FullStackHero AWS部署:ECS容器服务集成指南
项目地址: https://gitcode.com/GitHub_Trending/do/dotnet-starter-kit 概述
FullStackHero .NET 8 Starter Kit是一个生产级云就绪的Web API + Blazor客户端解决方案,支持多租户架构。本文将详细介绍如何将FullStackHero项目部署到AWS ECS(Elastic Container Service)容器服务,实现高可用、可扩展的云原生部署。
架构设计
前置要求
环境准备
- AWS账户及CLI配置
- Terraform 1.0+
- Docker Desktop
- .NET 8 SDK
基础设施组件
| 组件 | 用途 | 配置示例 |
|---|---|---|
| ECS Cluster | 容器编排集群 | Fargate模式 |
| RDS PostgreSQL | 数据库服务 | Aurora PostgreSQL |
| ALB | 负载均衡 | HTTP/HTTPS |
| VPC | 网络隔离 | 公有/私有子网 |
| IAM | 权限管理 | 任务执行角色 |
Terraform配置详解
ECS任务定义
resource "aws_ecs_task_definition" "api_ecs_task" {
family = "dotnet-webapi"
network_mode = "awsvpc"
requires_compatibilities = ["FARGATE"]
cpu = 512
memory = 1024
task_role_arn = aws_iam_role.ecs_task_role.arn
execution_role_arn = aws_iam_role.ecs_task_execution_role.arn
container_definitions = jsonencode([{
name = "dotnet-webapi"
image = "iammukeshm/dotnet-webapi:latest"
cpu = 512
memory = 1024
essential = true
environment = [
{ "name" : "ASPNETCORE_ENVIRONMENT", "value" : "staging" },
{ "name" : "DatabaseSettings__ConnectionString",
"value" : "Host=${aws_db_instance.postgres.endpoint};Port=5432;Database=fshdb;Username=posgresqladmin;Password=posgresqladmin;Include Error Detail=true" },
{ "name" : "DatabaseSettings__DBProvider", "value" : "postgresql" }
]
logConfiguration = {
"logDriver" : "awslogs",
"options" : {
"awslogs-region" : "ap-south-1",
"awslogs-group" : "fsh/dotnet-webapi",
"awslogs-stream-prefix" : "fsh-api"
}
},
portMappings = [{ "containerPort" : 80, "hostPort" : 80 }]
}])
}
ECS服务配置
resource "aws_ecs_service" "api_ecs_service" {
name = "dotnet-webapi"
cluster = aws_ecs_cluster.cluster.id
task_definition = aws_ecs_task_definition.api_ecs_task.arn
launch_type = "FARGATE"
desired_count = 1
load_balancer {
target_group_arn = aws_lb_target_group.fsh_api_tg.arn
container_name = "dotnet-webapi"
container_port = 80
}
network_configuration {
subnets = [aws_subnet.private_east_a.id, aws_subnet.private_east_b.id]
security_groups = [aws_security_group.lb.id]
assign_public_ip = true
}
}
环境变量配置
关键环境变量表
| 环境变量 | 用途 | 示例值 |
|---|---|---|
| ASPNETCORE_ENVIRONMENT | 运行环境 | staging/production |
| DatabaseSettings__ConnectionString | 数据库连接字符串 | Host=xxx.rds.amazonaws.com;Port=5432 |
| DatabaseSettings__DBProvider | 数据库类型 | postgresql |
| HangfireSettings__Storage__ConnectionString | Hangfire存储连接 | 同数据库连接 |
| HangfireSettings__Storage__StorageProvider | Hangfire存储类型 | postgresql |
部署流程
步骤1:基础设施部署
# 初始化Terraform
terraform init
# 规划部署
terraform plan -var-file=staging/terraform.tfvars
# 应用配置
terraform apply -var-file=staging/terraform.tfvars -auto-approve
步骤2:Docker镜像构建与推送
# 构建镜像
docker build -t fullstackhero-webapi .
# 标记镜像
docker tag fullstackhero-webapi:latest \
YOUR_AWS_ACCOUNT_ID.dkr.ecr.REGION.amazonaws.com/fullstackhero-webapi:latest
# 推送至ECR
docker push YOUR_AWS_ACCOUNT_ID.dkr.ecr.REGION.amazonaws.com/fullstackhero-webapi:latest
步骤3:服务更新
# 更新ECS服务
aws ecs update-service \
--cluster fullstackhero \
--service dotnet-webapi \
--force-new-deployment
监控与日志
CloudWatch日志配置
{
"logDriver": "awslogs",
"options": {
"awslogs-region": "ap-south-1",
"awslogs-group": "fsh/dotnet-webapi",
"awslogs-stream-prefix": "fsh-api"
}
}
健康检查配置
variable "enable_health_check" {
type = bool
default = true
}
variable "health_check_endpoint" {
type = string
default = "/api/health"
}
安全最佳实践
IAM角色权限
resource "aws_iam_role" "ecs_task_execution_role" {
name = "ecs-task-execution-role"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [{
Action = "sts:AssumeRole"
Effect = "Allow"
Principal = {
Service = "ecs-tasks.amazonaws.com"
}
}]
})
}
网络安全组
resource "aws_security_group" "lb" {
name = "fsh-security-group"
vpc_id = aws_vpc.project_ecs.id
ingress {
protocol = "tcp"
from_port = 80
to_port = 80
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
故障排除
常见问题及解决方案
| 问题 | 原因 | 解决方案 |
|---|---|---|
| 容器启动失败 | 环境变量配置错误 | 检查ECS任务定义的环境变量 |
| 数据库连接超时 | 安全组规则限制 | 确保RDS安全组允许ECS访问 |
| 日志无法查看 | IAM权限不足 | 检查ECS执行角色的CloudWatch权限 |
| 健康检查失败 | 应用未正确响应 | 验证/health端点配置 |
性能优化建议
资源分配策略
# CPU和内存配置
variable "api_container_cpu" {
type = number
default = 512 # 0.5 vCPU
}
variable "api_container_memory" {
type = number
default = 1024 # 1GB内存
}
自动扩展配置
# 可根据CPU利用率自动扩展
resource "aws_appautoscaling_target" "ecs_target" {
max_capacity = 4
min_capacity = 1
resource_id = "service/${aws_ecs_cluster.cluster.name}/${aws_ecs_service.api_ecs_service.name}"
scalable_dimension = "ecs:service:DesiredCount"
service_namespace = "ecs"
}
总结
通过本文的指南,您可以成功将FullStackHero .NET 8 Starter Kit部署到AWS ECS服务。这种部署方式提供了:
- 高可用性:通过多可用区部署确保服务连续性
- 弹性扩展:根据负载自动调整容器数量
- 安全隔离:VPC网络和安全组提供网络保护
- 集中监控:CloudWatch集成提供完整的可观测性
- 成本优化:Fargate按需计费,无需管理底层基础设施
建议在生产环境中进一步配置:
- HTTPS证书和ALB监听器
- 数据库读写分离
- 蓝绿部署策略
- 更细粒度的监控告警
通过遵循本指南,您将获得一个生产就绪的FullStackHero云原生部署架构。
创作声明:本文部分内容由AI辅助生成(AIGC),仅供参考
