AWS Fargate 任务未通过 ELB 运行状况检查

tag-icon tag-icon amazon-web-services amazon-elb amazon-cloudformation aws-fargate
AWS Fargate 任务未通过 ELB 运行状况检查

我该如何进一步排除故障?我正在尝试运行一个简单的 nginx 容器,但负载均衡器抱怨健康检查失败,并且任务没有响应其 IP 号码,这可能是由于负载均衡器出现错误。

我在 cloudformation 中将任务的优先级设置为 2。如果我尝试将优先级设置为 1,则 CF 堆栈部署失败。这与此有关吗?

# Create a rule on the load balancer for routing traffic to the target group
  LoadBalancerRule:
    Type: AWS::ElasticLoadBalancingV2::ListenerRule
    Properties:
      Actions:
        - TargetGroupArn: !Ref 'TargetGroup'
          Type: 'forward'
      Conditions:
        - Field: path-pattern
          Values: [!Ref 'Path']
      ListenerArn: 
        Fn::ImportValue: !Ref LoadBalancerListener
      Priority: !Ref 'Priority'

资源如下:

Resources:

  # The task definition. This is a simple metadata description of what
  # container to run, and what resource requirements it has.
  TaskDefinition:
    Type: AWS::ECS::TaskDefinition
    Properties:
      Family: nginx
      Cpu: 256
      Memory: 512
      NetworkMode: awsvpc
      RequiresCompatibilities:
        - FARGATE
      ContainerDefinitions:
        - Name: nginx
          Cpu: 128
          Memory: 256
          Image: nginx
          PortMappings:
            - ContainerPort: 80

  Service:
    Type: AWS::ECS::Service
    DependsOn: LoadBalancerRule
    Properties:
      ServiceName: !Ref 'ServiceName'
      Cluster: 
        Fn::ImportValue: !Ref EcsCluster
      LaunchType: FARGATE
      DeploymentConfiguration:
        MaximumPercent: 200
        MinimumHealthyPercent: 75
      DesiredCount: !Ref 'DesiredCount'
      NetworkConfiguration:
        AwsvpcConfiguration:
          AssignPublicIp: ENABLED
          SecurityGroups: 
            - !Ref EcsHostSecurityGroup
          Subnets:
            - !ImportValue core-vpc-PublicSubnet1AID
            - !ImportValue core-vpc-PublicSubnet1BID
      TaskDefinition: !Ref 'TaskDefinition'
      LoadBalancers:
        - ContainerName: !Ref 'ServiceName'
          ContainerPort: 80
          TargetGroupArn: !Ref TargetGroup

  TargetGroup:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    Properties:
      HealthCheckIntervalSeconds: 6
      HealthCheckPath: /
      HealthCheckProtocol: HTTP
      HealthCheckTimeoutSeconds: 5
      HealthyThresholdCount: 2
      TargetType: ip
      Name: !Ref 'ServiceName'
      Port: !Ref 'ContainerPort'
      Protocol: HTTP
      UnhealthyThresholdCount: 2
      VpcId: !ImportValue core-vpc-VPCID



  # This security group defines who/where is allowed to access the ECS hosts directly.
  # By default we're just allowing access from the load balancer.  If you want to SSH
  # into the hosts, or expose non-load balanced services you can open their ports here.
  EcsHostSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      VpcId: !ImportValue core-vpc-VPCID
      GroupDescription: Access to the ECS hosts and the tasks/containers that run on them
      SecurityGroupEgress:
        - CidrIp: 0.0.0.0/0
          IpProtocol: "-1"
      SecurityGroupIngress:
      - IpProtocol: tcp
        FromPort: '443'
        ToPort: '443'
        CidrIp: 138.106.0.0/16

# Create a rule on the load balancer for routing traffic to the target group
  LoadBalancerRule:
    Type: AWS::ElasticLoadBalancingV2::ListenerRule
    Properties:
      Actions:
        - TargetGroupArn: !Ref 'TargetGroup'
          Type: 'forward'
      Conditions:
        - Field: path-pattern
          Values: [!Ref 'Path']
      ListenerArn: 
        Fn::ImportValue: !Ref LoadBalancerListener
      Priority: !Ref 'Priority'

答案1

您未在模板中包含实际的负载均衡器。请将其包含在内,以获得完整答案。

你的问题很可能是你的负载均衡器(它很可能在你的子网中有一个私有 IP 并与其通信)不允许与你的 ECS 实例通信,因为它们只允许来自的流量138.106.0.0/16

答案2

对于其他人来说,可能面临同样的问题:

这可能是您为健康检查配置的路线存在问题。

您配置的路线应该success response(status : 200)返回得到称呼。

如果"/"是健康检查配置的路线,请确保您得到调用yourwebsitename.com/返回200状态代码。

同样,如果"/health-check"您配置了健康检查,请确保您得到调用yourwebsitename.com/health-check返回200状态代码。

相关内容