Downloaded 89 times
![{
"cluster": "CLUSTER_NAME",
"service": "TASK_DEF_NAME",
"desiredCount": DESIRED_COUNT,
"taskDefinition": "TASK_DEF_NAME",
"deploymentConfiguration": {
"maximumPercent": MAXIMUM_PERCENT,
"minimumHealthyPercent": MINIMUM_HEALTHY_PERCENT
},
"networkConfiguration": {
"awsvpcConfiguration": {
"subnets": [
SUBNETS
],
"securityGroups": [
SECURITY_GROUPS
],
"assignPublicIp": "DISABLED"
}
},
"forceNewDeployment": false,
"healthCheckGracePeriodSeconds": 0
}
{
"executionRoleArn": "arn:aws:iam::*******************
"containerDefinitions": [
{
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/TASK_DEF_NAME",
"awslogs-region": "ap-northeast-2",
"awslogs-stream-prefix": "ecs"
}
},
"portMappings": [
{
"hostPort": 3000,
"protocol": "tcp",
"containerPort": 3000
}
],
"cpu": 0,
"environment": [],
"mountPoints": [],
"memory": 512,
"memoryReservation": 512,
"volumesFrom": [],
"image": "DOCKER_IMAGE_NAME",
"name": "TASK_DEF_NAME"
}
],
"placementConstraints": [],
"memory": "512",
"family": "TASK_DEF_NAME",
"requiresCompatibilities": [
"FARGATE"
],
"networkMode": "awsvpc",
"cpu": "256",
"volumes": []
}](https://image.slidesharecdn.com/lh9gleecswithvpc1-190420112143/75/Fargate-ECS-with-VPC-1-157-2048.jpg)
Uploaded byHyun-Mook Choi
Fargate 를 이용한 ECS with VPC 1부
The document discusses the implementation of AWS ECS with Fargate and EC2, focusing on deployment strategies, auto-scaling, and configuring Nginx as a reverse proxy. It includes technical details related to task definitions, load balancers, network configurations, and Docker setup, while providing examples of server configurations. The content also emphasizes the need for proper routing and NAT gateway setups for Fargate tasks to access the internet.
More Related Content
![[AWS Builders] AWS상의 보안 위협 탐지 및 대응](https://cdn.slidesharecdn.com/ss_thumbnails/awsbuilders300security-190611112644-thumbnail.jpg?width=640&height=640&fit=bounds)
![[AWS Dev Day] 앱 현대화 | AWS Fargate를 사용한 서버리스 컨테이너 활용 하기 - 삼성전자 개발자 포털 사례 - 정영준...](https://cdn.slidesharecdn.com/ss_thumbnails/appmodernizationawsfargate-190930044252-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to Fargate 를 이용한 ECS with VPC 1부
Fargate 를 이용한 ECS with VPC 1부
- 1. ECS with VPC DevJelly() 1 github.com/kyunooh facebook: hyunmook.k.choi (fargate) ??
- 2.
- 3.
- 4. ECS • Auto Scailing. • . • . • . • EC2 . • Hip ( !)
- 5. • • “DevOps ??” .. • .. • . • , • ..
- 6.
- 7.
- 8.
- 10.
- 11.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17. EC2 without Autoscailing EC2ELB ( )
- 18.
- 19.
- 20.
- 21.
- 22.
- 23.
- 25. EC2 Auto scaling EC2 ELB Autoscaling Group AMI( ) Launch Configuration Auto scaling Group
- 26. EC2 ELB Auto scaling Group AMI() Launch Configuration Auto scaling Group
- 27. EC2 ELB Auto scaling Group AMI() Launch Configuration Auto scaling Group
- 28.
- 30. … EC2 ELB Auto scaling Group AMI() Launch Configuration Auto scaling Group ?
- 31.
- 32.
- 33.
- 34.
- 35.
- 36.
- 37. EC2, Auto scaling,ELB !
- 38.
- 39.
- 40. EC2, Auto scaling,ELB !
- 41. EC2, Auto scaling,ELB !
- 44.
- 45.
