aws_codedeploy_deployment_group
resource "aws_codedeploy_deployment_group" "dg" {
app_name = aws_codedeploy_app.app.name
deployment_group_name = aws_codedeploy_app.app.name
service_role_arn = aws_iam_role.codedeploy.arn
deployment_config_name = "CodeDeployDefault.ECSAllAtOnce"
auto_rollback_configuration {
enabled = true
events = ["DEPLOYMENT_FAILURE"]
}
blue_green_deployment_config {
deployment_ready_option {
action_on_timeout = "CONTINUE_DEPLOYMENT"
}
terminate_blue_instances_on_deployment_success {
action = "TERMINATE"
termination_wait_time_in_minutes = 5
}
}
deployment_style {
deployment_option = "WITH_TRAFFIC_CONTROL"
deployment_type = "BLUE_GREEN"
}
ecs_service {
cluster_name = "${var.namespace}"
service_name = "${var.namespace}-service"
}
load_balancer_info {
target_group_pair_info {
prod_traffic_route {
listener_arns = ["${var.listener_arns}"]
}
target_group {
name = "${var.namespace}-http-green"
}
target_group {
name = "${var.namespace}-http-blue"
}
}
}
}
我的ALB设置是:
resource "aws_alb_target_group" "http" {
count = "${length(local.target_groups)}"
name = "${var.namespace}-http-${
element(local.target_groups, count.index)
}"
port = 8080
protocol = "HTTP"
vpc_id = var.vpc_id
target_type = "ip"
health_check {
healthy_threshold = var.health_check_healthy_threshold
unhealthy_threshold = var.health_check_unhealthy_threshold
timeout = var.health_check_timeout
interval = var.health_check_interval
path = var.path
}
tags = {
Name = var.namespace
}
lifecycle {
create_before_destroy = true
}
depends_on = [aws_lb.alb]
}
resource "aws_alb_listener_rule" "alb" {
listener_arn = "${aws_alb_listener.https.arn}"
action {
type = "forward"
target_group_arn = "${aws_alb_target_group.http.0.arn}"
}
condition {
field = "path-pattern"
values = ["/*"]
}
}
resource "aws_alb_listener" "https" {
load_balancer_arn = aws_lb.alb.arn
protocol = "HTTPS"
port = "443"
ssl_policy = "policy"
certificate_arn = "arn:"
default_action {
target_group_arn = aws_alb_target_group.http.0.arn
type = "forward"
}
}
resource "aws_lb" "alb" {
name = var.namespace
load_balancer_type = "application"
internal = true
subnets = compact(split(",", var.private_subnets))
security_groups = [aws_security_group.alb.id]
enable_cross_zone_load_balancing = true
lifecycle {
create_before_destroy = true
}
idle_timeout = 30
}
代码管道
resource "aws_codepipeline" "codepipeline" {
name = "${var.namespace}-stage"
role_arn = aws_iam_role.role.arn
artifact_store {
location = aws_s3_bucket.bucket.bucket
type = "S3"
}
stage {
name = "Source"
action {
name = "Source"
category = "Source"
owner = "ThirdParty"
provider = "GitHub"
version = "1"
output_artifacts = ["${var.namespace}-source-artifact"]
configuration = {
OAuthToken = "87fe91e185fb14f711ec4c7a99327f90f9a82685"
Owner = var.owner
Repo = var.repo
Branch = var.branch
}
}
}
stage {
name = "Build"
action {
name = "Build"
category = "Build"
owner = "AWS"
provider = "CodeBuild"
version = "1"
input_artifacts = ["${var.namespace}-source-artifact"]
output_artifacts = ["${var.namespace}-build-artifact"]
configuration = {
ProjectName = var.namespace
}
}
}
stage {
name = "Deploy"
action {
name = "Deploy"
category = "Deploy"
owner = "AWS"
provider = "CodeDeployToECS"
input_artifacts = ["${var.namespace}-build-artifact"]
version = "1"
configuration = {
ApplicationName = var.namespace
DeploymentGroupName = var.namespace
TaskDefinitionTemplateArtifact = "${var.namespace}-build-artifact"
AppSpecTemplateArtifact = "${var.namespace}-build-artifact"
}
}
}
}
Appspec
version: 0.0
Resources:
- TargetService:
Type: AWS::ECS::Service
Properties:
TaskDefinition: "arn:task-definition"
LoadBalancerInfo:
ContainerName: "my-container"
ContainerPort: "8080"
NetworkConfiguration:
AwsvpcConfiguration:
Subnets: ["subnet-1"]
SecurityGroups: ["sg-1"]
AssignPublicIp: "DISABLED"
buildspec
version: 0.2
phases:
install:
commands:
- apt-get update
- apt install jq
pre_build:
commands:
- echo Logging in to Amazon ECR...
- $(aws ecr get-login --region eu-west-1 --no-include-email | sed 's|https://||')
- IMAGE_TAG=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | cut -c 1-7)
build:
commands:
- echo Pulling docker image
- docker pull url:latest
post_build:
commands:
- aws ecs describe-task-definition --task-definition my-task-definition | jq '.taskDefinition' > taskdef.json
- echo LISTING ALL
- ls
- pwd
- echo Running the Docker image...
- docker run -d=true url:latest
- echo Running docker volume
- docker volume ls
- echo Running docker ps
- docker ps
artifacts:
files:
- taskdef.json
如您所见,在构建后我有一些命令可以调试任务。
内容正确,并且docker ps返回一个正在运行的docker映像,但是它不是在附加到EC2的{{1}}实例中构建的。
如果我去ECS实例,则我有一个实例附加到集群,并且它有两个IP。
群集正在运行一项任务,我可以使用第二个IP通过浏览器访问容器,但无法连接到EC2。尽管任务正在运行,但ssh却没有部署它。
另一方面,可以通过端口Codepipeline而不是22来访问主ip。那里还有一个正在运行的任务,但是根本无法工作,因为我无法从浏览器访问它。都没有gihub代码。
可能是设置错误,或者是关于如何将所有内容指向正确目标的误解。
有什么主意吗?