Fargate 를 이용한 ECS with VPC 1부
35 likes6,815 views
사내 발표자료 겸 만들었는데, ECS Fargate를 이용하실 분들이라면, 편리하게 쓰실 수 있도록 최대한 상세하게 만들어 보았습니다. 사실 CloudFormation 등 배포는 좀 더 편리하게 할 수 있지만, 회사 사정도 있고, 제가 일단 그런 기술을 너무 늦게 알았기 때문에 다루지는 않았습니다.
![{
"cluster": "CLUSTER_NAME",
"service": "TASK_DEF_NAME",
"desiredCount": DESIRED_COUNT,
"taskDefinition": "TASK_DEF_NAME",
"deploymentConfiguration": {
"maximumPercent": MAXIMUM_PERCENT,
"minimumHealthyPercent": MINIMUM_HEALTHY_PERCENT
},
"networkConfiguration": {
"awsvpcConfiguration": {
"subnets": [
SUBNETS
],
"securityGroups": [
SECURITY_GROUPS
],
"assignPublicIp": "DISABLED"
}
},
"forceNewDeployment": false,
"healthCheckGracePeriodSeconds": 0
}
{
"executionRoleArn": "arn:aws:iam::*******************
"containerDefinitions": [
{
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/TASK_DEF_NAME",
"awslogs-region": "ap-northeast-2",
"awslogs-stream-prefix": "ecs"
}
},
"portMappings": [
{
"hostPort": 3000,
"protocol": "tcp",
"containerPort": 3000
}
],
"cpu": 0,
"environment": [],
"mountPoints": [],
"memory": 512,
"memoryReservation": 512,
"volumesFrom": [],
"image": "DOCKER_IMAGE_NAME",
"name": "TASK_DEF_NAME"
}
],
"placementConstraints": [],
"memory": "512",
"family": "TASK_DEF_NAME",
"requiresCompatibilities": [
"FARGATE"
],
"networkMode": "awsvpc",
"cpu": "256",
"volumes": []
}](https://image.slidesharecdn.com/lh9gleecswithvpc1-190420112143/85/Fargate-ECS-with-VPC-1-157-320.jpg)
![[AWS Builders] AWS 네트워크 서비스 소개 및 사용 방법 - 김기현, AWS 솔루션즈 아키텍트](https://cdn.slidesharecdn.com/ss_thumbnails/1network-191112092246-thumbnail.jpg?width=560&fit=bounds)
![[오픈소스컨설팅] 프로메테우스 모니터링 살펴보고 구성하기](https://cdn.slidesharecdn.com/ss_thumbnails/oscprometheus-190422050231-thumbnail.jpg?width=560&fit=bounds)
![PUBG: Battlegrounds 라이브 서비스 EKS 전환 사례 공유 [크래프톤 - 레벨 300] - 발표자: 김정헌, PUBG Dev...](https://cdn.slidesharecdn.com/ss_thumbnails/t3s2-221108101842-328d500f-thumbnail.jpg?width=560&fit=bounds)
![쿠키런: 킹덤 대규모 인프라 및 서버 운영 사례 공유 [데브시스터즈 - 레벨 200] - 발표자: 용찬호, R&D 엔지니어, 데브시스터즈 ...](https://cdn.slidesharecdn.com/ss_thumbnails/t3s3-221108102039-c0f48289-thumbnail.jpg?width=560&fit=bounds)
![[2017 AWS Startup Day] AWS 비용 최대 90% 절감하기: 스팟 인스턴스 Deep-Dive](https://cdn.slidesharecdn.com/ss_thumbnails/2017awsstartupdayspotdeepdive-171101100514-thumbnail.jpg?width=560&fit=bounds)
![[AWS Dev Day] 앱 현대화 | AWS Fargate를 사용한 서버리스 컨테이너 활용 하기 - 삼성전자 개발자 포털 사례 - 정영준...](https://cdn.slidesharecdn.com/ss_thumbnails/appmodernizationawsfargate-190930044252-thumbnail.jpg?width=560&fit=bounds)
Ad
More Related Content
What's hot (20)
Similar to Fargate 를 이용한 ECS with VPC 1부 (20)
Ad
Recently uploaded (20)
Ad
Fargate 를 이용한 ECS with VPC 1부
- 1. ECS with VPC DevJelly( ) 1 github.com/kyunooh facebook: hyunmook.k.choi (fargate) ??
