Fargate 是使用 Amazon Elastic Container Service 托管容器的无服务器方式。
本实验来自于Building Containerized Applications on AWS第二周的内容:AWS Fargate Demonstration
实验拓扑
实验说明
- 本实验将创建一个集群,集群是承载容器的基础架构的逻辑隔离边界。 该集群位于默认VPC内,跨越两个可用区。在每个可用区设定私有子网,分别为172.31.111.0/24和172.31.112.0/24。Fargate 将自动配置和管理集群。
- 创建任务Task,任务在基本级别是一个用于运行容器的包装器。创建任务定义的时候将对要运行的一个或多个容器的配置进行规定。
- 创建服务,服务是对外提供的。将匹配创建的集群和任务。
- 容器使用的Image来自于ECR。
- 需要对Task创建等提供Role。
- 创建ALB对外提供服务,对内监听ECS容器服务。
实验配置步骤
创建Role
创建ALB
使用命令创建ALB
aws elbv2 create-load-balancer --name FargateLoadBalancer \
--subnets subnet-050355db94fb6330f subnet-06a74586eefb96d0a \
--security-groups sg-0b784f3107ad6fe28 --scheme internet-facing \
--type application --ip-address-type ipv4
系统将生成
{
"LoadBalancers": [
{
"IpAddressType": "ipv4",
"VpcId": "vpc-ffc10199",
"LoadBalancerArn": `"arn:aws:elasticloadbalancing:ap-southeast-1:098246620002:loadbalancer/app/FargateLoadBalancer/bb0a690e091b071b"`,
"State": {
"Code": "provisioning"
},
"DNSName": "FargateLoadBalancer-1422969215.ap-southeast-1.elb.amazonaws.com",
"SecurityGroups": [
"sg-0b784f3107ad6fe28"
],
"LoadBalancerName": "FargateLoadBalancer",
"CreatedTime": "2021-07-27T09:28:12.320Z",
"Scheme": "internet-facing",
"Type": "application",
"CanonicalHostedZoneId": "Z1LMS91P8CMLE5",
"AvailabilityZones": [
{
"SubnetId": "subnet-050355db94fb6330f",
"LoadBalancerAddresses": [],
"ZoneName": "ap-southeast-1b"
},
{
"SubnetId": "subnet-06a74586eefb96d0a",
"LoadBalancerAddresses": [],
"ZoneName": "ap-southeast-1c"
}
]
}
]
}
` ` 部分下面会用到
指定ALB监听目标组
aws elbv2 create-target-group --name FargateTargetGroup --protocol HTTP \
--port 8080 --vpc-id vpc-ffc10199 --target-type ip
这里的vpc-xxxxxx是VPC的ID
{
"TargetGroups": [
{
"HealthCheckPath": "/",
"HealthCheckIntervalSeconds": 30,
"VpcId": "vpc-ffc10199",
"Protocol": "HTTP",
"HealthCheckTimeoutSeconds": 5,
"TargetType": "ip",
"HealthCheckProtocol": "HTTP",
"ProtocolVersion": "HTTP1",
"Matcher": {
"HttpCode": "200"
},
"UnhealthyThresholdCount": 2,
"HealthyThresholdCount": 5,
"TargetGroupArn": `"arn:aws:elasticloadbalancing:ap-southeast-1:098246620002:targetgroup/FargateTargetGroup/9e4630794653255a"`,
"HealthCheckEnabled": true,
"HealthCheckPort": "traffic-port",
"Port": 8080,
"TargetGroupName": "FargateTargetGroup"
}
]
}
配置ALB和目标组
aws elbv2 create-listener --load-balancer-arn `arn:aws:elasticloadbalancing:ap-southeast-1:098246620002:loadbalancer/app/FargateLoadBalancer/bb0a690e091b071b` --protocol HTTP --port 80 \
--default-actions Type=forward,TargetGroupArn=`arn:aws:elasticloadbalancing:ap-southeast-1:098246620002:targetgroup/FargateTargetGroup/9e4630794653255a`
{
"Listeners": [
{
"Protocol": "HTTP",
"DefaultActions": [
{
"ForwardConfig": {
"TargetGroupStickinessConfig": {
"Enabled": false
},
"TargetGroups": [
{
