containers.md

Container-based workloads on Graviton

The AWS Graviton and Graviton2 processors have been optimized and can be considered ideal for container-based workloads.

Preparing for Graviton

The first step for leveraging the benefits of Graviton-based instances as container hosts is to ensure all production software dependencies support the arm64 architecture, as once cannot run images built for an x86_64 host on an arm64 host, and vice versa.

Most of the container ecosystem supports both architectures, and often does so transparently through multiple-architecture (multi-arch) images, where the correct image for the host architecture is deployed automatically.

The major container image repositories, including Dockerhub, Quay, and Amazon Elastic Container Registry (ECR) all support multi-arch images.

Creating Multi-arch container images

While most images already support multi-arch (i.e. arm64 and x86_64/amd64), we describe couple of ways for developers to to create a multi-arch image if needed.

1. Docker Buildx
2. Using a CI/CD Build Pipeline such as Amazon CodePipeline to coordinate native build and manifest generation.

Deploying to Graviton

Most container orchestration platforms support both arm64 and x86_64 hosts.

Both Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS) support Graviton-powered instances.

We have compiled a list of popular software within the container ecosystem that explicitly supports arm64:

Ecosystem Support

Name	URL	Comment
Istio	https://github.com/istio/istio/releases/	arm64 binaries as of 1.6.x release series
Envoy	https://www.envoyproxy.io/docs/envoy/latest/install/building#arm64-binaries	envoyproxy-dev is multiarch
Traefik	https://github.com/containous/traefik/releases
Flannel	https://github.com/coreos/flannel/releases
Helm	https://github.com/helm/helm/releases/tag/v2.16.9
Jaeger	jaegertracing/jaeger#2176	dockerhub images are not yet multiarch
Fluent-bit	https://github.com/fluent/fluent-bit/releases/	compile from source
core-dns	https://github.com/coredns/coredns/releases/
Prometheus	https://prometheus.io/download/
containerd	containerd/containerd#3664	nightly builds provided for arm64
kube-state-metrics	kubernetes/kube-state-metrics#1037	use k8s.gcr.io/kube-state-metrics/kube-state-metrics:v2.0.0-beta for arm64
cluster-autoscaler	kubernetes/autoscaler#3714	arm64 support as of v1.20.0
gRPC	https://github.com/protocolbuffers/protobuf/releases/	protoc/protobuf support
Nats	https://github.com/nats-io/nats-server/releases/
CNI	https://github.com/containernetworking/plugins/releases/
Cri-o	https://github.com/cri-o/cri-o/blob/master/README.md#installing-crio	tested on Ubuntu 18.04 and 20.04
Trivy	https://github.com/aquasecurity/trivy/releases/
Argo	https://github.com/argoproj/argo/releases/
Cilium	https://cilium.io/blog/2020/06/22/cilium-18/#arm64	initial support
Tanka	https://github.com/grafana/tanka/releases
Consul	https://www.consul.io/downloads
Nomad	https://www.nomadproject.io/downloads
Packer	https://www.packer.io/downloads
Vault	https://www.vaultproject.io/downloads
Terraform	hashicorp/terraform#14474	arm64 support as of v0.14.0
Flux	https://github.com/fluxcd/flux/releases/
New Relic	https://download.newrelic.com/infrastructure_agent/binaries/linux/arm64/
Datadog - EC2	https://www.datadoghq.com/blog/datadog-arm-agent/
Datadog - Docker	https://hub.docker.com/r/datadog/agent-arm64
Dynatrace	https://www.dynatrace.com/news/blog/get-out-of-the-box-visibility-into-your-arm-platform-early-adopter/
Grafana	https://grafana.com/grafana/download?platform=arm
Loki	https://github.com/grafana/loki/releases
kube-bench	https://github.com/aquasecurity/kube-bench/releases/tag/v0.3.1
metrics-server	https://github.com/kubernetes-sigs/metrics-server/releases/tag/v0.3.7	docker image is multi-arch from v.0.3.7
AWS Copilot	https://github.com/aws/copilot-cli/releases/tag/v0.3.0	arm64 support as of v0.3.0
AWS ecs-cli	aws/amazon-ecs-cli#1110	v1.20.0 binaries in us-west-2 s3
Amazon EC2 Instance Selector	https://github.com/aws/amazon-ec2-instance-selector/releases/	also supports the -a cpu_architecture flag for discovering arm64-based instances in a particular region
AWS Node Termination Handler	https://github.com/aws/aws-node-termination-handler/releases/	arm64 support under kubernetes (via helm)
AWS IAM Authenticator	https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html
AWS ALB Ingress Controller	https://github.com/kubernetes-sigs/aws-alb-ingress-controller/releases/tag/v1.1.9	multi-arch image as of v1.1.9
AWS EFS CSI Driver	kubernetes-sigs/aws-efs-csi-driver#241	support merged 8/27/2020
AWS EBS CSI Driver	kubernetes-sigs/aws-ebs-csi-driver#527	support merged 8/26/2020
Amazon Inspector Agent	https://docs.aws.amazon.com/inspector/latest/userguide/inspector_installing-uninstalling-agents.html#install-linux
Amazon CloudWatch Agent	https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Install-CloudWatch-Agent.html
AWS Systems Manager SSM Agent	https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-manual-agent-install.html
AWS CLI	https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-linux.html#ARM	v1 and v2 both supported
FireLens for Amazon ECS	aws/aws-for-fluent-bit#44	arm64 support as of v2.9.0

If your software isn't listed above, it doesn't mean it won't work!

Many products work on arm64 but don't explicitly distribute arm64 binaries or build multi-arch images (yet). AWS, Arm, and many developers in the community are working with maintainers and contributing expertise and code to enable full binary or multi-arch support. We are tracking the status of this work and any currently-known workarounds.

---

Further reading

• Building multi-arch docker images with buildx
• Unifying Arm software development with Docker
• Modern multi-arch builds with docker
• Leveraging Spot and Graviton2 with EKS