Description
You’re working for the company SailEasy as a Junior Devops; You’ve been part of the project to migrate a nodejs application to AWS Fargate (please refer to this tutorial for more details https://www.ikubelabs.com/deploying-a-nodejs-application-on-aws-fargate/). Now that everything is working as expected, the dev team asks you to set up a pipeline CI/CD in order to automate the deployment of new versions to AWS Fargate.
Learning Objectives
- Deploy the pre-requisite resources with CloudFormation
- Create a private repository on ECR
- Create an AWS Account for Gitlab
- Add environment variables on the Gitlab project
- Update the task definition file
- Update gitlab-ci.yml file
- Test your access to the application
Step 1 : Deploy the pre-requisite resources with CloudFormation
Before working on our CI/CD pipeline let’s first deploy the ECS Fargate cluster with CloudFormation.
CloudFormation will help us deploy the following resources
– ECS Fargate Cluster
– IAM Roles
– Security Groups
– Load Balancer
– ECS Service
Note : If you want to deploy the entire ECS Fargate cluster manually to understand each steps, I recommend you to follow this tutorial :
https://www.ikubelabs.com/deploying-a-nodejs-application-on-aws-fargate/
1. Make sure you have access to the gitlab project files and that you can download the cloudformation-nodejs-demo-app.yaml file
2. Open the AWS Console, and select CloudFormation Console > Create Stack
3. Select Upload a template file and choose the file cloudformation-nodejs-demo-app.yaml and Next
4. Name your stack “cfdemo” and leave the pre-filled fields
5. Scroll down and select 2 subnets and the VPC where you will deploy the resources, then click “Next”
6. Click Next, Select “Create stack”
7. Now click on the Resources tab to see all the resources that the cloudformation template has created
8. Click on the Outputs tab, to get the load balancer dns name . Click on the link, it should open the web page.
Step 2 : Create a private repository on ECR
1. Open the console Elastic Container Registry > Create repository
2.
Repository name : nodejs-demo-app-fargate
then, Create repository
3. Check that the repository has been successfully created
Step 3 : Create an AWS Account for Gitlab
We need to create an AWS account for Gitlab with the required permissions to :
– Push the docker image to the private ECR repository
– Register the task definition and update the service
1. Open the IAM console, and select Add user
2.
Username : gitlabci-user
then select Programmatic access , click Next permissions
3. Add these 2 policies :
-AmazonEC2ContainerRegistryFullAccess
-AmazonEC2ContainerServiceFullAccess
and click on “Next“
4. Check that you have the 2 policies attached, then select “Create user”
5. Save the Access key ID and Secret access key, we will need later to set up Gitlab.
Step 4 : Add environment variables on Gitlab
1. On your Gitlab project repository , select Settings > CI/CD > Variables
2. Add these variables :
– AWS_ACCESS_KEY_ID (see previous – Step 3)
– AWS_SECRET_ACCESS_KEY (see previous – Step 3)
– AWS_DEFAULT_REGION (default region where the application is deployed)
Step 5 : Update the task definition file
1. On your Gitlab project repository , Update the file taskdef.json
2.
– Replace executionRoleArn with the one created by CloudFormation
– To find the RoleARN , Back to the CloudFormation console, Select Resources, and open the ExecutionRole (“DemoEcsTaskRole”) and get the Role ARN
3.
Replace image value with your Elasctic Container Registry URI you created earlier (Step 2)
Should be something like
xxxxxxxxxxx.dkr.ecr.eu-central-1.amazonaws.com/nodejs-demo-app-fargate:build
Make sure to keep :build
Step 6 : Update the gitlab-ci.yml
1. On your Gitlab project repository , Update the file gitlab-ci.yml
image: docker:latest
variables:
AWS_REGION: eu-central-1
ECR_REGISTRY: xxxxxxxxx.dkr.ecr.eu-central-1.amazonaws.com
ECR_REPO: xxxxxxxxxx.dkr.ecr.eu-central-1.amazonaws.com/nodejs-demo-app-fargate
IMAGE_TAG: $CI_COMMIT_SHORT_SHA
IMAGE_NAME: nodejs-demo-app-fargate
CI_AWS_ECS_CLUSTER: ECSDemo
CI_AWS_ECS_SERVICE: DemoService
CI_AWS_ECS_TASK_DEFINITION_FILE: taskdef.json
AWS_REGION:
the region where you set your ECR repository
ECR_REGISTRY:
the ECR default registry
ECR_REPO:
the ECR repository uri
IMAGE_TAG:
the commit id in short format
IMAGE_NAME:
the name of your docker image
CI_AWS_ECS_CLUSTER:
the ECS Cluster name
CI_AWS_ECS_SERVICE:
the service name
CI_AWS_ECS_TASK_DEFINITION_FILE:
the task definition file
In the first section we declare the 2 stages of our pipeline : Build and Deploy
We declare services (docker:dind), as we need to access the service image of Docker during the build.
Before the execution of the script, we need to install the packages (py3-pip and sed)
During the Build stage :
1. We log into the ecr erpository
2. We use the docker command to build the image
3. We tag the image (note that the image will be tagged with the commit short format id)
4. We push the tagged image to the ECR repo
During the Deploy stage :
1. We create a new task definition for the build
– We replace the chain of characters “build” by the “$IMAGE_TAG” in the taskdef.json file
– We register a new task definition
2. We update the service with the new task definition
– We update the service (desired count = number of tasks or containers run by the service)
2. Click on “Commit changes”
2. To see the pipeline in execution, on the left side of your Gitlab project, select CI/CD > Pipelines
3. Then select the running pipeline
4. Wait until the 2 jobs Build and Deploy complete successfully
Step 10 : Test your access to the application
1. Back to the CloudFormation console, click on the Outputs tab, to get the load balancer dns name . Click on the link, it should open the web page.
2. You should see the webpage, with the secret key to download the certificate of completion!
Happy Tutorial