- 2. ..
- 3. • • • • • •
- 4. ECS • Auto Scailing . • . • . • . • EC2 . • Hip ( !)
- 5. • • “ DevOps ??” .. • .. • . • , • ..
- 8. Docker ?
- 10. Docker .
- 11. ECS
- 12. ECS?
- 13. ECS
- 15. Deploy
- 16. “ ” .
- 17. EC2 without Autoscailing EC2 ELB ( )
- 18. 80
- 19. ??
- 20. ??
- 21. ?? ( )
- 22. Auto Scaling
- 23. EC2
- 25. EC2 Auto scaling EC2 ELB Auto scaling Group AMI( ) Launch Configuration Auto scaling Group
- 26. EC2 ELB Auto scaling Group AMI( ) Launch Configuration Auto scaling Group
- 27. EC2 ELB Auto scaling Group AMI( ) Launch Configuration Auto scaling Group
- 28. ..
- 30. … EC2 ELB Auto scaling Group AMI( ) Launch Configuration Auto scaling Group ?
- 33. ??
- 34. ,
- 35. 2011 Elastic Beanstalk( EB)
- 37. EC2, Auto scaling, ELB !
- 38. !
- 39. !
- 40. EC2, Auto scaling, ELB !
- 41. EC2, Auto scaling, ELB !
- 44. .ebextesions
- 45. .ebextesions
- 46. files: "/etc/nginx/conf.d/01_proxy.conf": mode: "000644" owner: root group: root content: | client_max_body_size 10M; "/etc/nginx/conf.d/02_app_server.conf": mode: "000644" owner: root group: root content: | # The content of this file is based on the content of /etc/nginx/conf.d/webapp_healthd.conf # Change the name of the upstream because it can't have the same name # as the one defined by default in /etc/nginx/conf.d/webapp_healthd.conf upstream new_upstream_name { server unix:///var/run/puma/my_app.sock; } # Change the name of the log_format because it can't have the same name # as the one defined by default in /etc/nginx/conf.d/webapp_healthd.conf log_format new_log_name_healthd '$msec"$uri"' '$status"$request_time"$upstream_response_time"' '$http_x_forwarded_for'; server { listen 80; server_name _ localhost; # need to listen to localhost for worker tier if ($time_iso8601 ~ "^(d{4})-(d{2})-(d{2})T(d{2})") { set $year $1; set $month $2; set $day $3; set $hour $4; } access_log /var/log/nginx/access.log main; # Match the name of log_format directive which is defined above access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour new_log_name_healthd; location / { # Match the name of upstream directive which is defined above proxy_pass http://new_upstream_name; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /assets { alias /var/app/current/public/assets; gzip_static on; gzip on; expires max; add_header Cache-Control public; } location /public { alias /var/app/current/public; gzip_static on; gzip on; expires max; add_header Cache-Control public; }
- 47. files: "/etc/nginx/conf.d/01_proxy.conf": mode: "000644" owner: root group: root content: | client_max_body_size 10M; "/etc/nginx/conf.d/02_app_server.conf": mode: "000644" owner: root group: root content: | # The content of this file is based on the content of /etc/nginx/conf.d/webapp_healthd.conf # Change the name of the upstream because it can't have the same name # as the one defined by default in /etc/nginx/conf.d/webapp_healthd.conf upstream new_upstream_name { server unix:///var/run/puma/my_app.sock; } # Change the name of the log_format because it can't have the same name # as the one defined by default in /etc/nginx/conf.d/webapp_healthd.conf log_format new_log_name_healthd '$msec"$uri"' '$status"$request_time"$upstream_response_time"' '$http_x_forwarded_for'; server { listen 80; server_name _ localhost; # need to listen to localhost for worker tier if ($time_iso8601 ~ "^(d{4})-(d{2})-(d{2})T(d{2})") { set $year $1; set $month $2; set $day $3; set $hour $4; } access_log /var/log/nginx/access.log main; # Match the name of log_format directive which is defined above access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour new_log_name_healthd; location / { # Match the name of upstream directive which is defined above proxy_pass http://new_upstream_name; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /assets { alias /var/app/current/public/assets; gzip_static on; gzip on; expires max; add_header Cache-Control public; } location /public { alias /var/app/current/public; gzip_static on; gzip on; expires max; add_header Cache-Control public; } files: "/etc/nginx/conf.d/01_proxy.conf": mode: "000644" owner: root group: root content: | client_max_body_size 10M; "/etc/nginx/conf.d/02_app_server.conf": mode: "000644" owner: root group: root content: | # The content of this file is based on the # Change the name of the upstream because # as the one defined by default in /etc/ng upstream new_upstream_name { server unix:///var/run/puma/my_app.sock; } # Change the name of the log_format becaus
- 48. ?
