blob: c4d8acc56d9b92f78e7694fd6ec1c916b0e43258 [file] [log] [blame]
AWSTemplateFormatVersion: '2010-09-09'
Description: Deploy a service into an ECS cluster behind a public load balancer.
Parameters:
LBServiceName:
Type: String
Default: gerrit-load-balancer
ClusterStackName:
Description: Stack name of the ECS cluster to deploy the services
Type: String
Default: gerrit-cluster
EnvironmentName:
Description: An environment name used to build the log stream names
Type: String
Default: test
HAProxyDockerImage:
Description: HAProxy Docker image
Type: String
Default: aws-gerrit/haproxy:latest
SidecarDockerImage:
Description: Syslog sidecar Docker image
Type: String
Default: aws-gerrit/syslog-sidecar:latest
DockerRegistryUrl:
Description: Docker registry URL
Type: String
DesiredCount:
Description: How many instances of this task should we run across our cluster?
Type: Number
Default: 1
HTTPGerritPort:
Description: Gerrit HTTP port
Type: Number
Default: 8080
SSHGerritPort:
Description: Gerrit SSH port
Type: Number
Default: 29418
HTTPContainerPort:
Description: Gerrit HTTP port
Type: Number
Default: 80
HTTPSHostPort:
Description: Gerrit HTTPS port
Type: Number
Default: 443
HTTPHostPort:
Description: HAProxy HTTP port
Type: Number
Default: 80
CertificateArn:
Description: SSL Certificates ARN
Type: String
HostedZoneName:
Description: The route53 HostedZoneName.
Type: String
Subdomain:
Description: The subdomain of the Gerrit cluster
Type: String
Default: gerrit-dual-master
GerritKeyPrefix:
Description: Gerrit credentials keys prefix
Type: String
Master1ServiceStackName:
Description: Stack name of the ECS Master Gerrit service
Type: String
Default: gerrit-service-master-1
Master2ServiceStackName:
Description: Stack name of the ECS Master Gerrit service
Type: String
Default: gerrit-service-master-2
SyslogSidecarServiceName:
Description: HAPRoxy Syslog Sidecar service name
Type: String
Default: gerrit-haproxy-sidecar
Resources:
LBService:
Type: AWS::ECS::Service
DependsOn:
- HTTPListener
Properties:
Cluster:
Fn::ImportValue:
!Join [':', [!Ref 'ClusterStackName', 'ClusterName']]
DesiredCount: !Ref DesiredCount
TaskDefinition: !Ref TaskDefinition
LoadBalancers:
- ContainerName: !Ref LBServiceName
ContainerPort: !Ref HTTPContainerPort
TargetGroupArn: !Ref HTTPTargetGroup
TaskDefinition:
Type: AWS::ECS::TaskDefinition
Properties:
Family: !Sub '${LBServiceName}TaskDefinition'
TaskRoleArn: !GetAtt ECSTaskExecutionRoleStack.Outputs.TaskExecutionRoleRef
ExecutionRoleArn: !GetAtt ECSTaskExecutionRoleStack.Outputs.TaskExecutionRoleRef
NetworkMode: bridge
ContainerDefinitions:
- Name: !Ref LBServiceName
Essential: true
Image: !Sub '${DockerRegistryUrl}/${HAProxyDockerImage}'
Environment:
- Name: GERRIT_MASTER_1_URL
Value:
Fn::ImportValue: !Join [':', [!Ref 'Master1ServiceStackName', 'PublicLoadBalancerDNSName']]
- Name: GERRIT_MASTER_2_URL
Value:
Fn::ImportValue: !Join [':', [!Ref 'Master2ServiceStackName', 'PublicLoadBalancerDNSName']]
- Name: SYSLOG_SIDECAR
Value: !Ref SyslogSidecarServiceName
Cpu: 1024
Memory: 2048
PortMappings:
- ContainerPort: !Ref HTTPContainerPort
HostPort: !Ref HTTPHostPort
Protocol: tcp
Links:
- !Ref SyslogSidecarServiceName
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-group: !Ref ClusterStackName
awslogs-region: !Ref AWS::Region
awslogs-stream-prefix: !Ref EnvironmentName
- Name: !Ref SyslogSidecarServiceName
Essential: true
Image: !Sub '${DockerRegistryUrl}/${SidecarDockerImage}'
Cpu: 256
Memory: 512
LogConfiguration:
LogDriver: awslogs
Options:
awslogs-group: !Ref ClusterStackName
awslogs-region: !Ref AWS::Region
awslogs-stream-prefix: !Ref EnvironmentName
ECSTaskExecutionRoleStack:
Type: AWS::CloudFormation::Stack
Properties:
TemplateURL: https://aws-gerrit-cf-templates.s3.amazonaws.com/cf-gerrit-task-execution-role.yml
TimeoutInMinutes: '5'
LoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
Type: network
Scheme: internet-facing
Subnets:
- Fn::ImportValue:
!Join [':', [!Ref 'ClusterStackName', 'PublicSubnetOne']]
Tags:
- Key: Name
Value: !Join ['-', [!Ref 'EnvironmentName', !Ref 'LBServiceName', 'alb']]
HTTPTargetGroup:
Type: AWS::ElasticLoadBalancingV2::TargetGroup
DependsOn: LoadBalancer
Properties:
VpcId:
Fn::ImportValue:
!Join [':', [!Ref 'ClusterStackName', 'VPCId']]
Port: !Ref HTTPHostPort
Protocol: TCP
HTTPListener:
Type: AWS::ElasticLoadBalancingV2::Listener
DependsOn: LoadBalancer
Properties:
Certificates:
- CertificateArn: !Ref CertificateArn
DefaultActions:
- Type: forward
TargetGroupArn: !Ref HTTPTargetGroup
LoadBalancerArn: !Ref LoadBalancer
Port: !Ref HTTPSHostPort
Protocol: TLS
Outputs:
PublicLoadBalancerDNSName:
Description: The DNS name of the external load balancer
Value: !GetAtt 'LoadBalancer.DNSName'
Export:
Name: !Join [ ':', [ !Ref 'AWS::StackName', 'PublicLoadBalancerDNSName' ] ]
CanonicalHostedZoneID:
Description: Canonical Hosted Zone ID
Value: !GetAtt 'LoadBalancer.CanonicalHostedZoneID'
Export:
Name: !Join [ ':', [ !Ref 'AWS::StackName', 'CanonicalHostedZoneID' ] ]
PublicLoadBalancerUrl:
Description: The url of the external load balancer
Value: !Join ['', ['https://', !GetAtt 'LoadBalancer.DNSName']]
Export:
Name: !Join [ ':', [ !Ref 'AWS::StackName', 'PublicLoadBalancerUrl' ] ]
HostedZoneName:
Description: Route53 Hosted Zone name
Value: !Ref HostedZoneName
Export:
Name: !Join [ ':', [ !Ref 'AWS::StackName', 'HostedZoneName' ] ]
Subdomain:
Description: Service DNS subdomain
Value: !Ref Subdomain
Export:
Name: !Join [ ':', [ !Ref 'AWS::StackName', 'Subdomain' ] ]
CanonicalWebUrl:
Description: Canonical Web URL
Value: !Sub 'https://${Subdomain}.${HostedZoneName}'
Export:
Name: !Join [ ':', [ !Ref 'AWS::StackName', 'CanonicalWebUrl' ] ]