Amazon ECS Operations: Difference between revisions
Line 96: | Line 96: | ||
{{Internal|Amazon ECR Operations#Create_Repository|Amazon ECR Operations - Create Repository}} | {{Internal|Amazon ECR Operations#Create_Repository|Amazon ECR Operations - Create Repository}} | ||
No Private repository authentication. | No Private repository authentication. |
Revision as of 21:03, 7 February 2019
External
Internal
Overview
Create a Cluster
Procedure
Amazon ECS -> Clusters -> Create Cluster
Networking only (Fargate)
Cluster Name
Networking
Create VPC: Even if a cluster uses a VPC, it does not seem to be possible to create the VPC in advance, and just refer it during the cluster creation process - at least when the cluster is created from the console. If no VPC is created during the cluster creation process, the cluster probably uses one of the existing VPCs. Which one? Maybe the default VPC of the account? For more details see:
CIDR block
10.7.0.0/16
Subnet 1:
10.7.1.0/24
Subnet 2:
10.7.2.0/24
Result and Next Steps
The procedure will create the cluster and the following associated resources:
A CloudFormation stack. The stack automatically gets a name (EC2ContainerService-<cluster-name>).
A VPC. The VPC spans several availability zones. It is probably a good idea to navigate to the VPC console by following the link, and update the name to something relevant.
Subnets. It is probably a good idea to navigate to the VPC console by following the links, and update the name of the subnets to something relevant.
An Internet gateway. It is probably a good idea to navigate to the VPC console by following the link, and update the name to something relevant.
A route table. It is probably a good idea to navigate to the VPC console by following the link, and update the name to something relevant. The route table will be associated automatically with the subnets created by the process. The routes will include the subnets for the relevant IP address ranges, and the internet gateway for everything else.
An Amazon EC2 route.
A virtual private gateway attachment.
Configure security group to allow access
Create a Task Definition
Amazon ECS -> Task Definitions -> Create a New Task Definition -> FARGATE -> Next Step
Task Definition Name: themyscira
Requires Compatibilities: FARGATE
Task Role: If the task only needs generic permissions, which should be the case, it is a good idea to create a generic Task Role, shared across clusters, and use it here. This is how roles can be created:
After the task role is correctly created, it should show up in the "Task Role" drop-down box.
Network Mode: awsvpc
Task execution IAM role - this is the role that authorizes Amazon ECS to pull private images and publish logs for the task. This takes the place of the EC2 Instance role when running tasks:
After the task role is correctly created, it should show up in the "Task execution role" drop-down box. If it does not show up, refresh the page.
Task size:
Task memory (GB): 4GB
Task CPU (vCPU): 2 vCPU
Container Definitions: Add Container
Container name: themyscira
Image: 673499572719.dkr.ecr.us-west-2.amazonaws.com/com.uplift/playground/themyscira:latest
If the repository does not exist, create it:
No Private repository authentication.
Memory Limits (MiB): Hard Limit 4096
Port Mappings: 10001 (tcp)
Host port mappings are not valid when the network mode for a task definition is host or awsvpc. To specify different host and container port mappings, choose the Bridge network mode.
Advanced container configuration
Healthcheck
Environment
CPU Units: 2048
Essential: If the essential parameter of a container is marked as true, the failure of that container will stop the task.
Entry point:
Command:
Working directory:
Environment variables:
Key: SPRING_PROFILES_ACTIVE Value: playground
Network Settings:
Storage and Logging:
Read only root file system
Mount points:
Volumes from:
Log configuration: Unselect "Auto-configure CloudWatch Logs"
Log driver: awslogs
Values:
awslogs-group: /up/playground/themyscira
awslogs-region: us-west-2
awslogs-stream-prefix: dev
Create a Service
Must create at least a Task Definition first. See:
Clusters -> <Cluster Name> -> Services tab -> Create:
Launch Type: FARGATE
Task Definition: Family themyscira
Revision: latest
Platform version: LATEST
Cluster: playground
Service name: themyscira
Service type: REPLICA
Number of Tasks: 1
Minimum healthy percent: 100
Maximum percent: 200
Deployment type: Rolling update.
Cluster VPC: vpc-*
Subnets:
Security groups: themys-3144
Auto-assign public IP: DISABLED
Load balancer type: Return here
Service IAM role:
Service discovery (optional)
NO
Set Auto Scaling (optional)
Do not adjust the service's desired count.
Load balancer: