From 426463660a952f3251bae0cdaf4ba8e6778fe204 Mon Sep 17 00:00:00 2001 From: Joe Bailey Date: Sun, 12 Feb 2023 17:42:59 -0800 Subject: [PATCH] Got the codepipeline nearly done, need to get the updated docker file in main. --- Dockerfile | 2 +- infra/templates/deployment-pipeline.yaml | 52 +++++---- infra/templates/ecs-cluster.yaml | 130 ++--------------------- infra/templates/service.yaml | 95 ++++++++--------- 4 files changed, 80 insertions(+), 199 deletions(-) diff --git a/Dockerfile b/Dockerfile index fd7caee0e..12b89f4d0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,3 +1,3 @@ -FROM openjdk:8-jdk-alpine +FROM openjdk:20-ea-17-jdk COPY target/spring-petclinic-3.0.0-SNAPSHOT.jar spring-petclinic-3.0.0-SNAPSHOT.jar ENTRYPOINT ["java","-jar","/spring-petclinic-3.0.0-SNAPSHOT.jar"] diff --git a/infra/templates/deployment-pipeline.yaml b/infra/templates/deployment-pipeline.yaml index 2aa845e05..a924d1301 100644 --- a/infra/templates/deployment-pipeline.yaml +++ b/infra/templates/deployment-pipeline.yaml @@ -29,6 +29,7 @@ Parameters: Type: String Resources: + BlueGreenFlipLambda: Type: AWS::Lambda::Function Properties: @@ -44,19 +45,20 @@ Resources: Role: !GetAtt BlueGreenFlipLambdaRole.Arn BlueGreenFlipLambdaRole: - Type: AWS::IAM::Role - Properties: - #RoleName: !Sub lambda-${GitHubRepo}-blue-green-swap-role - AssumeRolePolicyDocument: - Version: "2012-10-17" - Statement: - - Effect: Allow - Principal: - Service: - - lambda.amazonaws.com - Action: - - sts:AssumeRole - Path: / + Type: AWS::IAM::Role + Properties: + #RoleName: !Sub lambda-${GitHubRepo}-blue-green-swap-role + AssumeRolePolicyDocument: + Version: "2012-10-17" + Statement: + - + Effect: Allow + Principal: + Service: + - lambda.amazonaws.com + Action: + - sts:AssumeRole + Path: / BlueGreenFlipLambdaPolicy: Type: AWS::IAM::Policy @@ -65,20 +67,23 @@ Resources: PolicyDocument: Version: "2012-10-17" Statement: - - Effect: Allow + - + Effect: Allow Action: - elasticloadbalancing:* - codepipeline:PutJobFailureResult - codepipeline:PutJobSuccessResult Resource: "*" - - Effect: Allow + - + Effect: Allow Action: - logs:CreateLogGroup - logs:CreateLogStream - logs:PutLogEvents Resource: arn:aws:logs:*:*:* Roles: - - !Ref BlueGreenFlipLambdaRole + - + !Ref BlueGreenFlipLambdaRole Repository: Type: AWS::ECR::Repository @@ -212,10 +217,9 @@ Resources: phases: # install: # commands: - # - apt-get update -y - # - apt-get -y install python-pip - # - pip install --upgrade python - # - pip install --upgrade awscli + # - apt-get update && apt-get -y install python-pip + # - pip install --upgrade python + # - pip install --upgrade awscli pre_build: commands: - printenv @@ -259,9 +263,9 @@ Resources: phases: # install: # commands: - # - pip install --upgrade python - # - pip install --upgrade awscli - # - pip install --upgrade boto3 + # - pip install --upgrade python + # - pip install --upgrade awscli + # - pip install --upgrade boto3 pre_build: commands: - printenv @@ -413,6 +417,8 @@ Resources: } RunOrder: 3 + + Outputs: PipelineUrl: Value: !Sub https://console.aws.amazon.com/codepipeline/home?region=${AWS::Region}#/view/${Pipeline} diff --git a/infra/templates/ecs-cluster.yaml b/infra/templates/ecs-cluster.yaml index 52331ecd6..8f8dc4ac3 100644 --- a/infra/templates/ecs-cluster.yaml +++ b/infra/templates/ecs-cluster.yaml @@ -41,137 +41,13 @@ Parameters: S3 Bucket used for nested templates -Mappings: - AWSRegionToAMI: - us-east-1: - AMI: ami-71ef560b - us-east-2: - AMI: ami-1b8ca37e - us-west-1: - AMI: ami-e5cdf385 - us-west-2: - AMI: ami-a64d9ade - eu-west-1: - AMI: ami-014ae578 - eu-west-2: - AMI: ami-4f8d912b - eu-central-1: - AMI: ami-4255d32d - ap-northeast-1: - AMI: ami-3405af52 - ap-southeast-1: - AMI: ami-134e0670 - ap-southeast-2: - AMI: ami-2ab95148 - ca-central-1: - AMI: ami-c802baac - - Resources: - ECSRole: - Type: AWS::IAM::Role - Properties: - Path: / - #RoleName: !Sub ecs-${AWS::StackName} - AssumeRolePolicyDocument: | - { - "Statement": [{ - "Effect": "Allow", - "Principal": { "Service": [ "ec2.amazonaws.com" ]}, - "Action": [ "sts:AssumeRole" ] - }] - } - ManagedPolicyArns: - - arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role - - InstanceProfile: - Type: AWS::IAM::InstanceProfile - Properties: - Path: / - Roles: - - !Ref ECSRole - - SecurityGroup: - Type: "AWS::EC2::SecurityGroup" - Properties: - GroupDescription: !Sub ${AWS::StackName}-hosts - SecurityGroupIngress: - - SourceSecurityGroupId: !GetAtt LoadBalancer.Outputs.SecurityGroup - IpProtocol: -1 - VpcId: !Ref VpcId Cluster: Type: AWS::ECS::Cluster Properties: ClusterName: !Ref AWS::StackName - AutoScalingGroup: - Type: AWS::AutoScaling::AutoScalingGroup - Properties: - VPCZoneIdentifier: - - !Ref Subnet1 - - !Ref Subnet2 - LaunchConfigurationName: !Ref LaunchConfiguration - MinSize: !Ref ClusterSize - MaxSize: !Ref ClusterSize - DesiredCapacity: !Ref ClusterSize - Tags: - - Key: Name - Value: !Sub ${AWS::StackName} - ECS Host - PropagateAtLaunch: true - CreationPolicy: - ResourceSignal: - Timeout: PT15M - UpdatePolicy: - AutoScalingRollingUpdate: - MinInstancesInService: 1 - MaxBatchSize: 1 - PauseTime: PT15M - WaitOnResourceSignals: true - - LaunchConfiguration: - Type: AWS::AutoScaling::LaunchConfiguration - Metadata: - AWS::CloudFormation::Init: - config: - commands: - 01_add_instance_to_cluster: - command: !Sub echo ECS_CLUSTER=${Cluster} > /etc/ecs/ecs.config - files: - "/etc/cfn/cfn-hup.conf": - mode: 000400 - owner: root - group: root - content: !Sub | - [main] - stack=${AWS::StackId} - region=${AWS::Region} - "/etc/cfn/hooks.d/cfn-auto-reloader.conf": - content: !Sub | - [cfn-auto-reloader-hook] - triggers=post.update - path=Resources.ContainerInstances.Metadata.AWS::CloudFormation::Init - action=/opt/aws/bin/cfn-init -v --region ${AWS::Region} --stack ${AWS::StackName} --resource LaunchConfiguration - services: - sysvinit: - cfn-hup: - enabled: true - ensureRunning: true - files: - - /etc/cfn/cfn-hup.conf - - /etc/cfn/hooks.d/cfn-auto-reloader.conf - Properties: - ImageId: !FindInMap [ AWSRegionToAMI, !Ref "AWS::Region", AMI ] - InstanceType: !Ref InstanceType - IamInstanceProfile: !Ref InstanceProfile - SecurityGroups: - - !Ref SecurityGroup - UserData: - "Fn::Base64": !Sub | - #!/bin/bash - yum install -y aws-cfn-bootstrap - /opt/aws/bin/cfn-init -v --region ${AWS::Region} --stack ${AWS::StackName} --resource LaunchConfiguration - /opt/aws/bin/cfn-signal -e $? --region ${AWS::Region} --stack ${AWS::StackName} --resource AutoScalingGroup LoadBalancer: Type: AWS::CloudFormation::Stack @@ -198,6 +74,9 @@ Resources: Repository: !Ref Repository Identifier: "Code2" IsProduction: False + Subnet1 : !Ref Subnet1 + Subnet2 : !Ref Subnet2 + ALBSg : !GetAtt LoadBalancer.Outputs.SecurityGroup BlueService: Type: AWS::CloudFormation::Stack @@ -213,6 +92,9 @@ Resources: Repository: !Ref Repository Identifier: "Code1" IsProduction: True + Subnet1 : !Ref Subnet1 + Subnet2 : !Ref Subnet2 + ALBSg : !GetAtt LoadBalancer.Outputs.SecurityGroup Outputs: diff --git a/infra/templates/service.yaml b/infra/templates/service.yaml index 1d0455aa7..a2d6cc5bf 100644 --- a/infra/templates/service.yaml +++ b/infra/templates/service.yaml @@ -31,6 +31,15 @@ Parameters: IsProduction: Type: String + Subnet1: + Type: String + + Subnet2: + Type: String + + ALBSg: + Type: String + Resources: LoadBalancerListener: Type: AWS::ElasticLoadBalancingV2::Listener @@ -46,6 +55,7 @@ Resources: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: VpcId: !Ref VpcId + TargetType: ip Port: !Ref Port Protocol: HTTP Matcher: @@ -79,87 +89,70 @@ Resources: ListenerArn: !Ref LoadBalancerListener Priority: 1 - ECSServiceRole: + TaskIamRole: Type: AWS::IAM::Role Properties: - #RoleName: !Sub ecs-service-${AWS::StackName} Path: / AssumeRolePolicyDocument: | { "Statement": [{ "Effect": "Allow", - "Principal": { "Service": [ "ecs.amazonaws.com" ]}, + "Principal": { "Service": [ "ecs-tasks.amazonaws.com" ]}, "Action": [ "sts:AssumeRole" ] }] } ManagedPolicyArns: - - arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole + - arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly + - arn:aws:iam::aws:policy/CloudWatchLogsFullAccess + SecurityGroup: + Type: AWS::EC2::SecurityGroup + Properties: + GroupDescription: !Sub ${AWS::StackName} + SecurityGroupIngress: + - SourceSecurityGroupId: !Ref ALBSg + IpProtocol: -1 + VpcId: !Ref VpcId Service: Type: AWS::ECS::Service Properties: Cluster: !Ref Cluster - Role: !Ref ECSServiceRole DesiredCount: !Ref DesiredCount + LaunchType: FARGATE TaskDefinition: !Ref TaskDefinition - # CapacityProviderStrategy: - # - CapacityProvider: FARGATE - # - Base: 0 - # - Weight: 1 LoadBalancers: - ContainerName: simple-app - ContainerPort: 80 + ContainerPort: 8080 TargetGroupArn: !Ref TargetGroup - # NetworkConfiguration: - # - AwsvpcConfiguration: - # - AssignPublicIp: ENABLED - # - SecurityGroups: - # - Ref: SecurityGroupIDs - # - Subnets: !!omap - # - Ref: SubnetIDs - PlatformVersion: LATEST - # DeploymentConfiguration: - # - MaximumPercent: 200 - # - MinimumHealthyPercent: 100 - # - DeploymentCircuitBreaker: - # - Enable: true - # - Rollback: true - # DeploymentController: - # - Type: ECS - # ServiceConnectConfiguration: - # - Enabled: false + NetworkConfiguration: + AwsvpcConfiguration: + AssignPublicIp: ENABLED #MENTION DISABLED if in private subnet with NAT gateway + SecurityGroups: + - !GetAtt SecurityGroup.GroupId + Subnets: + - !Ref Subnet1 + - !Ref Subnet2 TaskDefinition: Type: AWS::ECS::TaskDefinition Properties: - Family: !Sub ${AWS::StackName}-simple-app + Cpu: 512 + Memory: 512 + NetworkMode: awsvpc + RequiresCompatibilities: + - FARGATE + ExecutionRoleArn: !GetAtt TaskIamRole.Arn ContainerDefinitions: - Name: simple-app Image: !Sub ${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/${Repository}:${Tag} - EntryPoint: - - /usr/sbin/apache2 - - -D - - FOREGROUND + # EntryPoint: + # - /usr/sbin/apache2 + # - -D + # - FOREGROUND Essential: true - Memory: 128 - MountPoints: - - SourceVolume: my-vol - ContainerPath: /var/www/my-vol + Memory: 512 PortMappings: - - ContainerPort: 80 + - ContainerPort: 8080 Environment: - Name: Tag Value: !Ref Tag - - Name: busybox - Image: busybox - EntryPoint: - - sh - - -c - Essential: false - Memory: 128 - VolumesFrom: - - SourceContainer: simple-app - Command: - - /bin/sh -c "while true; do /bin/date > /var/www/my-vol/date; sleep 1; done" - Volumes: - - Name: my-vol