Fargate 를 이용한 ECS with VPC 1부

1. ECS with VPC DevJelly( ) 1 github.com/kyunooh facebook: hyunmook.k.choi (fargate) ??

3. • • • • • •

4. ECS • Auto Scailing . • . • . • . • EC2 . • Hip ( !)

5. • • “ DevOps ??” .. • .. • . • , • ..

6. Elastic Container Service

7. ,   Docker Container

8. Docker ?

10. Docker   .

11. ECS

12. ECS?

13. ECS  

14. Auto Scaling Flexible Deploy

15. Deploy

16. “ ” .

17. EC2 without Autoscailing EC2 ELB ( )

18. 80

19. ??

20. ??

21. ?? ( )

22. Auto Scaling

23. EC2

25. EC2 Auto scaling EC2 ELB Auto scaling Group AMI( ) Launch Conﬁguration Auto scaling Group

26. EC2 ELB Auto scaling Group AMI( ) Launch Conﬁguration Auto scaling Group

27.   EC2 ELB Auto scaling Group AMI( ) Launch Conﬁguration Auto scaling Group

28.   ..

30. … EC2 ELB Auto scaling Group AMI( ) Launch Conﬁguration Auto scaling Group ?

31.    

32.    

33.   ??

34. ,    

35. 2011   Elastic Beanstalk( EB)

36.  

37.   EC2, Auto scaling, ELB !

38.   !

44. .ebextesions

45. .ebextesions

46. files: "/etc/nginx/conf.d/01_proxy.conf": mode: "000644" owner: root group: root content: | client_max_body_size 10M; "/etc/nginx/conf.d/02_app_server.conf": mode: "000644" owner: root group: root content: | # The content of this file is based on the content of /etc/nginx/conf.d/webapp_healthd.conf # Change the name of the upstream because it can't have the same name # as the one defined by default in /etc/nginx/conf.d/webapp_healthd.conf upstream new_upstream_name { server unix:///var/run/puma/my_app.sock; } # Change the name of the log_format because it can't have the same name # as the one defined by default in /etc/nginx/conf.d/webapp_healthd.conf log_format new_log_name_healthd '$msec"$uri"' '$status"$request_time"$upstream_response_time"' '$http_x_forwarded_for'; server { listen 80; server_name _ localhost; # need to listen to localhost for worker tier if ($time_iso8601 ~ "^(d{4})-(d{2})-(d{2})T(d{2})") { set $year $1; set $month $2; set $day $3; set $hour $4; } access_log /var/log/nginx/access.log main; # Match the name of log_format directive which is defined above access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour new_log_name_healthd; location / { # Match the name of upstream directive which is defined above proxy_pass http://new_upstream_name; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /assets { alias /var/app/current/public/assets; gzip_static on; gzip on; expires max; add_header Cache-Control public; } location /public { alias /var/app/current/public; gzip_static on; gzip on; expires max; add_header Cache-Control public; }

47. files: "/etc/nginx/conf.d/01_proxy.conf": mode: "000644" owner: root group: root content: | client_max_body_size 10M; "/etc/nginx/conf.d/02_app_server.conf": mode: "000644" owner: root group: root content: | # The content of this file is based on the content of /etc/nginx/conf.d/webapp_healthd.conf # Change the name of the upstream because it can't have the same name # as the one defined by default in /etc/nginx/conf.d/webapp_healthd.conf upstream new_upstream_name { server unix:///var/run/puma/my_app.sock; } # Change the name of the log_format because it can't have the same name # as the one defined by default in /etc/nginx/conf.d/webapp_healthd.conf log_format new_log_name_healthd '$msec"$uri"' '$status"$request_time"$upstream_response_time"' '$http_x_forwarded_for'; server { listen 80; server_name _ localhost; # need to listen to localhost for worker tier if ($time_iso8601 ~ "^(d{4})-(d{2})-(d{2})T(d{2})") { set $year $1; set $month $2; set $day $3; set $hour $4; } access_log /var/log/nginx/access.log main; # Match the name of log_format directive which is defined above access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour new_log_name_healthd; location / { # Match the name of upstream directive which is defined above proxy_pass http://new_upstream_name; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /assets { alias /var/app/current/public/assets; gzip_static on; gzip on; expires max; add_header Cache-Control public; } location /public { alias /var/app/current/public; gzip_static on; gzip on; expires max; add_header Cache-Control public; } files: "/etc/nginx/conf.d/01_proxy.conf": mode: "000644" owner: root group: root content: | client_max_body_size 10M; "/etc/nginx/conf.d/02_app_server.conf": mode: "000644" owner: root group: root content: | # The content of this file is based on the # Change the name of the upstream because # as the one defined by default in /etc/ng upstream new_upstream_name { server unix:///var/run/puma/my_app.sock; } # Change the name of the log_format becaus

50.   ?

