Amazon ECS Operations: Difference between revisions
Line 26: | Line 26: | ||
Cluster Name | Cluster Name | ||
Networking | ====Networking==== | ||
Create VPC. | |||
CIDR block 10.0.0.0/16 | CIDR block 10.0.0.0/16 | ||
Subnet 1: 10.0.0.0/16 | Subnet 1: 10.0.0.0/16 | ||
<font color=darkgray>Make it a public subnet: add an Internet Gateway otherwise container pull fails.</font> | |||
<font color=darkgray>Configure security group to allow access</font> | |||
Delete Subnet 2. | Delete Subnet 2. |
Revision as of 00:15, 7 February 2019
External
Internal
Overview
Create a Cluster
Before you Start
Optionally, a VPC and one or more subnets can be created in advance. They can also be created during the cluster creation procedure.
Procedure
Amazon ECS -> Clusters -> Create Cluster
Networking only (Fargate)
Cluster Name
Networking
Create VPC.
CIDR block 10.0.0.0/16
Subnet 1: 10.0.0.0/16
Make it a public subnet: add an Internet Gateway otherwise container pull fails.
Configure security group to allow access
Delete Subnet 2.
It will create:
- ECS cluster
- CloudFormation Stack
- VPC
- Subnet 1
- Subnet 1 route table association
- VPC Availability Zones
- Internet gateway
- Route table
- Amazon EC2 route
- Virtual private gateway attachment
Create a Task Definition
Amazon ECS -> Task Definitions -> Create a New Task Definition -> FARGATE -> Next Step
Task Definition Name: themyscira
Requires Compatibilities: FARGATE
After the task role is correctly created, it should show up in the "Task Role" drop-down box.
Network Mode: awsvpc
Task execution IAM role - this is the role that authorizes Amazon ECS to pull private images and publish logs for the task. This takes the place of the EC2 Instance role when running tasks:
After the task role is correctly created, it should show up in the "Task execution role" drop-down box. If it does not show up, refresh the page.
Task size:
Task memory (GB): 4GB
Task CPU (vCPU): 2 vCPU
Container Definitions: Add Container
Container name: themyscira
Image: 673499572719.dkr.ecr.us-west-2.amazonaws.com/com.uplift/playground/themyscira:playground
If the repository does not exist, create it:
The tag should coincide with the name of the cluster the image will be deployed into.
No Private repository authentication.
Memory Limits (MiB): Hard Limit 4096
Port Mappings: 10001 (tcp)
Host port mappings are not valid when the network mode for a task definition is host or awsvpc. To specify different host and container port mappings, choose the Bridge network mode.
Advanced container configuration
Healthcheck
Environment
CPU Units: 2048
Essential: If the essential parameter of a container is marked as true, the failure of that container will stop the task.
Entry point:
Command:
Working directory:
Environment variables:
Key: SPRING_PROFILES_ACTIVE Value: playground
Network Settings:
Storage and Logging:
Read only root file system
Mount points:
Volumes from:
Log configuration: Unselect "Auto-configure CloudWatch Logs"
Log driver: awslogs
Values:
awslogs-group: /up/playground/themyscira
awslogs-region: us-west-2
awslogs-stream-prefix: dev
Create a Service
Must create at least a Task Definition first. See:
Clusters -> <Cluster Name> -> Services tab -> Create:
Launch Type: FARGATE
Task Definition: Family themyscira
Revision: latest
Platform version: LATEST
Cluster: playground
Service name: themyscira
Service type: REPLICA
Number of Tasks: 1
Minimum healthy percent: 100
Maximum percent: 200
Deployment type: Rolling update.
Cluster VPC: vpc-*
Subnets:
Security groups: themys-3144
Auto-assign public IP: DISABLED
Load balancer type: Return here
Service IAM role:
Service discovery (optional)
NO
Set Auto Scaling (optional)
Do not adjust the service's desired count.
Load balancer: