Checklist: Is your application ready for a container cluster?

Andreas Wittig – 28 Nov 2019

Is your application ready to run on a container cluster? Use this checklist to find out whether you are good to deploy your application on Amazon Elastic Container Service (ECS) and AWS Fargate or any other container cluster solution.

Checklist

Does your application fulfill the following five requirements?

✅ Stateless: avoid persisting data

Your application (call it a microservice if you want to) is stateless. Answering a request or processing a job does not rely on reading data stored by previous requests or jobs. This applies to data from memory as well as a local disk.

Instead of that, your application stores data in a SQL/NoSQL database (e.g., RDS or DynamoDB), an in-memory database (Elasticache), or any other fully-managed storage service (e.g., S3).

✅ Logging: write to stdout and stderr

Your application writes log messages to standard output (stdout) and standard error (stderr). Do not write log messages to files. (see Stateless). Docker has built-in support to ship log messages from stdout and stderr to various centralized logging solutions (e.g., CloudWatch Logs). Check out A simple way to manage log messages from containers: CloudWatch Logs to learn more.

✅ Configuration: use environment variables

Your application reads configuration parameters from environment variables (e.g., the database endpoint or any other service endpoint). Do not use files to store the configuration for your application.

Use a templating engine for configuration files if you are containerizing a legacy application. I prefer envsubst to do so. Alternatively, you could have a look at Dockerizing legacy applications with confd.

✅ Process: restrict to one process

Your container starts exactly one main process. If your application consists of more than one process, split them up into multiple containers. For example, if you run NGINX and PHP-FPM, create two containers.

✅ Remote access: disable SSH

Your container does not start an SSH daemon. Do not install or enable SSH within a container (see Processs). Use docker attach to log into a container if needed for debugging. On top of that, optimize your logging.

✅ Shutdown: avoid canceling requests and jobs

Your application receives KILL signals and shuts down gracefully. Test whether the KILL signal triggered by docker kill leads to your application stopping to answer new requests or start new jobs and terminate after the last request or job has been completed.

  • Does your Dockerfile contain ENTRYPOINT or CMD in shell form? Your main process will not receive any KILL signals.
  • Are you starting your main process from a shell script? Make sure you are using exec to do so.

When using Fargate it is necessary, that your application is able to shutdown gracefully within 2 minutes.

🎉 Summary

Checked all five requirements from the checklist? Happy you! Your application is ready for ECS and Fargate or any other container cluster solution.

Andreas Wittig

Andreas Wittig

I’ve been building on AWS since 2012 together with my brother Michael. We are sharing our insights into all things AWS on cloudonaut and have written the book AWS in Action. Besides that, we’re currently working on bucketAV,HyperEnv for GitHub Actions, and marbot.

Here are the contact options for feedback and questions.