services.x-network ¶
services:
serviceA:
x-network:
AssignPublicIp: bool
Ingress: {}
x-cloudmap: {}
AssignPublicIp ¶
This flag allows to assign an Elastic IP to the container when using
awsvpc
networking mode.
Hint
Make sure to set your service to be in a subnet that use an
Internet
Gateway
, such as
PublicSubnets
, otherwise
routing won’t work.
Tip
See Deploy services with EIP on public subnets to have a full example of how to implement this feature.
Tip
To select which subnets to place the services, see networks
Ingress ¶
This allows you to define specific ingress control from external sources to your environment. For example, if you have to whitelist IP addresses that are to be allowed communication to the services, you can list these, and indicate their name which will be shown in the EC2 security group description of the ingress rule.
Ingress Syntax reference ¶
Ingress:
ExtSources: []
AwsSources: []
Myself: True/False
services:
app01:
x-network:
Ingress:
ExtSources:
- IPv4: 0.0.0.0/0
Name: all
- IPv4: 1.1.1.1/32
Source_name: CloudFlareDNS
AwsSources:
- Type: SecurityGroup
Id: sg-abcd
- Type: PrefixList
Id: pl-abcd
Myself: True/False
Tip
You can define the SG from another AWS account by setting
AccountOwner
in the Security group definition.
Tip
You can define which ports to open per source using the
Ports
list.
Hint
If you enter a port number that is not in the
Ports
list, it will be ignored.
Hint
The protocol is automatically detected based on the port definition. By default, it is TCP
Hint
To see details about the Ingress for Load Balancers, refer to Ingress
Hint
When using an ALB, you do not need to define that ALB security group etc., all inbound rules will be defined automatically to allow the ALB to communicate with your service!
x-cloudmap ¶
Refer to x-cloudmap for more details on how to use it.
Map VPC subnets to docker-compose networks ¶
networks:
internal:
x-vpc: InteralCustomSubnets
x-vpc:
VpcId:
Tags: []
AppSubnets:
Tags: []
PublicSubnets:
Tags: []
StorageSubnets:
Tags: []
InteralCustomSubnets:
Tags: []
services:
serviceA:
networks: [internal]
JSON Schema ¶
Model ¶
services.x-network specification ¶
services.x-network |
|||||
The services.x-network specification for ComposeX |
|||||
type |
object |
||||
properties |
|||||
|
type |
boolean |
|||
|
Define additional security groups to use. |
||||
type |
object |
||||
patternProperties |
|||||
|
The definition of the security group to use |
||||
oneOf |
The security group ID to use. It must belong to the same VPC you are deploying to |
||||
type |
string |
||||
x-resources.common.spec.json#/definitions/Lookup |
|||||
additionalProperties |
False |
||||
|
oneOf |
When you want to register the service into CloudMap. First port listed in ports[] used. |
|||
type |
string |
||||
Allows you to register the service to multiple registries, and/or use a specific port. |
|||||
type |
object |
||||
patternProperties |
|||||
|
The name of the object is the name of the x-cloudmap::<map>. |
||||
type |
object |
||||
properties |
|||||
|
The port to register in SRV record |
||||
type |
number |
||||
maximum |
65535 |
||||
minimum |
0 |
||||
|
Name of the service. Do not include the cloudmap hostname. Overrides the ecs.task.family.hostname deploy label |
||||
type |
string |
||||
additionalProperties |
False |
||||
additionalProperties |
False |
||||
|
ingress.spec.json |
||||
additionalProperties |
False |
||||
definitions |
Definition ¶
{
"$schema": "http://json-schema.org/draft-07/schema#",
"id": "services.x-network",
"$id": "services.x-network.spec.json",
"type": "object",
"title": "services.x-network specification",
"description": "The services.x-network specification for ComposeX",
"additionalProperties": false,
"properties": {
"AssignPublicIp": {
"type": "boolean"
},
"AdditionalSecurityGroups": {
"description": "Define additional security groups to use.",
"type": "object",
"additionalProperties": false,
"patternProperties": {
"^[a-zA-Z0-9._-]+$": {
"description": "The definition of the security group to use",
"oneOf": [
{
"type": "string",
"description": "The security group ID to use. It must belong to the same VPC you are deploying to"
},
{
"$ref": "x-resources.common.spec.json#/definitions/Lookup"
}
]
}
}
},
"x-cloudmap": {
"oneOf": [
{
"type": "string",
"description": "When you want to register the service into CloudMap. First port listed in ports[] used."
},
{
"type": "object",
"description": "Allows you to register the service to multiple registries, and/or use a specific port.",
"additionalProperties": false,
"patternProperties": {
"[a-zA-Z0-9-_.]+$": {
"type": "object",
"description": "The name of the object is the name of the x-cloudmap::<map>.",
"additionalProperties": false,
"required": [
"Port"
],
"properties": {
"Port": {
"description": "The port to register in SRV record",
"type": "number",
"minimum": 0,
"maximum": 65535
},
"Name": {
"type": "string",
"description": "Name of the service. Do not include the cloudmap hostname. Overrides the ecs.task.family.hostname deploy label"
}
}
}
}
}
]
},
"Ingress": {
"$ref": "ingress.spec.json"
}
},
"definitions": {
}
}