[05] Clusters & Capacity Flashcards
What must every task have to specify what capacity it should use when launched?
A capacity provider strategy, a launch type, or use the cluster’s default capacity provider strategy
Can a capacity provider be directly referenced?
No, only a capacity provider strategy
What tasks are not counted by capacity providers in the cluster for scaling actions?
Tasks using a launch type
What do capacity provider strategies define?
Which capacity providers to use by specifying a weight and base for each
Can EC2 and Fargate capacity providers be mixed?
No
How are Fargate Spot interruptions sent to running tasks?
As a SIGTERM
What is sent after the stopTimeout configured in the task definition for a Fargate Spot interruption?
A SIGKILL
What will happen if the Auto Scaling Group (ASG) for an EC2 Auto Scaling capacity provider cannot scale out to accommodate tasks?
The tasks will fail to transition beyond the PROVISIONING state
What does turning on managed scaling do for an EC2 Auto Scaling capacity provider?
The capacity provider creates a scaling policy
What does managed termination protection do for an EC2 Auto Scaling capacity provider?
Prevents the Auto Scaling Group from terminating instances with running tasks
What does managed draining allow for an EC2 Auto Scaling capacity provider?
Graceful termination of EC2 instances in an Auto Scaling Group by first stopping tasks running on the instance
Do instances part of a warm-pool register with the cluster until they are used?
No
What happens if there is not sufficient capacity to launch tasks for services?
The deployment will fail due to the circuit breaker. In some cases, it will launch tasks which remain in PROVISIONING (show as Pending in the Console), but in other cases it won’t try
What happens if there is not sufficient capacity to launch standalone tasks and a launch type is used?
ecs:RunTask will fail
What happens if there is not sufficient capacity to launch standalone tasks and a capacity provider is used?
The task will get created and be stuck in PROVISIONING
What agents run on external instances?
ECS and SSM agents
How often are IAM credentials rotated on external instances?
Every 30 minutes
Do external instances support load balancing?
No
What operating systems are supported on external instances?
Linux & Windows
What additional services can Windows instances use on external instances?
FSx & gMSA
What network connectivity is required for external instances? (Multiple Choice)
ecs-a-..amazonaws.com, ecs-t-..amazonaws.com, ecs..amazonaws.com, ssm., ec2messages., ssmmesages.*
What endpoints do external instances need connectivity to?
ecs-a-..amazonaws.com, ecs-t-..amazonaws.com, ecs..amazonaws.com, ssm., ec2messages., ssmmesages.*
What is the ECS agent endpoint?
ecs-a-*..amazonaws.com
What is the ECS telemetry endpoint?
ecs-t-*..amazonaws.com
What is the ECS service endpoint?
ecs..amazonaws.com
What endpoints are required for SSM functionality?
ssm., ec2messages., ssmmesages.*
What are the possible states for a container instance in ECS?
REGISTERING, REGISTRATION_FAILED, ACTIVE, DRAINING, INACTIVE
What state will a container instance be in when it is ready to run tasks?
ACTIVE
When a container instance is stopped but not terminated, what happens to its status and agent connection?
The status remains ACTIVE but the agent connection transitions to FALSE, stopping running tasks
What are the steps to configure the ECS agent?
- Stop the agent using sudo systemctl stop ecs 2. Make changes to /etc/ecs/ecs.config 3. Restart the agent using sudo systemctl start ecs
Why should container instances be drained before updates or deregistration?
To gracefully replace service tasks while respecting minimumHealthyPercent and maximumPercent parameters, without affecting standalone or daemon tasks
What happens if a container instance is deregistered without draining?
The tasks will become orphaned, continuing to run but not accounted for by the control plane
How can you start a task at container instance launch time?
Add user data to introspect the container instance ID and then use ecs:StartTask to start a task on that instance
What manages ENI trunking in ECS?
ENI trunking is fully managed by ECS, not the agent
What is managed instance draining and what events trigger it?
Managed instance draining facilitates graceful draining of instances. Events that trigger it include ASG refreshes, scale-in, health check failures, Spot capacity rebalancing, and Spot interruption.
What is the default setting for ECS_IMAGE_PULL_BEHAVIOR?
default
What does the ‘default’ setting for ECS_IMAGE_PULL_BEHAVIOR do?
The image manifest will be pulled remotely first, if that fails the cached image on the instance will be used. Cached layers are still used if available.
What does ECS create when cluster autoscaling is enabled?
A low metric value CloudWatch alarm, a high metric value CloudWatch alarm, and a target tracking scaling policy
What metrics does ECS use for cluster autoscaling?
