Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Fargate를 이용한 ECS with VPC 1부

1,540 views

Published on

사내 발표자료 겸 만들었는데, ECS Fargate를 이용하실 분들이라면, 편리하게 쓰실 수 있도록 최대한 상세하게 만들어 보았습니다.

사실 CloudFormation 등 배포는 좀 더 편리하게 할 수 있지만, 회사 사정도 있고, 제가 일단 그런 기술을 너무 늦게 알았기 때문에 다루지는 않았습니다.

Published in: Engineering
  • 아우 굉장히 훌륭한 예제와 자료에요 ㅋㅋㅋ 회사 퇴근시간인데도 끅끅거리면서 예제 돌려봤네요.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Fargate를 이용한 ECS with VPC 1부

  1. 1. ECS with VPC DevJelly( ) 1 github.com/kyunooh facebook: hyunmook.k.choi (fargate) ??
  2. 2. ..
  3. 3. • • • • • •
  4. 4. ECS • Auto Scailing . • . • . • . • EC2 . • Hip ( !)
  5. 5. • • “ DevOps ??” .. • .. • . • , • ..
  6. 6. Elastic Container Service
  7. 7. , 
 Docker Container
  8. 8. Docker ?
  9. 9. Docker 
 .
  10. 10. ECS
  11. 11. ECS?
  12. 12. ECS 

  13. 13. Auto Scaling Flexible Deploy
  14. 14. Deploy
  15. 15. “ ” .
  16. 16. EC2 without Autoscailing EC2 ELB ( )
  17. 17. 80
  18. 18. ??
  19. 19. ??
  20. 20. ?? ( )
  21. 21. Auto Scaling
  22. 22. EC2
  23. 23. EC2 Auto scaling EC2 ELB Auto scaling Group AMI( ) Launch Configuration Auto scaling Group
  24. 24. EC2 ELB Auto scaling Group AMI( ) Launch Configuration Auto scaling Group
  25. 25. 
 EC2 ELB Auto scaling Group AMI( ) Launch Configuration Auto scaling Group
  26. 26. 
 ..
  27. 27. … EC2 ELB Auto scaling Group AMI( ) Launch Configuration Auto scaling Group ?
  28. 28. 
 

  29. 29. 
 

