------+
- Convert
  +--------------------------------------+
  | CloudFormation Template              |
  +--------------------------------------+
- Apply
  +--------------+      +----------------+  
  | AWS API      |  or  | stack file     |
  +--------------+      +----------------+
  • Load phase relies on compose-go. Any generic code we write for this purpose should be proposed upstream.
  • Validate phase is responsible to inject sane ECS defaults into the compose-go model, and validate the compose.yaml file do not include unsupported features.
  • Convert produces a CloudFormation template to define all resources required to implement the application model on AWS.
  • Apply phase do apply the CloudFormation template, either by exporting to a stack file or to deploy on AWS.

Application model

Services

Compose services are mapped to ECS services. Compose specification has no support for multi-container services, nor does it support sidecars. When an ECS feature requires a sidecar, we introduce custom Compose extension (x-aws-*) to actually expose ECS feature as a service-level feature, not plumbing details.

Networking

We map the "network" abstraction from Compose model to AWS SecurityGroups. The whole application is created within a single VPC, SecurityGroups are created per networks, including the implicit default one. Services are attached according to the networks declared in Compose model. Doing so, services attached to a common security group can communicate together, while services from distinct SecurityGroups can't. We just can't set service aliasses per network.

A CloudMap private namespace is created for application as {project}.local. Services get registered so that we get service discovery and DNS round-robin (equivalent for Compose's endpoint_mode: dnsrr). Docker images SHOULD include a tiny entrypoint script to replicate this feature:

if [ ! -z LOCALDOMAIN ]; then echo "search ${LOCALDOMAIN}" >> /etc/resolv.conf; fi