2021年2月24日水曜日

Terraform(fargate:nginx)

 terraformでfargate構成で作成を行ってみる。


[ファイル構成]
terraform-simple_nginx
  | ----- task-definitions
  |                  |-----fargate-task.json(Fargateのタスク定義ファイル)
  | 
ecs.tf         (ECS関連の設定情報)
elb.tf         (ELB関連の設定情報)
network.tf (VPCなどのネットワーク関連の設定情報)
provider.tf
 

fargate-task.json
[
{
"name": "mongo",
"image": "nginx:latest",
"portMappings": [
{
"containerPort": 80,
"hostPort": 80,
"protocol": "tcp"
}
],
"healthCheck": {
"command": [
"CMD-SHELL", "curl -f http://localhost/ || exit 1"
],
"interval": 30,
"timeout": 5,
"retries": 3,
"startPeriod": 0
}
}
]


ecs.tf
##################
# ecs cluster
##################
resource "aws_ecs_cluster" "foo" {
name = "foo-cluster"

setting {
name = "containerInsights"
value = "disabled"
}
}

#####################
# Task Definition
#####################
resource "aws_ecs_task_definition" "foo" {
family = "mongo"
container_definitions = file("./task-definitions/fargate-task.json")
requires_compatibilities = ["FARGATE"]
network_mode = "awsvpc"
cpu = "256"
memory = "512"
execution_role_arn = "arn:aws:iam::●:role/ecsTaskExecutionRole"
}

####################
# Service
####################
resource "aws_ecs_service" "mongo" {
name = "mongo"
cluster = aws_ecs_cluster.foo.arn
task_definition = aws_ecs_task_definition.foo.arn
desired_count = 1
launch_type = "FARGATE"
platform_version = "1.3.0"
// health_check_grace_period_seconds = 60
depends_on = [aws_lb_listener.main]

network_configuration {
assign_public_ip = true # Default ->false
security_groups = [aws_security_group.alb.id]
subnets = [
aws_subnet.public1.id,
aws_subnet.public2.id,
]
}

load_balancer {
target_group_arn = aws_lb_target_group.foo.arn
container_name = "mongo"
container_port = 80
}

lifecycle {
ignore_changes = [task_definition]
}
}


elf.tf
######################
# ALB
######################

resource "aws_lb" "test" {
name = "foo-lb"
internal = false
load_balancer_type = "application"
security_groups = [aws_security_group.alb.id]
subnets = [aws_subnet.public1.id, aws_subnet.public2.id]
// enable_deletion_protection = true

tags = {
Environment = "production"
}
}

######################
# Security_group ALB
######################

resource "aws_security_group" "alb" {
name = "Terraform"
vpc_id = aws_vpc.main.id

ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}

egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}


#####################
# ALB_listener
#####################

resource "aws_lb_listener" "main" {
port = "80"
protocol = "HTTP"
load_balancer_arn = aws_lb.test.arn

default_action {
type = "forward"
target_group_arn = aws_lb_target_group.foo.arn
}
}

#####################
# listener_rule
#####################
resource "aws_lb_listener_rule" "static" {
listener_arn = aws_lb_listener.main.arn
priority = 1

action {
type = "forward"
target_group_arn = aws_lb_target_group.foo.arn
}

condition {
path_pattern {
values = ["/*"]
}
}
}


######################
# ALB_Target_group
######################
resource "aws_lb_target_group" "foo" {
name = "foo"
port = 80
protocol = "HTTP"
vpc_id = aws_vpc.main.id
target_type = "ip"
deregistration_delay = 300

health_check {
path = "/"
healthy_threshold = 5
unhealthy_threshold = 2
timeout = 5
interval = 30
matcher = 200
port = "traffic-port"
protocol = "HTTP"
}

lifecycle {
create_before_destroy = true
}

depends_on=[aws_lb.test]
}


network.tf
####################
# VPC
####################
resource "aws_vpc" "main" {
cidr_block = "172.32.0.0/16"
enable_dns_hostnames = true
enable_dns_support = true
instance_tenancy = "default"
tags = {
Name = "foo"
}
}


#####################
# Internet Gateway
#####################
resource "aws_internet_gateway" "example"{
vpc_id = aws_vpc.main.id
}


####################
# subnet
####################
resource "aws_subnet" "public1" {
vpc_id = aws_vpc.main.id
cidr_block = "172.32.16.0/20"
availability_zone = "ap-northeast-1c"
map_public_ip_on_launch = true
}

resource "aws_subnet" "public2" {
vpc_id = aws_vpc.main.id
cidr_block = "172.32.32.0/20"
availability_zone = "ap-northeast-1d"
map_public_ip_on_launch = true
}


######################
# Route table
######################
resource "aws_route_table" "public" {
vpc_id = aws_vpc.main.id
tags = {
Name = "foo"
}
}

resource "aws_route" "foo" {
route_table_id = aws_route_table.public.id
gateway_id = aws_internet_gateway.example.id
destination_cidr_block = "0.0.0.0/0"
}


######################
# Association
######################
resource "aws_main_route_table_association" "foo" {
vpc_id = aws_vpc.main.id # 紐づけたいVPCのIDを指定
route_table_id = aws_route_table.public.id # 紐付けたいルートテーブルのIDを指定
}

resource "aws_route_table_association" "public1" {
subnet_id = aws_subnet.public1.id # 紐づけたいサブネットのIDを指定
route_table_id = aws_route_table.public.id # 紐付けたいルートテーブルのIDを指定
}

resource "aws_route_table_association" "public2" {
subnet_id = aws_subnet.public2.id # 紐づけたいサブネットのIDを指定
route_table_id = aws_route_table.public.id # 紐付けたいルートテーブルのIDを指定
}


provider.tf
provider "aws" {
region = "ap-northeast-1"
}




1)terraformコマンドでFargate環境を作成を行う。
terraform apply


2)作成ができたら、以下のコマンドで環境を破壊する。
terraform terraform














0 件のコメント:

コメントを投稿

php log(ECS ログ出力)

# PHPエラーログの設定 ENV PHP_INI_DIR /usr/local/etc/php RUN { \ echo 'log_errors = On' ; \ echo 'error_log = /proc/self/...