CapacityProviderReservation and DesiredCapacity
What does the CapacityProviderReservation metric represent?
(instances needed) / (running instances)
What does the DesiredCapacity metric represent?
Amount of capacity for the ASG
What manages the minimum and maximum instance count for the ASG?
The ASG, not ECS
What happens during scale-out?
ECS calculates how many additional instances will be required and increases the ASG’s desired count by this amount
What blocks scale-out of a capacity provider?
If tasks have resource requirements greater than the smallest instance type in the ASG, or for instances within the instanceWarmupPeriod
How many instances does ECS initially scale out to if there are no container instances running?
Two instances
What does ECS wait for before considering a scale-in?
15 minutes
How many datapoints does the CloudWatch scale-in alarm require before starting a scale-in?
15 datapoints (15 minutes)
What is the PROVISIONING state?
The state a task will be in while ECS is performing additional steps
What tasks are not accounted for during capacity provider autoscaling?
Tasks launched using a launch type
What linux parameters are supported on Fargate?
SYS_PTRACE
What is the purpose of enabling ECS spot instance draining?
To automatically drain container instances when they receive a spot interruption notice.
What is required to enable ECS spot instance draining?
The ECS_ENABLE_SPOT_INSTANCE_DRAINING ECS Agent configuration, which is disabled by default.
What instance interruption behaviour is not supported for ECS spot instance draining?
hibernate
What is the purpose of ecs-init?
Initialises the ECS agent and ensures it keeps running.
How does the ECS agent run on Linux?
As a container in host mode.
What is the default root volume size for Amazon Linux 2023?
30 GiB
What is the purpose of the root volume on Amazon Linux 2023?
Storing the OS and Docker images etc.
What is the default filesystem for Amazon Linux 2023?
xfs
What storage driver does Docker use on Amazon Linux 2023?
overlay2
What is not available for Amazon Linux 2023 GPU instances?
An ECS-optimised AMI.
What services have a directive to wait for cloud-init to finish before starting?
The systemd units for ECS and Docker services.
What issue can arise from starting the agent or Docker from user data?
A deadlock due to waiting for cloud-init to finish.
How can the deadlock caused by cloud-init be resolved?
With the –no-block flag for systemctl.
What function does Docker use to query the available memory?
ReadMemInfo()
Why is the memory available to Docker less than the instance’s memory?
Due to overhead from the kernel etc.
What should the task’s memory reservation be less than?
The instance type’s memory.
What parameter can be used to explicitly reserve memory for the ECS agent?
ECS_RESERVED_MEMORY
What hosts should be bypassed when using a proxy for ECS on Linux?
169.254.169.254, 169.254.170.2 & /var/run/docker.sock
How can the ECS agent be updated on Linux?
Using ecs:UpdateContainerAgent
What allows ecs:UpdateContainerAgent to update the agent without affecting running tasks?
Recent agent versions save their state in ECS_DATADIR.
What state will a task be in while ECS is performing additional steps?
The PROVISIONING state.
What is the PROVISIONING state?
The state a task will be in while ECS is performing additional steps.
🐈⬛
-EnableTaskENI
What does the -EnableTaskENI parameter do?
It is required to support awsvpc tasks
What is a limitation when using IAM roles for tasks on Windows?
The credential proxy runs on Port 80, so this port cannot be used for applications
What special configuration is required when using IAM roles for tasks on Windows?
Special user data is required to configure this
Why should you ensure the container instance has enough storage space when using Windows base images?
Windows base images are large (~9 GiB)
What state will a task be in while ECS is performing additional steps?
PROVISIONING
What is the PROVISIONING state?
The state a task will be in while ECS is performing additional steps
What states can an ECS cluster be in?
ACTIVE, PROVISIONING, DEPROVISIONING, FAILED, INACTIVE
What state will a cluster be in while ECS is creating resources for a capacity provider?
PROVISIONING
What state will a cluster be in while ECS is deleting resources for a capacity provider?
DEPROVISIONING
What does the FAILED cluster state indicate?
The resources needed for a capacity provider have failed to create
What does the INACTIVE cluster state mean?
The cluster has been deleted
Is Container Insights enabled at the cluster or service level?
Cluster level
What is optionally created for a cluster?
A default CloudMap namespace
How is GuardDuty Runtime Monitoring enabled for a cluster?
By setting the tag ‘guardDutyRuntimeMonitoringManaged’ to ‘true’
At what level are the VPC and subnets set when using EC2 instances?
Cluster level
What comes pre-installed on ECS-optimized AMIs?
The SSM agent