51. 3.7 .

52. ?   6 ?

54. . ??

55. EB

56. Docker !!

57. Dockerﬁle  

58. FROM tomcat:8.5.40-jre8-slim RUN rm -rf /usr/local/tomcat/webapps/* COPY ./target/JellyJelly.war /usr/local/tomcat/webapps/ROOT.war EXPOSE 8080

60. FROM tomcat:8.5.40-jre11-slim RUN rm -rf /usr/local/tomcat/webapps/* COPY ./target/JellyJelly.war /usr/local/tomcat/webapps/ROOT.war EXPOSE 8080

61.    

62. Docker Immutable Dockerﬁle

63. FROM tomcat:8.5.40-jre8-slim RUN rm -rf /usr/local/tomcat/webapps/* COPY ./target/JellyJelly.war /usr/local/tomcat/webapps/ROOT.war ENV JAVA_OPTS="-Xmx1536m -Xms1536m - XX:PermSize=1024m -XX:MaxPermSize=1024m" EXPOSE 8080 ! 5252 Docker !

64.   Docker AWS .

65. EB Docker ?

66. – god “   ” EB !! !!

67. . ! ! .

68. EB (ELB, Auto Scaliing )

69. EC2

70. Flexible

71. ECS Fargate EC2

72. EC2 vs Fargate • AWS Docker AMI • EC2 ( ) • Docker • Docker Run • Docker Run   EB Docker

73. ECS EC2 vs Fargate : AWS

74. ECS • Task Run . (Fargate) • (CPU ) . (Fargate) • EB . • 1 .

75.   ECS

76. AWS

77. ECS Cluster ECR Dockerﬁle  Docker Image   ECR Task Deﬁnition ELB . Create Service   Update Service

78. 1 Cluster ECR Dockerﬁle  Docker Image   ECR Task Deﬁnition ELB .   Update Service

79.   ECS Cluster

80.  

81. . !

82. Fargate   Networking only 1. ! 2. !

83. Cluster name 1 VPC .

85.   .

86. Elastic Container Repository (ECR)

87. AWS Docker Hub

88. , AWS Docker Hub ! Repository

89. Repository Repository ! jelly/ecs-session-example

90. ! .. ! jelly/ecs-session- example

91.     . https://github.com/kyunooh/ecs-session-example

92. View push Commands ! jelly/ecs-session-example jelly/ecs-session-example

93.   AWS CLI .

94. Unable to locate credentials. You can configure credentials by running "aws configure". ‘aws configure’ . !  https://docs.aws.amazon.com/ko_kr/cli/latest/userguide/cli-chap-configure.html

95.   AWS CLI .

96. Refresh Push !

97. Task Deﬁnition   ELB

98. EC2 -> Load Balancers

99. Fargate CLB . ALB

100. Listeners     . Next Security Group

101. 80 443 ! Next

102. Target Group   . Next IP

103. CIDR IP Next

104. Create

105. !

106. Listeners 1. ! 2. ! 3. !

107. Listeners 1. ! 2. ! 3. ! 4. !

108. Target Group 1. !

109. Target Group 1. ! 2. !

110.   ???

111. (empty) ALB .

112. Task Defnition

113. Task Deﬁnition . ,  !

114. ECS   Task Deﬁnitions !

115. Fargate   Next !

117. 1. 2. CPU 3. Add container

118. ECR   Image URI

119. jelly/ecs-session-example jelly/ecs-session-example Push !Push !

120. 1. 2. CPU 3. Add container

121. 1. Container Name 2. Image URL   Soft limit - Hard limit - ..( ) 4. 3. limit 5. Add

122. Task Deﬁnition   .

123. Task Deﬁnition   . Create

124. Volumes  

125.   Task Defnition   Service ,   Task .

126. Task

127. Service T.O.P

128. Task   Task Deﬁnition   . .

129. Service   Task   .

130. Service .  (ELB, Auto Scaling )

131. Task Deﬁnition   Create Service !

132. Revision - Task Deﬁnition Family Revision .  Service name -   Number of task - Service task     Minimum healthy percent - healthy % ex) Task 6 100% 6 , 50% 3   Maximum percent - 200% ex) Task 6 200% 12 z

133. Rolling Update Task   , , ,   Blue/Green Task   Task   4 Task 4 8 4 (CodeDeploy ) !

134. Cluster VPC Subnets , !! Security Group Task Deﬁnition Container . Auto-assign public IP : public IP ..   ENABLED   .

