Created
January 20, 2023 10:19
-
-
Save MarkusWendorf/2550d185979971a1d751b51d295a61e0 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import { Duration, Stack } from "aws-cdk-lib"; | |
| import * as ec2 from "aws-cdk-lib/aws-ec2"; | |
| import { DockerImageAsset } from "aws-cdk-lib/aws-ecr-assets"; | |
| import * as ecs from "aws-cdk-lib/aws-ecs"; | |
| import * as ecsPatterns from "aws-cdk-lib/aws-ecs-patterns"; | |
| import { ApplicationProtocol } from "aws-cdk-lib/aws-elasticloadbalancingv2"; | |
| import * as route53 from "aws-cdk-lib/aws-route53"; | |
| import * as path from "path"; | |
| export function addFargateCluster( | |
| stack: Stack, | |
| ) { | |
| const vpc = new ec2.Vpc(stack, "KcFargateVpc", { | |
| natGateways: 1, // important - keep as small as possible | |
| vpnGateway: false, | |
| maxAzs: 2, // at least two subnets in two different Availability Zones must be specified | |
| subnetConfiguration: [ | |
| { name: "public", subnetType: ec2.SubnetType.PUBLIC }, | |
| { name: "private", subnetType: ec2.SubnetType.PRIVATE_WITH_NAT }, | |
| ], | |
| }); | |
| const securityGroup = new ec2.SecurityGroup(stack, "SecurityGroup", { | |
| vpc, | |
| }); | |
| securityGroup.connections.allowInternally(ec2.Port.allTcp()); | |
| securityGroup.connections.allowFromAnyIpv4(ec2.Port.allTcp()); | |
| const hostedZone = route53.HostedZone.fromHostedZoneAttributes(stack, "HostedZone", { | |
| zoneName: "sso.altow.io", | |
| hostedZoneId: "Z050392598DMPNRFL81U", | |
| }); | |
| const keycloakImage = new DockerImageAsset(stack, "KeycloakImage", { | |
| directory: path.join(process.cwd(), "keycloak"), | |
| }); | |
| const taskDefinition = new ecs.TaskDefinition(stack, "TaskDef", { | |
| memoryMiB: "1024", | |
| cpu: "1024", | |
| networkMode: ecs.NetworkMode.AWS_VPC, | |
| compatibility: ecs.Compatibility.FARGATE, | |
| }); | |
| taskDefinition.addContainer("Container", { | |
| image: ecs.ContainerImage.fromDockerImageAsset(keycloakImage), | |
| portMappings: [{ containerPort: 8080, hostPort: 8080 }], | |
| logging: ecs.LogDriver.awsLogs({ | |
| streamPrefix: "build-status-app", | |
| }), | |
| }); | |
| const cluster = new ecs.Cluster(stack, "KcFargateCluster", { vpc }); | |
| const fargate = new ecsPatterns.ApplicationLoadBalancedFargateService(stack, "Fargate", { | |
| domainName: "build-status-whatever.cwp.roche.com", | |
| cluster, | |
| desiredCount: 1, | |
| securityGroups: [securityGroup], | |
| taskDefinition, | |
| publicLoadBalancer: true, | |
| assignPublicIp: true, | |
| healthCheckGracePeriod: Duration.seconds(10), | |
| protocol: ApplicationProtocol.HTTPS, | |
| domainZone: hostedZone, | |
| }); | |
| fargate.targetGroup.setAttribute("deregistration_delay.timeout_seconds", "10"); | |
| return fargate; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment