- Amazon EC2 Container Service (ECS) is a cloud computing service in Amazon Web Services (AWS) that manages containers.
- It enables developers to deploy and manage scalable applications that run on groups of servers called clusters through application programming interface (API) calls and task definitions.
- Amazon ECS is a scalable service that is accessible through the AWS Management Console and software developer's kits (SDKs).
- ECS enables users to create and run Docker containers for distributed applications that run on microservices.
- ECS evaluates and monitors CPU and memory output to determine the optimal deployment for a container.
- AWS customers can also use the service to update containers or scale them up or down.
- Elastic Load Balancing, Elastic Block Store (EBS) volumes and Identity and Access Management (IAM) roles are also supported for further customization.
1) Create ECS Cluster with 1 Container Instance
Create a Task Definition
Create an ELB and Target Group to later associate with the ECS Service
Create a Service that runs the Task Definition
- Confirm Everything is Working
Scale Up the Service to 4 Tasks.
Delete All
-> Create ECS Cluster with 1 Container Instance
Before creating a cluster----- create a security group(SG) called my-ecs-sg .
aws ec2
create security-group
group-name my-ecs-sg
description my-ecs-sg
Now create an ECS Cluster called my-cluster and the ec2 instance that belongs to the ECS Cluster.
Use the my-ecs-sg security group that was created.
You can get the id of the security group
from the EC2 Console / Network & Security / Security Groups.
It is important to select a Key- pair so you can ssh into the instance later to verify things are
working.
For the Networking VPC settings,
I used the default VPC and all the Subnets associated .
For the IAM Role use ecsInstanceRole. (Create IAM Role )
confirm that Container Instance has successfully registered to the my-cluster ECS
cluster.
You can confirm it by clicking on the ECS Instances tab under Clusters / my-cluster.
-> Create a task definition that will be blueprint to start a jenkins
Before creating the task definition, find a jenkins docker image to use and test that it’s working. I’m using jenkins image.
$ docker run -d -p 4567:4567 --name hi jenkins
$ docker ps
$ curl localhost:8080 ; echo
$ docker stop hi ;
$docker rm hi
Above, I’ve started a container with the jenkins image and ran curl localhost:8080. Port 8080 is the default port that jenkins listens on, and it is exposed in the Dockerfile.create the task definition. Create a task-definition.json and add:
{
"family": "jenkins",
"containerDefinitions": [
{
"name": "web",
"image": "jenkins:latest",
"cpu": 128,
"memoryReservation": 128,
"portMappings": [
{
"containerPort": 8080,
"protocol": "tcp"
}
],
"command": [
"ruby", "hi.rb"
],
"essential": true
}
]
}
The task definition is also available on GitHub: task-definition.json. To register the task definition:
$ aws ecs register-task-definition --cli-input-json file://task-definition.json
Confirm that the task definition successfully registered with the ECS Console:
-> Create an ELB and Target Group to later associate with the ECS Service
create an ELB is with the EC2 Console.
Go the EC2 Console
Load Balancing
Load Balancers,
click “Create Load Balancer” and
select Application Load Balancer.
Step 1 — Configure Load Balancer
Name it my-elb and
select internet-facing.
Use the default Listener with an HTTP protocol and Port 80.
Step 2 — Configure Security Settings
There will be a warning about using a secure listener, but for this exercise we can skip using SSL.
Step 3 — Configure Security Groups
Create a new security group named my-elb-sg and open up port 80 and source 0.0.0.0/0 so anything from the outside world can access the ELB port 80.
Step 4 — Configure Routing
Create a new target group name my-target-group with port 80.
Step 5 — Register Targets
ECS will automatically register the targets
So simply skip and click next.
Step 6 — Review
Review and click create.
When we created the ELB with the wizard we opened, it’s my-elb-sg group port 80 to the world. We also need to make sure that the my-ecs-sg security group associated with the instance we launched in step 1 allows traffic from the ELB. We created the my-ecs-sg group in step 1 at the very beginning of this tutorial. To allow all ELB traffic to hit the container instance run the following:
$ aws ec2 authorize-security-group-ingress --group-name my-ecs-sg --protocol tcp --port 1-65535 --source-group my-elb-sg
Confirm the rules were added to the security groups via the EC2 Console:
With these security group rules, only port 80 on the ELB is exposed to the outside world and any traffic from the ELB going to a container instance with the my-ecs-group group is allowed. This a nice simple setup.
-> Create a Service that runs the Task Definition
Before creating a service, we should ensure that the ecsServiceRole IAM role exists. If you this is your first time using ECS, it might not have been created yet. The instructions on how to create it is on ecsServiceRole.
The command to create the ECS service takes a few parameters so it is easier to use a JSON file as it’s input. Let’s create an ecs-service.json file with the following:
{
"cluster": "my-cluster",
"serviceName": "my-service",
"taskDefinition": "jenkins",
"loadBalancers": [
{
"targetGroupArn": "FILL-IN-YOUR-TARGET-GROUP",(ARN from traget group Load
Balancer)
"containerName": "web",
"containerPort": 8080
}
],
"desiredCount": 1,
"role": "ecsServiceRole"
}
You will have to find your targetGroupArn created in step 3 when we created the ELB. To find the targetGroupArn you can go to the EC2 Console / Load Balancing / Target Groups and click on the my-target-group.
Now create the ECS service: my-service.
$ aws ecs create-service --cli-input-json file://ecs-service.json
You can confirm that the container is running on the ECS Console.
Go to Clusters
my-cluster
my-service and
view the Tasks tab.
-> Confirm Everything is Working
Confirm that the service is running correctly. You want to be thorough about confirming that all is working by checking a few things.
Check that my-target-group is showing and maintaining healthy targets.
Under Load Balancing
Target Groups,
click on my-target-group and
check the Targets tab.
You should see a Target that is reporting healthy.
If the target is not healthy, check these likely issues:
Check that the my-ecs-sg security group is allowing all traffic from the my-elb-sg security group. This was done in Step 4 with the authorized-security-group-ingress command after you created the ELB.
Check that the security groups for the ELB, in step 3, is set to the same security groups that you used when you created the ECS Cluster and Container Instance in step 1. Remember the ELB can only detect healthy instances in AZs that it is configured to use.
Let also ssh into the instance and see the running docker process is returning a good response. Under Clusters / ECS Instances, click on the Container Instance and grab the public DNS record so you can ssh into the instance.
$ ssh ec2-user@ec2-52-3-252-86.compute-1.amazonaws.com
$ docker ps
$ curl 0.0.0.0:32773 ; echo
verify by hitting the external DNS address of the ELB.
DNS address in the EC2 Console under Load Balancing / Load Balancers and clicking on my-elb.
Verify the ELB publicly available DNS endpoint with curl:
$ curl my-elb-1693572386.us-east-1.elb.amazonaws.com ; echo
Scale Up the Service to 4 Tasks
This is the easiest part. To scale up and add more containers
go to Clusters
my-cluster
my-service and
click on “Update Service”.
“Number of tasks” from 1 to 4 there.
After only a few moments you should see 4 running tasks. That’s it!
Delete All
It is quickest to use the EC2 Console to delete the following resources:
ELB: my-elb, my-target-group
ECS Service: my-service Task Definition: jenkins
Cluster: my-cluster
Security group: my-elb-sg and my-ecs-sg.
No comments:
Post a Comment