Fargate 를 이용한 ECS with VPC 1부

1. ECS with VPC DevJelly( ) 1 github.com/kyunooh facebook: hyunmook.k.choi (fargate) ??

3. • • • • • •

4. ECS • Auto Scailing . • . • . • . • EC2 . • Hip ( !)

5. • • “ DevOps ??” .. • .. • . • , • ..

6. Elastic Container Service

7. ,   Docker Container

8. Docker ?

9. Docker   .

10. ECS

11. ECS?

12. ECS  

13. Auto Scaling Flexible Deploy

14. Deploy

15. “ ” .

16. EC2 without Autoscailing EC2 ELB ( )

17. 80

18. ??

19. ??

20. ?? ( )

21. Auto Scaling

22. EC2

23. EC2 Auto scaling EC2 ELB Auto scaling Group AMI( ) Launch Conﬁguration Auto scaling Group

24. EC2 ELB Auto scaling Group AMI( ) Launch Conﬁguration Auto scaling Group

25.   EC2 ELB Auto scaling Group AMI( ) Launch Conﬁguration Auto scaling Group

26.   ..

27. … EC2 ELB Auto scaling Group AMI( ) Launch Conﬁguration Auto scaling Group ?

28.    

29.    

30.   ??

31. ,    

32. 2011   Elastic Beanstalk( EB)

33.  

34.   EC2, Auto scaling, ELB !

35.   !

39. .ebextesions

40. .ebextesions

41. files: "/etc/nginx/conf.d/01_proxy.conf": mode: "000644" owner: root group: root content: | client_max_body_size 10M; "/etc/nginx/conf.d/02_app_server.conf": mode: "000644" owner: root group: root content: | # The content of this file is based on the content of /etc/nginx/conf.d/webapp_healthd.conf # Change the name of the upstream because it can't have the same name # as the one defined by default in /etc/nginx/conf.d/webapp_healthd.conf upstream new_upstream_name { server unix:///var/run/puma/my_app.sock; } # Change the name of the log_format because it can't have the same name # as the one defined by default in /etc/nginx/conf.d/webapp_healthd.conf log_format new_log_name_healthd '$msec"$uri"' '$status"$request_time"$upstream_response_time"' '$http_x_forwarded_for'; server { listen 80; server_name _ localhost; # need to listen to localhost for worker tier if ($time_iso8601 ~ "^(d{4})-(d{2})-(d{2})T(d{2})") { set $year $1; set $month $2; set $day $3; set $hour $4; } access_log /var/log/nginx/access.log main; # Match the name of log_format directive which is defined above access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour new_log_name_healthd; location / { # Match the name of upstream directive which is defined above proxy_pass http://new_upstream_name; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /assets { alias /var/app/current/public/assets; gzip_static on; gzip on; expires max; add_header Cache-Control public; } location /public { alias /var/app/current/public; gzip_static on; gzip on; expires max; add_header Cache-Control public; }

42. files: "/etc/nginx/conf.d/01_proxy.conf": mode: "000644" owner: root group: root content: | client_max_body_size 10M; "/etc/nginx/conf.d/02_app_server.conf": mode: "000644" owner: root group: root content: | # The content of this file is based on the content of /etc/nginx/conf.d/webapp_healthd.conf # Change the name of the upstream because it can't have the same name # as the one defined by default in /etc/nginx/conf.d/webapp_healthd.conf upstream new_upstream_name { server unix:///var/run/puma/my_app.sock; } # Change the name of the log_format because it can't have the same name # as the one defined by default in /etc/nginx/conf.d/webapp_healthd.conf log_format new_log_name_healthd '$msec"$uri"' '$status"$request_time"$upstream_response_time"' '$http_x_forwarded_for'; server { listen 80; server_name _ localhost; # need to listen to localhost for worker tier if ($time_iso8601 ~ "^(d{4})-(d{2})-(d{2})T(d{2})") { set $year $1; set $month $2; set $day $3; set $hour $4; } access_log /var/log/nginx/access.log main; # Match the name of log_format directive which is defined above access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour new_log_name_healthd; location / { # Match the name of upstream directive which is defined above proxy_pass http://new_upstream_name; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /assets { alias /var/app/current/public/assets; gzip_static on; gzip on; expires max; add_header Cache-Control public; } location /public { alias /var/app/current/public; gzip_static on; gzip on; expires max; add_header Cache-Control public; } files: "/etc/nginx/conf.d/01_proxy.conf": mode: "000644" owner: root group: root content: | client_max_body_size 10M; "/etc/nginx/conf.d/02_app_server.conf": mode: "000644" owner: root group: root content: | # The content of this file is based on the # Change the name of the upstream because # as the one defined by default in /etc/ng upstream new_upstream_name { server unix:///var/run/puma/my_app.sock; } # Change the name of the log_format becaus

45.   ?

