Lab setup data from the Pluralsight course on:

Using Docker on AWS

---

Looking for more courses on IT security, cloud admin, and containers? Check out:

• • • Introduction to Cyber Security
    • Hosting Static websites on Amazon S3
    • Securing Amazon EC2 Instances
    • Big Picture: Docker and Kubernetes Container Virtualization

---

NOTE 1.0

These command snippets are meant for people working through the new, fully updated release of the Pluralsight course. If, somehow, you’ve been sent to this page from an older version that doesn’t cover Fargate or Kubernetes, then I would advise you to disregard what you’ve seen. The way AWS handles Docker container workloads has changed substantially since that older version was created and there’s a lot there that’ll just confuse you. Accept no substitutes!

Note 1.1

Although I often recommend running LXC containers as a fantastic virtual environment for experimenting, don’t even think about it for those demos that require Docker CE to be installed locally: since both technologies use abstractions of the host kernel, they’d be stepping all over each other’s feet trying to get things done. Instead, unless you choose to follow along with the command line-based demos directly on an actual physical PC, I would recommend installing VirtualBox, downloading the latest stable LTS Ubuntu ISO file (which would currently be 18.04), and firing up as many VMs as you like. I included a video on working with VirtualBox in my Linux Server Virtualization course.

Note 2.0

You’ll need to make a change to the Dockerfile that installs Apache2 on Ubuntu: instead of:

• • • • RUN apt-get -y install

The line should read:

• • • • RUN DEBIAN_FRONTEND=”noninteractive” apt-get -y install

If you don’t do that, the build will stall as it tries to set the system locale. Thanks to a sharp-eyed Pluralsight viewer for catching this and bringing it to my attention. I’ve updated the Dockerfiles themselves below.

---

Script for installing Docker on Ubuntu

#!/bin/bash
sudo apt-get update
# Prepare TLS encryption
sudo apt-get -y install \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common

# Add and verify official Docker GPG key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

# Add apt repo
sudo add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"

sudo apt-get update

# Install Docker CE
sudo apt-get -y install docker-ce docker-ce.cli containerd.io

A simple Dockerfile

# Simple Dockerfile
#
FROM ubuntu:latest

RUN apt-get update
RUN DEBIAN_FRONTEND="noninteractive" apt-get install -y apache2
RUN echo "Welcome to my web site" > /var/www/html/index.html
EXPOSE 80

Build and run a container

docker build -t "webserver" .
docker images
docker run -d -p 80:80 webserver /usr/sbin/apache2ctl -D FOREGROUND

WordPress stack.yml file for local deployment

version: '3.1'

services:

wordpress:
image: wordpress
ports:
- 80:80
environment:
WORDPRESS_DB_HOST: db
WORDPRESS_DB_USER: wpuser
WORDPRESS_DB_PASSWORD: examplepassword
WORDPRESS_DB_NAME: wpdb

db:
image: mysql:5.7
environment:
MYSQL_DATABASE: wpdb
MYSQL_USER: wpuser
MYSQL_PASSWORD: examplepassword
MYSQL_RANDOM_ROOT_PASSWORD: '1'

Prepare an EC2 launch type

ecs-cli configure \
--cluster ec2-test-App \
--region us-east-1 \
--default-launch-type EC2 \
--config-name ec2-test-App

ecs-cli configure profile \
--access-key <your-access-key> \
--secret-key <your-secret-key> \
--profile-name ec2-test-App

ecs-cli up \
--capability-iam \
--size 2 \
--instance-type t2.medium \
--cluster-config ec2-test-App
--ecs-profile ec2-test-App

docker-compose.yml for EC2 launch


version: '3'
services:
wordpress:
image: wordpress
ports:
- "80:80"
links:
- mysql
mysql:
image: mysql:5.7
environment:
MYSQL_ROOT_PASSWORD:

ecs-params.yml for EC2 launch


version: 1
task_definition:
services:
wordpress:
cpu_shares: 100
mem_limit: 524288000
mysql:
cpu_shares: 100
mem_limit: 524288000

Launch EC2 type

ecs-cli compose \
--project-name ec2-project service up \
--cluster-config ec2-test-App

ecs-cli ps --cluster-config ec2-test-App

[shut down:]
ecs-cli compose down --cluster-config ec2-test-App
ecs-cli down --force --cluster-config ec2-test-App

Prepare a Fargate launch

ecs-cli configure profile \
--profile-name wpfargate \
--access-key <your-access-key> \
--secret-key <your-secret-key>

ecs-cli configure \
--cluster wpfargate \
--region us-east-1 \
--default-launch-type FARGATE \
--config-name wpfargate

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "ecs-tasks.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}


aws iam \
--region us-east-1 create-role \
--role-name ecsTaskExecutionRole \
--assume-role-policy-document file://task-execution-assume-role.json

NOTE: You may need to also run this command for the later ecs-compose command to work:

aws iam \
--region us-east-1 attach-role-policy \
--role-name ecsTaskExecutionRole \
--policy-arn arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy

ecs-cli up --cluster-config wpfargate

aws ec2 create-security-group \
--group-name "wpfargate-sg" \
--description "My Fargate security group" \
--vpc-id "vpc-0fd8a0742962a4c7e"

aws ec2 authorize-security-group-ingress \
--group-id "sg-056e52a070c1aad48" \
--protocol tcp \
--port 80 \
--cidr 0.0.0.0/0