- 49. !
- 50. ?
- 51. 3.7 .
- 52. ? 6 ?
- 53. .
- 54. . ??
- 55. EB
- 56. Docker !!
- 57. Dockerfile
- 58. FROM tomcat:8.5.40-jre8-slim RUN rm -rf /usr/local/tomcat/webapps/* COPY ./target/JellyJelly.war /usr/local/tomcat/webapps/ROOT.war EXPOSE 8080
- 60. FROM tomcat:8.5.40-jre11-slim RUN rm -rf /usr/local/tomcat/webapps/* COPY ./target/JellyJelly.war /usr/local/tomcat/webapps/ROOT.war EXPOSE 8080
- 63. FROM tomcat:8.5.40-jre8-slim RUN rm -rf /usr/local/tomcat/webapps/* COPY ./target/JellyJelly.war /usr/local/tomcat/webapps/ROOT.war ENV JAVA_OPTS="-Xmx1536m -Xms1536m - XX:PermSize=1024m -XX:MaxPermSize=1024m" EXPOSE 8080 ! 5252 Docker !
- 64. Docker AWS .
- 65. EB Docker ?
- 66. – god “ ” EB !! !!
- 67. . ! ! .
- 68. EB (ELB, Auto Scaliing )
- 69. EC2
- 70. Flexible
- 71. ECS Fargate EC2
- 72. EC2 vs Fargate • AWS Docker AMI • EC2 ( ) • Docker • Docker Run • Docker Run EB Docker
- 73. ECS EC2 vs Fargate : AWS
- 74. ECS • Task Run . (Fargate) • (CPU ) . (Fargate) • EB . • 1 .
- 75. ECS
- 76. AWS
- 77. ECS Cluster ECR Dockerfile Docker Image ECR Task Definition ELB . Create Service Update Service
- 78. 1 Cluster ECR Dockerfile Docker Image ECR Task Definition ELB . Update Service
- 79. ECS Cluster
- 81. . !
- 84. !
- 85. .
- 87. AWS Docker Hub
- 93. AWS CLI .
- 94. Unable to locate credentials. You can configure credentials by running "aws configure". ‘aws configure’ . ! https://docs.aws.amazon.com/ko_kr/cli/latest/userguide/cli-chap-configure.html
- 95. AWS CLI .
- 96. Refresh Push !
- 98. EC2 -> Load Balancers
- 100. Listeners . Next Security Group
- 101. 80 443 ! Next
- 103. CIDR IP Next
- 104. Create
- 105. !
- 106. Listeners 1. ! 2. ! 3. !
- 107. Listeners 1. ! 2. ! 3. ! 4. !
- 108. Target Group 1. !
- 109. Target Group 1. ! 2. !
- 110. ???
- 111. (empty) ALB .
- 112. Task Defnition
- 113. Task Definition . , !
- 115. Fargate Next !
- 117. 1. 2. CPU 3. Add container
- 118. ECR Image URI
- 120. 1. 2. CPU 3. Add container
- 121. 1. Container Name 2. Image URL Soft limit - Hard limit - ..( ) 4. 3. limit 5. Add
- 122. Task Definition .
- 124. Volumes
- 125. Task Defnition Service , Task .
- 126. Task
- 127. Service T.O.P
- 128. Task Task Definition . .
- 129. Service Task .
- 130. Service . (ELB, Auto Scaling )
- 131. Task Definition Create Service !
- 132. Revision - Task Definition Family Revision . Service name - Number of task - Service task Minimum healthy percent - healthy % ex) Task 6 100% 6 , 50% 3 Maximum percent - 200% ex) Task 6 200% 12 z
- 133. Rolling Update Task , , , Blue/Green Task Task 4 Task 4 8 4 (CodeDeploy ) !
