首页 > 其他 > 详细

[SAA + SAP] 06. Containers on AWS: ECS, Fargate, ECR & EKS

时间:2021-07-20 23:11:50      阅读:9      评论:0      收藏:0      [点我收藏+]

SAA

Overview

技术分享图片

For each container, there is ECS Agent attached to it. ECS Agent talk to ECS Service, ECR to pull image and send log to CloudWatch.

 

技术分享图片

There are two types of IAM roles:

  1. For EC2 instance, ECS Agent
  2. For Task defintion

技术分享图片

技术分享图片

For each Task, will attach ENI to bind network IP.

 

ECS Services & Tasks, Load Balancing

技术分享图片

  • In a Cluster, you can have multi services
  • In a Service, you can run multi Tasks
  • You can attach Application Load Balacner

技术分享图片

  • If you have Multi containers running in one Task
  • You can using Dynamic Port mapping, (give 0 in Port input), it randomlly assign port
  • ALB will connect to each ports
  • EC2 instance SG should allow ANY PORT from the ALB security Group (because port are dynamic)

技术分享图片

技术分享图片

  • ECS tasks can be invoked automaticlly by EventBridge or CloudWatch Event

 

ECS Scaling

技术分享图片

  • There are two types of scalings
  • Auto scaling group to add new Task to handle increase traffic
  • Scaling SEC Capacity Proivders to upgrade EC2 instance, in order to Launch more Tasks in EC2 instances

技术分享图片

 

技术分享图片

技术分享图片

技术分享图片

 


 

SAP

技术分享图片

技术分享图片

 

ECS - Security & Networking

  • IAM Security
    • EC2 instance Role must have basic ECS permissions
    • ECS Task level should have an IAM Task Role (maximum security)
  • Secrets and Configuration injection into parameters, environmnet variables
    • Integration with SSM Parameter Store & Secret Manager
  • Task Networking
    • none: no network connectivity, no port mapping
    • bridge: uses Docker‘s virtual container-based network
    • host: bypass Docker‘s netowkr, uses the underlying host netowrk interface
    • awsvpc:
      • Every tasks launched on instance gets its own ENI and private IP address
      • Simplified networking, enhanced security, security groups, monitoring, VPC flow logs
      • Default mode for Fargate

技术分享图片

技术分享图片

[SAA + SAP] 06. Containers on AWS: ECS, Fargate, ECR & EKS

原文:https://www.cnblogs.com/Answer1215/p/15036600.html

(0)
(0)
   
举报
评论 一句话评论(0
© 2014 bubuko.com 版权所有
打开技术之扣,分享程序人生!