YAML files for Fargate

nano docker-compose.yml

version: '3'
services:
wordpress:
image: wordpress
ports:
- "80:80"
logging:
driver: awslogs
options: 
awslogs-group: wpfargate
awslogs-region: us-east-1
awslogs-stream-prefix: wordpress


nano ecs-params.yml

version: 1
task_definition:
task_execution_role: ecsTaskExecutionRole
ecs_network_mode: awsvpc
task_size:
mem_limit: 0.5GB
cpu_limit: 256
run_params:
network_configuration:
awsvpc_configuration:
subnets:
- "subnet-0ea714f5de083febd"
- "subnet-03157b03dac355069"
security_groups:
- "sg-056e52a070c1aad48"
assign_public_ip: ENABLED

Launch Fargate type

ecs-cli compose \
--project-name wpfargate service up \
--create-log-groups \
--cluster-config wpfargate \
--cluster wpfargate

ecs-cli ps --cluster wpfargate

ecs-cli compose \
--project-name wpfargate service down \
--cluster-config wpfargate

ecs-cli down \
--force \
--cluster-config wpfargate


Install eksctl, kubectl, and aws-iam-authenticator
curl --silent --location "https://github.com/weaveworks/eksctl/releases/download/latest_release/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp

sudo mv /tmp/eksctl /usr/local/bin
eksctl version

curl -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.19.6/2021-01-05/bin/linux/amd64/kubectl
ls
curl -o kubectl.sha256 https://amazon-eks.s3.us-west-2.amazonaws.com/1.19.6/2021-01-05/bin/linux/amd64/kubectl.sha256
ls
cat kubectl.sha256
openssl sha1 -sha256 kubectl

chmod +x ./kubectl
mkdir bin
cp kubectl bin
export PATH=$HOME/bin:$PATH
echo 'export PATH=$HOME/bin:$PATH' >> ~/.bashrc
kubectl version --short --client

curl -o aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/1.12.7/2019-03-27/bin/linux/amd64/aws-iam-authenticator
curl -o aws-iam-authenticator.sha256 https://amazon-eks.s3-us-west-2.amazonaws.com/1.12.7/2019-03-27/bin/linux/amd64/aws-iam-authenticator.sha256
ls
openssl sha1 -sha256 aws-iam-authenticator
chmod +x ./aws-iam-authenticator
cp aws-iam-authenticator bin/
aws-iam-authenticator help

Build Kubernetes cluster and download YAML files

eksctl create cluster \
--name wp-cluster \
--version 1.12 \
--nodegroup-name standard-workers \
--node-type t3.medium \
--nodes 3 \
--nodes-min 1 \
--nodes-max 4 \
--node-ami auto

kubectl create secret generic mysql-pass --from-literal=password=bigsecret
kubectl get secrets

curl https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/application/wordpress/mysql-deployment.yaml > mysql-deployment.yaml

curl https://raw.githubusercontent.com/kubernetes/website/master/content/en/examples/application/wordpress/wordpress-deployment.yaml > wordpress-deployment.yaml

Build Apache webserver container on Docker CE

# Simple Apache Dockerfile
#
FROM ubuntu:latest
RUN apt-get update
RUN DEBIAN_FRONTEND="noninteractive" apt-get install -y apache2
CMD /usr/sbin/apache2ctl -D FOREGROUND
EXPOSE 80

docker build -t newserver .
docker run -d -p 80:80 newserver

Apache on ECS

docker-compose.yml

version: '3'
services:
apache:
image: dbclinton/newserver
ports:
- "80:80"

ecs-params.yml

version: 1
task_definition:
services:
apache:
cpu_shares: 100
mem_limit: 524288000

ecs-cli configure \
--cluster ec2cluster2 \
--region us-east-1 \
--default-launch-type EC2 \
--config-name ec2cluster2

ecs-cli configure profile \
--access-key <your-access-key> \
--secret-key <your-secret-key> \
--profile-name ec2cluster2


ecs-cli up \
--capability-iam \
--size 1 \
--instance-type t3.medium \
--cluster-config ec2cluster2


ecs-cli compose \
--project-name ec2cluster service up \
--cluster-config ec2cluster2

ECR authentication and administration

aws ecr get-login --no-include-email --region us-east-1

aws ecr create-repository --repository-name newrepo

aws ecr describe-repositories

docker images

docker-compose.yml

version: '3'
services:
apache:
image: 297972716276.dkr.ecr.us-east-1.amazonaws.com/newrepo:latest
ports:
- "80:80"

ecs-params.yml

version: 1
task_definition:
services:
apache:
cpu_shares: 100
mem_limit: 524288000

ecs-cli configure \
--cluster ec2cluster \
--region us-east-1 \
--default-launch-type EC2 \
--config-name ec2cluster

ecs-cli configure profile \
--access-key <your-access-key> \
--secret-key <your-secret-key> \
--profile-name ec2cluster


ecs-cli up \
--capability-iam \
--size 1 \
--instance-type t3.medium \
--cluster-config ec2cluster


ecs-cli compose \
--project-name ec2cluster service up \
--cluster-config ec2cluster

ecs-cli ps --cluster-config ec2cluster

ecs-cli compose \
--project-name ec2cluster service down \
--cluster-config ec2cluster

ecs-cli down --force --cluster-config ec2cluster