buildspec.yaml
進(jìn)行構(gòu)建,生成文件imageDetail.json
;imageDetail.json
中的 imageurl,放入環(huán)境變量IMAGE1_NAME
;taskdef.json
中的<IMAGE1_NAME>
替換為新的 URL,并請求 ECS RegisterTaskDefinition API 進(jìn)行新的任務(wù)定義注冊;appspec.yaml
中的<TASK_DEFINITION>
;appspec.yaml
的信息,發(fā)動 CreateDeployment API 開始透過 CodeDeploy 執(zhí)行藍(lán)綠布署。創(chuàng)建 ECR 鏡像倉庫,我所有的操作都是在 us-east-1 這個區(qū)域,操作的 IAM 用戶擁有 root 權(quán)限。
$ aws ecr create-repository --repository-name nginx-ecs --image-scanning-configuration scanOnPush=true --region us-east-1
{
"repository": {
"repositoryUri": "921283538843.dkr.ecr.us-east-1.amazonaws.com/nginx-ecs",
"imageScanningConfiguration": {
"scanOnPush": true
},
"registryId": "921283538843",
"imageTagMutability": "MUTABLE",
"repositoryArn": "arn:aws:ecr:us-east-1:921283538843:repository/nginx-ecs",
"repositoryName": "nginx-ecs",
"createdAt": 1580358204.0
}
}
codebuild 需要獲取 s3 等權(quán)限。
$ aws iam create-role --role-name AWSCodeBuildServiceRole --assume-role-policy-document '{"Version":"2012-10-17","Statement":{"Effect":"Allow","Principal":{"Service":"codebuild.amazonaws.com"},"Action":"sts:AssumeRole"}}'
創(chuàng)建 policy。
$ aws iam create-policy --policy-name AWSCodeBuildPolicy --policy-document https://raw.githubusercontent.com/wangzan18/codepipeline-ecs/master/awscli/AWSCodeBuildPolicy.json
{
"Policy": {
"PolicyName": "AWSCodeBuildPolicy",
"PermissionsBoundaryUsageCount": 0,
"CreateDate": "2020-01-30T09:34:36Z",
"AttachmentCount": 0,
"IsAttachable": true,
"PolicyId": "ANPA5NAGHF6NYARCBUGDT",
"DefaultVersionId": "v1",
"Path": "/",
"Arn": "arn:aws:iam::921283538843:policy/AWSCodeBuildPolicy",
"UpdateDate": "2020-01-30T09:34:36Z"
}
}
角色附加策略。
$ aws iam attach-role-policy --role-name AWSCodeBuildServiceRole --policy-arn arn:aws:iam::921283538843:policy/AWSCodeBuildPolicy
$ aws iam attach-role-policy --role-name AWSCodeBuildServiceRole --policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPowerUser
$ wget https://raw.githubusercontent.com/wangzan18/codepipeline-ecs/master/awscli/create-project.json
$ wget aws codebuild create-project --cli-input-json file://create-project.json
$ aws iam create-role --role-name AWSCodeDeployServiceRole --assume-role-policy-document '{"Version":"2012-10-17","Statement":{"Effect":"Allow","Principal":{"Service":"codedeploy.amazonaws.com"},"Action":"sts:AssumeRole"}}'
附加策略。
$ aws iam attach-role-policy --role-name AWSCodeDeployServiceRole --policy-arn arn:aws:iam::aws:policy/AWSCodeDeployRoleForECS
使用 create-load-balancer 命令創(chuàng)建 應(yīng)用程序負(fù)載均衡器。指定兩個不屬于同一可用區(qū)的子網(wǎng)以及一個安全組。
aws elbv2 create-load-balancer \
--name nginx-ecs-bluegreen-alb \
--subnets subnet-694b2b35 subnet-f5761192 \
--security-groups sg-cdc5cf8f \
--region us-east-1
使用 create-target-group 命令創(chuàng)建目標(biāo)組。此目標(biāo)組將流量路由到服務(wù)中的原始任務(wù)集。
aws elbv2 create-target-group \
--name bluegreentarget1 \
--protocol HTTP \
--port 80 \
--target-type ip \
--vpc-id vpc-ebff4c91 \
--region us-east-1
aws elbv2 create-target-group \
--name bluegreentarget2 \
--protocol HTTP \
--port 80 \
--target-type ip \
--vpc-id vpc-ebff4c91 \
--region us-east-1
使用 create-listener 命令創(chuàng)建負(fù)載均衡器偵聽器,該偵聽器帶有將請求轉(zhuǎn)發(fā)到目標(biāo)組的默認(rèn)規(guī)則。
aws elbv2 create-listener \
--load-balancer-arn arn:aws:elasticloadbalancing:us-east-1:921283538843:loadbalancer/app/nginx-ecs-bluegreen-alb/28cd5055a92630c1 \
--protocol HTTP \
--port 80 \
--default-actions Type=forward,TargetGroupArn=arn:aws:elasticloadbalancing:us-east-1:921283538843:targetgroup/bluegreentarget1/80b89a8c4e5f574d \
--region us-east-1
使用 create-cluster 命令創(chuàng)建要使用的名為 nginx-ecs-bluegreen 的集群。
aws ecs create-cluster \
--cluster-name nginx-ecs-bluegreen \
--region us-east-1
為 ECS task 創(chuàng)建執(zhí)行角色。
$ aws iam create-role --role-name AWSECSTaskServiceRole --assume-role-policy-document '{"Version":"2012-10-17","Statement":{"Effect":"Allow","Principal":{"Service":"ecs-tasks.amazonaws.com"},"Action":"sts:AssumeRole"}}'
