ECS TEST 知识点
2018-10-15 本文已影响20人
K1024
ECS TEST 知识点
1
- AWS ECS的特性如下
- Containers and images
- Task Definitions
- Clusters
- Container agent
- AWS 的ECR是一个镜像仓库,不能算是ECS的特性
2
- Task Definitions是通过JSON template完成定义的
- A task definition is required to run Docker containers in Amazon ECS. Some of the parameters you can specify in a task definition include:
- The Docker images to use with the containers in your task
- How much CPU and memory to use with each container
- The launch type to use, which determines the infrastructure on which your tasks are hosted
- Whether containers are linked together in a task
- The Docker networking mode to use for the containers in your task
- (Optional) The ports from the container to map to the host container instance
- Whether the task should continue to run if the container finishes or fails
- The command the container should run when it is started
- (Optional) The environment variables that should be passed to the container when it starts
- Any data volumes that should be used with the containers in the task
- (Optional) The IAM role that your tasks should use for permissions
3
- ECS虽然是一个托管服务,就跟EC2一样,用户是有root权限,所以是可以安装第三方的监控软件进行监控;
4
- Container agent在每个资源基础设施中都基于ECS cluster构建,他提供资源当前的运行的任务和资源的利用情况、开始和停止等命令的接收;
- Container instance需要外部网络与ECS service endpoints交互的时候,如果没有publicIP,那么创建nat代理服务;
- VPC ENDPOINT暂时不支持ECS SERVICE;
- VPC endPoint支持如下:interface endpoints 基于AWS PrivateLink支持。就是一个弹性的接口,基于private IP访问AWS的服务
- API GATEWAY
- CLOUDWATCH
- CLOUDWATCH EVENT
- CLOUDWATCH LOGS
- CODE BUILD
- EC2 API
- ELB API
- KMS
- Kinesis Data Stream
- SageMaker Runtime
- Secrets Manager
- Service Catalog
- SNS
- System Manager
- Endpoints Service hosted by other AWS ACCOUNT
- Supported AWS MAKRETPLACE PARTNER SERVICE
- GateWay endpoints支持的AWS服务如下
- Amazon S3
- DynamoDB
5
- ECS的container agent调用ecs的Api获取相关信息,但是你需要设定一个IAM POLICY说明这个ECS属于你;
- 这个policy中的ECS:POLL属性允许agent报告状态以及执行命令行;
- ECS CONTAINER是使用key pair进行访问登陆的,不会使用密码访问的;
6
- ECS的Launch types决定了你的TASK和Service部署的位置;
- Fargate Launch Type:就是使用全托管的后端架构。The Fargate launch type allows you to run your containerized applications without the need to provision and manage the backend infrastructure. Just register your task definition and Fargate launches the container for you
- EC2 Launch Type:就是将服务放到你管理的EC2集群上,The EC2 launch type allows you to run your containerized applications on a cluster of Amazon EC2 instances that you manage.
7
- 创建ECS CLUSTER的时候需要指定Instance type 、VPC and subnet
8
- Service Definition定义了哪个task Definition在你的service中被使用,多少个instance被使用,哪个load balance与你关联;
9
- user data同样适用于ECS instance,在instance启动的时候进行相关初始化操作;
10
- ECS与CloudTrail整合了,用于监控用户在什么角色下调用了哪些aws服务;