- 46. files: "/etc/nginx/conf.d/01_proxy.conf": mode: "000644" owner: root group:root content: | client_max_body_size 10M; "/etc/nginx/conf.d/02_app_server.conf": mode: "000644" owner: root group: root content: | # The content of this file is based on the content of /etc/nginx/conf.d/webapp_healthd.conf # Change the name of the upstream because it can't have the same name # as the one defined by default in /etc/nginx/conf.d/webapp_healthd.conf upstream new_upstream_name { server unix:///var/run/puma/my_app.sock; } # Change the name of the log_format because it can't have the same name # as the one defined by default in /etc/nginx/conf.d/webapp_healthd.conf log_format new_log_name_healthd '$msec"$uri"' '$status"$request_time"$upstream_response_time"' '$http_x_forwarded_for'; server { listen 80; server_name _ localhost; # need to listen to localhost for worker tier if ($time_iso8601 ~ "^(d{4})-(d{2})-(d{2})T(d{2})") { set $year $1; set $month $2; set $day $3; set $hour $4; } access_log /var/log/nginx/access.log main; # Match the name of log_format directive which is defined above access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour new_log_name_healthd; location / { # Match the name of upstream directive which is defined above proxy_pass http://new_upstream_name; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /assets { alias /var/app/current/public/assets; gzip_static on; gzip on; expires max; add_header Cache-Control public; } location /public { alias /var/app/current/public; gzip_static on; gzip on; expires max; add_header Cache-Control public; }
- 47. files: "/etc/nginx/conf.d/01_proxy.conf": mode: "000644" owner: root group:root content: | client_max_body_size 10M; "/etc/nginx/conf.d/02_app_server.conf": mode: "000644" owner: root group: root content: | # The content of this file is based on the content of /etc/nginx/conf.d/webapp_healthd.conf # Change the name of the upstream because it can't have the same name # as the one defined by default in /etc/nginx/conf.d/webapp_healthd.conf upstream new_upstream_name { server unix:///var/run/puma/my_app.sock; } # Change the name of the log_format because it can't have the same name # as the one defined by default in /etc/nginx/conf.d/webapp_healthd.conf log_format new_log_name_healthd '$msec"$uri"' '$status"$request_time"$upstream_response_time"' '$http_x_forwarded_for'; server { listen 80; server_name _ localhost; # need to listen to localhost for worker tier if ($time_iso8601 ~ "^(d{4})-(d{2})-(d{2})T(d{2})") { set $year $1; set $month $2; set $day $3; set $hour $4; } access_log /var/log/nginx/access.log main; # Match the name of log_format directive which is defined above access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour new_log_name_healthd; location / { # Match the name of upstream directive which is defined above proxy_pass http://new_upstream_name; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /assets { alias /var/app/current/public/assets; gzip_static on; gzip on; expires max; add_header Cache-Control public; } location /public { alias /var/app/current/public; gzip_static on; gzip on; expires max; add_header Cache-Control public; } files: "/etc/nginx/conf.d/01_proxy.conf": mode: "000644" owner: root group: root content: | client_max_body_size 10M; "/etc/nginx/conf.d/02_app_server.conf": mode: "000644" owner: root group: root content: | # The content of this file is based on the # Change the name of the upstream because # as the one defined by default in /etc/ng upstream new_upstream_name { server unix:///var/run/puma/my_app.sock; } # Change the name of the log_format becaus
- 48.
- 49.
- 50.
- 51.
- 52.
- 53.
- 54.
- 55.
- 56.
- 57.
- 58. FROM tomcat:8.5.40-jre8-slim RUN rm-rf /usr/local/tomcat/webapps/* COPY ./target/JellyJelly.war /usr/local/tomcat/webapps/ROOT.war EXPOSE 8080
- 60. FROM tomcat:8.5.40-jre11-slim RUN rm-rf /usr/local/tomcat/webapps/* COPY ./target/JellyJelly.war /usr/local/tomcat/webapps/ROOT.war EXPOSE 8080
- 61.
- 62.
- 63. FROM tomcat:8.5.40-jre8-slim RUN rm-rf /usr/local/tomcat/webapps/* COPY ./target/JellyJelly.war /usr/local/tomcat/webapps/ROOT.war ENV JAVA_OPTS="-Xmx1536m -Xms1536m - XX:PermSize=1024m -XX:MaxPermSize=1024m" EXPOSE 8080 ! 5252 Docker !
- 64.
- 65.
- 66. – god “ ” EB!! !!
- 67.
- 68.
- 69.
- 70.
- 71.
- 72. EC2 vs Fargate •AWS Docker AMI • EC2 ( ) • Docker • Docker Run • Docker Run EB Docker
- 73. ECS EC2 vsFargate : AWS
- 74. ECS • Task Run. (Fargate) • (CPU ) . (Fargate) • EB . • 1 .
- 75.
- 76.
- 77. ECS Cluster ECR Dockerfile DockerImage ECR Task Definition ELB . Create Service Update Service
- 78. 1 Cluster ECR Dockerfile DockerImage ECR Task Definition ELB . Update Service
- 79.
- 80.
- 81.
- 82.
- 83.
- 84.
- 85.
- 86.
- 87.
- 88.
- 89.
- 90.
- 91.
- 92.
- 93.
- 94. Unable to locatecredentials. You can configure credentials by running "aws configure". ‘aws configure’ . ! https://docs.aws.amazon.com/ko_kr/cli/latest/userguide/cli-chap-configure.html
- 95.
- 96.
- 97.
- 98. EC2 -> LoadBalancers
- 99.
- 100.
- 101.
- 102.
- 103.
- 104.
- 105.
- 106.
- 107. Listeners 1. ! 2. ! 3.! 4. !
- 108.
- 109.
- 110.
