Code Monkey home page Code Monkey logo

terraform-aws-ecs-cluster-traefik's Introduction

terraform-aws-ecs-cluster-traefik Build Status Latest Release

Terraform module to provision ECS cluster with Traefik as an edge router. This module supports traefik v1.7.

Terraform versions

Terraform 0.12. Pin module version to ~> 2.0. Submit pull-requests to master branch.

Terraform 0.11. Pin module version to ~> 1.0. Submit pull-requests to terraform011 branch.

It's 100% Open Source and licensed under the APACHE2.

Introduction

This module helps to provision production-ready ECS cluster for your workloads and all required infrastructure for the cluster (VPC, subnets, ALB, EC2 autoscaling group etc).

Traefik service in ECS cluster is supposed to act as an edge router and route traffic to other containers in your cluster based on their docker lables.

For more information on which docker labels to set on your container, see Traefik documentation.

SSL termination is done on AWS ALB. Traefik tasks are launched with awsvpc network mode and needs Internet access to connect to ECS API in order to discover containers in your ECS cluster.

Implementation notes and Warnings:

  • If you decide not to use NAT instance or NAT Gateway for private subnets withing the VPC, EC2 ASG instances will be launched in public subnets within the VPC as they need internet access to communicate with ECS API. Otherwise, the instances will be launched in private subnets.
  • If you decide to launch Traefik using FARGATE launch type, remember to assing public IP for Traefik so the Traefik image can be pulled from Dockerhub.
  • There are other networking-related caveates that you may encounter when launching your workloads within ECS cluster, please get yourself acquainted with the Task Networking Considerations document to properly setup netwoking for your tasks.

This module is backed by best of breed terraform modules maintained by Cloudposse.

Usage

IMPORTANT: The master branch is used in source just as an example. In your code, do not pin to master because there may be breaking changes between releases. Instead pin to the release tag (e.g. ?ref=tags/x.y.z) of one of our latest releases.

This example creates an ECS cluster with Traefik service launched using FARGATE.

module "ecs_cluster" {
  source    = "git::https://github.com/aleks-fofanov/terraform-aws-ecs-cluster-traefik.git?ref=master"
  name      = "traefik"
  namespace = "cp"
  stage     = "prod"

  vpc_nat_gateway_enabled     = false
  vpc_map_public_ip_on_launch = false

  alb_certificate_arn                  = "XXXXXXXXXXX"
  alb_http_enabled                     = true
  alb_https_enabled                    = true
  alb_http_to_https_redirect_enabled   = true
  alb_http_to_https_redirect_permanent = true
  alb_access_logs_enabled              = false

  traefik_launch_type      = "FARGATE"
  traefik_assign_public_ip = true
}

Examples

Example With Traefik Dashboard and

Autoscaling Enabled

This example launches a Traefik setvice in ECS using FARGATE with enabled dashboard, API endpoints and autoscaling. Basic auth is enabled by default for both API and dashboard. You can use openssl to generate password for basic auth:

openssl passwd -apr1
module "ecs_cluster" {
  source    = "git::https://github.com/aleks-fofanov/terraform-aws-ecs-cluster-traefik.git?ref=master"
  name      = "traefik"
  namespace = "cp"
  stage     = "prod"

  vpc_nat_gateway_enabled     = false
  vpc_map_public_ip_on_launch = false

  alb_certificate_arn                  = "XXXXXXXXXXX"
  alb_http_enabled                     = true
  alb_https_enabled                    = true
  alb_http_to_https_redirect_enabled   = true
  alb_http_to_https_redirect_permanent = true
  alb_access_logs_enabled              = false

  traefik_launch_type      = "FARGATE"
  traefik_assign_public_ip = true

  traefik_dashboard_enabled             = true
  traefik_dashboard_host                = "traefik.example.com"
  traefik_dashboard_basic_auth_user     = "admin"
  traefik_dashboard_basic_auth_password = "$$$apr1$$$Rj21EpGU$$$KCwTHCbAIVhw0BiSdU4Me0"

