-
Notifications
You must be signed in to change notification settings - Fork 199
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add ECS Metadata Integration Test for detect changes in ECS Container…
… Agent Metadata Endpoint (#458) * Initial commit for ecs * Add basic for fargate with terraform * Fix typo for CWAgent config * Add some tpl files for task def * Add new policy * Add basic components for CWAgent fargate on terraform * Finish formating terraform * Add basic testing * Add basic testing * fix some constraint * change to us west-2 * Add emf processor for config and sample app * Add redis sample app * Add redis sample app * Add basic testing for ecs fargate * reduce variables * Add readme doc and use make fmt * Add basic integration test on github workflow * delete xtool * Fix json config for default and ecs * Add ecs linux fargate and integration test * Change image repo again * Test integration test workflow * Delete branchs for testing * Test workflow * Fix tag for build docker image * Change back to format * Add back build constraints * Change to use test cwl * Change name to ecs fargate * Change to path go.mod * Fix variables and fix default extra app * Delete retry for testing * Add lock * Add unique for service role * Test and fixing readme * Add security group * Fix path testing * Test ecs * test for success path * Test again with go * Test again for constraints * Test again * Add basic testing * Change to cwagent integration test * Add back from source * Fix deprecated vpc and fix cloudwatch agent config issue * Fix cloudwatch agent issues * Add back check_secrets * Add back ECS fargate
- Loading branch information
Showing
27 changed files
with
848 additions
and
16 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
[ | ||
] |
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
fmt: | ||
terraform fmt -recursive | ||
|
||
check-fmt: | ||
terraform fmt -recursive -check |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
Running ECS Fargate Integration Tests | ||
========================= | ||
|
||
## 1. How ECS Fargate are set up? | ||
**Step 1:** Create a Fargate ECS Cluster with the default VPC Network. | ||
**Step 2:** Create a security group to assign to the service in step 5 which allows all inbound | ||
traffics and outbound traffics | ||
**Step 3:** Create a IAM Role and IAM Execution Role for the containers to pull the image and | ||
execute their purposes | ||
**Step 4:** Create a [task definition](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definitions.html) | ||
to decide which containers serve a specific task and assign the IAM roles in step 3 to the containers | ||
**Step 5:** Create a [service](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html) which configure | ||
how many tasks are running in parallel and ensure availability of the task. | ||
|
||
## 2. Setup resources | ||
By running `terraform apply -auto-approve -lock=false`, | ||
you agree to setup the following resources: | ||
* 1 IAM Task Role and 1 Execution Task Role (similar to [these IAM Roles](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/deploy_servicelens_CloudWatch_agent_deploy_ECS.html)) | ||
* 2 SSM Parameter Store | ||
* 2 Task Definitions and 2 Services for those task definitions | ||
* 1 Security group which allows all inbound and outbound traffics. | ||
|
||
To be more specifically, | ||
* **IAM Task Role:** Contain the following policy | ||
* **CloudWatchAgentPolicy:** CloudWatchAgent's related actions | ||
* **service_discovery_police:** For describe ECS tasks and services | ||
```json | ||
{ | ||
"Statement": [ | ||
{ | ||
"Action": [ | ||
"ecs:ListTasks", | ||
"ecs:ListServices", | ||
"ecs:DescribeTasks", | ||
"ecs:DescribeTaskDefinition", | ||
"ecs:DescribeServices", | ||
"ecs:DescribeContainerInstances", | ||
"ec2:DescribeInstances" | ||
], | ||
"Effect": "Allow", | ||
"Resource": "*", | ||
"Sid": "" | ||
} | ||
], | ||
"Version": "2012-10-17" | ||
} | ||
``` | ||
|
||
* **IAM Execution Task Role:** Contain the following policy | ||
* **AmazonECSTaskExecutionRolePolicy:** Pull CloudWatch Agent's image and extra app's image from ECR. | ||
* **AmazonSSMReadOnlyAccess:** Pull Cloudwatch Agent's and Prometheus's config from SSM Parameter Store. | ||
* **CloudWatchAgent Parameter Store:** Store CloudWatchAgent's configuration and CloudWatchAgent will pull the config from there. [Example configuration](default_resources/default_amazon_cloudwatch_agent.json) | ||
* **Prometheus Parameter Store:** Store Prometheus's configuration and CloudWatchAgent will pull the config from there. [Example configuration](default_resources/default_ecs_prometheus.tpl) | ||
|
||
## 3. Run tests in your AWS account | ||
```` | ||
cd integration/terraform/ecs && terraform init && terraform apply -auto-approve \ | ||
-var="test_dir={{your test case folder name}} \ | ||
```` | ||
|
||
Don't forget to clean up your resources after integration test has passed: | ||
```` | ||
terraform destroy -auto-approve | ||
```` |
31 changes: 31 additions & 0 deletions
31
integration/terraform/ecs/linux/default_resources/default_amazon_cloudwatch_agent.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
{ | ||
"logs": { | ||
"metrics_collected": { | ||
"prometheus": { | ||
"prometheus_config_path": "env:PROMETHEUS_CONFIG_CONTENT", | ||
"ecs_service_discovery": { | ||
"sd_frequency": "1m", | ||
"sd_result_file": "/tmp/cwagent_ecs_auto_sd.yaml", | ||
"docker_label": {} | ||
}, | ||
"emf_processor": { | ||
"metric_declaration": [ | ||
{ | ||
"source_labels": ["container_name"], | ||
"label_matcher": "^redis-exporter-.*$", | ||
"dimensions": [["ClusterName","TaskDefinitionFamily"]], | ||
"metric_selectors": [ | ||
"^redis_net_(in|out)put_bytes_total$", | ||
"^redis_(expired|evicted)_keys_total$", | ||
"^redis_keyspace_(hits|misses)_total$", | ||
"^redis_memory_used_bytes$", | ||
"^redis_connected_clients$" | ||
] | ||
} | ||
] | ||
} | ||
} | ||
}, | ||
"force_flush_interval": 5 | ||
} | ||
} |
8 changes: 8 additions & 0 deletions
8
integration/terraform/ecs/linux/default_resources/default_ecs_prometheus.tpl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
global: | ||
scrape_interval: 1m | ||
scrape_timeout: 10s | ||
scrape_configs: | ||
- job_name: cwagent-ecs-file-sd-config | ||
sample_limit: 10000 | ||
file_sd_configs: | ||
- files: [ "/tmp/cwagent_ecs_auto_sd.yaml" ] |
Oops, something went wrong.