지식창고

Pod의 containerPort에 name 을 붙이면, service 에서 targetPort로 해당 name을 사용할 수 있다. EndpointSlice EndpointSlice contains references to a set of network endpoints. The control plane automatically creates EndpointSlices for any Kubernetes Service that has a selector specified. By default, the control plane creates and manages EndpointSlices to have no more than 100 endpoints each. You can configure this wit..

Shard Responsibility Model AWS는 Cloud'의' 보안에 책임이 있고, 사용자는 Cloud'안의' 보안에 책임이 있다. ECS Task IAM role IAM Role을 task 에 할당할 때, trust policy의 service에 "ecs-tasks.amazonaws.com" 설정해서 각 task가 EC2의 IAM role을 상속받지 않게 하라 When you add a task role to a task definition, the Amazon ECS container agent automatically creates a token with a unique credential ID This token and the role credentials are then added t..

VPC Lattice 는 Service Mesh 가 아니다. VPC 와 account 간 간단한 연결과 안전성 제공 Istio나 Ambient mesh 처럼 Sidecar proxy 나 eBPF 형식의 agent 가 필요하지 않다. EC2, EKS, ECS, serverless 호환 가능 Traffic & access control Features Service Discovery 같은 service network 안에서 서비스들이 통신 가능. DNS 가 client-to-service나 service-to-service traffic을 route함. Route 53 Resolver가 VPC Lattice에 traffic 전송하고, destination service 파악 Connectivity Clien..

Capacity Providers determine the infrastructure to use for your task The capacity provider strategy determines how the tasks are spread across the capacity providers allows the application to define its requirements for how it uses the capacity Fargate Fargate spot uses spare compute capacity and provides up to 70% savings compared to Fargate When AWS needs the capacity back, your tasks will be ..

service mesh that provides application-level networking to make it easy for your services to communicate with each other across multiple types of compute infrastructure standardizes how your services communicate, giving you end-to-end visibility and ensuring high-availability for your applications makes it easy to run services by providing consistent visibility and network traffic controls for s..

ECS Task networking The networking behavior of Amazon ECS tasks hosted on Amazon EC2 instances is dependent on the network mode defined in the task definition Amazon ECS recommends using the awsvpc network mode unless you have a specific need to use a different network mode awsvpc The task is allocated its own elastic network interface (ENI) and a primary private IPv4 address ENI VPC에서 가상 네트워크 카..

Amazon Managed Service for Prometheus(AMP) monitoring service for metrics compatible with the open source Prometheus project easier for you to securely monitor container environments reduces the heavy lifting required to get started with monitoring applications across EKS & ECS, as well as self-managed Kubernetes clusters. automatically scales as your monitoring needs grow. It offers highly avai..

ECS란? Fully managed container orchestration service Launch compute options Fargate serverless container compute engine AWS Regions same geographical area AWS Local Zones An extension of Region. Suited to customers who need the ability to place resources in multiple locations closer to end users AWS Wavelength Ultra-low-latency mobile edge computing. 5G apps, interactive and immersive experinces,..

1. Control Tower를 Decommission한 후에 다시 생성하려 할 때, 아래와 같은 에러가 발생하며 Control Tower가 생성이 불가하다 AWS Control Tower failed to set up your landing zone completely: User: arn:aws:sts::123412341234:assumed-role/AWSControlTowerAdmin/AssumeAdminRole is not authorized to perform: organizations:DescribeAccount on resource: arn:aws:organizations::123412341234:account/o-abcdefgh/123412341234 because no identity-ba..

데이터 공유 제어 방법 Application에 구축된 전용 인프라 계층 service간 통신을 추상화하여 안전하고, 빠르고, 신뢰할 수 있게 만ema 추상화를 통해 복잡한 내부 네트워크 제어 및 추적 내부 네트워크 관련 로직 추가함으로써 안정성, 신뢰성, 탄력성, 표준화, 가시성, 보안성 확보 L7 network layer Service Mesh의 기능 Service Discovery Load Balancing Dynamic Request Routing Circuit Breaking Retry and Timeout TLS Distributed Tracing metrics 수집 Sidecar Pattern 기본 App 외 추가 기능을 별도의 App으로 구현하고 이를 동일한 파드 내에 배치 기본 App 로직..