参考资料
-
https://github.com/aws/copilot-cli
-
https://aws.github.io/copilot-cli/
-
https://github.com/aws-samples/amazon-ecs-cli-sample-app
-
https://ecsworkshop.com/microservices/frontend/#deploy-frontend-0
ecs的服务部署从头开始需要进行以下操作
- 创建vpc等网络基础设施
- 创建ecs集群
- 创建任务定义
- 创建ecs服务
- (可选)关联elb
- (可选)集成pipeline
以上各项手动完成比较费事,可以使用官方的copilot工具一键部署
关于应用和环境配置清单,https://aws.github.io/copilot-cli/docs/manifest/overview/
创建application并部署environment
应用程序是一组相关的服务、环境和管道的集合
copilot init
会初始化应用程序- Copilot 将该应用程序存储在 SSM 参数中
- 所有相关资源用
copilot-app
标记
copilot app init
# --domain my-awesome-app.aws \
# --resource-tags department=MyDept,team=MyTeam \
# --permissions-boundary my-pb-policy
自动使用cfn创建资源如下
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-znk0r512-1678514390016)(assets/image-20230311124608081.png)]
初始化环境,可以选择现有vpc环境
$ copilot env init
Environment name: dev
Credential source: [profile default]
Default environment configuration? No, I'd like to import existing resources
VPC: vpc-086xxxxxxxxe2ae
Public subnets: subnet-0270xxxxxxxxcdd (default-public-2b), subnet-077cxxxxxxxxxx37 (default-public-1a)
Private subnets: subnet-02axxxxxxxb9a087 (default-private-nat-1a), subnet-0a7xxxxxxxxxxfa (default-private-nat-2b)
✔ Wrote the manifest for environment dev at copilot/environments/dev/manifest.yml
- Update regional resources with stack set "test-copilot-infrastructure" [succeeded] [0.0s]
- Update regional resources with stack set "test-copilot-infrastructure" [succeeded] [126.9s]
- Update resources in region "cn-north-1" [create complete] [126.2s]
- KMS key to encrypt pipeline artifacts between stages [create complete] [121.7s]
- S3 Bucket to store local artifacts [create in progress] [99.9s]
✔ Proposing infrastructure changes for the test-copilot-dev environment.
- Creating the infrastructure for the test-copilot-dev environment. [create complete] [30.7s]
- An IAM Role for AWS CloudFormation to manage resources [create complete] [11.5s]
- An IAM Role to describe resources in your environment [create complete] [10.5s]
✔ Provisioned bootstrap resources for environment dev in region cn-north-1 under application test-copilot.
Recommended follow-up actions:
- Update your manifest copilot/environments/dev/manifest.yml to change the defaults.
- Run `copilot env deploy --name dev` to deploy your environment.
创建如下资源
- kms密钥
- s3桶和桶策略,看样子是用来配置codepiple项目
查看env的配置文件
$ cat copilot/environments/dev/manifest.yml
name: dev
type: Environment
network:
vpc:
id: vpc-086x2ae
subnets:
public:
- id: subnet-027xxxxcdd
- id: subnet-077xa37
private:
- id: subnet-02axeb9a087
- id: subnet-0a7x79fa
# Configure the load balancers in your environment, once created.
# http:
# public:
# private:
observability:
container_insights: true
此时只是在app中配置了环境还未部署,下面在应用中创建环境
$ copilot env deploy --name dev
✔ Proposing infrastructure changes for the test-copilot-dev environment.
- Creating the infrastructure for the test-copilot-dev environment. [update complete] [59.3s]
- An ECS cluster to group your services [create complete] [6.1s]
- A security group to allow your containers to talk to each other [create complete] [0.0s]
- A private DNS namespace for discovering services within the environment [create complete] [43.2s]
仍旧通过cfn创建,包括如下资源
创建和部署service
只需要一行命令,选择backend不会创建elb
Copilot 将构建您的映像,将其推送到 Amazon ECR,并建立所有基础设施,以可伸缩和安全的方式运行您的服务
$ copilot init
Note: It's best to run this command in the root of your Git repository.
Welcome to the Copilot CLI! We're going to walk you through some questions
to help you get set up with a containerized application on AWS. An application is a collection of
containerized services that operate together.
Workload type: Backend Service
Service name: test-copilot-backend
Dockerfile: ./Dockerfile
Ok great, we'll set up a Backend Service named test-copilot-backend in application test-copilot listening on port 80.
✔ Proposing infrastructure changes for stack test-copilot-infrastructure-roles
✔ The directory copilot will hold service manifests for application test-copilot.
✔ Wrote the manifest for service test-copilot-backend at copilot/test-copilot-backend/manifest.yml
Your manifest contains configurations like your container size and port (:80).
- Update regional resources with stack set "test-copilot-infrastructure" [succeeded] [10.4s]
- Update resources in region "cn-north-1" [update complete] [7.8s]
- ECR container image repository for "test-copilot-backend" [create complete] [1.4s]
All right, you're all set for local development.
Deploy: No
No problem, you can deploy your service later:
- Run `copilot env init` to create your environment.