- 134. Cluster VPC Subnets , !! Security Group Task Definition Container . Auto-assign public IP : public IP .. ENABLED .
- 135. SG VPC .
- 136. Application Load Balancer ! Load Balancer ! Add to load balancer !
- 137. Load Balancer . ( , Container port ) Load Balancer Target Group Target Group ECS Auto Scaling Target . , ELB ! !
- 138. Service discovery , ( ..) Next step
- 139. Auto Scaling
- 140. Auto Scaling ! Task 2 Task ( Minimum ) Task
- 141. Auto Scaling ! 1 60% 1 Scale Out . ( CPU !)
- 142. Save Scaling Action . ( , Task , Cooldown ?) Alarm Task ! 300 ! 300 Scaling !
- 143. Scale In .
- 144. Scale In . Next step!! >= > - <=
- 145. Create Service !! >=
- 146. !
- 147. Service
- 148. ELB DNS !
- 149. !!
- 151. 1 Cluster ECR Dockerfile Docker Image ECR Task Definition ELB . Create Service Update Service
- 152. ?
- 155. !
- 156. # Edit Below Options DATE=$(date '+%Y-%m-%d-%H-%M-%S') echo $DATE ECR_URL="12345678987.dkr.ecr.ap-northeast-2.amazonaws.com" DOCKER_IMAGE_NAME="jelly/ecs-session-example" DIR="$( cd "$( dirname "$0" )" && pwd )" TASK_DEF_NAME="ecs-session-example" TASK_DEF_CONF="ecs-task-definition.conf" CLUSTER_NAME="Jellys-Toy-Cluster" SERVICE_CONF="ecs-service.conf" MINIMUM_HEALTHY_PERCENT=100 MAXIMUM_PERCENT=200 SUBNETS='"subnet-xxxxxxxxxxxxxx","subnet-xxxxxxxxxxxxxxxx"' SECURITY_GROUPS='"sg-XXXXXXXXXXXXXXX"' DESIRED_COUNT=2
- 157. { "cluster": "CLUSTER_NAME", "service": "TASK_DEF_NAME", "desiredCount": DESIRED_COUNT, "taskDefinition": "TASK_DEF_NAME", "deploymentConfiguration": { "maximumPercent": MAXIMUM_PERCENT, "minimumHealthyPercent": MINIMUM_HEALTHY_PERCENT }, "networkConfiguration": { "awsvpcConfiguration": { "subnets": [ SUBNETS ], "securityGroups": [ SECURITY_GROUPS ], "assignPublicIp": "DISABLED" } }, "forceNewDeployment": false, "healthCheckGracePeriodSeconds": 0 } { "executionRoleArn": "arn:aws:iam::******************* "containerDefinitions": [ { "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group": "/ecs/TASK_DEF_NAME", "awslogs-region": "ap-northeast-2", "awslogs-stream-prefix": "ecs" } }, "portMappings": [ { "hostPort": 3000, "protocol": "tcp", "containerPort": 3000 } ], "cpu": 0, "environment": [], "mountPoints": [], "memory": 512, "memoryReservation": 512, "volumesFrom": [], "image": "DOCKER_IMAGE_NAME", "name": "TASK_DEF_NAME" } ], "placementConstraints": [], "memory": "512", "family": "TASK_DEF_NAME", "requiresCompatibilities": [ "FARGATE" ], "networkMode": "awsvpc", "cpu": "256", "volumes": [] }
- 158. “Works on my machine”
- 159. Trouble Shooting
- 161. Auto Assign Public Ip DISABLED ?
- 162. – “ ”
- 163. IP ENI
- 164. Public IP (ENI) Private IP (ENI)
- 165. Public IP (ENI) Private IP (ENI)
- 166. Only private subnets are supported for the awsvpc network mode. Because tasks do not receive public IP addresses, a NAT gateway is required for outbound internet access. Inbound internet traffic should be routed through a load balancer.
- 167. If you are using Fargate tasks, a public IP address needs to be assigned to the task's elastic network interface,. The network interface must have a route to the internet or a NAT gateway that can route requests to the internet, for the task to pull container images.
- 168. ECR
- 169. VPC
- 170. 2 ! …