Shulou(Shulou.com)06/03 Report--

I. Architecture Diagram 1.1, Architecture Diagram

Some files explain buildspec.yaml: mainly a file that codebuile needs during the build process, which tells you how to build. Appspec.yaml: a revision file for codedeploy during deployment, which can be compared to an environment variable configuration file. Taskdef.json: is a definition file for our ECS task that codepipeline can create task definition for us as required in each build. ImageDetail.json: used to output our newly built image address for new deployment use. 1.3.The process codebuild is built through the file buildspec.yaml. The generated file imageDetail.json;codepipeline extracts the imageurl from the file imageDetail.json, puts it into the environment variable IMAGE1_NAME;codepipeline, replaces the taskdef.json with the new URL, and requests ECS RegisterTaskDefinition API to register the new task definition. After registration, API returns its task definition ARN,codepipeline and replaces appspec.yaml with this ARN information; then CodePipeline launches CreateDeployment API to perform blue-green deployment through CodeDeploy based on appspec.yaml 's information. Second, create an ECR warehouse

To create an ECR image repository, all my operations are in the us-east-1 area, and the IAM users have root permissions.

$aws ecr create-repository-repository-name nginx-ecs-image-scanning-configuration scanOnPush=true-region us-east-1 {"repository": {"repositoryUri": "921283538843.dkr.ecr.us-east-1.amazonaws.com/nginx-ecs", "imageScanningConfiguration": {"scanOnPush": true}, "registryId": "921283538843", "imageTagMutability": "MUTABLE" "repositoryArn": "arn:aws:ecr:us-east-1:921283538843:repository/nginx-ecs", "repositoryName": "nginx-ecs", "createdAt": 1580358204.0}} 3. Create codebuild project3.1, create ServiceRole

Codebuild needs to obtain permissions such as S3.

$aws iam create-role-role-name AWSCodeBuildServiceRole-assume-role-policy-document'{"Version": "2012-10-17", "Statement": {"Effect": "Allow", "Principal": {"Service": "codebuild.amazonaws.com"}, "Action": "sts:AssumeRole"}}'

Create a policy.

$aws iam create-policy-policy-name AWSCodeBuildPolicy-policy-document https://raw.githubusercontent.com/wangzan18/codepipeline-ecs/master/awscli/AWSCodeBuildPolicy.json{ "Policy": {"PolicyName": "AWSCodeBuildPolicy", "PermissionsBoundaryUsageCount": 0, "CreateDate": "2020-01-30T09:34:36Z", "AttachmentCount": 0, "IsAttachable": true, "PolicyId": "ANPA5NAGHF6NYARCBUGDT" "DefaultVersionId": "v1", "Path": "/", "Arn": "arn:aws:iam::921283538843:policy/AWSCodeBuildPolicy", "UpdateDate": "2020-01-30T09:34:36Z"}} role attachment policy. $aws iam attach-role-policy-role-name AWSCodeBuildServiceRole-policy-arn arn:aws:iam::921283538843:policy/AWSCodeBuildPolicy$ aws iam attach-role-policy-role-name AWSCodeBuildServiceRole-policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPowerUser3.2, Create codebuild project$ wget https://raw.githubusercontent.com/wangzan18/codepipeline-ecs/master/awscli/create-project.json$ wget aws codebuild create-project-- cli-input-json file://create-project.json reference documentation: https://docs.aws.amazon.com/zh_cn/codebuild/latest/userguide/create-project.html#create-project-clibuildspec.yaml: https://docs.aws.amazon.com/zh_cn/codebuild/latest/userguide/build-spec-ref.html#build-spec-ref-syntax IV. Create ECS blue-green CodeDeploy4.1, create service roles for CodeDeploy $aws iam create-role-- role-name AWSCodeDeployServiceRole-- assume-role-policy-document'{"Version": "2012-10-17" "Statement": {"Effect": "Allow", "Principal": {"Service": "codedeploy.amazonaws.com"}, "Action": "sts:AssumeRole"}}'

Additional policies.

$aws iam attach-role-policy-- role-name AWSCodeDeployServiceRole-- policy-arn arn:aws:iam::aws:policy/AWSCodeDeployRoleForECS4.2, create the ALB used by ECS

Use the create-load-balancer command to create an application load balancer. Specify two subnets that do not belong to the same availability zone and a security group.

Aws elbv2 create-load-balancer\-name nginx-ecs-bluegreen-alb\-subnets subnet-694b2b35 subnet-f5761192\-security-groups sg-cdc5cf8f\-region us-east-1

Use the create-target-group command to create a target group. This target group routes traffic to the original task set in the service.

Aws elbv2 create-target-group\-- name bluegreentarget1\-- protocol HTTP\-- port 80\-- target-type ip\-- vpc-id vpc-ebff4c91\-- region us-east-1aws elbv2 create-target-group\-- name bluegreentarget2\-- protocol HTTP\-- port 80\-target-type ip\-- vpc-id vpc-ebff4c91\-- region us-east-1

Use the create-listener command to create a load balancer listener with default rules for forwarding requests to the target group.