46. 3.7 .

47. ?   6 ?

49. . ??

50. EB

51. Docker !!

52. Dockerﬁle  

53. FROM tomcat:8.5.40-jre8-slim RUN rm -rf /usr/local/tomcat/webapps/* COPY ./target/JellyJelly.war /usr/local/tomcat/webapps/ROOT.war EXPOSE 8080

54. FROM tomcat:8.5.40-jre11-slim RUN rm -rf /usr/local/tomcat/webapps/* COPY ./target/JellyJelly.war /usr/local/tomcat/webapps/ROOT.war EXPOSE 8080

55.    

56. Docker Immutable Dockerﬁle

57. FROM tomcat:8.5.40-jre8-slim RUN rm -rf /usr/local/tomcat/webapps/* COPY ./target/JellyJelly.war /usr/local/tomcat/webapps/ROOT.war ENV JAVA_OPTS="-Xmx1536m -Xms1536m - XX:PermSize=1024m -XX:MaxPermSize=1024m" EXPOSE 8080 ! 5252 Docker !

58.   Docker AWS .

59. EB Docker ?

60. – god “   ” EB !! !!

61. . ! ! .

62. EB (ELB, Auto Scaliing )

63. EC2

64. Flexible

65. ECS Fargate EC2

66. EC2 vs Fargate • AWS Docker AMI • EC2 ( ) • Docker • Docker Run • Docker Run   EB Docker

67. ECS EC2 vs Fargate : AWS

68. ECS • Task Run . (Fargate) • (CPU ) . (Fargate) • EB . • 1 .

69.   ECS

70. AWS

71. ECS Cluster ECR Dockerﬁle  Docker Image   ECR Task Deﬁnition ELB . Create Service   Update Service

72. 1 Cluster ECR Dockerﬁle  Docker Image   ECR Task Deﬁnition ELB .   Update Service

73.   ECS Cluster

74.  

75. . !

76. Fargate   Networking only 1. ! 2. !

77. Cluster name 1 VPC .

79.   .

80. Elastic Container Repository (ECR)

81. AWS Docker Hub

82. , AWS Docker Hub ! Repository

83. Repository Repository ! jelly/ecs-session-example

84. ! .. ! jelly/ecs-session- example

85.     . https://github.com/kyunooh/ecs-session-example

86. View push Commands ! jelly/ecs-session-example jelly/ecs-session-example

87.   AWS CLI .

88. Unable to locate credentials. You can configure credentials by running "aws configure". ‘aws configure’ . !  https://docs.aws.amazon.com/ko_kr/cli/latest/userguide/cli-chap-configure.html

89.   AWS CLI .

90. Refresh Push !

91. Task Deﬁnition   ELB

92. EC2 -> Load Balancers

93. Fargate CLB . ALB

94. Listeners     . Next Security Group

95. 80 443 ! Next

96. Target Group   . Next IP

97. CIDR IP Next

98. Create

100. Listeners 1. ! 2. ! 3. !

101. Listeners 1. ! 2. ! 3. ! 4. !

102. Target Group 1. !

103. Target Group 1. ! 2. !

104.   ???

105. (empty) ALB .

106. Task Defnition

107. Task Deﬁnition . ,  !

108. ECS   Task Deﬁnitions !

109. Fargate   Next !

110. 1. 2. CPU 3. Add container

111. ECR   Image URI

112. jelly/ecs-session-example jelly/ecs-session-example Push !Push !

113. 1. 2. CPU 3. Add container

114. 1. Container Name 2. Image URL   Soft limit - Hard limit - ..( ) 4. 3. limit 5. Add

115. Task Deﬁnition   .

116. Task Deﬁnition   . Create

117. Volumes  

118.   Task Defnition   Service ,   Task .

119. Task

120. Service T.O.P

121. Task   Task Deﬁnition   . .

122. Service   Task   .

123. Service .  (ELB, Auto Scaling )

124. Task Deﬁnition   Create Service !

125. Revision - Task Deﬁnition Family Revision .  Service name -   Number of task - Service task     Minimum healthy percent - healthy % ex) Task 6 100% 6 , 50% 3   Maximum percent - 200% ex) Task 6 200% 12 z

126. Rolling Update Task   , , ,   Blue/Green Task   Task   4 Task 4 8 4 (CodeDeploy ) !

127. Cluster VPC Subnets , !! Security Group Task Deﬁnition Container . Auto-assign public IP : public IP ..   ENABLED   .

