Book Image

Running Windows Containers on AWS

By : Marcio Morales
Book Image

Running Windows Containers on AWS

By: Marcio Morales

Overview of this book

Windows applications are everywhere, from basic intranet applications to high-traffic public APIs. Their prevalence underscores the importance of combining the same tools and experience for managing a modern containerized application with existing critical Windows applications to reduce costs, achieve outstanding operational excellence, and modernize quickly. This comprehensive guide to running and managing Windows containers on AWS looks at the best practices from years of customer interactions to help you stay ahead of the curve. Starting with Windows containers basics, you’ll learn about the architecture design that powers Amazon ECS, EKS, and AWS Fargate for Windows containers. With the help of examples and best practices, you’ll explore in depth how to successfully run and manage Amazon ECS, EKS, and AWS Fargate clusters with Windows containers support. Next, the book covers day 2 operations in detail, from logging and monitoring to using ancillary AWS tools that fully containerize existing legacy .NET Framework applications into containers without any code changes. The book also covers the most common Windows container operations, such as image lifecycle and working with ephemeral hosts. By the end of this book, you’ll have mastered how to run Windows containers on AWS and be ready to start your modernization journey confidently.

Related Content you might be interested in

Current Title:

Small book image
Running Windows Containers on AWS
Marcio Morales
Apr, 2023 | 212 pages
Small book image
Mastering Elastic Kubernetes Service on AWS
Malcolm Orr | YangXin Cao Eason
Jul, 2023 | 448 pages
Small book image
Expert AWS Development
Atul Mistry
Mar, 2018 | 408 pages
Small book image
Amazon Fargate Quick Start Guide
Deepak Vohra
Jul, 2018 | 190 pages
Table of Contents (22 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Share Your Thoughts
Download a free PDF copy of this book
1
Part 1: Why Windows Containers on Amazon Web Services (AWS)?
Part 1: Why Windows Containers on Amazon Web Services (AWS)?
Free Chapter
2
Chapter 1: Windows Container 101
Chapter 1: Windows Container 101
Why are Windows containers an important topic?
How does Windows Server expose container primitives?
How Windows Server implements resource controls for Windows containers
Understanding Windows container base images
Delving into Windows container licensing on AWS
Summary
Further reading
3
Chapter 2: Amazon Web Services – Breadth and Depth
Chapter 2: Amazon Web Services – Breadth and Depth
Why AWS for Windows containers?
Understanding how AWS Nitro impacts container performance
Learning about AWS container orchestrators
Summary
4
Part 2: Windows Containers on Amazon Elastic Container Service (ECS)
Part 2: Windows Containers on Amazon Elastic Container Service (ECS)
5
Chapter 3: Amazon ECS – Overview
Chapter 3: Amazon ECS – Overview
Technical requirements
Amazon ECS – fundamentals
Amazon ECS – task networking
Deploying an Amazon ECS cluster with Terraform
Summary
6
Chapter 4: Deploying a Windows Container Instance
Chapter 4: Deploying a Windows Container Instance
Technical requirements
Amazon ECS-optimized Windows AMIs
Amazon ECS agent
Right-sizing a Windows container instance
Deploying a Windows container instance with Terraform
Summary
7
Chapter 5: Deploying an EC2 Windows-Based Task
Chapter 5: Deploying an EC2 Windows-Based Task
Technical requirements
Understanding a task definition
Setting up AD integration
Setting up persistent storage
Scheduling an EC2 Windows-based task with Terraform
Summary
8
Chapter 6: Deploying a Fargate Windows-Based Task
Chapter 6: Deploying a Fargate Windows-Based Task
Technical requirements
AWS Fargate overview
Planning for serverless Windows containers
AWS Fargate Windows-based task use cases
Scheduling a Fargate Windows-based task definition with Terraform
Summary
9
Part 3: Windows Containers on Amazon Elastic Kubernetes Service (EKS)
Part 3: Windows Containers on Amazon Elastic Kubernetes Service (EKS)
10
Chapter 7: Amazon EKS – Overview
Chapter 7: Amazon EKS – Overview
Amazon EKS – fundamentals
Amazon VPC CNI for Windows
Amazon EKS and Windows support
Summary
11
Chapter 8: Preparing the Cluster for OS Interoperability
Chapter 8: Preparing the Cluster for OS Interoperability
Setting up the VPC CNI plugin for Windows support
Avoiding pod-scheduling disruption
Dynamically scaling out Windows pods
Summary
12
Chapter 9: Deploying a Windows Node Group
Chapter 9: Deploying a Windows Node Group
Technical requirements
Amazon EKS node groups
Amazon EKS-optimized Windows AMIs
Understanding the EKS Windows bootstrap
Working with persistent storage using CSI drivers
Deploying an Amazon EKS cluster with Windows nodes using Terraform
Summary
13
Chapter 10: Managing a Windows Pod
Chapter 10: Managing a Windows Pod
Technical requirements
Exploring Windows host and Pod resource management
Understanding the Runtime Class use case
Understanding Active Directory integration on Kubernetes
Deploying a Windows Pod on Amazon EKS
Summary
14
Part 4: Operationalizing Windows Containers on AWS
Part 4: Operationalizing Windows Containers on AWS
15
Chapter 11: Monitoring and Logging
Chapter 11: Monitoring and Logging
Implementing LogMonitor
Implementing log forwarding
Using Amazon CloudWatch Container Insights
Summary
16
Chapter 12: Managing a Windows Container's Image Life Cycle
Chapter 12: Managing a Windows Container's Image Life Cycle
Understanding Microsoft Patch Tuesday
Security patch compliance on Windows container images
Rebuilding your container image frequently
Summary
17
Chapter 13: Working with Ephemeral Hosts
Chapter 13: Working with Ephemeral Hosts
The idea behind ephemeral hosts
Why custom AMIs
Building a custom AMI pipeline
Summary
18
Chapter 14: Implementing a Container Image Cache Strategy
Chapter 14: Implementing a Container Image Cache Strategy
Why is implementing a container image cache strategy important?
Speeding up a Windows container startup time
Summary
19
Chapter 15: AWS Windows Containers Deployment Tools
Chapter 15: AWS Windows Containers Deployment Tools
Deploying an Amazon EKS cluster with eksctl
Containerizing Windows applications with AWS App2Container
Deploying Windows containers with AWS Copilot
Summary
20
Index
Index
Why subscribe?
21
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Download a free PDF copy of this book