  30. 30. 
 ??
  31. 31. , 
 

  32. 32. 2011 
 Elastic Beanstalk( EB)
  33. 33.
  34. 34. 
 EC2, Auto scaling, ELB !
  35. 35. 
 !
  36. 36. !
  37. 37. 
 EC2, Auto scaling, ELB !
  38. 38. 
 EC2, Auto scaling, ELB !
  39. 39. .ebextesions
  40. 40. .ebextesions
  41. 41. files: "/etc/nginx/conf.d/01_proxy.conf": mode: "000644" owner: root group: root content: | client_max_body_size 10M; "/etc/nginx/conf.d/02_app_server.conf": mode: "000644" owner: root group: root content: | # The content of this file is based on the content of /etc/nginx/conf.d/webapp_healthd.conf # Change the name of the upstream because it can't have the same name # as the one defined by default in /etc/nginx/conf.d/webapp_healthd.conf upstream new_upstream_name { server unix:///var/run/puma/my_app.sock; } # Change the name of the log_format because it can't have the same name # as the one defined by default in /etc/nginx/conf.d/webapp_healthd.conf log_format new_log_name_healthd '$msec"$uri"' '$status"$request_time"$upstream_response_time"' '$http_x_forwarded_for'; server { listen 80; server_name _ localhost; # need to listen to localhost for worker tier if ($time_iso8601 ~ "^(d{4})-(d{2})-(d{2})T(d{2})") { set $year $1; set $month $2; set $day $3; set $hour $4; } access_log /var/log/nginx/access.log main; # Match the name of log_format directive which is defined above access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour new_log_name_healthd; location / { # Match the name of upstream directive which is defined above proxy_pass http://new_upstream_name; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /assets { alias /var/app/current/public/assets; gzip_static on; gzip on; expires max; add_header Cache-Control public; } location /public { alias /var/app/current/public; gzip_static on; gzip on; expires max; add_header Cache-Control public; }
  42. 42. files: "/etc/nginx/conf.d/01_proxy.conf": mode: "000644" owner: root group: root content: | client_max_body_size 10M; "/etc/nginx/conf.d/02_app_server.conf": mode: "000644" owner: root group: root content: | # The content of this file is based on the content of /etc/nginx/conf.d/webapp_healthd.conf # Change the name of the upstream because it can't have the same name # as the one defined by default in /etc/nginx/conf.d/webapp_healthd.conf upstream new_upstream_name { server unix:///var/run/puma/my_app.sock; } # Change the name of the log_format because it can't have the same name # as the one defined by default in /etc/nginx/conf.d/webapp_healthd.conf log_format new_log_name_healthd '$msec"$uri"' '$status"$request_time"$upstream_response_time"' '$http_x_forwarded_for'; server { listen 80; server_name _ localhost; # need to listen to localhost for worker tier if ($time_iso8601 ~ "^(d{4})-(d{2})-(d{2})T(d{2})") { set $year $1; set $month $2; set $day $3; set $hour $4; } access_log /var/log/nginx/access.log main; # Match the name of log_format directive which is defined above access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour new_log_name_healthd; location / { # Match the name of upstream directive which is defined above proxy_pass http://new_upstream_name; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /assets { alias /var/app/current/public/assets; gzip_static on; gzip on; expires max; add_header Cache-Control public; } location /public { alias /var/app/current/public; gzip_static on; gzip on; expires max; add_header Cache-Control public; } files: "/etc/nginx/conf.d/01_proxy.conf": mode: "000644" owner: root group: root content: | client_max_body_size 10M; "/etc/nginx/conf.d/02_app_server.conf": mode: "000644" owner: root group: root content: | # The content of this file is based on the # Change the name of the upstream because # as the one defined by default in /etc/ng upstream new_upstream_name { server unix:///var/run/puma/my_app.sock; } # Change the name of the log_format becaus
  43. 43. ?
  44. 44. !
  45. 45. 
 ?
  46. 46. 3.7 .
  47. 47. ? 
 6 ?
  48. 48. .
  49. 49. . ??
  50. 50. EB
  51. 51. Docker !!
  52. 52. Dockerfile 

  53. 53. FROM tomcat:8.5.40-jre8-slim RUN rm -rf /usr/local/tomcat/webapps/* COPY ./target/JellyJelly.war /usr/local/tomcat/webapps/ROOT.war EXPOSE 8080
  54. 54. FROM tomcat:8.5.40-jre11-slim RUN rm -rf /usr/local/tomcat/webapps/* COPY ./target/JellyJelly.war /usr/local/tomcat/webapps/ROOT.war EXPOSE 8080
  55. 55. 
 

  56. 56. Docker Immutable Dockerfile
  57. 57. FROM tomcat:8.5.40-jre8-slim RUN rm -rf /usr/local/tomcat/webapps/* COPY ./target/JellyJelly.war /usr/local/tomcat/webapps/ROOT.war ENV JAVA_OPTS="-Xmx1536m -Xms1536m - XX:PermSize=1024m -XX:MaxPermSize=1024m" EXPOSE 8080 ! 5252 Docker !
  58. 58. 
 Docker AWS .
  59. 59. EB Docker ?
  60. 60. – god “ 
 ” EB !! !!
  61. 61. . ! ! .
  62. 62. EB (ELB, Auto Scaliing )
  63. 63. EC2
  64. 64. Flexible
  65. 65. ECS Fargate EC2
  66. 66. EC2 vs Fargate • AWS Docker AMI • EC2 ( ) • Docker • Docker Run • Docker Run 
 EB Docker
  67. 67. ECS EC2 vs Fargate : AWS
  68. 68. ECS • Task Run . (Fargate) • (CPU ) . (Fargate) • EB . • 1 .
  69. 69. 
 ECS
  70. 70. AWS
  71. 71. ECS Cluster ECR Dockerfile 
Docker Image 
 ECR Task Definition ELB . Create Service 
 Update Service
  72. 72. 1 Cluster ECR Dockerfile 
Docker Image 
 ECR Task Definition ELB . 
 Update Service
  73. 73. 
 ECS Cluster
  74. 74.
  75. 75. . !
  76. 76. Fargate 
 Networking only 1. ! 2. !
  77. 77. Cluster name 1 VPC .
  78. 78. !
  79. 79. 
 .
  80. 80. Elastic Container Repository (ECR)
  81. 81. AWS Docker Hub
  82. 82. , AWS Docker Hub ! Repository
  83. 83. Repository Repository ! jelly/ecs-session-example
  84. 84. ! .. ! jelly/ecs-session- example
  85. 85. 
 
