• Stars
    star
    2,688
  • Rank 16,987 (Top 0.4 %)
  • Language
    Go
  • License
    BSD 2-Clause "Sim...
  • Created almost 10 years ago
  • Updated 12 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A PaaS built on top of Amazon EC2 Container Service (ECS)

Empire

readthedocs badge Circle CI Slack Status

Empire

Empire is a control layer on top of Amazon EC2 Container Service (ECS) that provides a Heroku like workflow. It conforms to a subset of the Heroku Platform API, which means you can use the same tools and processes that you use with Heroku, but with all the power of EC2 and Docker.

Empire is targeted at small to medium sized startups that are running a large number of microservices and need more flexibility than what Heroku provides. You can read the original blog post about why we built empire on the Remind engineering blog.

Quickstart

Install

To use Empire, you'll need to have an ECS cluster running. See the quickstart guide for more information.

Architecture

Empire aims to make it trivially easy to deploy a container based microservices architecture, without all of the complexities of managing systems like Mesos or Kubernetes. ECS takes care of much of that work, but Empire attempts to enhance the interface to ECS for deploying and maintaining applications, allowing you to deploy Docker images as easily as:

$ emp deploy remind101/acme-inc:master

Heroku API compatibility

Empire supports a subset of the Heroku Platform API, which means any tool that uses the Heroku API can probably be used with Empire, if the endpoint is supported.

As an example, you can use the hk CLI with Empire like this:

$ HEROKU_API_URL=<empire_url> hk ...

However, the best user experience will be by using the emp command, which is a fork of hk with Empire specific features.

Routing

Empire's routing layer is backed by internal ELBs. Any application that specifies a web process will get an internal ELB attached to its associated ECS Service. When a new version of the app is deployed, ECS manages spinning up the new versions of the process, waiting for old connections to drain, then killing the old release.

When a new internal ELB is created, an associated CNAME record will be created in Route53 under the internal TLD, which means you can use DNS for service discovery. If we deploy an app named feed then it will be available at http://feed within the ECS cluster.

Apps default to only being exposed internally, unless you add a custom domain to them. Adding a custom domain will create a new external ELB for the ECS service.

Deploying

Any tagged Docker image can be deployed to Empire as an app. Empire doesn't enforce how you tag your Docker images, but we recommend tagging the image with the git sha that it was built from (any any immutable identifier), and deploying that.

When you deploy a Docker image to Empire, it will extract a Procfile from the WORKDIR. Like Heroku, you can specify different process types that compose your service (e.g. web and worker), and scale them individually. Each process type in the Procfile maps directly to an ECS Service.

Contributing

Pull requests are more than welcome! For help with setting up a development environment, see CONTRIBUTING.md

Community

We have a google group, empire-dev, where you can ask questions and engage with the Empire community.

You can also join our Slack team for discussions and support.

Auth Flow

The current authentication model used by emp login relies on a deprecated GitHub endpoint that is scheduled to be deactivated in November 2020. Therefore both the client and the server need to be updated to support the web authentication flow

The web flow works like this

  1. The user runs a command like emp web-login
  2. The client starts up a HTTP listener on a free local port
  3. The client opens a browser window on the local machine to $EMPIRE_API_URL/oauth/start?port=?????
    • The port parameter specifies where the client is listening
  4. The browser executes a GET against the URL
  5. The Empire server sees the request and constructs an OAuth request URL that will hit the GitHub OAuth endpoint and returns it as a redirect
  6. The browser makes the request to the GitHub auth endpoint, which shows the UI a request to authorize the application
    • If they've previously authorized it will just immediately grant the request
  7. GitHub redirects the browser back to the redirect URL specified in the configuration, meaning back to the Empire server
  8. The Empire server receives the browser request and can now perform the code exchange to turn the provided code into an actual authentication token
    • This is just like it would have received from the old endpoint. However, it's not usable yet because it still isn't in the possession of the client, only the browser
  9. The Empire server now redirects the browser back to localhost on the original port provided by the client
  10. The client receives the token, but can't use it directly. The Empire server expects it to be wrapped in a JSON Web Token that only the server can create.
  11. The client can now make a request directly to the Empire server (its first in this sequence) providing the token and requesting a JSON Web Token in response
  12. The client stores the received token just as it would have with the response to an emp login command
  13. The client is authenticated

In theory the Empire server could construct the JWT directly after the code exchange and push that directly to the client, but the abstraction doesn't really seem to easily support that flow

