Container

Question 1

What is Docker?

Answer 1

A platform for developing, shipping, and running applications in containers.

Question 2

What are the benefits of using Docker?

Answer 2

• Application portability
• Consistent performance
• Simplified maintenance
• Improved resource utilization

Question 3

What is Docker Hub?

Answer 3

A public registry for storing and sharing Docker images.

Question 4

What is Amazon ECR?

Answer 4

A private registry for storing and managing Docker images on AWS.

Question 5

How does Docker differ from a virtual machine?

Answer 5

Docker shares the host OS kernel, while VMs have their own guest OS. This makes Docker containers more lightweight and efficient.

Question 6

What is Amazon ECS?

Answer 6

Amazon’s own container orchestration service for deploying and managing containers.

Question 7

What are the two launch types for Amazon ECS?

Answer 7

EC2 launch type (you manage the EC2 instances) and Fargate launch type (serverless).

Question 8

What is AWS Fargate?

Answer 8

A serverless compute engine for containers that removes the need to manage servers or clusters.

Question 9

What is an EC2 Instance Profile used for in Amazon ECS?

Answer 9

It allows the ECS agent to make API calls to the ECS service.

Question 10

What is an ECS Task Role?

Answer 10

It allows each task to have a specific role for accessing AWS resources.

Question 11

What are the supported load balancers for Amazon ECS?

Answer 11

Application Load Balancer, Network Load Balancer, and Classic Load Balancer (not recommended).

Question 12

What is Amazon EFS?

Answer 12

A fully managed, elastic file system that can be mounted onto ECS tasks for persistent storage.

Question 13

What is Amazon EKS?

Answer 13

A managed Kubernetes service on AWS for deploying, managing, and scaling containerized applications.

Question 14

What is Kubernetes?

Answer 14

An open-source system for automating deployment, scaling, and management of containerized applications.

Question 15

What are the node types in Amazon EKS?

Answer 15

Managed Node Groups, Self-Managed Nodes, and Fargate.

Question 16

What is a StorageClass in Amazon EKS?

Answer 16

It defines how data volumes are provisioned for your pods in a Kubernetes cluster.

Question 17

What is the benefit of using Managed Node Groups in Amazon EKS?

Answer 17

EKS creates and manages the worker nodes for you.

Question 18

Why would you choose EKS over ECS?

Answer 18

If you need the flexibility and portability of Kubernetes or have existing Kubernetes deployments.

Question 19

What is a key benefit of containerization?

Answer 19

Provides consistency across different environments, from development to production.

Question 20

What is the purpose of a Dockerfile?

Answer 20

A text document that contains all the commands a user could call on the command line to assemble an image.

Question 21

What is a key benefit of Docker containers?

Answer 21

They can run on any OS without compatibility issues.

Question 22

Name two use cases for Docker.

Answer 22

Microservices architecture and lift-and-shift applications to the cloud.

Question 23

Where are Docker images stored?

Answer 23

Docker repositories like Docker Hub and Amazon ECR.

Question 24

What is the difference between Docker and virtual machines?

Answer 24

Docker shares resources with the host OS while virtual machines have their own isolated OS.

Question 25

What are the two main ways to manage Docker containers on AWS?

Answer 25

Amazon ECS (Elastic Container Service) and Amazon EKS (Elastic Kubernetes Service).

Question 26

What is AWS Fargate?

Answer 26

A serverless container platform that works with both ECS and EKS.

Question 27

What are the two launch types for Amazon ECS?

Answer 27

EC2 launch type and Fargate launch type.

Question 28

What is the role of the ECS Agent in EC2 launch type?

Answer 28

It registers the EC2 instance in the ECS cluster and allows for container management.

Question 29

How do you scale containers in Amazon ECS with Fargate launch type?

Answer 29

By increasing the number of tasks.

Question 30

What are the two IAM roles for ECS?

Answer 30

EC2 Instance Profile and ECS Task Role.

Question 31

What is the purpose of the EC2 Instance Profile in ECS?

