container initial port

[davidlondono]

The initial port 5000 cannot be deployed as the initial image doesn't have this port enabled and fail to health check

[jasonmimick-aws]

Hi @davidlondono -

Thanks for reporting the issue you're facing.

There is an addPortMappings section in the cdk code which should accomplish this. See https://github.com/search?q=repo%3Aaws-samples%2Famazon-ecs-fargate-cdk-v2-cicd%205000&type=code

Possibly something has changed in the CDK libs or how things are getting deployed.

Do you have any more information, logs, or details you can share?

Feel free to ping me on slack @mimjasov

[rverton]

Hi @jasonmimick-aws,
but there is no http service (with a /health endpoint) for the amazonlinux:2022 image running on port 5000, so the initial deployment will get stuck when ECS is provisioned, isn't it?

amazon-ecs-fargate-cdk-v2-cicd/cdk-v2/lib/ecs_cdk-stack.ts

Line 93 in a1ad3e7

const baseImage = 'public.ecr.aws/amazonlinux/amazonlinux:2022'

Thanks

[saurabhmarwaha]

@jasonmimick-aws My stack is also stuck in progress endlessly. Is there a different image and port number we can use for initial deployment?

[rverton]

Hey @saurabhmarwaha,
you can use public.ecr.aws/nginx/nginx-unprivileged as a 'dummy' container. I'm using it with port 8080. If you want/need port 80, you can use http://public.ecr.aws/nginx/nginx. They are also available as ARM containers.

[saurabhmarwaha]

@rverton Container / Task is still taking unusually longer with below changes due to which stack continues to be In progress status. Is that how you are using a dummy container.

const baseImage = 'public.ecr.aws/nginx/nginx-unprivileged'

container.addPortMappings({
  containerPort: **8080**,
  protocol: ecs.Protocol.TCP
});

[rverton]

@rverton Container / Task is still taking unusually longer with below changes due to which stack continues to be In progress status. Is that how you are using a dummy container.

const baseImage = 'public.ecr.aws/nginx/nginx-unprivileged'

container.addPortMappings({
  containerPort: **8080**,
  protocol: ecs.Protocol.TCP
});

You also need to adjust the health check because the nginx container will not have a /health endpoint:

    const fgService = new ecs_patterns.ApplicationLoadBalancedFargateService(this, `${id}-ecs-service`, {
      cluster,
      // ...
    });

    fgService.targetGroup.configureHealthCheck({
      path: "/",
    });

[saurabhmarwaha]

Still no progress. Stack is stuck in progress and task stopped eventually

const baseImage = 'public.ecr.aws/nginx/nginx-unprivileged'
const container = taskDef.addContainer('nodejs-docker-example', {
  image: ecs.ContainerImage.fromRegistry(baseImage),
  memoryLimitMiB: 256,
  cpu: 256,
  logging
});

container.addPortMappings({
  containerPort: 8080,
  protocol: ecs.Protocol.TCP
});

const fargateService = new ecs_patterns.ApplicationLoadBalancedFargateService(this, "ecs-service", {
  cluster: cluster,
  taskDefinition: taskDef,
  publicLoadBalancer: true,
  desiredCount: 1,
  listenerPort: 80,
});

fargateService.targetGroup.configureHealthCheck({
  path: "/",
});

Task stopped at: 2024-01-30T08:41:02.149Z
CannotPullContainerError: pull image manifest has been retried 5 time(s): failed to resolve ref public.ecr.aws/nginx/nginx-unprivileged:latest: failed to do request: Head "https://public.ecr.aws/v2/nginx/nginx-unprivileged/manifests/latest": dial tcp 75.2.101.78:443: i/o timeout

[rverton]

As I understand this error, ECS is not able to pull the container. Does your ECS service have a route to the public ECR repository?

[saurabhmarwaha]

@rverton I believe you mean if subnet where cluster is created have access to Internet (IGW). I will check the routing and will verify.
Could be related to Auto-assign public IP.

Will come back to in a few hours..Here it's 4:00 am..Getting some sleep...:)