Module 9 - Containers Flashcards
Why use microservices?
Loose coupling, autonomous development, faster development cycles, improve scalability/maintainability. Each microservice can be deployed autonomously. Each service is specialized (SRP). You can mix and match resources (e.g. Lambda for one, EC2 for another) or languages.
What are some ways to decouple components?
Load balancers, message queues.
What is AWS X-Ray?
A tracing service; good for debugging microservices. Provides an end-to-end view of requests as they travel through your stack, and shows a map of your application’s underlying components and their relationships.
What is a container?
A standard way to package your application’s code, configurations, and dependencies into a single object.
What is the difference between a container and a VM?
Containers share a machine’s OS system kernel, can share libraries. VMs each have their own full OS and libraries.
Containers don’t need Hypervisor, so no performance overhead. Can run on any system.
Containers are highly portable. You can also start and stop containers faster than VMs.
How can you run containers on AWS?
On top of EC2 instances with Docker.
ECS (Elastic Container Service)
What is ECS?
Elastic Container Service, a fully-managed container orchestration service that helps you easily deploy, manage, and scale containerized applications. Use Amazon ECS to run applications on a managed cluster of EC2 instances. After containers are launched, Amazon ECS will scale and manage your containers for you.
integrated with IAM. It supports Docker containers.
What is ECR?
Elastic Container Registry; a fully-managed Docker container registry that makes it easy to store, share, and deploy container IMAGES. It’s Docker Hub but for AWS. You can have public or private repositories.
What is EKS? What is the use case for it?
Elastic Kubernetes Service, a managed Kubernetes service that makes it easy for you to run Kubernetes on AWS and on-premises. EKS runs three Kubernetes managers across three Availability Zones.
Same launch types as ECS.
Load balancing with ALB, NLB, CLB.
Groups of containers are PODS.
It’s like ECS, but it’s 3rd party, open-source. ❗️Cloud agnostic.
• If an organization is using a 3rd party container orchestration platform, then you would use EKS so you don’t change the orchestration.
• ❗️Hybrid deployment (on-prem & cloud)
• batch processing, ML, WebApps
What are the basic components of Kubernetes architecture?
User Interfaces - dashboard or CLI
Control Plane - manages object states, responds to changes, and maintains a record of all objects.
• API server
• Scheduler (assigns pods to nodes)
• Controller-Manager (manages infrastructure)
• etcd component (stores configs)
Data Plane - CPU, memory, network, and storage
• Worker nodes in a pod
• Runtime engine
• kubelet runs containers in pods and runs health checks
• kube-proxy acts as a network proxy and load balancer for each node
What is Amazon Fargate?
A serverless, pay-as-you-go compute engine that lets you run containers without having to manage servers or clusters. Serverless containers.
What is an ECS task?
A running Docker container based on the info in the task definition.
A text file, in JSON format, that describes one or more containers, up to a maximum of ten, that form your application.
It tells ECS how to build your application:
• which images to pull from ECR or Docker Hub
• which launch type to use
• which ports should be opened
• what data volumes should be used
• how much CPU and RAM to use
What is an EC2 Launch Type?
When you launch Docker containers with this launch type, you launch an ECS task on an ECS cluster of EC2 instances. You need to provision and maintain the cluster of EC2 instances yourself in advance.
Each EC2 runs the ECS agent which registers the EC2 in the cluster. Then AWS takes over and starts and stops containers in those specified EC2s.
You pay per EC2, not per task/container.
What is the FarGate launch type?
You do not have to provision and manage the EC2 instances yourself. It’s all serverless.
You specify the task definitions, and AWS runs them based on the CPU/RAM you need.
To scale, just increase the number of tasks (using the ECS service). You don’t need to worry about the EC2 instances.
Pay per running task.
With an EC2 launch type, how do IAM roles work?
The EC2 has an instance profile/role (used by the agent on the machine). The agent uses the instance profile to connect to ECS, ECR, CloudWatch, etc.; i.e.
❗️permissions for the HOST.
The individual tasks running on the instance can each have an IAM TASK ROLE. Each role lets you connect to different services as needed. The ROLE is defined in the TASK definition.
❗️permissions for the CONTAINER.
✅ Roles for the instance will carry over to the tasks running on that instance. If you have different containers that need different permissions, use TASK roles.
