Amazon ECS 任务定义示例 - Amazon Elastic Container Service

Amazon ECS 任务定义示例

您可以复制示例和代码段,以开始创建自己的任务定义。

您可以复制这些示例,然后在使用控制台中的通过 JSON 配置选项时粘贴它们。确保自定义示例,例如使用您的账户 ID。您可以在任务定义 JSON 中包含这些代码段。有关更多信息,请参阅使用控制台创建 Amazon ECS 任务定义Amazon ECS 任务定义参数

有关更多任务定义示例,请参阅 GitHub 上的 AWS 示例任务定义

Webserver

下面是用于设置 Web 服务器的示例任务定义(使用 Fargate 上的 Linux 容器启动类型):

{ "containerDefinitions": [ { "command": [ "/bin/sh -c \"echo '<html> <head> <title>Amazon ECS Sample App</title> <style>body {margin-top: 40px; background-color: #333;} </style> </head><body> <div style=color:white;text-align:center> <h1>Amazon ECS Sample App</h1> <h2>Congratulations!</h2> <p>Your application is now running on a container in Amazon ECS.</p> </div></body></html>' > /usr/local/apache2/htdocs/index.html && httpd-foreground\"" ], "entryPoint": [ "sh", "-c" ], "essential": true, "image": "httpd:2.4", "logConfiguration": { "logDriver": "awslogs", "options": { "awslogs-group" : "/ecs/fargate-task-definition", "awslogs-region": "us-east-1", "awslogs-stream-prefix": "ecs" } }, "name": "sample-fargate-app", "portMappings": [ { "containerPort": 80, "hostPort": 80, "protocol": "tcp" } ] } ], "cpu": "256", "executionRoleArn": "arn:aws:iam::012345678910:role/ecsTaskExecutionRole", "family": "fargate-task-definition", "memory": "512", "networkMode": "awsvpc", "runtimePlatform": { "operatingSystemFamily": "LINUX" }, "requiresCompatibilities": [ "FARGATE" ] }

下面是用于设置 Web 服务器的示例任务定义(使用 Fargate 上的 Windows 容器启动类型):

{ "containerDefinitions": [ { "command": ["New-Item -Path C:\\inetpub\\wwwroot\\index.html -Type file -Value '<html> <head> <title>Amazon ECS Sample App</title> <style>body {margin-top: 40px; background-color: #333;} </style> </head><body> <div style=color:white;text-align:center> <h1>Amazon ECS Sample App</h1> <h2>Congratulations!</h2> <p>Your application is now running on a container in Amazon ECS.</p>'; C:\\ServiceMonitor.exe w3svc"], "entryPoint": [ "powershell", "-Command" ], "essential": true, "cpu": 2048, "memory": 4096, "image": "mcr.microsoft.com/windows/servercore/iis:windowsservercore-ltsc2019", "name": "sample_windows_app", "portMappings": [ { "hostPort": 80, "containerPort": 80, "protocol": "tcp" } ] } ], "memory": "4096", "cpu": "2048", "networkMode": "awsvpc", "family": "windows-simple-iis-2019-core", "executionRoleArn": "arn:aws:iam::012345678910:role/ecsTaskExecutionRole", "runtimePlatform": {"operatingSystemFamily": "WINDOWS_SERVER_2019_CORE"}, "requiresCompatibilities": ["FARGATE"] }

splunk 日志驱动程序

以下代码段演示如何在任务定义中使用 splunk 日志驱动程序,以将日志发送到远程服务。Splunk 令牌参数指定为密钥选项,因为它可能被视为敏感数据。有关更多信息,请参阅 将敏感数据传递给 Amazon ECS 容器

"containerDefinitions": [{ "logConfiguration": { "logDriver": "splunk", "options": { "splunk-url": "https://cloud.splunk.com:8080", "tag": "tag_name", }, "secretOptions": [{ "name": "splunk-token", "valueFrom": "arn:aws:secretsmanager:region:aws_account_id:secret:splunk-token-KnrBkD" }],

fluentd 日志驱动程序

以下代码段演示如何在任务定义中使用 fluentd 日志驱动程序,以将日志发送到远程服务。fluentd-address 值被指定为密钥选项,因为它可能会视为敏感数据。有关更多信息,请参阅 将敏感数据传递给 Amazon ECS 容器

"containerDefinitions": [{ "logConfiguration": { "logDriver": "fluentd", "options": { "tag": "fluentd demo" }, "secretOptions": [{ "name": "fluentd-address", "valueFrom": "arn:aws:secretsmanager:region:aws_account_id:secret:fluentd-address-KnrBkD" }] }, "entryPoint": [], "portMappings": [{ "hostPort": 80, "protocol": "tcp", "containerPort": 80 }, { "hostPort": 24224, "protocol": "tcp", "containerPort": 24224 }] }],

gelf 日志驱动程序

以下代码段演示如何在任务定义中使用 gelf 日志驱动程序,以将日志发送到远程主机(此主机运行将 Gelf 日志作为输入的 Logstash)。有关更多信息,请参阅 logConfiguration

"containerDefinitions": [{ "logConfiguration": { "logDriver": "gelf", "options": { "gelf-address": "udp://logstash-service-address:5000", "tag": "gelf task demo" } }, "entryPoint": [], "portMappings": [{ "hostPort": 5000, "protocol": "udp", "containerPort": 5000 }, { "hostPort": 5000, "protocol": "tcp", "containerPort": 5000 } ] }],

