Amazon Elastic Container Service (Amazon ECS) 是一項高度可擴展的快速容器管理服務,它可輕松運行、停止和管理群集上的容器,您的容器在任務定義中定義,用于運行服務中的單個任務或服務,在此背景關系中,服務是一種配置,使您能夠同時在集群中運行和維護指定數量的任務,您可以在由 AWS Fargate 管理的無服務器基礎設施上運行您的任務和服務,或者,要更好地控制您的基礎設施,您可以在管理的 Amazon EC2 實體集群上運行您的任務和服務,
Concourse CI 是一款 CI/CD 工具,它的魅力在于極簡設計,被廣泛應用于 Cloud Foundry 各個模塊的 CI/CD,Concourse CI 官方提供了標準的 Docker 鏡像,可以通過AWS ECS容器服務部署一套 Concourse CI 應用,
本次構筑Concourse CI的后端存盤,選用的postgres資料庫,利用AWS Fargate部署容器版的postgres,另外需要部署Concourse CI的管理Web和worker組件,其中Web也是利用AWS Fargate部署Serverless的容器服務,Worker需要開啟特權privileged,而AWS Fargate并不支持privileged,所以選用EC2集群執行Worker容器,
前置條件:
- 需要創建一個名稱為concourse-data的efs,作為postgres, web以及worker容器的存盤卷
2. 配置ecsTaskExecutionRole,開放給容器執行必要的權限,比如SystemManager的訪問權限等,
構筑步驟:
- 定義postgres任務
{
"ipcMode": null,
"executionRoleArn": "xxxx/ecsTaskExecutionRole",
"containerDefinitions": [
{
"dnsSearchDomains": null,
"environmentFiles": null,
"logConfiguration": {
"logDriver": "awslogs",
"secretOptions": null,
"options": {
"awslogs-group": "/ecs/concourse-db",
"awslogs-region": "cn-north-1",
"awslogs-stream-prefix": "ecs"
}
},
"entryPoint": null,
"portMappings": [],
"command": null,
"linuxParameters": null,
"cpu": 0,
"environment": [
{
"name": "PGDATA",
"value": "/database"
},
{
"name": "POSTGRES_PASSWORD",
"value": ""
},
{
"name": "POSTGRES_DB",
"value": "concourse"
}
],
"resourceRequirements": null,
"ulimits": null,
"dnsServers": null,
"mountPoints": [
{
"readOnly": null,
"containerPath": "/database",
"sourceVolume": "concourse-db"
}
],
"workingDirectory": null,
"secrets": null,
"dockerSecurityOptions": null,
"memory": null,
"memoryReservation": null,
"volumesFrom": [],
"stopTimeout": null,
"image": "postgres:12.2",
"startTimeout": null,
"firelensConfiguration": null,
"dependsOn": null,
"disableNetworking": null,
"interactive": null,
"healthCheck": null,
"essential": true,
"links": null,
"hostname": null,
"extraHosts": null,
"pseudoTerminal": null,
"user": null,
"readonlyRootFilesystem": null,
"dockerLabels": null,
"systemControls": null,
"privileged": null,
"name": "concourse-db"
}
],
"memory": "512",
"taskRoleArn": "xxxx/ecsTaskExecutionRole",
"family": "concourse-db",
"pidMode": null,
"requiresCompatibilities": [
"FARGATE"
],
"networkMode": "awsvpc",
"cpu": "256",
"inferenceAccelerators": null,
"proxyConfiguration": null,
"volumes": [
{
"efsVolumeConfiguration": {
"transitEncryptionPort": null,
"fileSystemId": "fs-12835e8f",
"authorizationConfig": {
"iam": "DISABLED",
"accessPointId": null
},
"transitEncryption": "DISABLED",
"rootDirectory": "/data/concourese/database"
},
"name": "concourse-db",
"host": null,
"dockerVolumeConfiguration": null
}
],
"tags": []
}
- 定義Web任務
{
"ipcMode": null,
"executionRoleArn": "xxxx/ecsTaskExecutionRole",
"containerDefinitions": [
{
"dnsSearchDomains": null,
"environmentFiles": null,
"logConfiguration": {
"logDriver": "awslogs",
"secretOptions": null,
"options": {
"awslogs-group": "/ecs/concourse-web",
"awslogs-region": "cn-north-1",
"awslogs-stream-prefix": "ecs"
}
},
"entryPoint": null,
"portMappings": [
{
"hostPort": 443,
"protocol": "tcp",
"containerPort": 443
}
],
"command": [
"web"
],
"linuxParameters": null,
"cpu": 0,
"environment": [
{
"name": "CONCOURSE_AWS_SSM_PIPELINE_SECRET_TEMPLATE",
"value": "/concourse/{{.Team}}/{{.Pipeline}}/{{.Secret}}"
},
{
"name": "CONCOURSE_ADD_LOCAL_USER",
"value": "admin:xxxx,platform:xxxx"
},
{
"name": "CONCOURSE_POSTGRES_HOST",
"value": "concourse-db.local"
},
{
"name": "CONCOURSE_LOG_LEVEL",
"value": "debug"
},
{
"name": "CONCOURSE_TLS_CERT",
"value": "/concourse-keys/server.crt"
},
{
"name": "CONCOURSE_AWS_SSM_TEAM_SECRET_TEMPLATE",
"value": "/concourse/{{.Team}}/{{.Secret}}"
},
{
"name": "CONCOURSE_TLS_KEY",
"value": "/concourse-keys/server.key"
},
{
"name": "CONCOURSE_AWS_SSM_SECRET_KEY",
"value": "Y/"
},
{
"name": "CONCOURSE_POSTGRES_PASSWORD",
"value": ""
},
{
"name": "CONCOURSE_POSTGRES_DATABASE",
"value": "concourse"
},
{
"name": "CONCOURSE_AWS_SSM_REGION",
"value": "cn-north-1"
},
