AWS - Containers

Question 1

Docker - what are the 5 main constructs?

Answer 1

1. Dockerfile - used to create Docker images
2. Docker Image - contains statements of things to install or configure. Built using read-only layers.
3. Docker Container - a running copy of an Image
   - They contain an additional R/W layer which allows applications to run
   - You can create multiple containers from the same Image
4. Docker Registry - you can upload Docker Images to a registry: private, or public (Docker Hub)
   - From there, containers can be deployed to Docker hosts.
5. Docker Hosts (ECS Cluster or Fargate)

Question 2

What is ECS and what are the 2 main modes?

Answer 2

Elastic Container Service

ECS uses clusters which run in 1 of 2 modes:
1. EC2 Mode: uses EC2 instances as container hosts by running the ECS software
2. Fargate Mode: Serverless way of running containers. AWS manages the container hosts for you.

Question 3

What is ECR?

Answer 3

Amazon provides their own Container Registry called ECR (Elastic Container Registry), which you can use instead of DockerHub.

Question 4

What are the 3 main constructs of ECR?

Answer 4

• ECS Clusters: where containers run
• Container Definitions: just defines which image to use and which ports
• Task Definitions: A Task represents the application as a whole. Tasks can have one or more containers

Question 5

What do container definitions store?

Answer 5

• Resources used by the host (CPU & memory)
• Networking mode that the task uses
• Task compatibility (whether the task will run on EC2 or Fargate)
• Task Role - the IAM role the task will assume. IAM is the best-practice way to give containers access to AWS resources.

Question 6

What is a Task Service and why would you use it?

Answer 6

Note that you can deploy 1 task on its own, without using a service, but by themselves, tasks don’t scale and don’t have resilience.
This is accomplished by a Service. A Service Definition defines how the task scales - how many copies to run, replacing failed tasks, etc.

Question 7

How does the EC2 Mode work in ECS?

Answer 7

An ECS Cluster is created within a VPC within your AWS account.
- Benefits from the multiple AZs available within this VPC.
- ASG (Auto Scale Group) controls number of containers.
- Your container hosts (EC2 instances) get spun up within AZs.
- EC2 provisions these hosts, but you have to manage them.
- You manage capacity and availability.

Question 8

How does Fargate mode work in ECS?

Answer 8

• Fargate injects your containers into your VPC.
  > Each task gets injected into your VPC and is given an ENI and a private IP address.
• They get deployed on Fargate Shared Infrastructure.
• You no longer pay for EC2 instances.
• Still uses the registry, Services, Tasks.

Question 9

When should you use ECS / EC2 rather than Fargate?

Answer 9

When you plan to take advantage of the cost savings coming from using Spot Pricing, or Reserved Pricing, and you’re ok with the extra management overhead

Question 10

When should you use ECS / Fargate rather than EC2?

Answer 10

• Best for minimizing overhead effort
• Works well for small or burst workloads since you don’t have to pay for instances that you aren’t using

Question 11

Kubernetes - 7 Key Terms?

Answer 11

• Cluster = A deployment of Kubernetes
• Node = provides compute resources; Pods run on these nodes. Nodes are “Pod hosts”.
• Pods = smallest unit in Kubernetes; Often 1 container, 1 pod.
• Service = Abstraction, service running on 1 or more pods.
• Job = ad-hoc job that creates one or more pods
• Ingress = Exposes a way into a service (Ingress => Routing => Service => 1+ Pods)
• Ingress Controller = used to provide ingress (AWS LB Controller uses ALB/NLB).

Question 12

How is a Kubernetes pod’s storage managed?

Answer 12

• Storage happens within nodes. If a pod moves between nodes, it no longer sees its former storage.
• Persistent Storage (PV) - Provides a way to keep data around beyond any 1 pod using it.

Question 13

What are Kubernetes Pods and how do they work?

Answer 13

Pods are the smallest units of computing in Kubernetes.
- Pods can have one or more containers.
- Pods provide shared storage and networking.
> One-container in one pod is very common.
- You typically only have multiple containers in a pod if those containers are tightly coupled in some way.
- Pods should be viewed as TEMPORARY - they are created, do a job, and are then disposed of.
- Pods can be evicted for lack of resources or if the node itself fails.

Question 14

What are Kubernetes cluster nodes?

Answer 14

A Cluster Node is a VM or physical server which functions as a worker in the cluster

Nodes all have:
“Containerd” => Docker software for handling container operations (Container Runtime)
“Kubelet” => Agent to interact with the Control Plane

Question 15

What is the Kubernetes Cluster Control Plane?

Answer 15

Manages the cluster -> scheduling, deployment, scaling, etc.

Components:
- API: The front-end for the Kubernetes Control Plane. It’s what nodes and other cluster elements interact with. Can be horizontally scaled.
- “etcd”: a highly-available key/value store used within the cluster.
- “sched”: kube-scheduler identifies any Pods within the cluster with no assigned node, and assigns a node based on resource requirements, data locality, etc.
- “cloud-controller-manager”: provides cloud-specific control logic. Allows you to link Kubernetes with cloud-provier APIs
- “kube-controller-manager”: Cluster controller process