Index
As this ebook edition doesn't have fixed pagination, the page numbers below are hyperlinked for reference only, based on the printed edition of this book.
A
Active Directory Domain Services (AD DS) 57
Active Directory integration, on Kubernetes 128
mutating Webhook 128
validating Webhook 128
AD integration
Amazon CloudWatch 143
Amazon CloudWatch Container Insights
Amazon CloudWatch Logs
components 144
log group 144
log stream 144
Amazon EBS CSI driver 109
Amazon EC2 nodes 106
components 22
reference link 15
Amazon ECS Anywhere
reference link 15
Amazon ECS cluster
deploying, with Terraform 30, 34
Amazon ECS-optimized Windows AMIs 38, 39
Amazon ECS service scheduler 26
daemon strategy 26
replica strategy 26
Amazon EKS
reference link 15
Windows Pod, deploying 129, 130
Amazon EKS cluster
connecting to 130
deploying, with eksctl 175-177
deploying, with Windows nodes using Terraform 113
Amazon EKS node groups 106
AWS Fargate 106
managed node groups 106
self-managed nodes 106
Amazon EKS-optimized Windows AMIs 106
AWS IAM Authenticator 107
containerd 107
CSI proxy 107
Docker 107
kubelet 107
kube-proxy 107
Amazon Elastic Block Storage (EBS) 8
Amazon Elastic Kubernetes Service (EKS) 90
Linux node group 91
reference link 15
Windows containers, running 90
Windows node group 91
Windows Pod, deploying 129, 130
Amazon FSx for Windows File Server 62
Amazon Machine Images (AMIs) 153
Amazon VPC Container Network Interface (CNI)
Amazon Web Services (AWS) 11, 109
using, for Windows containers 11-13
AMIs, with EC2 Image Builder
reference link 172
App2Container (A2C)
workflow 177
Application Load Balancer (ALB) 79
Auto Scaling group
availability zones (AZs) 90
AWS App2Container (A2C)
used, for containerizing Windows applications 177, 178
AWS CLI 163
AWS container orchestrators 15
Amazon ECS 15
Amazon ECS Anywhere 15
Amazon EKS 15
AWS Fargate 15
AWS Copilot 178
used, for deploying Windows containers 178, 179
AWS Fargate
Hyper-V isolation mode 76
overview 74
process isolation mode 75
reference link 15
AWS Fargate Windows-based task
use cases 79
AWS IAM Authenticator 107
AWS Log Drivers 139
awslogs driver 145
AWS-managed 98
AWS Nitro
impact, on container performance 13, 14
Nitro Cards 14
Nitro Hypervisor 14
AWS services
deploying 35
AWS Systems Manager (SSM) 39
AWS Task Orchestrator and Executor (AWSTOE) 161
drawbacks 30
AWS Windows faster launching 77, 163
C
Center for Internet Security (CIS) 172
Certificate Authority (CA) 108
Cloud Native Computing Foundation (CNCF) 107
cluster 22
OpenID Connect endpoint, creating 114, 115
Cluster Autoscaler 102
ConfigMap
used, for adding Kubernetes permissions (RBAC) to node level 117
containerd 107
container deployment 55
container image cache strategy
implementation, need for 167, 168
container images
container instance 22
container primitives 4
Container Runtime Interface (CRI) 107
containers 4
container scheduling 55
Container Storage Interface (CSI) 109
control groups (Cgroups) 4
Core AMI 38
credential spec (CredSpec) 129
CSI drivers
Amazon EBS CSI driver 109
SMB CSI driver for Kubernetes 109
used for working with persistent storage 109
CSI proxy 107
custom AMI pipeline
custom AMIs
need for 160
custom components
EC2 Image Builder, extending with 171, 172
Custom Resource Definition (CRD) 129
D
DaemonSet 147
Datacenter version, Windows Server 8
default mode
benefits 28
drawbacks 28
use case 28
Docker 107
Dockerfile 143
Domain Name Server (DNS) 108
dotnet-computevirtualization 6
Dynamic Link Library (DLL) 7
E
EC2 Auto Scaling 159
EC2 console 163
extending, with custom components 171, 172
EC2 Windows-based task
scheduling, with Terraform 66
ECS agent 22
ECS-optimized Windows AMI 160
ECS Service
ECS Windows container instance 145
eksctl 175
reference link 177
used, for deploying Amazon EKS cluster 175-177
EKS-optimized Windows AMI 160
consuming, with Terraform 108
EKS Windows bootstrap 108, 109
Elastic Block Storage (EBS) 62
Elastic Container Registry (ECR) 16
Elastic Container Service (ECS) 139
Elastic Kubernetes Service (EKS) 139
Elastic Load Balancer (ELB) 132
Elastic Network Interface (ENI) 27
ephemeral hosts 159
Event Log 139
Event Tracing for Windows (ETW) 139
F
Fargate Windows-based task definition
scheduling, with Terraform 79
Full AMI 38
Fully Qualified Domain Name (FQDN) 70
G
Group Managed Service Accounts (gMSAs) 15, 58
host computer account, using 59, 60
portable user identity, using 60-62
reference link 59
H
hcsshim 6
Horizontal Pod Autoscaler 102
host bus adapter world wide name (HBA WWN) 112
Host Compute Service (HCS) 5, 6
Host CPU management 123
Host Network Service (HNS) 107
Hyper-V isolation mode 76
I
IAM roles
creating, for cluster 114, 115
IAM roles and instance profiles
deploying, with Terraform 31-34
IAM roles for service accounts (IRSA) 114, 147
Identity and Access Managenent (IAM) role 145
Infrastructure as Code (IaC) 130
input-output operation (I/O) 64
