Container Flashcards
What is Docker?
A platform for developing, shipping, and running applications in containers.
What are the benefits of using Docker?
- Application portability
- Consistent performance
- Simplified maintenance
- Improved resource utilization
What is Docker Hub?
A public registry for storing and sharing Docker images.
What is Amazon ECR?
A private registry for storing and managing Docker images on AWS.
How does Docker differ from a virtual machine?
Docker shares the host OS kernel, while VMs have their own guest OS. This makes Docker containers more lightweight and efficient.
What is Amazon ECS?
Amazon’s own container orchestration service for deploying and managing containers.
What are the two launch types for Amazon ECS?
EC2 launch type (you manage the EC2 instances) and Fargate launch type (serverless).
What is AWS Fargate?
A serverless compute engine for containers that removes the need to manage servers or clusters.
What is an EC2 Instance Profile used for in Amazon ECS?
It allows the ECS agent to make API calls to the ECS service.
What is an ECS Task Role?
It allows each task to have a specific role for accessing AWS resources.
What are the supported load balancers for Amazon ECS?
Application Load Balancer, Network Load Balancer, and Classic Load Balancer (not recommended).
What is Amazon EFS?
A fully managed, elastic file system that can be mounted onto ECS tasks for persistent storage.
What is Amazon EKS?
A managed Kubernetes service on AWS for deploying, managing, and scaling containerized applications.
What is Kubernetes?
An open-source system for automating deployment, scaling, and management of containerized applications.
What are the node types in Amazon EKS?
Managed Node Groups, Self-Managed Nodes, and Fargate.
What is a StorageClass in Amazon EKS?
It defines how data volumes are provisioned for your pods in a Kubernetes cluster.
What is the benefit of using Managed Node Groups in Amazon EKS?
EKS creates and manages the worker nodes for you.
Why would you choose EKS over ECS?
If you need the flexibility and portability of Kubernetes or have existing Kubernetes deployments.
What is a key benefit of containerization?
Provides consistency across different environments, from development to production.
What is the purpose of a Dockerfile?
A text document that contains all the commands a user could call on the command line to assemble an image.
What is a key benefit of Docker containers?
They can run on any OS without compatibility issues.
Name two use cases for Docker.
Microservices architecture and lift-and-shift applications to the cloud.
Where are Docker images stored?
Docker repositories like Docker Hub and Amazon ECR.
What is the difference between Docker and virtual machines?
Docker shares resources with the host OS while virtual machines have their own isolated OS.
What are the two main ways to manage Docker containers on AWS?
Amazon ECS (Elastic Container Service) and Amazon EKS (Elastic Kubernetes Service).
What is AWS Fargate?
A serverless container platform that works with both ECS and EKS.
What are the two launch types for Amazon ECS?
EC2 launch type and Fargate launch type.
What is the role of the ECS Agent in EC2 launch type?
It registers the EC2 instance in the ECS cluster and allows for container management.
How do you scale containers in Amazon ECS with Fargate launch type?
By increasing the number of tasks.
What are the two IAM roles for ECS?
EC2 Instance Profile and ECS Task Role.
What is the purpose of the EC2 Instance Profile in ECS?
It’s used by the ECS agent to make API calls, send logs to CloudWatch, pull images from ECR, and access sensitive data.
What is the purpose of the ECS Task Role?
It allows each task to have specific permissions to access AWS resources.
Which load balancer is recommended for most use cases in Amazon ECS?
Application Load Balancer.
When would you use a Network Load Balancer in Amazon ECS?
For high throughput/performance or with AWS Private Link.
Which file system can be mounted onto ECS tasks for data volumes?
Amazon EFS.
Can you mount Amazon S3 as a file system for ECS tasks?
No, Amazon S3 cannot be mounted as a file system.
(But now: Yes, with S3 mountpoint)
What is Amazon ECR?
Elastic Container Registry, a service to store and manage Docker images on AWS.
Does Amazon ECR support public repositories?
Yes, through Amazon ECR Public Gallery.
What are the node types in Amazon EKS?
Managed Node Groups and Self-Managed Nodes.
What is AWS Fargate in the context of EKS?
It allows you to run serverless containers without managing worker nodes.
What is a StorageClass in Amazon EKS?
A manifest that defines how data volumes are provisioned in your EKS cluster.
How does Kubernetes handle persistent storage in EKS?
It leverages a Container Storage Interface (CSI) compliant driver.
Which storage options are supported for data volumes in Amazon EKS?
Amazon EBS, Amazon EFS, Amazon FSx for Lustre, and Amazon FSx for NetApp ONTAP.
What is the advantage of using Amazon EFS for data volumes in EKS?
It works with Fargate and provides persistent, multi-AZ shared storage.
How are logs and metrics collected for containers in EKS?
Using CloudWatch Container Insights.
Is Kubernetes specific to AWS?
No, Kubernetes is cloud-agnostic and can be used in any cloud environment.
How would you deploy EKS for multiple regions?
Deploy one EKS cluster per region.
What are EKS Pod Identities?
A feature that allows you to manage credentials for applications running in EKS pods, similar to EC2 instance profiles.
How do EKS Pod Identities work?
You associate an IAM role with a Kubernetes service account, and pods using that service account automatically receive the associated IAM role’s credentials.
What are the key benefits of EKS Pod Identities?
Least privilege, credential isolation, and auditability.
How do EKS Pod Identities achieve least privilege?
By scoping IAM permissions to a service account, ensuring that only pods using that service account have access to those permissions.
How do EKS Pod Identities ensure credential isolation?
A pod’s containers can only access the credentials for the IAM role associated with their service account, preventing access to credentials used by other containers.
How is auditability achieved with EKS Pod Identities?
Access and event logging is available through AWS CloudTrail, enabling retrospective auditing.
What are some advantages of EKS Pod Identity over IAM roles for service accounts (IRSA)?
Independent operations, reusability, and scalability.
How does EKS Pod Identity improve reusability?
It uses a single IAM principal (pods.eks.amazonaws.com) for all clusters, simplifying IAM role management.
How does EKS Pod Identity enhance scalability?
Temporary credentials are assumed by the EKS Auth service once per node, reducing the load compared to IRSA, where each pod assumes the role individually.
What are the steps to set up EKS Pod Identities?
- Set up the Amazon EKS Pod Identity Agent.
- Assign an IAM role to a Kubernetes service account.
- Configure pods to use the service account.
- Ensure the workload uses a supported AWS SDK version and the default credential chain.
