containers-roadmap | public roadmap for AWS container services | AWS library
kandi X-RAY | containers-roadmap Summary
kandi X-RAY | containers-roadmap Summary
This is the public roadmap for AWS Container services. Knowing about our upcoming products and priorities helps our customers plan. This repository contains information about what we are working on and allows all AWS customers to give direct feedback.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of containers-roadmap
containers-roadmap Key Features
containers-roadmap Examples and Code Snippets
Community Discussions
Trending Discussions on containers-roadmap
QUESTION
Fairly recently I started learning BPF tools and have used them quite a bit on my own workstation as a debugging aid. However, I would like to start using them in production for better visibility into production issues. Our workloads run in AWS ECS. It seems like using the tools is not possible on Fargate:
https://github.com/aws/containers-roadmap/issues/1027
What would be the requirement to get the tools properly working in ECS if using your own EC2 cluster? Can I use e.g. an Alpine Linux image or would I need to base the image on the precise kernel build used in the EC2 hosts? Anyone have experiences to share?
...ANSWER
Answered 2021-Dec-10 at 22:19Disclaimer, I don't have personal experience with eBPF on AWS ECS, however I have some experience with eBPF requirements since I maintain a loader library.
In general to use eBPF you need:
- A linux kernel which is compiled with BPF support and the BPF features you want to use.
- Having the the
CAP_SYS_ADMIN
capability on kernel versions lower than 5.8 or theCAP_BPF
capability on kernel versions 5.8 and above (CAP_SYS_ADMIN
will still work, but gives you much more than just BPF access). - Depending on which tools you want to use you might need extra capabilities like
CAP_PERFMON
to use perf features(uprobe, kprobe, tracepoint) (orCAP_SYS_ADMIN
on kernel versions below 5.8)
Using eBPF within a container should not be an issue since containers share the same kernel with the host(containers are just isolated processes on the host).
But since eBPF allows you to probe the kernel this obviously breaks the isolation of the container, and giving CAP_SYS_ADMIN
to a container also basically gives it full root access, so security is a challenge(unless you are just using it in development, in which case you can just make your container privileged). That is the reason you won't see eBPF enabled on shared hardware(if things are configured properly).
QUESTION
I am building an AWS EKS cluster using this Terraform provider. However, I can't find a way to apply node taints to managed node groups or worker groups. This issue and its resolution seem to suggest that this is not possible. Is there any way to do this?
...ANSWER
Answered 2020-Aug-28 at 14:25In the Terraform script for that provider, you can add the following to a worker group:
(in main.tf
)
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install containers-roadmap
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page