When it comes to containers, AWS customers have moved from “we’re interested” and “we are starting to run some applications in it” to “we could think about running significant chunks of our business on it” over the last couple of years, according to Deepak Singh, AWS’ VP of compute services.
Using containers or the serverless AWS Lambda compute service are the default ways that most customers build new applications on AWS, and the practice is accelerating significantly, said Singh, who runs AWS’ container services, Linux organization and other open-source programs.
“For the most part, especially if it’s a newer application or a modernized or restructured application, it’s going to be running inside containers orchestrated by [Amazon] ECS and EKS or running on Lambda,” Singh said in an interview with Protocol. “Running it directly on a [virtual machine], without container orchestration on top, is getting less and less common.”
Containers speed up application development by isolating everything needed to build and deploy applications — code and other operating dependencies including configuration files and system libraries and tools — without the overhead of an operating system. The technology has been around for a long time, but Docker popularized a developer-friendly format for using containers around 2013, and it has become a big part of the “cloud-native” world ever since.
With two major managed services for containers, AWS dominates container orchestration among cloud providers, according to market share data. But the company has also heavily promoted Lambda, a very different serverless functions computing service, as the future of cloud computing.
AWS remains reluctant to acknowledge one of the major benefits of containers – they make it easier to run applications on multiple clouds – despite the growth and influence of containers as a product strategy both inside AWS and outside. And key features announced in 2020 to support customers who want to manage applications on any infrastructure appear to have fallen short of the multicloud capabilities offered by similar products from Microsoft and Google
“One of the unique things about AWS is that we have two container offerings at the high level via ECS and EKS; most other people just have the one,” Singh said. “And they appeal to a different type of customer — in many cases, sometimes different people in the same company, different departments in the same organization. But what it means is that customers have choices. They don’t have to try and fit into one model. It’s also allowed us to think and identify opportunities where we want to go higher up the stack and ship things for them.”
ECS vs. EKS
Amazon Elastic Container Service (ECS) — its homegrown and first managed container service launched in 2015 — was pegged as the most widely adopted cloud-managed orchestration system among cloud-native developers using such services in a December report from SlashData, an analyst firm focused on developers. But it maintains a tenuous lead. Thirty-three percent of developers are using Amazon ECS, according to the Cloud Native Computing Foundation-commissioned report, followed by Google Kubernetes Engine (GKE) at 32%.
“[Amazon ECS’] lead has arguably been crumbling with no gain to bring home, while Google Kubernetes Engine has been closing in with a substantial growth of 4 percentage points in the last 12 months,” the report stated.
Amazon Elastic Kubernetes Service (EKS), launched almost three years after GKE, is used by 30% of developers surveyed and had the largest year-over-year gain at eight percentage points. A quarter of developers, meanwhile, said they used Microsoft Azure Kubernetes Service, and 17% used Red Hat OpenShift Online or hosted OpenShift on a third-party cloud provider.
AWS would not provide up-to-date usage and growth statistics for Amazon ECS and Amazon EKS beyond 2019 figures posted to its website.
Container orchestration system preferences shifted among edge developers, who lean towards using the open-source Kubernetes for containerized applications, according to the SlashData report. Sixty-seven percent of developers said they used GKE, while 57% used Amazon EKS and half turned to Amazon ECS.
The rise of “serverless containers”
The majority of Amazon ECS customers — investment advisory firm The Vanguard Group and Canadian financial services startup Neo Financial among them — are running on the serverless AWS Fargate compute engine instead of AWS’ flagship Amazon EC2 compute service, according to Singh.
“Almost every new ECS customer is running on Fargate,” he said. “They like the fact that they don’t have to think about servers, they don’t think about clusters — they’re just paying for the services that they’re running.”
AWS is focused on making applications easier to use on Fargate and making it more powerful by adding capabilities such as support for GPUs and larger task sizes.
“Capabilities like that — the ability to run even larger applications — are a big part of where our Fargate roadmap is focused in addition to providing people more visibility into what they’re running, because Fargate hides a lot from you,” Singh said. “We released a bunch of features last year to make that easier for them, like ECS Exec.”
AWS also is moving from Docker to containerd — an industry-standard container runtime — for ECS/Fargate and, potentially over time, for EKS, according to Singh.
“[It’s] one of the underlying components of Docker, but takes out some of the higher-level stuff, because you don’t need that in those contexts,” he said.
Amazon ECS is falling out of favor to a degree because of its proprietary AWS technology, according to Eric Drobisewski, senior enterprise architect at insurance provider Liberty Mutual, which is trying to minimize its use of Amazon ECS over time.
“The code for that is kind of closed off to Amazon in terms of how it’s implemented, how it’s developed,” Drobisewski said. “It’s got its own orchestration model that they built — it is not Kubernetes-based. It does support open standards in terms of the artifacts you can push in … but the operations model around it is really unique to it. Things that you might want to plug in — service mesh gets a lot of attention and things nowadays with Istio and Linkerd — a lot of those weren’t necessarily built as well to work in an ECS model. Amazon has definitely recognized that. That’s part of the reason they built EKS.”
