我们使用CDK,并且我们开始在 ECS 服务中使用服务发现(因此,服务器到服务器而不是客户端到服务器)。这意味着我们不需要 ALB(至少目前,也许我们可以稍后重新考虑这个选择)。
不幸的是,用于构建 ECS 服务的 CDK 模式 (
ecs_patterns.ApplicationLoadBalancedFargateService这个想法基本上是“移植”AWS 的本教程,从使用 AWS CLI 到使用 CDK。
问题是:是否有人已经这样做并想要分享它或者知道 CDK Patterns 没有该选项的原因?(如果没有人要共享它,我们会这样做,然后当然会共享它;我认为这个选项应该立即出现在 CDK 中,这只是一个不要在“只是”配置问题上浪费时间的问题 - 除非有一些东西我们在这里没有看到...)。
/*
* ECS Fargate with service discovery but without Load Balancing
*/
import * as cdk from "@aws-cdk/core";
import * as ec2 from "@aws-cdk/aws-ec2";
import * as ecs from "@aws-cdk/aws-ecs";
import * as servicediscovery from "@aws-cdk/aws-servicediscovery";
import * as iam from "@aws-cdk/aws-iam";
import * as logs from "@aws-cdk/aws-logs";
import { DnsRecordType } from "@aws-cdk/aws-servicediscovery";
export class EcsServiceDiscoveryStack extends cdk.Stack {
constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
const serviceName = "zambulo";
const namespace = "caludio.magic";
const vpc = ec2.Vpc.fromLookup(this, "VPC", {
isDefault: true,
});
const cluster = new ecs.Cluster(this, "EcsServiceDiscovery", {
vpc: vpc,
});
const dnsNamespace = new servicediscovery.PrivateDnsNamespace(
this,
"DnsNamespace",
{
name: namespace,
vpc: vpc,
description: "Private DnsNamespace for my Microservices",
}
);
const taskrole = new iam.Role(this, "ecsTaskExecutionRole", {
assumedBy: new iam.ServicePrincipal("ecs-tasks.amazonaws.com"),
});
taskrole.addManagedPolicy(
iam.ManagedPolicy.fromAwsManagedPolicyName(
"service-role/AmazonECSTaskExecutionRolePolicy"
)
);
/*
* Check the doc for the allowed cpu/mem combiations:
* https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-ecs.FargateTaskDefinition.html
*/
const serviceTaskDefinition = new ecs.FargateTaskDefinition(
this,
`${serviceName}ServiceTaskDef`,
{
cpu: 256,
memoryLimitMiB: 512,
taskRole: taskrole,
}
);
const serviceLogGroup = new logs.LogGroup(
this,
`${serviceName}ServiceLogGroup`,
{
logGroupName: `/ecs/${serviceName}Service`,
removalPolicy: cdk.RemovalPolicy.DESTROY,
}
);
/* Fargate only support awslog driver */
const serviceLogDriver = new ecs.AwsLogDriver({
logGroup: serviceLogGroup,
streamPrefix: `${serviceName}Service`,
});
/*
* If you chose a public image from the registry (like in this case),
* the `assignPublicIp` in the Fargate definition (below) must be true
*/
const serviceContainer = serviceTaskDefinition.addContainer(
`${serviceName}ServiceContainer`,
{
image: ecs.ContainerImage.fromRegistry("amazon/amazon-ecs-sample"),
logging: serviceLogDriver,
}
);
serviceContainer.addPortMappings({
containerPort: 80,
});
const serviceSecGrp = new ec2.SecurityGroup(
this,
`${serviceName}ServiceSecurityGroup`,
{
allowAllOutbound: true,
securityGroupName: `${serviceName}ServiceSecurityGroup`,
vpc: vpc,
}
);
serviceSecGrp.connections.allowFromAnyIpv4(ec2.Port.tcp(80));
new ecs.FargateService(this, `${serviceName}Service`, {
cluster: cluster,
taskDefinition: serviceTaskDefinition,
// Must be `true` when using public images
assignPublicIp: true,
// If you set it to 0, the deployment will finish succesfully anyway
desiredCount: 1,
securityGroup: serviceSecGrp,
cloudMapOptions: {
// This will be your service_name.namespace
name: serviceName,
cloudMapNamespace: dnsNamespace,
dnsRecordType: DnsRecordType.A,
},
});
}
}
我对 AWS Service Discovery 没有个人经验,但 CDK 似乎确实为其提供了 L2 构造。 除了服务发现之外,您还可以使用
aws-ecs 库创建 L2 FargateService 构造。