"TargetGroupArn": "arn:aws:elasticloadbalancing:ap-southeast-1:098246620002:targetgroup/FargateTargetGroup/9e4630794653255a",
"Weight": 1
}
]
},
"TargetGroupArn": "arn:aws:elasticloadbalancing:ap-southeast-1:098246620002:targetgroup/FargateTargetGroup/9e4630794653255a",
"Type": "forward"
}
],
"LoadBalancerArn": "arn:aws:elasticloadbalancing:ap-southeast-1:098246620002:loadbalancer/app/FargateLoadBalancer/bb0a690e091b071b",
"Port": 80,
"ListenerArn": "arn:aws:elasticloadbalancing:ap-southeast-1:098246620002:listener/app/FargateLoadBalancer/bb0a690e091b071b/0795bc3f32c9641d"
}
]
}
创建Cluster
aws ecs create-cluster --cluster-name farget-cluster
{
"cluster": {
"status": "ACTIVE",
"defaultCapacityProviderStrategy": [],
"statistics": [],
"capacityProviders": [],
"tags": [],
"clusterName": "farget-cluster",
"settings": [
{
"name": "containerInsights",
"value": "disabled"
}
],
"registeredContainerInstancesCount": 0,
"pendingTasksCount": 0,
"runningTasksCount": 0,
"activeServicesCount": 0,
"clusterArn": `"arn:aws:ecs:ap-southeast-1:098246620002:cluster/farget-cluster"`
}
}
创建Task
aws ecs register-task-definition --family hello-web-app --task-role-arn `arn:aws:iam::098246620002:role/PythonECSTask` \
--execution-role-arn `arn:aws:iam::098246620002:role/ecsTaskExecutionRole` --network-mode awsvpc \
--container-definitions `file://fargate-container.json` --cpu .5vCPU --memory 1GB \
--requires-compatibilities FARGATE
- 定义了Task中Container的创建文件,资源需求
- 使用了前面定义的Role
- 网络模式为VPC,Fargate仅支持VPC
- 创建Container的JSON文件
[
{
"environment": [
{
"name": "MESSAGE",
"value": "I just deployed a PodVM on the AWS ECS Cluster!!"
}
],
"name": "webapp",
"mountPoints": [],
"image": `"public.ecr.aws/y2y0q7a2/hello-kubernetes:1.5"`,
"portMappings": [
{
"protocol": "tcp",
"containerPort": 8080,
"hostPort": 8080
}
]
}
]
使用了ECR中的Public Image并传递了环境值MESSAGE
{
"taskDefinition": {
"status": "ACTIVE",
"memory": "1024",
"registeredAt": 1627378294.665,
"networkMode": "awsvpc",
"family": `"hello-web-app"`,
"registeredBy": "arn:aws:iam::098246620002:user/Administrator",
"placementConstraints": [],
"requiresAttributes": [
{
"name": "com.amazonaws.ecs.capability.task-iam-role"
},
{
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
},
{
"name": "ecs.capability.task-eni"
}
],
"cpu": "512",
"executionRoleArn": "arn:aws:iam::098246620002:role/ecsTaskExecutionRole",
"compatibilities": [
"EC2",
"FARGATE"
],
"volumes": [],
"requiresCompatibilities": [
"FARGATE"
],
"taskRoleArn": "arn:aws:iam::098246620002:role/PythonECSTask",
"taskDefinitionArn": "arn:aws:ecs:ap-southeast-1:098246620002:task-definition/hello-web-app:2",
"containerDefinitions": [
{
"environment": [
{
"name": "MESSAGE",
"value": "I just deployed a PodVM on the AWS ECS Cluster!!"