{
"name": "CONCOURSE_TLS_BIND_PORT",
"value": "443"
},
{
"name": "CONCOURSE_MAIN_TEAM_LOCAL_USER",
"value": "admin"
},
{
"name": "CONCOURSE_AWS_SSM_ACCESS_KEY",
"value": ""
},
{
"name": "CONCOURSE_EXTERNAL_URL",
"value": "https://xxxx:8443"
},
{
"name": "CONCOURSE_POSTGRES_USER",
"value": "concourse@postgres"
}
],
"resourceRequirements": null,
"ulimits": null,
"dnsServers": null,
"mountPoints": [
{
"readOnly": null,
"containerPath": "/concourse-keys",
"sourceVolume": "concourse-keys"
}
],
"workingDirectory": null,
"secrets": null,
"dockerSecurityOptions": null,
"memory": null,
"memoryReservation": null,
"volumesFrom": [],
"stopTimeout": null,
"image": "voss2018/concourse:6.5.1.1",
"startTimeout": null,
"firelensConfiguration": null,
"dependsOn": null,
"disableNetworking": null,
"interactive": null,
"healthCheck": null,
"essential": true,
"links": null,
"hostname": null,
"extraHosts": null,
"pseudoTerminal": null,
"user": null,
"readonlyRootFilesystem": null,
"dockerLabels": null,
"systemControls": null,
"privileged": null,
"name": "concourse-web"
}
],
"memory": "2048",
"taskRoleArn": "arn:aws-cn:iam::348769610664:role/ecsTaskExecutionRole",
"family": "concourse-web",
"pidMode": null,
"requiresCompatibilities": [
"FARGATE"
],
"networkMode": "awsvpc",
"cpu": "1024",
"inferenceAccelerators": null,
"proxyConfiguration": null,
"volumes": [
{
"efsVolumeConfiguration": {
"transitEncryptionPort": null,
"fileSystemId": "fs-12835e8f",
"authorizationConfig": {
"iam": "DISABLED",
"accessPointId": null
},
"transitEncryption": "DISABLED",
"rootDirectory": "/data/concourese/web"
},
"name": "concourse-keys",
"host": null,
"dockerVolumeConfiguration": null
}
],
"tags": []
}
- 定義worker任務
{
"ipcMode": null,
"executionRoleArn": "xxxx/ecsTaskExecutionRole",
"containerDefinitions": [
{
"dnsSearchDomains": null,
"environmentFiles": null,
"logConfiguration": {
"logDriver": "awslogs",
"secretOptions": null,
"options": {
"awslogs-group": "/ecs/concourse-worker",
"awslogs-region": "cn-north-1",
"awslogs-stream-prefix": "ecs"
}
},
"entryPoint": null,
"portMappings": [],
"command": [
"worker"
],
"linuxParameters": null,
"cpu": 0,
"environment": [
{
"name": "CONCOURSE_TSA_HOST",
"value": "concourse-web.local:2222"
}
],
"resourceRequirements": null,
"ulimits": null,
"dnsServers": null,
"mountPoints": [
{
"readOnly": null,
"containerPath": "/concourse-keys",
"sourceVolume": "concourse-keys"
}
],
"workingDirectory": null,
"secrets": null,
"dockerSecurityOptions": null,
"memory": null,
"memoryReservation": null,
"volumesFrom": [],
"stopTimeout": null,
"image": "voss2018/concourse:6.5.1.1",
"startTimeout": null,
"firelensConfiguration": null,
"dependsOn": null,
"disableNetworking": null,
"interactive": null,
"healthCheck": null,
"essential": true,
"links": null,
"hostname": null,
"extraHosts": null,
"pseudoTerminal": null,
"user": null,
"readonlyRootFilesystem": null,
"dockerLabels": null,
"systemControls": null,
"privileged": true,
"name": "concourse-worker"
}
],
"memory": "4096",
"taskRoleArn": "xxxx/ecsTaskExecutionRole",
"family": "concourse-worker",
"pidMode": null,
"requiresCompatibilities": [
"EC2"
],
"networkMode": "awsvpc",
"cpu": "1024",
"inferenceAccelerators": null,
"proxyConfiguration": null,
"volumes": [
{
"efsVolumeConfiguration": {
"transitEncryptionPort": null,
"fileSystemId": "fs-12835e8f",
"authorizationConfig": {
"iam": "DISABLED",
"accessPointId": null
},
"transitEncryption": "DISABLED",
"rootDirectory": "/data/concourese/worker"
},
"name": "concourse-keys",
"host": null,
"dockerVolumeConfiguration": null
}
],
"placementConstraints": [],
"tags": []
}
- 創建cluster platform,利用下面的cluster模板創建,并且添加一臺EC2實體,以及配置必要的VPC,安全組
EC2 Linux + 聯網 要創建的資源: 集群 VPC 子網 帶 Linux AMI 的 Auto Scaling 組
- 在Platform cluster中創建service:concourse-db
- 在platform cluster中創建concourse-web service
- 在platform cluster中創建concourse-worker service
- 確認三個service是否正常Running
- 配置負載均衡,登錄concourse web
轉載請註明出處,本文鏈接:https://www.uj5u.com/qita/247719.html
標籤:其他