  traefik_autoscaling_enabled             = true
  traefik_autoscaling_dimension           = "cpu"
  traefik_autoscaling_min_capacity        = 1
  traefik_autoscaling_max_capacity        = 3
  traefik_autoscaling_scale_up_cooldown   = 60
  traefik_autoscaling_scale_down_cooldown = 60

  traefik_ecs_alarms_enabled                        = true
  traefik_ecs_alarms_cpu_utilization_high_threshold = 20
  traefik_ecs_alarms_cpu_utilization_low_threshold  = 10
}

Complete Example

This example:

  • Launches Traefik service in ECS using FARGATE with autoscaling
  • Enables Traefik API and dashboard
  • Enables ALB target group alarms
  • Launches EC2 autoscaling group with minimum 2 instances for your workloads
module "ecs_cluster" {
  source    = "git::https://github.com/aleks-fofanov/terraform-aws-ecs-cluster-traefik.git?ref=master"
  name      = "traefik"
  namespace = "cp"
  stage     = "prod"

  vpc_nat_gateway_enabled     = false
  vpc_map_public_ip_on_launch = false

  ec2_asg_enabled                  = true
  ec2_asg_instance_type            = "t3.large"
  ec2_asg_autoscaling_min_capacity = 2

  alb_certificate_arn                  = "XXXXXXXXXXX"
  alb_http_enabled                     = true
  alb_https_enabled                    = true
  alb_http_to_https_redirect_enabled   = true
  alb_http_to_https_redirect_permanent = true
  alb_access_logs_enabled              = false
  alb_target_group_alarms_enabled      = true

  traefik_launch_type      = "FARGATE"
  traefik_assign_public_ip = true

  traefik_dashboard_enabled             = true
  traefik_dashboard_host                = "traefik.example.com"
  traefik_dashboard_basic_auth_user     = "admin"
  traefik_dashboard_basic_auth_password = "$$$apr1$$$Rj21EpGU$$$KCwTHCbAIVhw0BiSdU4Me0"

  traefik_autoscaling_enabled             = true
  traefik_autoscaling_dimension           = "cpu"
  traefik_autoscaling_min_capacity        = 1
  traefik_autoscaling_max_capacity        = 3
  traefik_autoscaling_scale_up_cooldown   = 60
  traefik_autoscaling_scale_down_cooldown = 60

  traefik_ecs_alarms_enabled                        = true
  traefik_ecs_alarms_cpu_utilization_high_threshold = 20
  traefik_ecs_alarms_cpu_utilization_low_threshold  = 10
}

Makefile Targets

Available targets:

  help                                Help screen
  help/all                            Display help for all targets
  help/short                          This help short screen
  lint                                Lint terraform code

Related Projects

Check out these related projects.

Help

Got a question?

File a GitHub issue.

Contributing

Bug Reports & Feature Requests

Please use the issue tracker to report any bugs or file feature requests.

Developing

In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.

  1. Fork the repo on GitHub
  2. Clone the project to your own machine
  3. Commit changes to your own branch
  4. Push your work back up to your fork
  5. Submit a Pull Request so that we can review your changes

NOTE: Be sure to merge the latest changes from "upstream" before making a pull request!

Copyright

Copyright © 2017-2020 Aleksandr Fofanov

License

License

See LICENSE for full details.

Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements.  See the NOTICE file
distributed with this work for additional information
regarding copyright ownership.  The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License.  You may obtain a copy of the License at

  https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied.  See the License for the
specific language governing permissions and limitations
under the License.

Trademarks

All other trademarks referenced herein are the property of their respective owners.

Contributors

Aleksandr Fofanov
Aleksandr Fofanov

terraform-aws-ecs-cluster-traefik's People

Contributors

aleks-fofanov avatar

Stargazers

avatar avatar

Watchers

avatar avatar avatar

Forkers

viktor-zharina-qs aklyukin

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.