附加策略 AmazonECSTaskExecutionRolePolicy。
$ aws iam attach-role-policy --role-name AWSECSTaskServiceRole --policy-arn arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
然后,使用您創(chuàng)建的 fargate-task.json 文件注冊任務(wù)定義。
$ wget https://raw.githubusercontent.com/wangzan18/codepipeline-ecs/master/awscli/fargate-task.json
$ aws ecs register-task-definition \
--cli-input-json file://fargate-task.json \
--region us-east-1
創(chuàng)建 ECS Service。
$ wget https://raw.githubusercontent.com/wangzan18/codepipeline-ecs/master/awscli/service-bluegreen.json
$ aws ecs create-service \
--cli-input-json file://service-bluegreen.json \
--region us-east-1
使用 create-application 命令創(chuàng)建 CodeDeploy 應(yīng)用程序。指定 ECS 計算平臺。
$ aws deploy create-application \
--application-name nginx-ecs \
--compute-platform ECS \
--region us-east-1
使用 create-deployment-group 命令創(chuàng)建 CodeDeploy 部署組。
$ wget https://raw.githubusercontent.com/wangzan18/codepipeline-ecs/master/awscli/deployment-group.json
$ aws deploy create-deployment-group \
--cli-input-json file://deployment-group.json \
--region us-east-1
如果您的 AWS 賬戶中還沒有 CodePipeline 服務(wù)角色,請創(chuàng)建一個。借助此服務(wù)角色,CodePipeline 可代表您與其他 AWS 服務(wù)進(jìn)行交互,包括 AWS CodeBuild。
$ aws iam create-role --role-name AWSCodePipelineServiceRole --assume-role-policy-document '{"Version":"2012-10-17","Statement":{"Effect":"Allow","Principal":{"Service":"codepipeline.amazonaws.com"},"Action":"sts:AssumeRole"}}'
為 codepipeline role 創(chuàng)建 policy,并將 policy 附加到 AWSCodePipelineServiceRole。
$ aws iam create-policy --policy-name AWSCodePipelineServiceRolePolicy --policy-document https://raw.githubusercontent.com/wangzan18/codepipeline-ecs/master/awscli/AWSCodePipelineServiceRolePolicy.json
{
"Policy": {
"PolicyName": "AWSCodePipelineServiceRolePolicy",
"PermissionsBoundaryUsageCount": 0,
"CreateDate": "2020-01-30T05:33:22Z",
"AttachmentCount": 0,
"IsAttachable": true,
"PolicyId": "ANPA5NAGHF6NULEJS574V",
"DefaultVersionId": "v1",
"Path": "/",
"Arn": "arn:aws:iam::921283538843:policy/AWSCodePipelineServiceRolePolicy",
"UpdateDate": "2020-01-30T05:33:22Z"
}
}
角色附加策略。
$ aws iam attach-role-policy --role-name AWSCodePipelineServiceRole --policy-arn arn:aws:iam::921283538843:policy/AWSCodePipelineServiceRolePolicy
$ wget https://raw.githubusercontent.com/wangzan18/codepipeline-ecs/master/awscli/create-pipeline.json
$ aws codepipeline create-pipeline --cli-input-json file://create-pipeline.json --region us-east-1
注意:文檔中的 OAuthToken 自己去 github 中去申請。
$ wget https://raw.githubusercontent.com/wangzan18/codepipeline-ecs/master/awscli/my-webhook.json
$ aws codepipeline put-webhook --cli-input-json file://my-webhook.json --region us-east-1
$ aws codepipeline register-webhook-with-third-party --webhook-name nginx-ecs-webhook --region us-east-1
相關(guān)參數(shù)可以根據(jù)自己情況填寫,參考文檔:https://docs.aws.amazon.com/zh_cn/codepipeline/latest/userguide/pipelines-webhooks-create.html。
獲得了 webhook 的相關(guān)信息之后,我們登陸 github,選擇相應(yīng)的存儲庫,
另外有需要云服務(wù)器可以了解下創(chuàng)新互聯(lián)scvps.cn,海內(nèi)外云服務(wù)器15元起步,三天無理由+7*72小時售后在線,公司持有idc許可證,提供“云服務(wù)器、裸金屬服務(wù)器、高防服務(wù)器、香港服務(wù)器、美國服務(wù)器、虛擬主機(jī)、免備案服務(wù)器”等云主機(jī)租用服務(wù)以及企業(yè)上云的綜合解決方案,具有“安全穩(wěn)定、簡單易用、服務(wù)可用性高、性價比高”等特點與優(yōu)勢,專為企業(yè)上云打造定制,能夠滿足用戶豐富、多元化的應(yīng)用場景需求。
網(wǎng)站名稱:借用AWS服務(wù)CodePipeling+ECS實-創(chuàng)新互聯(lián)
分享網(wǎng)址:http://redsoil1982.com.cn/article24/dggdje.html
成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián),為您提供App設(shè)計、網(wǎng)站維護(hù)、微信公眾號、微信小程序、網(wǎng)站排名、全網(wǎng)營銷推廣
聲明:本網(wǎng)站發(fā)布的內(nèi)容(圖片、視頻和文字)以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主,如果涉及侵權(quán)請盡快告知,我們將會在第一時間刪除。文章觀點不代表本網(wǎng)站立場,如需處理請聯(lián)系客服。電話:028-86922220;郵箱:631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載,或轉(zhuǎn)載時需注明來源: 創(chuàng)新互聯(lián)