- Run `copilot deploy` to deploy your service.
- Be a part of the Copilot ✨community✨!
Ask or answer a question, submit a feature request...
Visit 👉 https://aws.github.io/copilot-cli/community/get-involved/ to see how!
当前目录结构如下
- 环境和service分别在不同路径下
- 默认使用当前路径下
Dockerfile
,也可以指定使用image
关于服务的具体配置
https://aws.github.io/copilot-cli/docs/concepts/services/
$ tree
.
├── copilot
│ ├── environments
│ │ └── dev
│ │ └── manifest.yml
│ └── test-backend-copilot
│ └── manifest.yml
└── Dockerfile
关于svc的支持很强大,有两个功能比较好
-
直接查看任务日志
-
生成cfn模板
-
exec调试
$ copilot svc
Commands for services.
Services are long-running ECS or App Runner services.
Usage
copilot svc [command]
Available Commands
init Creates a new service in an application.
ls Lists all the services in an application.
package Print the AWS CloudFormation template of a service.
deploy Deploys a service to an environment.
delete Deletes a service from an application.
show Shows info about a deployed service per environment.
status Shows status of a deployed service.
logs Displays logs of a deployed service.
exec Execute a command in a running container part of a service.
pause Pause running App Runner service.
resume Resumes a paused service.
部署服务,自动执行以下操作
- Build your image locally
- Push to your service’s ECR repository
- Convert your manifest file to CloudFormation
- Package any additional infrastructure into CloudFormation
- Deploy your updated service and resources to CloudFormation
$ copilot deploy
# 省略打包推送
✔ Proposing infrastructure changes for stack test-copilot-dev-test-copilot-backend
- Creating the infrastructure for stack test-copilot-dev-test-copilot-backend [create in progress] [69.3s]
- Service discovery for your services to communicate within the VPC [create complete] [0.0s]
- Update your environment's shared resources [create complete] [2.3s]
- An IAM role to update your environment stack [create complete] [14.7s]
- An IAM Role for the Fargate agent to make AWS API calls on your behalf [create complete] [8.8s]
- A CloudWatch log group to hold your service logs [create complete] [0.0s]
- An ECS service to run and maintain your tasks in the environment cluster [create in progress] [36.7s]
Deployments
Revision Rollout Desired Running Failed Pending
PRIMARY 1 [in progress] 1 0 0 1
- An ECS task definition to group your containers and run them on ECS [create complete] [0.0s]
- An IAM role to control permissions for the containers in your tasks [create complete] [12.5s]
在控制台中查看部署,任务已经运行中
尝试访问
$ curl -I 172.31.21.251
HTTP/1.1 200 OK
Server: nginx/1.23.3
Date: Sat, 11 Mar 2023 05:53:29 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Tue, 13 Dec 2022 15:53:53 GMT
Connection: keep-alive
ETag: "6398a011-267"
Accept-Ranges: bytes
在copilot查看日志,和控制台一致
$ copilot svc logs
Found only one deployed service test-copilot-backend in environment dev
copilot/test-copilot-back 2023/03/11 05:51:37 [notice] 1#1: using the "epoll" event method
copilot/test-copilot-back 2023/03/11 05:51:37 [notice] 1#1: nginx/1.23.3
copilot/test-copilot-back 2023/03/11 05:51:37 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
copilot/test-copilot-back 2023/03/11 05:51:37 [notice] 1#1: OS: Linux 5.10.162-141.675.amzn2.x86_64
copilot/test-copilot-back 2023/03/11 05:51:37 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1024:4096
copilot/test-copilot-back 2023/03/11 05:51:37 [notice] 1#1: start worker processes
copilot/test-copilot-back 2023/03/11 05:51:37 [notice] 1#1: start worker process 35
copilot/test-copilot-back 2023/03/11 05:51:37 [notice] 1#1: start worker process 36
copilot/test-copilot-back 127.0.0.1 - - [11/Mar/2023:05:53:23 +0000] "GET / HTTP/1.1" 200 615 "-" "curl/7.79.1" "-"
copilot/test-copilot-back 127.0.0.1 - - [11/Mar/2023:05:53:29 +0000] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.79.1" "-"
尝试直接exec到fargate中
$ copilot svc exec
Found only one deployed service test-copilot-backend in environment dev
Execute `/bin/sh` in container test-copilot-backend in task 0236ca7a1d9c419599f152d261b5b7e2.
Starting session with SessionId: ecs-execute-command-0620ce6158bed3e99
# ls
bin dev docker-entrypoint.sh home lib64 media opt root sbin sys usr
boot docker-entrypoint.d etc lib managed-agents mnt proc run srv tmp var
看到我们的linuxparams中配置是空的,不知道是怎么实现的居然能够直接exec
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-lRXMrqip-1678514390021)(assets/image-20230311135618749.png)]
删除服务
$ copilot svc delete
总结一下
- copilot很大程度上降低了配置ecs服务的复杂性
- 易用性方面要显著低于cdk
- 比起v1的ecs cli要要用得多
- 打印日志和exec调试能够节省排查故障的时间
- 后续可以尝试通过copilot创建pipeline项目