More Repositories

1

assume-role

Easily assume AWS roles in your terminal.
Go
566
star
2

android-arch-sample

Sample app for MVP Architecture on Android
Java
348
star
3

ssm-env

Expand env variables from AWS Parameter Store
Go
251
star
4

tugboat

Rest API and AngularJS client for deploying github repos.
Go
235
star
5

conveyor

A fast build system for Docker images.
Go
221
star
6

slashdeploy

GitHub Deployments for Slack
JavaScript
153
star
7

deploy

CLI for GitHub Deployments
Go
134
star
8

jest-transform-graphql

Make .graphql file importing work in Jest
JavaScript
121
star
9

AutoGraph

A GraphQL Client in Swift
Swift
120
star
10

rest-graphql

Middleware for Express to adapt REST requests to GraphQL queries
JavaScript
55
star
11

angular-tooltip

Simple and extensible tooltips for angularjs
JavaScript
41
star
12

migrate

Simple migrations for database/sql
Go
40
star
13

stacker_blueprints

DEPRECATED - moved to:
Python
39
star
14

emp

[DEPRECATED] Command line interface for Empire
Go
37
star
15

mq-go

SQS Consumer Server for Go
Go
28
star
16

dbsnap

Tool to copy and verify AWS RDS snapshots.
Python
24
star
17

pkg

A layer of convenience over the Go stdlib
Go
22
star
18

newrelic

DEPRECATED: Use the official lib here https://github.com/newrelic/go-agent
Go
19
star
19

logspout-kinesis

A Logspout adapter for writing logs to Amazon Kinesis
Go
16
star
20

request_id

Middleware for logging heroku request id's
Ruby
16
star
21

exceptions

A Ruby gem for tracking exceptions.
Ruby
15
star
22

grape-pagination

Pagination helpers for Grape.
Ruby
14
star
23

dockerstats

Easy scraping for the Docker stats api.
Go
14
star
24

auto-value-realm

An extension for Google's AutoValue that allows using Realm's datastore
Java
13
star
25

ecsdog

[DEPRECATED] ECS events are now automatically pulled in with the AWS integration
Go
10
star
26

kinesumer

Kinesis consumer library in Go
Go
10
star
27

turbolinks-redirect

Simple redirect_to support for turbolinks and jquery-rails.
Ruby
9
star
28

docker-build

A small script for building, tagging and pushing Docker images
Shell
9
star
29

dnsdog

DNS metrics in DataDog
Go
9
star
30

empire_ami

Home of the AMI building tools for the Official Empire AMI
Shell
9
star
31

policies

Remind Privacy Policy & Terms of Service from www.remind.com
7
star
32

collective

[DEPRECATED use https://github.com/remind101/r101-datadog instead] It collects metrics and puts it on STDOUT.
Ruby
6
star
33

hubot-deploy

Hubot script for GitHub Deployments.
CoffeeScript
6
star
34

reInvent-2015

Slides and Demo resources for Docker & ECS in Production talk.
Go
4
star
35

ruby-cloud-profiler

Ruby
3
star
36

capybara-mocktime

Ruby gem for synchronizing time between tests and the browser using Timecop and Sinon.
Ruby
3
star
37

activerecord-poro

Associations for plain old ruby objects
Ruby
3
star
38

AutoGraphParser

Swift GQL Parser
Swift
3
star
39

homebrew-formulae

Homebrew tap for Remind tools and utilities.
Ruby
3
star
40

formatted-metrics

Easily produce metrics for consumption by l2met.
Ruby
3
star
41

acme-inc

An app that does nothing.
Go
2
star
42

kinesis

Go program and library for streaming to Amazon Kinesis.
Go
2
star
43

gopheragent

A golang user-agent parser
Go
2
star
44

dockerdog

Better Docker event metrics for DataDog
Go
2
star
45

share-on-remind-extension

Share on Remind Extension
JavaScript
2
star
46

git-deploy

Ruby
2
star
47

amazon-ecs-agent

The official Amazon ECS Agent, with some Remind/Empire specific patches applied.
Makefile
2
star
48

activerecord-pgbouncer

ActiveRecord connection adapter for using PgBouncer safely.
Ruby
2
star
49

cloudsns

SNS polling library for cloudformation events
Python
2
star
50

action-require-reviewer

Github workflow action to require a reviewer on pushed branches
TypeScript
1
star
51

metrics

Go library for printing metrics in an l2met compatible format.
Go
1
star
52

e164.rb

e164.js but ruby
Ruby
1
star
53

all_my_circuits

Mostly threadsafe implementation of the CircuitBreaker pattern for Ruby.
Ruby
1
star
54

migrate_safely

Adds confirmation prompt for rake db:migrate
Ruby
1
star
55

beso

Ruby
1
star
56

pooled-redis

Connection pooled Redis client that utilizes promises.
JavaScript
1
star
57

AutoGraphCodeGen

Swift GraphQL Code Generator
Swift
1
star
58

email-provider

Give it an email address, and get the email provider back.
Ruby
1
star