 . https://github.com/kyunooh/ecs-session-example
  86. 86. View push Commands ! jelly/ecs-session-example jelly/ecs-session-example
  87. 87. 
 AWS CLI .
  88. 88. Unable to locate credentials. You can configure credentials by running "aws configure". ‘aws configure’ . !
 https://docs.aws.amazon.com/ko_kr/cli/latest/userguide/cli-chap-configure.html
  89. 89. 
 AWS CLI .
  90. 90. Refresh Push !
  91. 91. Task Definition 
 ELB
  92. 92. EC2 -> Load Balancers
  93. 93. Fargate CLB . ALB
  94. 94. Listeners 
 
 . Next Security Group
  95. 95. 80 443 ! Next
  96. 96. Target Group 
 . Next IP
  97. 97. CIDR IP Next
  98. 98. Create
  99. 99. !
  100. 100. Listeners 1. ! 2. ! 3. !
  101. 101. Listeners 1. ! 2. ! 3. ! 4. !
  102. 102. Target Group 1. !
  103. 103. Target Group 1. ! 2. !
  104. 104. 
 ???
  105. 105. (empty) ALB .
  106. 106. Task Defnition
  107. 107. Task Definition . ,
 !
  108. 108. ECS 
 Task Definitions !
  109. 109. Fargate 
 Next !
  110. 110. 1. 2. CPU 3. Add container
  111. 111. ECR 
 Image URI
  112. 112. jelly/ecs-session-example jelly/ecs-session-example Push !Push !
  113. 113. 1. 2. CPU 3. Add container
  114. 114. 1. Container Name 2. Image URL 
 Soft limit - Hard limit - ..( ) 4. 3. limit 5. Add
  115. 115. Task Definition 
 .
  116. 116. Task Definition 
 . Create
  117. 117. Volumes 

  118. 118. 
 Task Defnition 
 Service , 
 Task .
  119. 119. Task
  120. 120. Service T.O.P
  121. 121. Task 
 Task Definition 
 . .
  122. 122. Service 
 Task 
 .
  123. 123. Service .
 (ELB, Auto Scaling )
  124. 124. Task Definition 
 Create Service !
  125. 125. Revision - Task Definition Family Revision .
 Service name - 
 Number of task - Service task 
 
 Minimum healthy percent - healthy % ex) Task 6 100% 6 , 50% 3 
 Maximum percent - 200% ex) Task 6 200% 12 z
  126. 126. Rolling Update Task 
 , , , 
 Blue/Green Task 
 Task 
 4 Task 4 8 4 (CodeDeploy ) !
  127. 127. Cluster VPC Subnets , !! Security Group Task Definition Container . Auto-assign public IP : public IP .. 
 ENABLED 
 .
  128. 128. SG VPC .
  129. 129. Application Load Balancer ! Load Balancer ! Add to load balancer !
  130. 130. Load Balancer .
 ( , Container port ) Load Balancer Target Group Target Group ECS Auto Scaling Target . , 
 ELB 
 ! !
  131. 131. Service discovery , 
 
 ( ..) Next step
  132. 132. 
 Auto Scaling
  133. 133. Auto Scaling ! Task 2 Task ( Minimum ) Task
  134. 134. Auto Scaling !
 