instance metadata service (IMDS) 42
instance roles
creating, for Windows and Linux Amazon EC2 nodes 116
Integrated Authentication (IA) 59
Integrated Windows Authentication (IWA) 58
Internet Information Services (IIS) 143
in-tree drivers 12
IP address management (IPAM) 97
J
job object 6
K
Kernel-based Virtual Machine (KVM) 14
kubelet 107
kube-proxy 107
Kubernetes
persistent volumes, managing 111-113
PVC 111
StorageClass 111
Kubernetes permissions (RBAC)
adding, to node level with ConfigMap 117
Kubernetes signer 128
kube-scheduler 122
L
launch template
creating, to bootstrap and launch Windows and Linux Amazon EC2 nodes 118
licenses, Windows Server on AWS
bring your own license (BYOL) 8
license included 8
log aggregation and streaming, to Amazon CloudWatch
steps 148
log forwarding 143
awslogs driver, as log processor 145, 146
Fluent Bit, as log processor 146-149
log group 144
Logical Unit Number (LUN) 112
LogMonitor 139
LogMonitorConfig.json 141
LogMonitor.exe 141
reference link 140
log stream 144
M
managed mode groups 106
Microsoft Patch Tuesday 153, 154
Microsoft Security Response Center (MSRC) 153
N
named pipe 40
namespaces 4
Network Address Translation (NAT) mode 27
network-attached storage (NAS) 14
New Technology File System (NTFS) 62
Nitro Card
for EBS 14
for Instance store 14
for VPC 14
Nitro Hypervisor 14
node group 106
nodeSelector
used, for avoiding pod-schedule disruption 100
Non-Volatile Memory Express (NVMe) 14
north-south workflow traffic 27
O
Open Database Connectivity (ODBC) drivers 7
OpenID Connect endpoint
creating, for cluster 114, 115
operating system (OS) 139
out-of-band patches 153
out-of-memory (OOM) state 122
P
persistent storage
CSI drivers, used for working with 109
PersistentVolumeClaim (PVC) 110, 111
deployments 113
StatefulSets 112
Persistent Volumes (PV)
managing, on Kubernetes 111-113
Pod CPU management 123
Pod memory management 122
Pod resource management
exploring 121
pod-schedule disruption
avoiding 98
avoiding, with nodeSelector 100
avoiding, with tolerations 100-102
PodSpec 107
process isolation mode 75
R
resource controls 6
implementing, for Windows containers 6
right-sizing pillars, Windows container instance
memory 46
processor 45
role-based access control (RBAC) 91
Runtime Class 124
reference link 127
S
scheduling priority 123
Secure Hash Algorithms (SHA) 156
security groups
creating 113
security identifier (SID) 77, 163
security patch compliance
on Windows container images 154, 155
self-managed nodes 106
serverless Windows containers
Fargate Windows-based task image pull time 78
Fargate Windows-based task start-up time 77
planning for 77
Server Message Block (SMB) 62, 109
service account 58
service-level agreements (SLAs) 16
services 26
site reliability engineer (SRE) 16
SMB CSI driver
for Kubernetes 109
high-level overview 110
workflow 111
SMB Global Mapping 62
standard output (STDOUT) 139, 140
Storage Area Network (SAN) 112
Sysprep generalize process 163
System Center Configuration Manager (SCCM) 3
System Center Operations Manager (SCOM) 4
system resource reservations 124
T
taints
used, for avoiding pod schedule disruption 100-102
placement constraints 57
Terraform
EC2 Windows-based task, scheduling with 66
Fargate Windows-based task definition, scheduling with 79
reference link 30
used, for consuming EKS-optimized Windows AMI 108
used, for deploying Amazon ECS cluster 30, 34
used, for deploying Amazon EKS cluster with Windows nodes 113
used, for deploying Windows container instance 47
using, to deploy IAM roles and instance profiles 31-34
Ticket Granting Ticket (TGT) 59
tolerations
used, for avoiding pod schedule disruption 100-102
V
Virtual Filtering Platform (VFP) 107
virtual network interface card (vNIC) 27
virtual switch (vSwitch) 27
VPC admission controller 97
VPC CNI
setting up, for Windows support 97, 98
VPC resource controller 97
W
Windows
Windows and Linux Amazon EC2 nodes
instance roles, creating 116
launch template, creating to bootstrap 118
launch template, creating to launch 118
Windows applications
containerizing, with AWS App2Container 177, 178
Windows-based node
Windows container image 7
Extracted on disk 8
Nano Server 7
security patch compliance 154, 155
Server 7
Server Core 7
sizes, enumerating 8
Windows 7
Windows container instance
deploying, with Terraform 47
right-sizing 42
security groups, deploying 47-51
Windows containers
and gMSA integration 59
deploying, with AWS Copilot 178, 179
resource controls, implementing 6
Windows container startup time and container performance
Windows Desktop Experience 38
Windows Host
exploring 121
Windows Network Address Translation (WinNAT) 27
Windows Pod
deploying, on Amazon EKS 129-134
dynamically scaling out 102, 103
Windows Remote Management (WinRM) 178
Windows Server
container primitives, exposing 4
licensing, on AWS 8
resource controls, implementing for containers 6
Windows System Preparation (Sysprep) 77
worker Nodes 106