ECS群集无法通过8080进行ALB健康检查

时间:2019-10-22 16:57:44

标签: amazon-web-services amazon-ecs amazon-elb amazon-alb

我有一个ECS Fargate集群,该集群用于与NLB的API Gateway VPC链接集成。我们已经切换到仅将域解析为ALB的DNS名称,并在TLS处终止了ALB。然后,它将流量通过http/8080路由到群集。自从此切换以来,任务一直在运行状况检查中失败。使用8080/tcp将运行状况检查设置为NLB时,它可以正常工作。使用ALB,运行状况检查为8080/http,现在它失败了。连接到群集的安全组允许来自ALB的流量超过8080。此外,我可以点击负载平衡器的DNS名称并获得预期的响应。因此,我知道它们实际上已经启动并运行并且运行良好。但是随后,它仍然无法通过运行状况检查,从而使任务被耗尽……这非常令人沮丧。我在下面粘贴了我的设置。

ECS Security Group:

resource "aws_security_group" "ecs_tasks" {
  name        = "ecs-tasks"
  description = "allow inbound access from the ALB only"
  vpc_id      = "${module.vpc.vpc_id}"

  ingress {
    protocol        = "TCP"
    from_port       = 8080
    to_port         = 8080
    security_groups = ["${aws_security_group.lb_sg.id}"]
  }

  egress {
    protocol    = "-1"
    from_port   = 0
    to_port     = 0
    cidr_blocks = ["0.0.0.0/0"]
  }
}

ALB, Listener, and Target Group:

resource "aws_lb" "api_lb" {
  name               = "api-lb"
  internal           = false
  load_balancer_type = "application"
  security_groups    = ["${aws_security_group.lb_sg.id}"]
  subnets            = ["${module.vpc.public_subnets}"]

  enable_deletion_protection = false

  tags = {
     Environment = "dev/demo"
   }
 }

resource "aws_lb_listener" "api_listener" {
  load_balancer_arn = "${aws_lb.api_lb.id}"
  port              = "443"
  protocol          = "HTTPS"
  ssl_policy        = "ELBSecurityPolicy-2016-08"
  certificate_arn   = "arn:aws:acm:us-east-1:12345678910:certificate/xxxxxx-yyyy-zzzz-aaa-bbbbbbb"

  default_action {
    target_group_arn = "${aws_lb_target_group.api_tg.id}"
    type             = "forward"
  }
}

resource "aws_lb_target_group" "api_tg" {
  name     = "api-tg"
  port     = 8080
  protocol = "HTTP"
  target_type = "ip"
  vpc_id   = "${module.vpc.vpc_id}"

  stickiness{
    enabled = false
    type = "lb_cookie"
  }
  health_check{
    interval = 120
    timeout  = 90
    port     = 8080
    protocol = "HTTP"
    healthy_threshold = 2
    unhealthy_threshold = 2
  }
}

Task Definition:

[   
  {
    "name": "myGOapi",
    "image": "12345678910.dkr.ecr.us-east-1.amazonaws.com/myapi:1.0",
    "cpu": 512,
    "memory": 1024,
    "essential": true,
    "portMappings": [
      {
        "hostPort": 8080,
        "containerPort": 8080
      }
    ],
    "logConfiguration": {
      "logDriver": "awslogs",
      "options": {
          "awslogs-group": "myapi",
          "awslogs-region": "us-east-1",
          "awslogs-stream-prefix": "api"
      }
    }
  }
]

0 个答案:

没有答案