Aws elbv2 create-listener\-- load-balancer-arn arn:aws:elasticloadbalancing:us-east-1:921283538843:loadbalancer/app/nginx-ecs-bluegreen-alb/28cd5055a92630c1\-- protocol HTTP\-- port 80\-- default-actions Type=forward,TargetGroupArn=arn:aws:elasticloadbalancing:us-east-1:921283538843:targetgroup/bluegreentarget1/80b89a8c4e5f574d\-- region us-east-14.3, create Amazon ECS cluster

Use the create-cluster command to create a cluster named nginx-ecs-bluegreen to use.

Aws ecs create-cluster\-cluster-name nginx-ecs-bluegreen\-region us-east-1

Create an executive role for ECS task.

$aws iam create-role-role-name AWSECSTaskServiceRole-assume-role-policy-document'{"Version": "2012-10-17", "Statement": {"Effect": "Allow", "Principal": {"Service": "ecs-tasks.amazonaws.com"}, "Action": "sts:AssumeRole"}}'

Attach policy AmazonECSTaskExecutionRolePolicy.

$aws iam attach-role-policy-role-name AWSECSTaskServiceRole-policy-arn arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy

Then, register the task definition with the fargate-task.json file you created.

$wget https://raw.githubusercontent.com/wangzan18/codepipeline-ecs/master/awscli/fargate-task.json$ aws ecs register-task-definition\-cli-input-json file://fargate-task.json\-region us-east-1

Create an ECS Service.

$wget https://raw.githubusercontent.com/wangzan18/codepipeline-ecs/master/awscli/service-bluegreen.json$ aws ecs create-service\-- cli-input-json file://service-bluegreen.json\-- region us-east-14.4, create AWS CodeDeploy resources

Use the create-application command to create a CodeDeploy application. Specify the ECS computing platform.

$aws deploy create-application\-application-name nginx-ecs\-compute-platform ECS\-region us-east-1

Use the create-deployment-group command to create a CodeDeploy deployment group.

$wget https://raw.githubusercontent.com/wangzan18/codepipeline-ecs/master/awscli/deployment-group.json$ aws deploy create-deployment-group\-- cli-input-json file://deployment-group.json\-- region us-east-1 reference documentation: https://docs.aws.amazon.com/zh_cn/AmazonECS/latest/developerguide/create-blue-green.html#create-blue-green-loadbalancerimageDetail.json: https://docs.aws.amazon .com / zh_cn/codepipeline/latest/userguide/file-reference.html#file-reference-ecs-bluegreentaskdef.json: https://docs.aws.amazon.com/zh_cn/codepipeline/latest/userguide/tutorials-ecs-ecr-codedeploy.html#tutorials-ecs-ecr-codedeploy-taskdefinition IV. Create the SerivceRole needed to create codepipeline4.1 and codepipeline

If you do not already have a CodePipeline service role in your AWS account, please create one. With this service role, CodePipeline can interact with other AWS services on your behalf, including AWS CodeBuild.

$aws iam create-role-role-name AWSCodePipelineServiceRole-assume-role-policy-document'{"Version": "2012-10-17", "Statement": {"Effect": "Allow", "Principal": {"Service": "codepipeline.amazonaws.com"}, "Action": "sts:AssumeRole"}}'

Create a policy for codepipeline role and attach policy to AWSCodePipelineServiceRole.

$aws iam create-policy-policy-name AWSCodePipelineServiceRolePolicy-policy-document https://raw.githubusercontent.com/wangzan18/codepipeline-ecs/master/awscli/AWSCodePipelineServiceRolePolicy.json{ "Policy": {"PolicyName": "AWSCodePipelineServiceRolePolicy", "PermissionsBoundaryUsageCount": 0, "CreateDate": "2020-01-30T05:33:22Z", "AttachmentCount": 0, "IsAttachable": true, "PolicyId": "ANPA5NAGHF6NULEJS574V" "DefaultVersionId": "v1", "Path": "/", "Arn": "arn:aws:iam::921283538843:policy/AWSCodePipelineServiceRolePolicy", "UpdateDate": "2020-01-30T05:33:22Z"}} role attachment policy. $aws iam attach-role-policy-- role-name AWSCodePipelineServiceRole-- policy-arn arn:aws:iam::921283538843:policy/AWSCodePipelineServiceRolePolicy4.2, create pipeline$ wget https://raw.githubusercontent.com/wangzan18/codepipeline-ecs/master/awscli/create-pipeline.json$ aws codepipeline create-pipeline-- cli-input-json file://create-pipeline.json-- region us-east-1

Note: the OAuthToken in the document goes to github to apply.

Reference documentation: https://docs.aws.amazon.com/zh_cn/codepipeline/latest/userguide/GitHub-create-personal-token-CLI.htmlhttps://docs.aws.amazon.com/zh_cn/codepipeline/latest/userguide/pipelines-create.html#pipelines-create-cli4.3, Create webhook$ wget https://raw.githubusercontent.com/wangzan18/codepipeline-ecs/master/awscli/my-webhook.json$ aws codepipeline put-webhook-- cli-input-json file://my-webhook.json-- region us-east-1$ aws codepipeline register-webhook-with-third-party-- webhook-name nginx-ecs-webhook-- region us-east-1 for pipeline

You can fill in the relevant parameters according to your own situation. Refer to the document: https://docs.aws.amazon.com/zh_cn/codepipeline/latest/userguide/pipelines-webhooks-create.html.

After obtaining the relevant information about webhook, we log in to github and select the appropriate repository

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.