forked from clareliguori/spinnaker-ecs-devel
-
Notifications
You must be signed in to change notification settings - Fork 0
/
spinnaker-deployment-lb.yml
123 lines (115 loc) · 4.11 KB
/
spinnaker-deployment-lb.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
AWSTemplateFormatVersion: '2010-09-09'
Description: External, public facing load balancer, for forwarding public traffic to private containers
Parameters:
VPCStackName:
Type: String
Default: SpinnakerVPC
Description: The name of the VPC stack to add this load balancer to
LBTargetType:
Type: String
Default: ip
AllowedValues:
- ip
- instance
Description: Target type for the load balancer. Choose 'ip' for Fargate tasks, choose 'instance' for EC2 tasks.
Resources:
LogGroup:
Type: AWS::Logs::LogGroup
Properties:
LogGroupName: !Ref "AWS::StackName"
RetentionInDays: 30
ContainerSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: !Sub "${AWS::StackName}-private-access"
GroupDescription: Access to the Fargate containers
VpcId:
Fn::ImportValue: !Sub ${VPCStackName}:VpcId
SecurityGroupIngress:
Description: Ingress from the public ALB
IpProtocol: -1
SourceSecurityGroupId: !Ref 'PublicLoadBalancerSG'
# Public load balancer, hosted in public subnets that is accessible
# to the public, and is intended to route traffic to one or more public
# facing services. This is used for accepting traffic from the public
# internet and directing it to public facing microservices
PublicLoadBalancerSG:
Type: AWS::EC2::SecurityGroup
Properties:
GroupName: !Sub "${AWS::StackName}-public-access"
GroupDescription: Access to the public facing load balancer
VpcId:
Fn::ImportValue: !Sub ${VPCStackName}:VpcId
SecurityGroupIngress:
# Allow access to ALB from anywhere on the internet
- CidrIp: 0.0.0.0/0
IpProtocol: -1
PublicLoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Name: !Sub "${AWS::StackName}-lb"
Scheme: internet-facing
LoadBalancerAttributes:
- Key: idle_timeout.timeout_seconds
Value: '30'
Subnets:
# The load balancer is placed into the public subnets, so that traffic
# from the internet can reach the load balancer directly via the internet gateway
- Fn::ImportValue: !Sub ${VPCStackName}:PublicSubnetOne
- Fn::ImportValue: !Sub ${VPCStackName}:PublicSubnetTwo
SecurityGroups: [!Ref 'PublicLoadBalancerSG']
# Create a listener on the load balancer for routing traffic to the target group
PublicLoadBalancerListener:
Type: AWS::ElasticLoadBalancingV2::Listener
DependsOn:
- PublicLoadBalancer
Properties:
DefaultActions:
- TargetGroupArn: !Ref 'TargetGroup'
Type: 'forward'
LoadBalancerArn: !Ref 'PublicLoadBalancer'
Port: 80
Protocol: HTTP
# A target group. This is used for keeping track of all the tasks, and
# what IP addresses / port numbers they have.
TargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
Properties:
HealthCheckIntervalSeconds: 6
HealthCheckPath: /
HealthCheckProtocol: HTTP
HealthCheckTimeoutSeconds: 5
HealthyThresholdCount: 2
TargetType: !Ref 'LBTargetType'
TargetGroupAttributes:
- Key: deregistration_delay.timeout_seconds
Value: 30
Name: !Sub "${AWS::StackName}-tg"
Port: 80 # The container must expose port 80
Protocol: HTTP
UnhealthyThresholdCount: 2
VpcId:
Fn::ImportValue: !Sub ${VPCStackName}:VpcId
ServiceDiscoveryRecord:
Type: 'AWS::ServiceDiscovery::Service'
Properties:
Name: !Sub "${AWS::StackName}-svc"
DnsConfig:
NamespaceId:
Fn::ImportValue: !Sub ${VPCStackName}:ServiceDiscoveryNamespace
DnsRecords:
- Type: A
TTL: 300
HealthCheckCustomConfig:
FailureThreshold: 1
Outputs:
ExternalUrl:
Description: The url of the external load balancer
Value: !Sub http://${PublicLoadBalancer.DNSName}
Export:
Name: !Sub ${AWS::StackName}:ExternalUrl
ContainerSecurityGroup:
Description: The security group ID for the containers
Value: !Ref ContainerSecurityGroup
Export:
Name: !Sub ${AWS::StackName}:ContainerSecurityGroup