Terraform scripts to deploy circles-api docker container to ECS

[edzillion]

Using this tute as a starting point: https://thecode.pub/easy-deploy-your-docker-applications-to-aws-using-ecs-and-fargate-a988a1cc842f

[edzillion]

@xwvvvvwx told me today that perhaps we can pull the docker image from dockerhub and not use ECR. Just doing some research on that now.

In order to pull the image, your ENI must have access to the registry. For Docker Hub and for Amazon ECR, this means your ENI must have access to reach the Internet. You can achieve access to the Internet in a few different ways, but the most common are an Internet Gateway and public IP address or using NAT and a private IP address. For NAT, you can use NAT instances or a NAT gateway.

If you want to disable Internet access entirely, you'll need to use a registry located inside your VPC instead of a registry that requires Internet access.

https://github.com/aws/amazon-ecs-agent/issues/1128#issuecomment-354884572

[edzillion]

I found a good reference repo here:

https://github.com/nathanpeck/socket.io-chat-fargate

And it seems like you need to add to ECS from docker hub for fargate to work anyway: https://github.com/nathanpeck/socket.io-chat-fargate/blob/3d7727d1616fc6ec6cabf9f0db4d6d290639c149/pipeline.yml#L161

https://medium.com/containers-on-aws/how-i-do-local-docker-development-for-my-aws-fargate-application-8957e3fdb50

[d-xo]

And it seems like you need to add to ECS from docker hub for fargate to work anyway:

What do you mean?

[edzillion]

What do you mean?

The code I quoted seems to show (after codepipeline pulling the repo from github) the image being pushed to ECR

phases:
            pre_build:
              commands:
                - $(aws ecr get-login --no-include-email)
                - TAG="$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | head -c 8)"
                - IMAGE_URI="${REPOSITORY_URI}:${TAG}"
            build:
              commands:
                - docker build --tag "${IMAGE_URI}" ./services/client
            post_build:
              commands:
                - docker push "$IMAGE_URI"
                - printf '{"ImageUri":"%s"}' "$IMAGE_URI" > build.json

[edzillion]

well I went and borked the state file and couldn't get it working again :roll_eyes:

but I stripped everything out and started again with a module approach. I've managed to get the api as a docker image from ECR, but that means you have to upload manually. next step will be to add the codepipeline stuff so that it's auto build from github.

https://github.com/CirclesUBI/infrastructure-provisioning/tree/remodularize

[edzillion]

http://circles-api-alb-371377022.eu-central-1.elb.amazonaws.com:8080/

[d-xo]

🙌🙌

[edzillion]

ok I have it building to ECR and that all works but it isn't triggering ECR to deploy the new version yet.

[edzillion]

got it working, on branch #remodularize

https://github.com/CirclesUBI/infrastructure-provisioning/tree/remodularize

[edzillion]

I am gonna assign this to you @xwvvvvwx as the terraform stuff could do with a once-over. thanks!

[d-xo]

Is there a PR I can look at somewhere @edzillion ?

[edzillion]

Not a PR

Is there a PR I can look at somewhere @edzillion ?

On this branch: https://github.com/CirclesUBI/infrastructure-provisioning/tree/remodularize

[d-xo]

Can you make a PR? It's way easier to review then 🙏 😊

[edzillion]

Will do in future. Right now that doesn't work, there are some changes pushed to master, some not. I am going to merge now since that is a silly state to leave it in.

I was being messy in my commit strategy, but it didn't matter since I was wiping the old circles-api repo. So there are no changes, it's a new terraform setup and statefile.