ECS – Elastic Container Service
- A highly scalable, fast, container management service that makes it easy to run, stop, and manage Docker containers on a cluster
- VM – abstraction of physical
host hardware, OS + application-
Container – standalone
light-weight executable package of a piece of software and all its dependencies
§ Multiple containers run on same machine sharing a kernel
§ a valid security concern with the technology exists
§ advantage of smaller size, faster boot up, mobility (all libraries, runtimes and dependencies are included)
- Docker - can run baremetal host and a VM – cloud friendly
- Orchestrator – software to spin off containers, manage inter-container virtual network, etc.
- Kubertentes – free, open source
- ECS – serverless service that runs Docker in a cluster using the Fargate launch type
Launch types
- Fargate launch type - allows you to run your containerized applications without the need to provision and manage the backend infrastructure. Just register your task definition and Fargate launches the container for you. Serverless.
- EC2 launch type – use if need to manage the EC2 resources, elasticity, etc. allows for more flexibility. Uses ECS Container Instances – EC2 with a Container Agent
§ Multiple containers run on same machine sharing a kernel
§ a valid security concern with the technology exists
§ advantage of smaller size, faster boot up, mobility (all libraries, runtimes and dependencies are included)
- Docker - can run baremetal host and a VM – cloud friendly
- Orchestrator – software to spin off containers, manage inter-container virtual network, etc.
- Kubertentes – free, open source
- ECS – serverless service that runs Docker in a cluster using the Fargate launch type
Launch types
- Fargate launch type - allows you to run your containerized applications without the need to provision and manage the backend infrastructure. Just register your task definition and Fargate launches the container for you. Serverless.
- EC2 launch type – use if need to manage the EC2 resources, elasticity, etc. allows for more flexibility. Uses ECS Container Instances – EC2 with a Container Agent
- A task definition is required to run Docker containers in Amazon ECS
- REGIONAL service – cluster can span multiple AZs in a single region
- Image registries – dockerHub, AWS ECR; for best results – build your application container-friendly from inception
- Docker file – script, set of instructions
- Docker image – read only, “docker build”
- Task definition – file, JSON – describes 1-10 containers, blueprint of an application
§ Expects appropriate Docker images to be available in Registries
- Task scheduler – manages task launches, communicated with Agent on ECS Container Instances/Agents
- Agent runs Tasks, downloads Images, feeds resource utilization info to EC2 service
- REGIONAL service – cluster can span multiple AZs in a single region
- Image registries – dockerHub, AWS ECR; for best results – build your application container-friendly from inception
- Docker file – script, set of instructions
- Docker image – read only, “docker build”
- Task definition – file, JSON – describes 1-10 containers, blueprint of an application
§ Expects appropriate Docker images to be available in Registries
- Task scheduler – manages task launches, communicated with Agent on ECS Container Instances/Agents
- Agent runs Tasks, downloads Images, feeds resource utilization info to EC2 service
- Container IAM role – needs to be created for the container instances to define what AWS APIs are permitted for the container. Very granular – set per container, usually includes bare minimum that a container needs
- Task IMA Role – level up - permissions on the task level; gets set on task definition – all containers in the task will inherit. “Amazon EC2 Container Service Task Role”
- Credentials are isolated – credentials are defined by roles; this ensures a task can access only a specific set of credentials
- Audit – CloudTrail logs all events
- An Amazon ECS cluster is a logical grouping of tasks or services
- REGIONAL
- Can contain both Fargate and EC Type launched tasks
- EC2 launch types can consist of different EC types
- An EC2+Agent instance can be part of only ONE cluster
- REGIONAL
- Can contain both Fargate and EC Type launched tasks
- EC2 launch types can consist of different EC types
- An EC2+Agent instance can be part of only ONE cluster
- All containers in a task are launched on same EC2 Container Instance
- All or a subset of container in a task can be associated with a Classic Load Balancer
- Only one ELB per service/task
- Can setup containers in a task to use a dedicated port each – and then have a CLB loud-balance across ports
- RECCOMENDATION – not to have
single load balance work across multiple tasks. One container going offline can
remove the entire task from the balancer.
No comments:
Post a Comment