“The open-source community spoke”
Liberty Mutual has put a big focus on shifting everything into Kubernetes over the last four years and has some 20,000 containers actively running as it continues to onboard new workloads and modernize existing ones.
“The open-source community spoke, and Kubernetes is fully mainstream,” Drobisewski said. “The adoption is pretty evident across all different lines of industry in enterprise, which is powerful.”
Almost 90% of Kubernetes users leverage cloud-managed services instead of running self-managed clusters — a 19-point increase from 2020, according to an October report from DataDog, which provides a monitoring and security platform for cloud applications.
Liberty Mutual is integrating more with Amazon EKS to shed aspects of cluster maintenance. Snapchat owner Snap, Babylon Health and banking and financial services institution HSBC also are among customers of Amazon EKS, which launched in 2018.
“My opinion with EKS is that there’s this false kind of belief that there’s no operations involved with it, which is absolutely not true,” Drobisewski said. “Amazon absorbs a decent amount of operations; we’re aware of pieces they don’t. But it’s a good mechanism for us to shed some of that and shift to a provider where possible.”
AWS’ roadmaps for both ECS and EKS are public on GitHub. In addition to making its container orchestration services simpler to use and more powerful, AWS is focused on improving the developer and operator experience around software deployment, delivery and automation, and adding features for scaling, IP address management and security, according to Singh.
Deepak Singh, AWS VP of Compute ServicesPhoto: AWS
“At re:Invent, a lot of announcements were related to container security … because our customer base is getting to the point where they really, really care about having that level of capability,” Singh said, referring to AWS’ annual conference late last year. “We released an open-source project for Kubernetes called Karpenter, which is all around how you provision and scale Kubernetes clusters on AWS. We’ve also started doing more around GitOps as a methodology.”
The big problem to solve is the complexity of moving in the cloud while using a reasonable amount of money and resources, and containers and container orchestration — particularly containers as a service — are the primary way to work around very complicated deployments, said David Linthicum, chief cloud strategy officer for Deloitte Consulting.
“Containers are pretty much the only way we have a possible way of abstracting ourselves away from the complexities … with the federated [containers issue] and then lowering the operational costs of building these things and building these applications,” he said. “It’s going to be a continued focus moving forward, because it has to be. It’s one of the few solutions out there that doesn’t make things worse. We can use it to make things better.”
AWS last year launched semi-answers to hybrid and multicloud offerings from its rivals — Google Cloud’s Anthos platform and Microsoft’s Azure Arc — with Amazon EKS Anywhere and ECS Anywhere, after announcing the products at re:Invent 2020.
The current Amazon EKS Anywhere deployment option, which arrived last September, allows customers to create and operate Kubernetes clusters in their own data centers using VMware vSphere, with optional support from AWS. Bare metal support is expected this year.
“What we’ve done … is basically take the Kubernetes distribution that underlies EKS, packaged it up, open-sourced it with all the operational tooling — which is identical to how we operate underneath the hood for EKS, so they get the same behavior — and we will support it,” Singh said.
ECS Anywhere is a similar feature for Amazon ECS that launched last May to allow customers to run and manage container workloads on their on-premises infrastructure. It can be used with any virtual machine — VMware, Microsoft Hyper-V or OpenStack — or bare metal server running a supported operating system.
“You can point ECS to running on EC2, to running on Fargate, to running on a Raspberry Pi in your living room — it doesn’t care to some degree,” Singh said. “As long as you point it to compute capacity, you can then use ECS to run them. The difference is you can run EKS Anywhere without actually even connecting to AWS, if you wanted to. With ECS Anywhere, you do need to maintain that connection.”
AWS previewed EKS Anywhere and ECS Anywhere in 2020 as working on “any infrastructure” without any reference to “multicloud,” which, as noted, isn’t its favorite word. That means you can use those tools to manage applications running on Microsoft or Google Cloud, but you won’t hear a lot of AWS executives talking about this feature.
“You can run EKS Anywhere or ECS Anywhere on any infrastructure as long as it’s running the supported platforms or operating systems,” a spokesperson told Protocol this week.
But the tools don’t allow for real cloud-neutral functionality, said Jason Gregson, global head of AWS Operations and Programs at DoiT International, a multicloud software and managed service provider.
“It’s more of an enabler than it is really a set of tooling to actually allow you to do vendor-agnostic cloud computing … around containers,” Gregson said. “The compute element that’s running the software — yeah, absolutely that’s agnostic. The part that actually allows customers to use it — no. Fundamentally, the architecture around it changes. It will run the application, but you’ve still got to do the embedding, and you’ve still got to do the integration. [You] still need to be able to allow customers to come in, talk to that web service and get the data they need to come out. That part changes everywhere.”
Both Amazon EKS Anywhere and ECS Anywhere are off to a “good start,” according to Singh.
“There’s already been customers who have adopted them at scale for a variety of workloads, ranging from gaming, machine learning, data prep to just running enterprise IT,” he said. By next year, we should know whether the Anywhere versions of AWS’ container services helped it maintain its lead over the competition.