M1 Macで ECSにSpring bootのREST APIをデプロイしようとしたけど失敗した
環境
macOS Big Sur M1
デプロイするサンプルアプリ
/greeting
でhello worldを返すだけのSpring-bootのREST API
ECS Fageteへのデプロイ
copilotを使ってデプロイする
# homebrewでインストール $ brew install awscli # 確認 $ aws --version aws-cli/2.3.5 Python/3.9.7 Darwin/20.6.0 source/arm64 prompt/off
$ aws configure AWS Access Key ID [None]: アクセスキー AWS Secret Access Key [None]: シークレットアクセスキー Default region name [None]: リージョン Default output format [None]:
Copilotインストール
$ brew install aws/tap/copilot-cli # 確認 $ copilot -v copilot version: v1.12.0
Copilotで環境作成
$ copilot init What would you like to name your application? [? for help] greeting-app #デプロイするアプリケーション名を入力 Application name: greeting-app Which workload type best represents your architecture? [Use arrows to move, type to filter, ? for more help] # 構築したい構成を選びます。 Request-Driven Web Service (App Runner). > Load Balanced Web Service (Internet to ECS on Fargate) Backend Service (ECS on Fargate) Worker Service (Events to SQS to ECS on Fargate) Scheduled Job # LB込みでバックエンドサービスをデプロイしたいので Load Balanced Web Serviceを選択 Which Dockerfile would you like to use for greeting-app? [Use arrows to move, type to filter, ? for more help] # Dockerfileを選択 > greeting/Dockerfile Which port do you want customer traffic sent to? [? for help] (80) #ポートを選択 Would you like to deploy a test environment? [? for help] (y/N) y # テスト環境としてデプロイするか選択
動かない..
アプリケーションのヘルスチェックで落ちて動かない。。
✔ Created ECR repositories for service greeting-app.. All right, you're all set for local development. Deploy: Yes ✔ Linked account 680356542845 and region ap-northeast-1 to application greeting-app.. ✔ Proposing infrastructure changes for the greeting-app-test environment. - Creating the infrastructure for the greeting-app-test environment. [create complete] [92.1s] - An IAM Role for AWS CloudFormation to manage resources [create complete] [27.2s] - An ECS cluster to group your services [create complete] [8.8s] - Enable long ARN formats for the authenticated AWS principal [create complete] [2.0s] - An IAM Role to describe resources in your environment [create complete] [23.8s] - A security group to allow your containers to talk to each other [create complete] [5.7s] - An Internet Gateway to connect to the public internet [create complete] [18.1s] - Private subnet 1 for resources with no internet access [create complete] [19.0s] - Private subnet 2 for resources with no internet access [create complete] [19.0s] - Public subnet 1 for resources that can access the internet [create complete] [19.0s] - Public subnet 2 for resources that can access the internet [create complete] [19.0s] - A Virtual Private Cloud to control networking of your AWS resources [create complete] [15.5s] ✔ Created environment test in region ap-northeast-1 under application greeting-app. Environment test is already on the latest version v1.6.1, skip upgrade. Building your container image: docker build -t 680356542845.dkr.ecr.ap-northeast-1.amazonaws.com/greeting-app/greeting-app --platform linux/amd64 /Users/masami/greeting -f /Users/masami/greeting/Dockerfile [+] Building 2.2s (7/7) FINISHED => [internal] load build definition from Dockerfile 0.0s => => transferring dockerfile: 36B 0.0s => [internal] load .dockerignore 0.0s => => transferring context: 2B 0.0s => [internal] load metadata for docker.io/library/openjdk:11-jdk-slim 2.1s => [internal] load build context 0.0s => => transferring context: 117B 0.0s => [1/2] FROM docker.io/library/openjdk:11-jdk-slim@sha256:ad41c90d47fdc84fecb3bdba2deb38e378bbde1d7f5a378ba0964c466b23dbca 0.0s => CACHED [2/2] COPY build/libs/greeting-0.0.1-SNAPSHOT.jar app.jar 0.0s => exporting to image 0.0s => => exporting layers 0.0s => => writing image sha256:658315566f443e0dc2795c5d605d29ad71f4f9e512469135bc4c908425447ade 0.0s => => naming to 680356542845.dkr.ecr.ap-northeast-1.amazonaws.com/greeting-app/greeting-app 0.0s Login Succeeded Using default tag: latest The push refers to repository [680356542845.dkr.ecr.ap-northeast-1.amazonaws.com/greeting-app/greeting-app] 408e323e553a: Pushed 007baf3afc22: Pushed 62763247decf: Pushed 2bf2b8c78141: Pushed e8b689711f21: Pushed latest: digest: sha256:09e11c29227fac3c7c730af1a9eb59fb7950d2003b2a984b6d7e790b452e8e94 size: 1372 ✔ Proposing infrastructure changes for stack greeting-app-test-greeting-app - Creating the infrastructure for stack greeting-app-test-greeting-app [create complete] [376.6s] - Service discovery for your services to communicate within the VPC [create complete] [0.0s] - Update your environment's shared resources [update complete] [181.1s] - A security group for your load balancer allowing HTTP and HTTPS traffic [create complete] [6.6s] - An Application Load Balancer to distribute public traffic to your services [create complete] [152.3s] - An IAM Role for the Fargate agent to make AWS API calls on your behalf [create complete] [27.6s] - A CloudWatch log group to hold your service logs [create complete] [3.3s] - An ECS service to run and maintain your tasks in the environment cluster [create complete] [91.6s] Deployments Revision Rollout Desired Running Failed Pending PRIMARY 2 [in progress] 1 1 1 0 ✘ Latest failure event - (service greeting-app-test-greeting-app-Service-bfQWCpWYD0kA) (port 80 ) is unhealthy in (target-group arn:aws:elasticloadbalancing:ap-northe ast-1:680356542845:targetgroup/greet-Targe-RCG2FPBWXXAQ/3d66f91ea0a3cf a1) due to (reason Health checks failed). - A target group to connect the load balancer to your service [create complete] [4.0s] - An ECS task definition to group your containers and run them on ECS [create complete] [3.5s] - An IAM role to control permissions for the containers in your tasks [create complete] [23.6s]
調べたところM1 macだとデプロイで死ぬらしい(Dockerのアーキテクチャが異なるため).
copilot init
だと環境構築からアプリケーションのデプロイまで一括でやってくれるが、私の環境だとデプロイは別の方法で回避しないといけない。
以下コマンド等で個別にステップを実施できる。
$ copilot env init $ copilot svc init $ copilot svc deploy # CodePipelineも作れる $ copilot pipeline init $ copilot pipeline update
アプリのデプロイはまたの機会に実施したい。
作成した環境のお片付け
# 作成したアプリケーションの確認 $ copilot app ls greeting-app # 削除 $ copilot app delete --name greeting-app Sure? Yes
まとめ
起動まではいかなかったが、お手軽にWebサービスに必要な環境一式を揃えることができる便利ツールであることはわかった。
ネットワークの定義やIAM定義など、結構手間がかかることもやってくれるのは個人的にありがたい。
私が関わる案件では環境がterraformで整備されていることが多いのであまりお世話にならないが、個人でサクッとサービスを立ち上げるには打って付けだと思う。
一方で込み入った環境設定をしたい場合はCloudFormationの知識が必要となってくるので人によっては学習コストが発生する。
他にも細かい制約はありそうですが、今回はここまで。