让我们使用Rails和Nuxt3创建一个todo列表[REST-API/Terraform/Fargate]〜第6部分,蓝/绿部署的前半部分
首先
我想从头开始详细解释如何使用Rails和Nuxt3制作待办事项清单。
使用个人电脑时,请考虑使用Mac操作系统。
已完成的构图如下所示。
另外,GitHub仓库在这里。
每个系列如下所示。
使用Rails和Nuxt3创建一个todo列表[REST-API/Terraform/Fargate]〜第一部分,Rails基本设置
使用Rails和Nuxt3创建一个todo列表[REST-API/Terraform/Fargate]〜第二部分,Rails API
使用Rails和Nuxt3创建一个todo列表[REST-API/Terraform/Fargate]〜第三部分,Nuxt.js
使用Rails和Nuxt3创建一个todo列表[REST-API/Terraform/Fargate]〜第四部分,TerraformECS前期
使用Rails和Nuxt3创建一个todo列表[REST-API/Terraform/Fargate]〜第五部分,TerraformECS后期
使用Rails和Nuxt3创建一个todo列表[REST-API/Terraform/Fargate]〜第六部分,Blue/Green部署前期
使用Rails和Nuxt3创建一个todo列表[REST-API/Terraform/Fargate]〜第七部分,Blue/Green部署后期
代码管道
如果您能参考一下,我们正在使用一个容器进行蓝/绿部署的版本。
主.tf
在 main.tf 文件中添加以下内容。
为了等待ECS服务的启动,保持以下注释的状态并应用,
成功后,取消注释并重新应用。
module "codepipeline" {
source = "./modules/codepipeline"
app_name = var.app_name
web_app_name = var.web_app_name
api_app_name = var.api_app_name
api_blue_arn = module.elb.api_blue_arn
web_blue_arn = module.elb.web_blue_arn
api_green_arn = module.elb.api_green_arn
web_green_arn = module.elb.web_green_arn
http_arn = module.elb.http_arn
api_blue_name = module.elb.api_blue_name
web_blue_name = module.elb.web_blue_name
api_green_name = module.elb.api_green_name
web_green_name = module.elb.web_green_name
cluster-name = module.ecs.cluster-name
api-service-name = module.ecs.api-service-name
web-service-name = module.ecs.web-service-name
api-definition-arn = module.ecs.api-definition-arn
web-definition-arn = module.ecs.web-definition-arn
}
云监控
在将代码从GitHub镜像到CodeCommit之后,使用CloudWatch来监视CodePipeline的触发情况。
resource "aws_cloudwatch_event_rule" "image_push" {
name = "codecommit_push"
role_arn = aws_iam_role.cwe_role.arn
event_pattern = jsonencode({
source = ["aws.codecommit"]
detail-type = ["CodeCommit Repository State Change"]
resources = ["${aws_codecommit_repository.codecommit_repository.arn}"]
detail = {
event = ["referenceCreated", "referenceUpdated"]
referenceType = ["branch"]
referenceName = ["main"]
}
})
}
resource "aws_cloudwatch_event_target" "codepipeline" {
rule = aws_cloudwatch_event_rule.image_push.name
target_id = "${var.app_name}-Image-Push-Codepipeline"
arn = aws_codepipeline.codepipeline.arn
role_arn = aws_iam_role.cwe_role.arn
}
第三个选项
代码流水线的资源首先保存到S3中,然后经过传输执行下一个动作。
代码源保存在CodeSource中,在CodeBuild中保存在BuildArtif目录中。
resource "aws_s3_bucket" "codepipeline_bucket" {
bucket = "codepipeline-bucket-${random_string.s3_unique_key.result}"
force_destroy = true
}
resource "random_string" "s3_unique_key" {
length = 6
upper = false
lower = true
numeric = true
special = false
}
我是
我会给予CodePipeline、CodeCommit和CodeBuild许可。
resource "aws_iam_role" "codepipeline_role" {
name = "codepipeline-role"
assume_role_policy = jsonencode({
Statement = [
{
Effect = "Allow"
Action = "sts:AssumeRole"
Principal = {
Service = "codepipeline.amazonaws.com"
}
}
]
})
tags = {
Name = "${var.app_name}-codepipeline-role"
}
}
resource "aws_iam_role" "codebuild-role" {
name = "${var.app_name}-codebuild-role"
assume_role_policy = jsonencode({
Statement = [
{
Effect = "Allow"
Action = "sts:AssumeRole"
Principal = {
Service = "codebuild.amazonaws.com"
}
}
]
})
tags = {
Name = "${var.app_name}-codebuild-role"