}
],
"name": "webapp",
"mountPoints": [],
"image": "public.ecr.aws/y2y0q7a2/hello-kubernetes:1.5",
"cpu": 0,
"portMappings": [
{
"protocol": "tcp",
"containerPort": 8080,
"hostPort": 8080
}
],
"essential": true,
"volumesFrom": []
}
],
"revision": 2
}
}
创建服务
aws ecs create-service --cluster `arn:aws:ecs:ap-southeast-1:098246620002:cluster/farget-cluster` --service-name `FargateDemoService-01` \
--task-definition `arn:aws:ecs:ap-southeast-1:098246620002:task-definition/hello-web-app:2` --load-balancers `file://load-balancer.json` --desired-count 2 --launch-type FARGATE \
--network-configuration `file://task-networking.json` --scheduling-strategy REPLICA \
--deployment-controller type=ECS
这里用到了Load balancer和network的两个JSON文件 load-balancer.json:
[
{
"targetGroupArn": "arn:aws:elasticloadbalancing:ap-southeast-1:098246620002:targetgroup/FargateTargetGroup/9e4630794653255a",
"containerName": "webapp",
"containerPort": 8080
}
]
task-networking.json:
{
"awsvpcConfiguration": {
"subnets": ["subnet-050355db94fb6330f", "subnet-06a74586eefb96d0a"],
"securityGroups": ["sg-0b784f3107ad6fe28"],
"assignPublicIp": "ENABLED"
}
}
{
"service": {
"networkConfiguration": {
"awsvpcConfiguration": {
"subnets": [
"subnet-06a74586eefb96d0a",
"subnet-050355db94fb6330f"
],
"securityGroups": [
"sg-0b784f3107ad6fe28"
],
"assignPublicIp": "ENABLED"
}
},
"launchType": "FARGATE",
"enableECSManagedTags": false,
"loadBalancers": [
{
"containerName": "webapp",
"targetGroupArn": "arn:aws:elasticloadbalancing:ap-southeast-1:098246620002:targetgroup/FargateTargetGroup/9e4630794653255a",
"containerPort": 8080
}
],
"desiredCount": 2,
"clusterArn": "arn:aws:ecs:ap-southeast-1:098246620002:cluster/farget-cluster",
"serviceArn": `"arn:aws:ecs:ap-southeast-1:098246620002:service/farget-cluster/FargateDemoService-01"`,
"deploymentConfiguration": {
"deploymentCircuitBreaker": {
"enable": false,
"rollback": false
},
"maximumPercent": 200,
"minimumHealthyPercent": 100
},
"createdAt": 1627378533.605,
"healthCheckGracePeriodSeconds": 0,
"schedulingStrategy": "REPLICA",
"placementConstraints": [],
"deployments": [
{
"status": "PRIMARY",
"networkConfiguration": {
"awsvpcConfiguration": {
"subnets": [
"subnet-06a74586eefb96d0a",
"subnet-050355db94fb6330f"
],
"securityGroups": [
"sg-0b784f3107ad6fe28"
],
"assignPublicIp": "ENABLED"
}
},
"pendingCount": 0,
"launchType": "FARGATE",
"rolloutState": "IN_PROGRESS",
"rolloutStateReason": "ECS deployment ecs-svc/0105513691090167931 in progress.",
"createdAt": 1627378533.605,
"desiredCount": 2,
"failedTasks": 0,
"taskDefinition": "arn:aws:ecs:ap-southeast-1:098246620002:task-definition/hello-web-app:2",
"updatedAt": 1627378533.605,
"platformVersion": "1.4.0",
"id": "ecs-svc/0105513691090167931",
"runningCount": 0
}
],
"serviceName": "FargateDemoService-01",
"events": [],
"runningCount": 0,
"status": "ACTIVE",
"serviceRegistries": [],
"pendingCount": 0,
"createdBy": "arn:aws:iam::098246620002:user/Administrator",
"platformVersion": "LATEST",
"placementStrategy": [],
"propagateTags": "NONE",
"roleArn": "arn:aws:iam::098246620002:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS",
"taskDefinition": "arn:aws:ecs:ap-southeast-1:098246620002:task-definition/hello-web-app:2",
"enableExecuteCommand": false
}
}
查看Cluster
Administrator:~/environment/Fargate demo $ **aws ecs list-services --cluster farget-cluster**
{
"serviceArns": [
"arn:aws:ecs:ap-southeast-1:098246620002:service/farget-cluster/FargateDemoService-01"
]
}
实验结果
Cluster
Service
TASK
Load Balancer
Test
从LBer的对外DNS名称,我们可以访问
注意POD的私网地址和我们设计一致。
以上