Please enable JavaScript.

Coggle requires JavaScript to display documents.

AWS Containers - Coggle Diagram

- - - - = a text file (in JSON format) that describes one or more containers (up to a maximum of ten) that form the application
      - = a blueprint for the application
      - FSx for WIndows File Server volumes for persistent storage on Windows tasks
      - Docker volumes (EC2 launch type only) or bind mounts (EC2 + Fargate)
      - bind mounts = a file or directory on the host machine is mounted into a container
      - Docker volumes = a directory is created in /var/lib/docker/volumes on the container instance containing the volume data
      - ECS enables you to control the usage of swap memory space on your Linux container instances at the container level
      - task networking
        
        awsvpc = task is allocated its own ENI and a primary private IPv4 address, gives task same networking properties as EC2 instances
        
        bridge = task utilizes Docker's built-in virtual network which runs inside each EC2 instance hosting the task
        
        host = task bypasses Docker's built-in virtual network and maps container ports directly to the ENI of the EC2 instance hosting the task. As a result, you can't run multiple instantiations of the same task on a single EC2 instance when port mappings are used
        
        none = task has no external network connectivity
      - private registry authentication for tasks using AWS Secrets Manager enables you to store your credentials securely and then reference them in your container definition
      - environment variables can be passed individually or in bulk (file(s) stored in S3)
    - - = the instantiation of a task definition within a cluster
      - task scheduler is responsible for placing tasks within cluster
      - scheduling options
      - task placement strategies
        
        binpack = tasks are placed on container instances so as to leave the least amount of unused CPU or memory
        
        random = tasks are placed randomly
        
        spread = tasks are placed evenly based on the specified value
      - task placement constraint = a rule that is considered during task placement (distinctInstance and memberOf)
    - - = a logical grouping of tasks or services
      - one or more Amazon EC2 instances OR serverless infrastructure of Fargate
      - capacity providers
        
        = used to manage the infrastructure the tasks in clusters use
        
        each cluster can have one or more capacity providers and an optional default capacity provider strategy
        
        capacity provider strategy determines how the tasks are spread across the cluster's capacity providers
        
        for Fargate = FARGATE or FARGATE_SPOT
        
        for EC2 = name + Auto Scaling Group (ASG) + settings for managed scaling and managed termination protection
        
        capacity provider strategy consists of one or more capacity providers, optional base and weight value may be specified for finer control of a capacity provider
        
        capacity providers not supported when using blue/green deployment type
        
        capacity providers is not supported when using Classic Load Balancers
    - - runs on each container instance within an Amazon ECS cluster
      - sends information about the resource's current running tasks and resource utilization to Amazon ECS
    - - ENI trunking (awsvpcTrunking) = supports launching container instances with increased ENI density using supported Amazon EC2 instance types
      - container instance draining = ECS prevents new tasks from being scheduled for placement on the container instance
    - - enables you to run and maintain a specified number of instances of a task definition simultaneously
      - service scheduler is ideally suited for long running stateless services and applications
      - service scheduler ensures that the scheduling strategy you specify is followed and reschedules tasks when a task fails
      - service scheduler includes logic that throttles how often tasks are restarted if they repeatedly fail to start
      - service scheduler strategies
        
        REPLICA = places and maintains the desired number of tasks across your cluster
        
        DAEMON = deploys exactly one task on each active container instance that meets all of the task placement constraints (not supported by Fargate tasks)
      - deployment types
        
        rolling update
        
        blue/green with CodeDeploy (canary, linear, all at once)
        
        external deployment (= use any third-party deployment controller for full control)
      - service load balancing
      - service auto scaling
        
        target tracking scaling
        
        step scaling
        
        scheduled scaling
      - service discovery = uses AWS Cloud Map API actions to manage HTTP and DNS namespaces for ECS services
  - - - = creates AWS resources on your behalf from opinionated service patterns
    - - = enables to run your applications on Amazon ECS and AWS Fargate using the Docker Compose file format
  - - - FireLens = a container log router for Amazon ECS and AWS Fargate that gives you extensibility to use the breadth of services at AWS or partner solutions for log analytics and storage
    - - EFS volumes for persistent storage
      - ephemeral storage for nonpersistent storage (each task gets 20 GB, AES-256 encrypted using Fargate-managed encryption key)
- - - - EKS control plane + EKS nodes registered with the control plane
      - control plane logging
        
        api
        
        audit
        
        authenticator
        
        controllerManager
        
        scheduler
      - Windows support (with limitations)
      - Inferentia support
      - private clusters (no outbound Internet access)
    - - self-managed nodes (= feature complete)
      - managed node groups (= limited features)
      - Fargate (= limited features)
      - any combination is possible (see: https://docs.aws.amazon.com/eks/latest/userguide/eks-compute.html)
    - - storage classes
      - EBS CSI driver
      - EFS CSI driver
      - FSx for Lustre CSI driver
    - - VPC
        
        public and private subnets (recommended)
        
        only public subnets
        
        only private subnets
      - security groups
        
        cluster security group
        
        control plane and node security groups
      - pod networking (CNI)
        
        native VPC networking with the Amazon VPC Container Network Interface (CNI) plugin
        
        VPC NI CNI plugin allows Kubernetes pods to have the same IP address inside the pod as they do on the VPC network
      - AWS Load Balancer Controller
        
        manages AWS ELBs for a Kubernetes cluster
        
        provisions ALB when you create a Kubernetes Ingress resource
        
        provisions NLB when you create a Kubernetes Service of type LoadBalancer using IP targets on 1.18 or later EKS clusters
      - CoreDNS
      - Project Calico
        
        = network policy engine for Kubernetes
        
        to implement network segmentation and tenant isolation
        
        not supported in Fargate
        
        not installed by default
        
        adds rules to iptables on the node