}
}
resource "aws_iam_role" "codedeploy-role" {
name = "${var.app_name}-codedeploy-role"
assume_role_policy = jsonencode({
Statement = [
{
Effect = "Allow"
Action = "sts:AssumeRole"
Principal = {
Service = "codedeploy.amazonaws.com"
}
}
]
})
tags = {
Name = "${var.app_name}-codedeploy-role"
}
}
# cloud watch
resource "aws_iam_role" "cwe_role" {
name = "${var.app_name}-cwe-role"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Sid = ""
Effect = "Allow"
Action = "sts:AssumeRole"
Principal = {
Service = "events.amazonaws.com"
}
}
]
})
tags = {
Name = "${var.app_name}-cwe-role"
}
}
resource "aws_iam_role_policy" "codepipeline-policy" {
name = "codepipeline-policy"
role = aws_iam_role.codepipeline_role.id
policy = data.aws_iam_policy_document.codepipeline-policy.json
}
data "aws_iam_policy_document" "codepipeline-policy" {
statement {
effect = "Allow"
actions = [
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetBucketVersioning",
"s3:PutObjectAcl",
"s3:PutObject",
]
resources = [
aws_s3_bucket.codepipeline_bucket.arn,
"${aws_s3_bucket.codepipeline_bucket.arn}/*"
]
}
statement {
effect = "Allow"
actions = [
"ecr:DescribeImages",
]
resources = ["*"]
}
statement {
effect = "Allow"
actions = [
"codedeploy:CreateDeployment",
"codedeploy:GetDeployment",
"codedeploy:GetApplication",
"codedeploy:GetApplicationRevision",
"codedeploy:RegisterApplicationRevision",
"codedeploy:GetDeploymentConfig",
"ecs:RegisterTaskDefinition"
]
resources = ["*"]
}
statement {
effect = "Allow"
actions = [
"codecommit:GetBranch",
"codecommit:GetCommit",
"codecommit:UploadArchive",
"codecommit:GetUploadArchiveStatus",
"codecommit:CancelUploadArchive"
]
resources = ["${aws_codecommit_repository.codecommit_repository.arn}"]
}
statement {
effect = "Allow"
actions = [
"codebuild:BatchGetBuilds",
"codebuild:StartBuild",
]
resources = ["*"]
}
statement {
effect = "Allow"
actions = [
"iam:GetRole",
"iam:PassRole"
]
resources = ["*"]
}
}
resource "aws_iam_role_policy" "codebuild-policy" {
name = "codebuild-policy"
role = aws_iam_role.codebuild-role.name
policy = data.aws_iam_policy_document.codebuild-policy.json
}
data "aws_iam_policy_document" "codebuild-policy" {
statement {
effect = "Allow"
actions = [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
]
resources = ["*"]
}
statement {
effect = "Allow"
actions = ["s3:*"]
resources = [
aws_s3_bucket.codepipeline_bucket.arn,
"${aws_s3_bucket.codepipeline_bucket.arn}/*",
]
}
statement {
effect = "Allow"
actions = ["ecs:DescribeTaskDefinition"]
resources = ["*"]
}
}
# cloud watch
resource "aws_iam_policy" "cwe_policy" {
name = "${var.app_name}-cwe-policy"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = [
"codepipeline:StartPipelineExecution",
]
Resource = [
"${aws_codepipeline.codepipeline.arn}",
]
Effect = "Allow"
},
]
})
}
resource "aws_iam_policy_attachment" "cws_policy_attachment" {
name = "${var.app_name}-cwe-policy"
roles = [aws_iam_role.cwe_role.name]
policy_arn = aws_iam_policy.cwe_policy.arn
}
resource "aws_iam_role_policy_attachment" "AWSCodeDeployRoleForECS" {
policy_arn = "arn:aws:iam::aws:policy/AWSCodeDeployRoleForECS"
role = aws_iam_role.codedeploy-role.name
}