外部实例上的工作负载

注册 Amazon ECS 任务定义时,请使用 requiresCompatibilities 参数并指定 EXTERNAL 在外部实例上运行 Amazon ECS工作负载时验证任务定义是否兼容。如果您使用控制台注册任务定义,则必须使用 JSON 编辑器。有关更多信息,请参阅 使用控制台创建 Amazon ECS 任务定义

重要

如果您的任务需要任务执行 IAM 角色,请确保在任务定义中指定了该角色。

部署工作负载时,请使用 EXTERNAL 启动类型时创建服务或运行独立任务。

以下是此示例的表定义。

Linux
{ "requiresCompatibilities": [ "EXTERNAL" ], "containerDefinitions": [{ "name": "nginx", "image": "public.ecr.aws/nginx/nginx:latest", "memory": 256, "cpu": 256, "essential": true, "portMappings": [{ "containerPort": 80, "hostPort": 8080, "protocol": "tcp" }] }], "networkMode": "bridge", "family": "nginx" }
Windows
{ "requiresCompatibilities": [ "EXTERNAL" ], "containerDefinitions": [{ "name": "windows-container", "image": "mcr.microsoft.com/windows/servercore/iis:windowsservercore-ltsc2019", "memory": 256, "cpu": 512, "essential": true, "portMappings": [{ "containerPort": 80, "hostPort": 8080, "protocol": "tcp" }] }], "networkMode": "bridge", "family": "windows-container" }

Amazon ECR 映像和任务定义 IAM 角色

以下代码段使用 123456789012.dkr.ecr.us-west-2.amazonaws.com 注册表中带 v1 标签的名为 aws-nodejs-sample 的 Amazon ECR 映像。此任务中的容器继承来自 arn:aws:iam::123456789012:role/AmazonECSTaskS3BucketRole 角色的 IAM 权限。有关更多信息,请参阅 Amazon ECS 任务 IAM 角色

{ "containerDefinitions": [ { "name": "sample-app", "image": "123456789012.dkr.ecr.us-west-2.amazonaws.com/aws-nodejs-sample:v1", "memory": 200, "cpu": 10, "essential": true } ], "family": "example_task_3", "taskRoleArn": "arn:aws:iam::123456789012:role/AmazonECSTaskS3BucketRole" }

带命令的入口点

以下代码段演示使用入口点和命令参数的 Docker 容器的语法。此容器将对 google.com 执行四次 ping 操作,然后退出。

{ "containerDefinitions": [ { "memory": 32, "essential": true, "entryPoint": ["ping"], "name": "alpine_ping", "readonlyRootFilesystem": true, "image": "alpine:3.4", "command": [ "-c", "4", "example.com" ], "cpu": 16 } ], "family": "example_task_2" }

容器依赖项

此代码段展示了具有多个容器(其中指定了容器依赖项)的任务定义的语法。在以下任务定义中,envoy 容器必须达到正常运行状态(由必需的容器运行状况检查参数决定),然后 app 容器才能启动。有关更多信息,请参阅 容器依赖项

{ "family": "appmesh-gateway", "runtimePlatform": { "operatingSystemFamily": "LINUX" }, "proxyConfiguration":{ "type": "APPMESH", "containerName": "envoy", "properties": [ { "name": "IgnoredUID", "value": "1337" }, { "name": "ProxyIngressPort", "value": "15000" }, { "name": "ProxyEgressPort", "value": "15001" }, { "name": "AppPorts", "value": "9080" }, { "name": "EgressIgnoredIPs", "value": "169.254.170.2,169.254.169.254" } ] }, "containerDefinitions": [ { "name": "app", "image": "application_image", "portMappings": [ { "containerPort": 9080, "hostPort": 9080, "protocol": "tcp" } ], "essential": true, "dependsOn": [ { "containerName": "envoy", "condition": "HEALTHY" } ] }, { "name": "envoy", "image": "840364872350.dkr.ecr.region-code.amazonaws.com/aws-appmesh-envoy:v1.15.1.0-prod", "essential": true, "environment": [ { "name": "APPMESH_VIRTUAL_NODE_NAME", "value": "mesh/meshName/virtualNode/virtualNodeName" }, { "name": "ENVOY_LOG_LEVEL", "value": "info" } ], "healthCheck": { "command": [ "CMD-SHELL", "echo hello" ], "interval": 5, "timeout": 2, "retries": 3 } } ], "executionRoleArn": "arn:aws:iam::123456789012:role/ecsTaskExecutionRole", "networkMode": "awsvpc" }

Windows 示例任务定义

以下示例任务定义可帮助您在 Amazon ECS 上开始使用 Windows 容器。

例 适用于 Windows 的 Amazon ECS 控制台示例应用程序

以下任务定义是 Amazon ECS 的首次运行向导中生成的 Amazon ECS 控制台示例应用程序;它已转为使用 microsoft/iis Windows 容器映像。

{ "family": "windows-simple-iis", "containerDefinitions": [ { "name": "windows_sample_app", "image": "mcr.microsoft.com/windows/servercore/iis", "cpu": 1024, "entryPoint":["powershell", "-Command"], "command":["New-Item -Path C:\\inetpub\\wwwroot\\index.html -Type file -Value '<html> <head> <title>Amazon ECS Sample App</title> <style>body {margin-top: 40px; background-color: #333;} </style> </head><body> <div style=color:white;text-align:center> <h1>Amazon ECS Sample App</h1> <h2>Congratulations!</h2> <p>Your application is now running on a container in Amazon ECS.</p>'; C:\\ServiceMonitor.exe w3svc"], "portMappings": [ { "protocol": "tcp", "containerPort": 80 } ], "memory": 1024, "essential": true } ], "networkMode": "awsvpc", "memory": "1024", "cpu": "1024" }