- 111.
- 112.
- 113.
- 114.
- 115.
- 117. 1. 2. CPU 3. Addcontainer
- 118.
- 119.
- 120. 1. 2. CPU 3. Addcontainer
- 121. 1. Container Name 2.Image URL Soft limit - Hard limit - ..( ) 4. 3. limit 5. Add
- 122.
- 123.
- 124.
- 125. Task Defnition Service, Task .
- 126.
- 127.
- 128.
- 129.
- 130.
- 131. Task Definition CreateService !
- 132. Revision - TaskDefinition Family Revision . Service name - Number of task - Service task Minimum healthy percent - healthy % ex) Task 6 100% 6 , 50% 3 Maximum percent - 200% ex) Task 6 200% 12 z
- 133. Rolling Update Task , , , Blue/Green Task Task 4 Task 4 8 4 (CodeDeploy ) !
- 134. Cluster VPC Subnets , !!Security Group Task Definition Container . Auto-assign public IP : public IP .. ENABLED .
- 135.
- 136. Application Load Balancer! Load Balancer ! Add to load balancer !
- 137. Load Balancer . (, Container port ) Load Balancer Target Group Target Group ECS Auto Scaling Target . , ELB ! !
- 138. Service discovery , ( ..) Next step
- 139.
- 140. Auto Scaling ! Task2 Task ( Minimum ) Task
- 141. Auto Scaling ! 1 60% 1 ScaleOut . ( CPU !)
- 142. Save Scaling Action. ( , Task , Cooldown ?) Alarm Task ! 300 ! 300 Scaling !
- 143.
- 144. Scale In . Nextstep!! >= > - <=
- 145.
- 146.
- 147.
- 148.
- 149.
- 150.
- 151. 1 Cluster ECR Dockerfile DockerImage ECR Task Definition ELB . Create Service Update Service
- 152.
- 153.
- 154.
- 155.
- 156. # Edit BelowOptions DATE=$(date '+%Y-%m-%d-%H-%M-%S') echo $DATE ECR_URL="12345678987.dkr.ecr.ap-northeast-2.amazonaws.com" DOCKER_IMAGE_NAME="jelly/ecs-session-example" DIR="$( cd "$( dirname "$0" )" && pwd )" TASK_DEF_NAME="ecs-session-example" TASK_DEF_CONF="ecs-task-definition.conf" CLUSTER_NAME="Jellys-Toy-Cluster" SERVICE_CONF="ecs-service.conf" MINIMUM_HEALTHY_PERCENT=100 MAXIMUM_PERCENT=200 SUBNETS='"subnet-xxxxxxxxxxxxxx","subnet-xxxxxxxxxxxxxxxx"' SECURITY_GROUPS='"sg-XXXXXXXXXXXXXXX"' DESIRED_COUNT=2
- 157. { "cluster": "CLUSTER_NAME", "service": "TASK_DEF_NAME", "desiredCount":DESIRED_COUNT, "taskDefinition": "TASK_DEF_NAME", "deploymentConfiguration": { "maximumPercent": MAXIMUM_PERCENT, "minimumHealthyPercent": MINIMUM_HEALTHY_PERCENT }, "networkConfiguration": { "awsvpcConfiguration": { "subnets": [ SUBNETS ], "securityGroups": [ SECURITY_GROUPS ], "assignPublicIp": "DISABLED" } }, "forceNewDeployment": false, "healthCheckGracePeriodSeconds": 0 } { "executionRoleArn": "arn:aws:iam::******************* "containerDefinitions": [ { "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group": "/ecs/TASK_DEF_NAME", "awslogs-region": "ap-northeast-2", "awslogs-stream-prefix": "ecs" } }, "portMappings": [ { "hostPort": 3000, "protocol": "tcp", "containerPort": 3000 } ], "cpu": 0, "environment": [], "mountPoints": [], "memory": 512, "memoryReservation": 512, "volumesFrom": [], "image": "DOCKER_IMAGE_NAME", "name": "TASK_DEF_NAME" } ], "placementConstraints": [], "memory": "512", "family": "TASK_DEF_NAME", "requiresCompatibilities": [ "FARGATE" ], "networkMode": "awsvpc", "cpu": "256", "volumes": [] }
- 158. “Works on mymachine”
- 159.
- 161. Auto Assign PublicIp DISABLED ?
- 162.
- 163.
- 164. Public IP (ENI) PrivateIP (ENI)
- 165. Public IP (ENI) PrivateIP (ENI)
- 166. Only private subnetsare supported for the awsvpc network mode. Because tasks do not receive public IP addresses, a NAT gateway is required for outbound internet access. Inbound internet traffic should be routed through a load balancer.
- 167. If you areusing Fargate tasks, a public IP address needs to be assigned to the task's elastic network interface,. The network interface must have a route to the internet or a NAT gateway that can route requests to the internet, for the task to pull container images.
- 168.
- 169.
- 170.