ã©ã‚‚ã€ECS ã¯æœ€è¿‘全然触れã¦ã„ãªã„ã‹ã£ã±ã§ã™ã€‚
追記
AWS CLI ã®ã§ã‚‚æ“作ã—ã¦ã¿ãŸã€‚
tl;dr
先日ã€AWS Application Load Balancer ãŒãƒªãƒªãƒ¼ã‚¹ã•ã‚Œã¦ã€Amazon ECS ã® Dynamic Port Mapping ã«ã‚‚対応ã•ã‚ŒãŸã¨ã®ã“ã¨ã§ã€ECS 㨠Application Load Balancer ã®çµ„ã¿åˆã‚ã›ã‚’試行錯誤ã—ã¦ã„る。内容ãªèªè˜ç‰ã«èª¤ã‚ŠãŒã‚ã‚‹ã‹ã‚‚ã—ã‚Œãªã„ã®ã§ã”容赦下ã•ã„。
- https://aws.amazon.com/jp/blogs/aws/powerful-aws-platform-features-now-for-containers/
- https://aws.amazon.com/jp/blogs/aws/new-aws-application-load-balancer/
試ã—ãŸç’°å¢ƒ
手元ã®ç’°å¢ƒ
% sw_vers ProductName: Mac OS X ProductVersion: 10.11.6 BuildVersion: 15G24b % ecs-cli --version ecs-cli version 0.4.2 (9159726)
ECS
- amzn-ami-2016.03.f-amazon-ecs-optimized (ami-ed26e78c)
- ECS ã®ã‚¯ãƒ©ã‚¹ã‚¿ã¯ ecs-cli ã§ä½œæˆæ¸ˆã¿
- マãƒã‚¸ãƒ¡ãƒ³ãƒˆã‚³ãƒ³ã‚½ãƒ¼ãƒ«ã‚ˆã‚Š ECS ã® Service を作æˆã—ã¦ã„ã
- Service 内ã§èµ·å‹•ã™ã‚‹ Task ã¯ã‚³ãƒ³ãƒ†ãƒŠè‡ªèº«ã®ãƒ›ã‚¹ãƒˆåを返㙠Sinatra アプリケーション(コンテナ内㧠4567 ãƒãƒ¼ãƒˆã§ Listen ã™ã‚‹ï¼‰
memo
以下ã€æ®´ã‚Šæ›¸ã。(後ã§æ•´ç†ã™ã‚‹ã‹ã‚‚)
- 事å‰ã« Application Load Balancer を作ã£ã¦ãŠã(以後ã€Application Load Balancer ã‚’ ALB ã¨è¨˜ã™ï¼‰
- ALB 作æˆã®éš›ã«ã¯ã‚¿ãƒ¼ã‚²ãƒƒãƒˆã‚°ãƒ«ãƒ¼ãƒ—を一ã¤ä½œã‚‹å¿…è¦ãŒã‚る(ターゲットã«ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã‚’登録ã™ã‚‹å¿…è¦ã¯ç„¡ã„)
ターゲットグループを消ã™æ™‚ã«ã¯ALB を消ã—ã¦ã‹ã‚‰ã‚¿ãƒ¼ã‚²ãƒƒãƒˆã‚°ãƒ«ãƒ¼ãƒ—を削除ã—ãŸæ–¹ãŒè‰¯ã•ãã†ï¼ˆãƒªã‚¹ãƒŠãƒ¼ã®å®šç¾©ã‚’å…ˆã«æ¶ˆã›ã°è‰¯ã„)- 下図ã®ã‚ˆã†ã« ECS ã® Service 作æˆæ™‚ã« ALB を指定ã™ã‚‹ã“ã¨ãŒå‡ºæ¥ã‚‹ï¼ˆã‚¿ãƒ¼ã‚²ãƒƒãƒˆã‚°ãƒ«ãƒ¼ãƒ—ãŒç”Ÿæˆã•ã‚Œã‚‹ï¼‰
ecsServiceRole ã¨ã„ㆠIAM Role ãŒä»˜ä¸Žã•ã‚Œã‚‹ã€‚ã“ã® Role ã«ã¯ AmazonEC2ContainerServiceRole ã¨ã„ã†ãƒžãƒã‚¸ãƒ¡ãƒ³ãƒˆãƒãƒªã‚·ãƒ¼ãŒé©ç”¨ã•ã‚Œã¦ã„る。
- æ—¢å˜ã® ECS Service ã«ã¯è¿½åŠ 出æ¥ãªã„?(Service 作æˆæ™‚ã®ã¿ ELB 定義ãŒå‡ºæ¥ã‚‹ã‚ˆã†ã )
- Container Instance ã«ä»˜ã‘ã‚‹ Security Group 㯠ALB ã«ä»˜ä¸Žã—㟠Security Group ã‹ã‚‰ Container ã® Dynamic Port ã«ã‚¢ã‚¯ã‚»ã‚¹å‡ºæ¥ã‚‹ã‚ˆã†ãªãƒ«ãƒ¼ãƒ«ã‚’定義ã—ã¦ãŠã