135. SG VPC .

136. Application Load Balancer ! Load Balancer ! Add to load balancer !

137. Load Balancer .  ( , Container port ) Load Balancer Target Group Target Group ECS Auto Scaling Target . ,   ELB   ! !

138. Service discovery ,     ( ..) Next step

139.   Auto Scaling

140. Auto Scaling ! Task 2 Task ( Minimum ) Task

141. Auto Scaling !    1 60% 1 Scale Out . ( CPU !)

142. Save Scaling Action . ( ,   Task , Cooldown ?) Alarm Task ! 300 ! 300 Scaling !

143. Scale In .

144. Scale In . Next step!! >= > - <=

145. Create Service !! >=

146.         !

147. Service

148. ELB   DNS !

149. !!

150.  

151. 1 Cluster ECR Dockerﬁle  Docker Image   ECR Task Deﬁnition ELB . Create Service   Update Service

152. ?

153. https://github.com/kyunooh/ecs-session-example

154. $ sh deploy.sh https://github.com/kyunooh/ecs-session-example

155.   !

156. # Edit Below Options DATE=$(date '+%Y-%m-%d-%H-%M-%S') echo $DATE ECR_URL="12345678987.dkr.ecr.ap-northeast-2.amazonaws.com" DOCKER_IMAGE_NAME="jelly/ecs-session-example" DIR="$( cd "$( dirname "$0" )" && pwd )" TASK_DEF_NAME="ecs-session-example" TASK_DEF_CONF="ecs-task-definition.conf" CLUSTER_NAME="Jellys-Toy-Cluster" SERVICE_CONF="ecs-service.conf" MINIMUM_HEALTHY_PERCENT=100 MAXIMUM_PERCENT=200 SUBNETS='"subnet-xxxxxxxxxxxxxx","subnet-xxxxxxxxxxxxxxxx"' SECURITY_GROUPS='"sg-XXXXXXXXXXXXXXX"' DESIRED_COUNT=2

157. { "cluster": "CLUSTER_NAME", "service": "TASK_DEF_NAME", "desiredCount": DESIRED_COUNT, "taskDefinition": "TASK_DEF_NAME", "deploymentConfiguration": { "maximumPercent": MAXIMUM_PERCENT, "minimumHealthyPercent": MINIMUM_HEALTHY_PERCENT }, "networkConfiguration": { "awsvpcConfiguration": { "subnets": [ SUBNETS ], "securityGroups": [ SECURITY_GROUPS ], "assignPublicIp": "DISABLED" } }, "forceNewDeployment": false, "healthCheckGracePeriodSeconds": 0 } { "executionRoleArn": "arn:aws:iam::******************* "containerDefinitions": [ { "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group": "/ecs/TASK_DEF_NAME", "awslogs-region": "ap-northeast-2", "awslogs-stream-prefix": "ecs" } }, "portMappings": [ { "hostPort": 3000, "protocol": "tcp", "containerPort": 3000 } ], "cpu": 0, "environment": [], "mountPoints": [], "memory": 512, "memoryReservation": 512, "volumesFrom": [], "image": "DOCKER_IMAGE_NAME", "name": "TASK_DEF_NAME" } ], "placementConstraints": [], "memory": "512", "family": "TASK_DEF_NAME", "requiresCompatibilities": [ "FARGATE" ], "networkMode": "awsvpc", "cpu": "256", "volumes": [] }

158. “Works on my machine”

159. Trouble Shooting

161. Auto Assign Public Ip DISABLED   ?

162. – “ ”

163. IP ENI

164. Public IP (ENI)  Private IP (ENI)

165. Public IP (ENI)  Private IP (ENI)

166. Only private subnets are supported for the awsvpc network mode. Because tasks do not receive public IP addresses, a NAT gateway is required for outbound internet access. Inbound internet trafﬁc should be routed through a load balancer.

167. If you are using Fargate tasks, a public IP address needs to be assigned to the task's elastic network interface,. The network interface must have a route to the internet or a NAT gateway that can route requests to the internet, for the task to pull container images.

168.   ECR

169.   VPC

170. 2 ! …

Fargate 를 이용한 ECS with VPC 1부

Fargate 를 이용한 ECS with VPC 1부

Recommended

More Related Content

What's hot

What's hot(20)

Similar to Fargate 를 이용한 ECS with VPC 1부

Similar to Fargate 를 이용한 ECS with VPC 1부(20)

Recently uploaded

Recently uploaded(20)

Fargate 를 이용한 ECS with VPC 1부