我尝试AWS CodeDeploy进行ECS蓝/绿部署。
我使用地形来定义代码部署。
这低于我的地形代码。
resource "aws_codedeploy_app" "ecs_dev" {
compute_platform = "ECS"
name = "code-deploy-ecs-${local.env}"
}
resource "aws_codedeploy_deployment_group" "ecs_dev" {
app_name = aws_codedeploy_app.ecs_dev.name
deployment_config_name = "CodeDeployDefault.ECSAllAtOnce"
deployment_group_name = "ecs-dev"
service_role_arn = aws_iam_role.code_deploy_ecs.arn
auto_rollback_configuration {
enabled = true
events = ["DEPLOYMENT_FAILURE"]
}
deployment_style {
deployment_option = "WITH_TRAFFIC_CONTROL"
deployment_type = "BLUE_GREEN"
}
blue_green_deployment_config {
deployment_ready_option {
action_on_timeout = "CONTINUE_DEPLOYMENT"
}
terminate_blue_instances_on_deployment_success {
action = "TERMINATE"
termination_wait_time_in_minutes = 10
}
}
ecs_service {
cluster_name = "cluster-name"
service_name = "ecs-dev"
}
load_balancer_info {
target_group_pair_info {
prod_traffic_route {
listener_arns = "listener_arn" # created from aws console
}
# green
target_group {
name = "green-target-group" # created from aws console
}
# blue
target_group {
name = aws_lb_target_group.blue.name
}
}
}
}
resource "aws_lb_target_group" "blue" {
name = "blue-target-group"
port = 80
protocol = "HTTP"
vpc_id = "ecs-vpc"
target_type = "instance"
health_check {
interval = 30
timeout = 5
healthy_threshold = 5
unhealthy_threshold = 2
protocol = "HTTP"
port = "traffic-port"
path = each.value.health_check_path
}
}
当我成功地配置了CodeDeploy本身并在ECS中部署了一个新任务时,出现了以下错误。
The ELB could not be updated due to the following error: Primary taskset target group is not behind any rule for listener
我不清楚这意味着什么。如果你想知道任何其他信息,我会提供。
谢谢你抽出时间。
云服务器蓝/绿部署的目标组应该附加到某个负载均衡器上,因此为目标组添加一个监听器和规则。在我的案例中,我通过data添加了具有固定端口的侦听器,并通过添加规则来附加目标组。
# Code Deploy
resource "aws_codedeploy_app" "new" {
compute_platform = "ECS"
name = local.name_code_deploy
}
resource "aws_codedeploy_deployment_group" "new" {
app_name = aws_codedeploy_app.new.name
deployment_group_name = local.name_deployment_group
deployment_config_name = "CodeDeployDefault.ECSAllAtOnce"
service_role_arn = "arn:${var.partition}:iam::${var.account}:role/AWSCodeDeployRoleForECS"
auto_rollback_configuration {
enabled = true
events = ["DEPLOYMENT_FAILURE"]
}
blue_green_deployment_config {
deployment_ready_option {
action_on_timeout = "CONTINUE_DEPLOYMENT"
}
terminate_blue_instances_on_deployment_success {
action = "TERMINATE"
termination_wait_time_in_minutes = 0
}
}
deployment_style {
deployment_option = "WITH_TRAFFIC_CONTROL"
deployment_type = "BLUE_GREEN"
}
ecs_service {
cluster_name = data.aws_ecs_cluster.default.cluster_name
service_name = aws_ecs_service.new.name
}
load_balancer_info {
target_group_pair_info {
prod_traffic_route {
listener_arns = [data.aws_lb_listener.default.arn]
}
target_group {
name = aws_lb_target_group.blue.name
}
target_group {
name = aws_lb_target_group.green.name
}
}
}
}
# ECS Service
resource "aws_ecs_service" "new" {
name = local.name_ecs_service
cluster = data.aws_ecs_cluster.default.id
desired_count = var.service_count
deployment_controller {
type = "CODE_DEPLOY"
}
enable_ecs_managed_tags = true
enable_execute_command = true
launch_type = "FARGATE"
scheduling_strategy = "REPLICA"
health_check_grace_period_seconds = 120
load_balancer {
target_group_arn = aws_lb_target_group.green.arn # Blue/Green Check!
container_name = local.name_ecs_container
container_port = var.task_port
}
network_configuration {
subnets = var.subnets_web
security_groups = [
aws_security_group.ecs_service.id
]
assign_public_ip = false
}
propagate_tags = "SERVICE"
task_definition = aws_ecs_task_definition.new.family
lifecycle {
ignore_changes = [
task_definition,
desired_count
]
}
}
# ELB Listener
resource "aws_lb_target_group" "blue" {
name = local.name_tg_blue
port = var.task_port
protocol = "HTTP"
target_type = "ip"
vpc_id = data.aws_vpc.default.id
health_check {
enabled = true
path = var.alb_health_path
healthy_threshold = 2
unhealthy_threshold = 3
}
}
resource "aws_lb_target_group" "green" {
name = local.name_tg_green
port = var.task_port
protocol = "HTTP"
target_type = "ip"
vpc_id = data.aws_vpc.default.id
health_check {
enabled = true
path = var.alb_health_path
healthy_threshold = 2
unhealthy_threshold = 3
}
}
resource "aws_lb_listener_rule" "new" {
listener_arn = data.aws_lb_listener.default.arn
action {
type = "forward"
target_group_arn = aws_lb_target_group.green.arn # Blue/Green Check!
}
condition {
host_header {
values = var.alb_domain
}
}
}
# Other resources
data "aws_vpc" "default" {
id = var.vpc_id
}
data "aws_ecs_cluster" "default" {
cluster_name = var.cluster_name
}
data "aws_lb" "default" {
name = var.alb_front_name
}
data "aws_lb_listener" "default" {
load_balancer_arn = data.aws_lb.default.arn
port = var.listener_port
}
请检查您的服务(ECS服务(的TargetGroupArn
LoadBalancers:
- ContainerName: xxx
ContainerPort: 443
TargetGroupArn: {LISTNER_ARN}
创建部署组时必须使用的确切名称
LoadBalancerInfo:
TargetGroupPairInfoList:
- TargetGroups:
- Name: tg-1"
- Name: tg-2"
ProdTrafficRoute:
ListenerArns: {SAME_LISTNER_ARN}
我已将其突出显示为{LISTNER_ARN}