source: public-access protocol: TCP port range: 0-65535
- ALB ã‹ã‚‰ã¯ã‚³ãƒ³ãƒ†ãƒŠã¯ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã¨ã—ã¦è¦‹ãˆã¦ã„ã‚‹
- ルーティングã®ãƒ«ãƒ¼ãƒ«ã¯ãƒãƒ¼ãƒ‰ãƒãƒ©ãƒ³ã‚µãƒ¼ã®ä¸€è¦§ã«ã¦è©²å½“ã® ALB を指定ã—ã¦ãƒªã‚¹ãƒŠãƒ¼ã§ä¿®æ£ã™ã‚‹
/* ã¨ã—ã¦ãŠãã¨ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã®ãƒªã‚¯ã‚¨ã‚¹ãƒˆã‚’ãã®ã¾ã¾ãƒãƒƒã‚¯ã‚¨ãƒ³ãƒ‰ã«æµã™ã‚ˆã†ãªæŒ™å‹•ã«ãªã£ãŸã€‚
- ALB ã«ç™»éŒ²ã•ã‚ŒãŸã‚³ãƒ³ãƒ†ãƒŠã«ã‚¢ã‚¯ã‚»ã‚¹ã—ã¦ã¿ã‚‹
% curl -v alb-ecs-demo-xxxxxxxxxxxxxx.ap-northeast-1.elb.amazonaws.com/hostname * Trying 54.xx.xxx.xxx... * Connected to alb-ecs-demo-xxxxxxxxxxxxxx.ap-northeast-1.elb.amazonaws.com (54.xx.xxx.xxx) port 80 (#0) > GET /hostname HTTP/1.1 > Host: alb-ecs-demo-xxxxxxxxxxxxxx.ap-northeast-1.elb.amazonaws.com > User-Agent: curl/7.43.0 > Accept: */* > < HTTP/1.1 200 OK < Date: Sat, 13 Aug 2016 01:39:01 GMT < Content-Type: text/html;charset=utf-8 < Content-Length: 12 < Connection: keep-alive < X-XSS-Protection: 1; mode=block < X-Content-Type-Options: nosniff < X-Frame-Options: SAMEORIGIN < * Connection #0 to host alb-ecs-demo-xxxxxxxxxxxxxx.ap-northeast-1.elb.amazonaws.com left intact 59294f32f412
- 当ãŸã‚Šå‰ã ã®ã‚¯ãƒ©ãƒƒã‚«ãƒ¼ã ã‘ã© Task ã®ã‚¹ã‚±ãƒ¼ãƒ«ã‚¢ã‚¦ãƒˆã«ã‚‚追éšã—ã¦ãれる
# # Task ã‚’ 3 ã¤ã«å¢—ã‚„ã—ãŸå¾Œã«ã‚¢ã‚¯ã‚»ã‚¹ # % curl alb-ecs-demo-1930795025.ap-northeast-1.elb.amazonaws.com/hostname 79a796b62150% % curl alb-ecs-demo-1930795025.ap-northeast-1.elb.amazonaws.com/hostname 68cb8177a441% % curl alb-ecs-demo-1930795025.ap-northeast-1.elb.amazonaws.com/hostname 59294f32f412%
ã¾ã¨ã¾ã£ã¦ãªã„ã‘ã©ã¾ã¨ã‚
- ã¾ã•ã«ç”£æ¥é©å‘½
- Dynamic Port Mapping ã‚„ã‚Šãã‚Šã™ã‚‹ç‚ºã« HAProxy ã¨ã‹å…¥ã‚Œãªãã¦ã‚‚良ããªã£ãŸã®ã¯å¬‰ã—ã„
- 後㧠CLI ã§ã‚‚ã‚„ã£ã¦ã¿ã‚‹