How does Windows Server expose container primitives?

Containers are kernel primitives responsible for containerization, such as control groups, namespaces, union filesystems, and other OS functionalities. These work together to create process isolation provided through namespace isolation and control groups, which govern the resources of a collection of processes within a namespace.

Namespaces isolate named objects from unauthorized access. A named object provides processes to share object handles. In simple words, when a process needs to share handles, it creates a named event or mutex in the kernel; other processes can use this object name to call functions inside the process, then an object namespace creates the boundary that defines what process or container process can call the named objects.

Control groups or cgroups are a Linux kernel feature that limits and isolates how much CPU, memory, disk I/O, and network a collection of the process can consume. The collection process is the one running in the container:

Figure 1.1 – How a container runtime interacts with the Linux kernel

Figure 1.1 – How a container runtime interacts with the Linux kernel

However, when it relates to the Windows OS, this is an entirely different story; there is no cgroup, pid, net, ipc, mnt, or vfs. Instead, in the Windows world, we call them job objects (the equivalent of cgroups), object namespaces, the registry, and so on. Back in the days when Microsoft planned how they would effectively expose these low-level Windows kernel APIs so that the container runtime could easily consume them, Microsoft decided to create a new management service called the Host Compute Service (HCS). The HCS provides an abstraction to the Windows kernel APIs, making a Windows container a single API call from the container runtime to the kernel:

Figure 1.2 – How a container runtime interacts with the Windows kernel

Figure 1.2 – How a container runtime interacts with the Windows kernel

Working directly with the HCS may be difficult as it exposes a C API. To make it easier for container runtime and orchestrator developers to consume the HCS from higher-level languages such as Go and C#, Microsoft released two wrappers:

  • hcsshim is a Golang interface to launch and manage Windows containers using the HCS
  • dotnet-computevirtualization is a C# class library to launch and manage Windows containers using the HCS

Now that you understand how Windows Server exposes container primitives and how container runtimes such as Docker Engine and containerd interact with the Windows kernel, let’s delve into how Windows Server implements resource controls at the kernel level for Windows containers.

Previous Section
End of Section 3
Next Section