K
Q

Terraform: Deploying a Docker Compose app on EKS/ECS

4/9/2020

TL;DR

I use an open-source server application running on Docker Compose. It has a few services, including PostgreSQL DB and Redis.

How can I best deploy this application to AWS in full IaC with Terraform?

Solutions so far

1. AWS ecs-cli

ecs-cli now supports sending docker compose configs in Amazon ECS.

However, I do not think it could be integrated with the Terraform workflow (which is maybe not a big fuss). What I know for sure is that ecs-cli is not supported in CloudFormation, as per this issue, still open at this time. So I assume it cannot easily be added to Terraform either.

2. The hard EKS way

  • Take your docker-compose.yml file, translate it to kubectl YAML.
  • (Prepare to doing so every time the package upgrades).
  • Deploy using Terraform's + EKS APIs (minimal example).

But that is not fully IaC yet. And you have to retranslate your config each time the docker-compose changes in the source repository. And it sounds like a lot of work.

3. Using a Helm chart

  • Write a Helm chart for the application.
  • Run Terraform to start a cluster.
  • Still run Terraform with a helm provider to install the application with Helm on the cluster.

4. [Not OK] k8s Kompose

I read Kompose can automagically translate a Docker Compose configuration to a k8s configuration, but they don't appear to be ported on AWS, not to talk about Terraform.

5. [Not OK] The dirty AMI solution

  • Build a custom EC2 AMI with Packer.
  • Using Terraform, set up the DB, Redis and all permissions / network / etc.
  • Start an EC2 instance with the custom AMI.
  • The AMI contains (customized) application code, especially the docker-compose.yml. And the Docker images.
  • The AMI starts a Docker Compose systemctl service.

That would kind of hurt: long builds, difficult monitoring, no scaling.

Side notes

  • I mentioned I need full IaC. What I mean by it is:
    1. The written config (and it only) on master tells you what is deployed.
    2. The deploy will complete without my team having to run any other command. It basically works either on CI/CD or on single-push'n'go.
    3. Monitoring and alerting are easily configured in the IaC.
  • I wish to replace some services with AWS components (namely, the PostgreSQL service by an RDS, and the Redis service with an ElastiCache).
  • The application happens to be Apache Superset. However I am also wondering what is considered the best general approach to this Docker Compose problem.
-- Pinimo
amazon-eks
apache-superset
docker-compose
kubernetes-helm
terraform-provider-aws

Similar Questions

Is there possibility to measure response time of POD in K8S, Openshift?
K8s dynamic volume provisioning: claim.Spec.Selector is not supported for dynamic provisioning on AWS
Can't run mysql with an EBS volume in EKS kubernetes
gRPC based microservice architecture for inter-service communication

1 Answer

4/20/2020

1. Wait and See

Who knows, ecs-cli-v2 might be better integrated with CloudFormation and/or Terraform.

2. Use a Helm chart

As mentioned in the question. Probably the best solution, albeit requiring a (little) effort to parametrize Helm.

See also: Getting started with Helm.

3. Docker Swarm + CloudFormation + Terraform

Docker Swarm now accepts inputs from a docker-compose.yml file. The template can be found and configured here. Once configured, it may be integrated to a Terraform infrastructure.

This (3-year old) tutorial explains how to use Docker Swarm mode on AWS.

To launch the container, if necessary (not fully investigated, feedback is welcome), you could use Terraform's local-exec. This way you can SSH into the master node and run docker stack deploy and other similar commands, while still having all written down in IaC style.

-- Pinimo
Source: StackOverflow