 1 60% 1 Scale Out . ( CPU !)
  135. 135. Save Scaling Action . ( , 
 Task , Cooldown ?) Alarm Task ! 300 ! 300 Scaling !
  136. 136. Scale In .
  137. 137. Scale In . Next step!! >= > - <=
  138. 138. Create Service !! >=
  139. 139. 
 
 
 
 !
  140. 140. Service
  141. 141. ELB 
 DNS !
  142. 142. !!
  143. 143.
  144. 144. 1 Cluster ECR Dockerfile 
Docker Image 
 ECR Task Definition ELB . Create Service 
 Update Service
  145. 145. ?
  146. 146. https://github.com/kyunooh/ecs-session-example
  147. 147. $ sh deploy.sh https://github.com/kyunooh/ecs-session-example
  148. 148. 
 !
  149. 149. # Edit Below Options DATE=$(date '+%Y-%m-%d-%H-%M-%S') echo $DATE ECR_URL="12345678987.dkr.ecr.ap-northeast-2.amazonaws.com" DOCKER_IMAGE_NAME="jelly/ecs-session-example" DIR="$( cd "$( dirname "$0" )" && pwd )" TASK_DEF_NAME="ecs-session-example" TASK_DEF_CONF="ecs-task-definition.conf" CLUSTER_NAME="Jellys-Toy-Cluster" SERVICE_CONF="ecs-service.conf" MINIMUM_HEALTHY_PERCENT=100 MAXIMUM_PERCENT=200 SUBNETS='"subnet-xxxxxxxxxxxxxx","subnet-xxxxxxxxxxxxxxxx"' SECURITY_GROUPS='"sg-XXXXXXXXXXXXXXX"' DESIRED_COUNT=2
  150. 150. { "cluster": "CLUSTER_NAME", "service": "TASK_DEF_NAME", "desiredCount": DESIRED_COUNT, "taskDefinition": "TASK_DEF_NAME", "deploymentConfiguration": { "maximumPercent": MAXIMUM_PERCENT, "minimumHealthyPercent": MINIMUM_HEALTHY_PERCENT }, "networkConfiguration": { "awsvpcConfiguration": { "subnets": [ SUBNETS ], "securityGroups": [ SECURITY_GROUPS ], "assignPublicIp": "DISABLED" } }, "forceNewDeployment": false, "healthCheckGracePeriodSeconds": 0 } { "executionRoleArn": "arn:aws:iam::******************* "containerDefinitions": [ { "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group": "/ecs/TASK_DEF_NAME", "awslogs-region": "ap-northeast-2", "awslogs-stream-prefix": "ecs" } }, "portMappings": [ { "hostPort": 3000, "protocol": "tcp", "containerPort": 3000 } ], "cpu": 0, "environment": [], "mountPoints": [], "memory": 512, "memoryReservation": 512, "volumesFrom": [], "image": "DOCKER_IMAGE_NAME", "name": "TASK_DEF_NAME" } ], "placementConstraints": [], "memory": "512", "family": "TASK_DEF_NAME", "requiresCompatibilities": [ "FARGATE" ], "networkMode": "awsvpc", "cpu": "256", "volumes": [] }
  151. 151. “Works on my machine”
  152. 152. Trouble Shooting
  153. 153. Auto Assign Public Ip DISABLED 
 ?
  154. 154. – “ ”
  155. 155. IP ENI
  156. 156. Public IP (ENI)
 Private IP (ENI)
  157. 157. Public IP (ENI)
 Private IP (ENI)
  158. 158. Only private subnets are supported for the awsvpc network mode. Because tasks do not receive public IP addresses, a NAT gateway is required for outbound internet access. Inbound internet traffic should be routed through a load balancer.
  159. 159. If you are using Fargate tasks, a public IP address needs to be assigned to the task's elastic network interface,. The network interface must have a route to the internet or a NAT gateway that can route requests to the internet, for the task to pull container images.
  160. 160. 
 ECR
  161. 161. 
 VPC
  162. 162. 2 ! …

×