128. SG VPC .

129. Application Load Balancer ! Load Balancer ! Add to load balancer !

130. Load Balancer .  ( , Container port ) Load Balancer Target Group Target Group ECS Auto Scaling Target . ,   ELB   ! !

131. Service discovery ,     ( ..) Next step

132.   Auto Scaling

133. Auto Scaling ! Task 2 Task ( Minimum ) Task

134. Auto Scaling !    1 60% 1 Scale Out . ( CPU !)

135. Save Scaling Action . ( ,   Task , Cooldown ?) Alarm Task ! 300 ! 300 Scaling !

136. Scale In .

137. Scale In . Next step!! >= > - <=

138. Create Service !! >=

139.         !

140. Service

141. ELB   DNS !

142. !!

143.  

144. 1 Cluster ECR Dockerﬁle  Docker Image   ECR Task Deﬁnition ELB . Create Service   Update Service

145. ?

146. https://github.com/kyunooh/ecs-session-example

147. $ sh deploy.sh https://github.com/kyunooh/ecs-session-example

148.   !

149. # Edit Below Options DATE=$(date '+%Y-%m-%d-%H-%M-%S') echo $DATE ECR_URL="12345678987.dkr.ecr.ap-northeast-2.amazonaws.com" DOCKER_IMAGE_NAME="jelly/ecs-session-example" DIR="$( cd "$( dirname "$0" )" && pwd )" TASK_DEF_NAME="ecs-session-example" TASK_DEF_CONF="ecs-task-definition.conf" CLUSTER_NAME="Jellys-Toy-Cluster" SERVICE_CONF="ecs-service.conf" MINIMUM_HEALTHY_PERCENT=100 MAXIMUM_PERCENT=200 SUBNETS='"subnet-xxxxxxxxxxxxxx","subnet-xxxxxxxxxxxxxxxx"' SECURITY_GROUPS='"sg-XXXXXXXXXXXXXXX"' DESIRED_COUNT=2

150. { "cluster": "CLUSTER_NAME", "service": "TASK_DEF_NAME", "desiredCount": DESIRED_COUNT, "taskDefinition": "TASK_DEF_NAME", "deploymentConfiguration": { "maximumPercent": MAXIMUM_PERCENT, "minimumHealthyPercent": MINIMUM_HEALTHY_PERCENT }, "networkConfiguration": { "awsvpcConfiguration": { "subnets": [ SUBNETS ], "securityGroups": [ SECURITY_GROUPS ], "assignPublicIp": "DISABLED" } }, "forceNewDeployment": false, "healthCheckGracePeriodSeconds": 0 } { "executionRoleArn": "arn:aws:iam::******************* "containerDefinitions": [ { "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group": "/ecs/TASK_DEF_NAME", "awslogs-region": "ap-northeast-2", "awslogs-stream-prefix": "ecs" } }, "portMappings": [ { "hostPort": 3000, "protocol": "tcp", "containerPort": 3000 } ], "cpu": 0, "environment": [], "mountPoints": [], "memory": 512, "memoryReservation": 512, "volumesFrom": [], "image": "DOCKER_IMAGE_NAME", "name": "TASK_DEF_NAME" } ], "placementConstraints": [], "memory": "512", "family": "TASK_DEF_NAME", "requiresCompatibilities": [ "FARGATE" ], "networkMode": "awsvpc", "cpu": "256", "volumes": [] }

151. “Works on my machine”

152. Trouble Shooting

153. Auto Assign Public Ip DISABLED   ?

154. – “ ”

155. IP ENI

156. Public IP (ENI)  Private IP (ENI)

157. Public IP (ENI)  Private IP (ENI)

158. Only private subnets are supported for the awsvpc network mode. Because tasks do not receive public IP addresses, a NAT gateway is required for outbound internet access. Inbound internet trafﬁc should be routed through a load balancer.

159. If you are using Fargate tasks, a public IP address needs to be assigned to the task's elastic network interface,. The network interface must have a route to the internet or a NAT gateway that can route requests to the internet, for the task to pull container images.

160.   ECR

161.   VPC

162. 2 ! …

Fargate 를 이용한 ECS with VPC 1부

You are reading a preview.

Check these out next

Fargate 를 이용한 ECS with VPC 1부

More Related Content

Slideshows for you (20)

Similar to Fargate 를 이용한 ECS with VPC 1부 (20)

Recently uploaded (20)