Answer 31

It’s used by the ECS agent to make API calls, send logs to CloudWatch, pull images from ECR, and access sensitive data.

Question 32

What is the purpose of the ECS Task Role?

Answer 32

It allows each task to have specific permissions to access AWS resources.

Question 33

Which load balancer is recommended for most use cases in Amazon ECS?

Answer 33

Application Load Balancer.

Question 34

When would you use a Network Load Balancer in Amazon ECS?

Answer 34

For high throughput/performance or with AWS Private Link.

Question 35

Which file system can be mounted onto ECS tasks for data volumes?

Answer 35

Amazon EFS.

Question 36

Can you mount Amazon S3 as a file system for ECS tasks?

Answer 36

No, Amazon S3 cannot be mounted as a file system.

(But now: Yes, with S3 mountpoint)

Question 37

What is Amazon ECR?

Answer 37

Elastic Container Registry, a service to store and manage Docker images on AWS.

Question 38

Does Amazon ECR support public repositories?

Answer 38

Yes, through Amazon ECR Public Gallery.

Question 39

What are the node types in Amazon EKS?

Answer 39

Managed Node Groups and Self-Managed Nodes.

Question 40

What is AWS Fargate in the context of EKS?

Answer 40

It allows you to run serverless containers without managing worker nodes.

Question 41

What is a StorageClass in Amazon EKS?

Answer 41

A manifest that defines how data volumes are provisioned in your EKS cluster.

Question 42

How does Kubernetes handle persistent storage in EKS?

Answer 42

It leverages a Container Storage Interface (CSI) compliant driver.

Question 43

Which storage options are supported for data volumes in Amazon EKS?

Answer 43

Amazon EBS, Amazon EFS, Amazon FSx for Lustre, and Amazon FSx for NetApp ONTAP.

Question 44

What is the advantage of using Amazon EFS for data volumes in EKS?

Answer 44

It works with Fargate and provides persistent, multi-AZ shared storage.

Question 45

How are logs and metrics collected for containers in EKS?

Answer 45

Using CloudWatch Container Insights.

Question 46

Is Kubernetes specific to AWS?

Answer 46

No, Kubernetes is cloud-agnostic and can be used in any cloud environment.

Question 47

How would you deploy EKS for multiple regions?

Answer 47

Deploy one EKS cluster per region.

Question 48

What are EKS Pod Identities?

Answer 48

A feature that allows you to manage credentials for applications running in EKS pods, similar to EC2 instance profiles.

Question 49

How do EKS Pod Identities work?

Answer 49

You associate an IAM role with a Kubernetes service account, and pods using that service account automatically receive the associated IAM role’s credentials.

Question 50

What are the key benefits of EKS Pod Identities?

Answer 50

Least privilege, credential isolation, and auditability.

Question 51

How do EKS Pod Identities achieve least privilege?

Answer 51

By scoping IAM permissions to a service account, ensuring that only pods using that service account have access to those permissions.

Question 52

How do EKS Pod Identities ensure credential isolation?

Answer 52

A pod’s containers can only access the credentials for the IAM role associated with their service account, preventing access to credentials used by other containers.

Question 53

How is auditability achieved with EKS Pod Identities?

Answer 53

Access and event logging is available through AWS CloudTrail, enabling retrospective auditing.

Question 54

What are some advantages of EKS Pod Identity over IAM roles for service accounts (IRSA)?

Answer 54

Independent operations, reusability, and scalability.

Question 55

How does EKS Pod Identity improve reusability?

Answer 55

It uses a single IAM principal (pods.eks.amazonaws.com) for all clusters, simplifying IAM role management.

Question 56

How does EKS Pod Identity enhance scalability?

Answer 56

Temporary credentials are assumed by the EKS Auth service once per node, reducing the load compared to IRSA, where each pod assumes the role individually.

Question 57

What are the steps to set up EKS Pod Identities?

Answer 57

• Set up the Amazon EKS Pod Identity Agent.
• Assign an IAM role to a Kubernetes service account.
• Configure pods to use the service account.
• Ensure the workload uses a supported AWS SDK version and the default credential chain.