- vừa được xem lúc

AWS Certified Solutions Architect Professional  -  Compute  -  Containers Services on AWS

0 0 23

Người đăng: Quân Huỳnh

Theo Viblo Asia

A short note about Containers Services on AWS. This post is a short note from the course Ultimate AWS Certified Solutions Architect Professional by Stephane Maarek. The only purpose of this post is a summary, if you want detailed learning, please buy a course by Stephane Maarek.

Containers Management on AWS

To manage containers, we need a container management platform:

  • Amazon Elastic Container Service (Amazon ECS): Amazon's own container platform
  • Amazon Elastic Kubernetes Service (Amazon EKS): Amazon's managed Kubernetes (open source)
  • AWS Fargate: Amazon's own Serverless container platform. Works with ECS and with EKS

Amazon ECS

Concepts

ECS Cluster - logical grouping of EC2 instances.

ECS Service - defines how many tasks should run and how they should be run.

Task Definitions - metadata in JSON form to tell ECS how to run a Docker container (image name, CPU, RAM, …).

ECS Task - an instance of a Task Definition, a running Docker container(s).

ECS IAM Roles:

  • EC2 Instance Profile - used by the EC2 instance (e.g., make API calls to ECS, send logs, …)
  • ECS Task IAM Role - allow each task to have a specific role (e.g., make API calls to S3, DynamoDB, …)

Use cases

Run Microservices:

  • Run multiple Docker containers on the same machine
  • Easy Service Discovery features to enhance communication
  • Direct integration with Application Load Balancer and Network Load Balancer
  • Auto Scaling capability

Run Batch Processing / Scheduled Tasks.

Migrate Applications to the Cloud:

  • Dockerize legacy applications running on-premises
  • Move Docker containers to run on Amazon ECS

ALB Integration

We get Dynamic Port Mapping, allows you to run multiple instances of the same application on the same EC2 instance. The ALB finds the right port on your EC2 Instances.

Use cases:

  • Increased resiliency even if running on one EC2 instance
  • Maximize utilization of CPU / cores
  • Ability to perform rolling upgrades without impacting app uptime

Fargate

Launch Docker containers that without provision the infrastructure (no EC2 instances to manage). It’s all serverless!

You create task definitions, and AWS runs containers for you based on the CPU/RAM you need. To scale, just increase the number of tasks. Simple! No more EC2 instances.

Security & Networking

You can inject secrets and configurations as Environment Variables into running Docker containers. Integration with SSM Parameter Store and Secrets Manager.

ECS Tasks Networking:

  • none – no network connectivity, no port mappings
  • bridge – uses Docker’s virtual container-based network
  • host – bypass Docker’s network, uses the underlying host network interface
  • awsvpc - Every tasks launched on the instance gets its own ENI and a private IP address. Simplified networking, enhanced security, Security Groups, monitoring, VPC Flow Logs. Default mode for Fargate tasks.

Service Auto Scaling

Automatically increase/decrease the desired number of tasks. CPU and RAM is tracked in CloudWatch at the ECS Service level.

Amazon ECS leverages AWS Application Auto Scaling:

  • Target Tracking – scale based on target value for a specific CloudWatch metric
  • Step Scaling – scale based on a specified CloudWatch Alarm
  • Scheduled Scaling – scale based on a specified date/time (predictable changes)

Spot Instances

ECS Classic (EC2 Launch Type):

  • Can have the underlying EC2 instances as Spot Instances (managed by an ASG)
  • Instances may go into draining mode to remove running tasks
  • Good for cost savings, but will impact reliability

AWS Fargate:

  • Specify minimum of tasks for on-demand baseline workload
  • Add tasks running on FARGATE_SPOT for cost-savings (can be reclaimed by AWS)
  • Regardless of On-demand or Spot, Fargate scales well based on load

Elastic Container Registry

Store and manage container images on AWS, fully integrated with ECS, and access is controlled through IAM.

Two mode: Private and Public repository (Amazon ECR Public Gallery https://gallery.ecr.aws). Supports image vulnerability scanning, versioning, image tags, image lifecycle, …

End

End short note about AWS Containers Services.

Bình luận

Bài viết tương tự

- vừa được xem lúc

Đề thi interview DevOps ở Châu Âu

Well. Chào mọi người, mình là Rice - một DevOps Engineers ở đâu đó tại Châu Âu.

0 0 88

- vừa được xem lúc

In calculus, love also means zero.

Mình nhớ hồi năm 2 đại học, thầy giáo môn calculus, trong một giây phút ngẫu hứng, đã đưa ra cái definition này. Lúc đấy mình cũng không nghĩ gì nhiều.

0 0 65

- vừa được xem lúc

Chuyện thay đổi

Thay đổi là một thứ gì đó luôn luôn đáng sợ. Cách đây vài tháng mình có duyên đi làm cho một banking solution tên là X.

0 0 47

- vừa được xem lúc

Pet vs Cattle - Thú cưng và gia súc

Khái niệm. Pets vs Cattle là một khái niệm cơ bản của DevOps. Bài viết này sẽ nói về sự phát triển của các mô hình dịch vụ từ cốt lõi Pets and Cattle. 1.

0 0 35

- vừa được xem lúc

Git workflow được Google và Facebook sử dụng có gì hay ho

Với developer thì Git hẳn là công cụ rất quen thuộc và không thể thiếu rồi. Thế nhưng có mấy ai thực sự hiểu được Git.

0 0 85

- vừa được xem lúc

Kubernetes - Học cách sử dụng Kubernetes Namespace cơ bản

Namespace trong Kubernetes là gì. Tại sao nên sử dụng namespace.

0 0 113