Amazon-Web-Services
AWS Fargate 任務未通過 ELB 執行狀況檢查
如何進一步排除故障?我正在嘗試執行一個簡單的 nginx 容器,但負載均衡器抱怨執行狀況檢查失敗並且任務沒有響應其 ip 號,可能是因為負載均衡器出錯。
我在 cloudformation 中將任務的優先級設置為 2。如果我嘗試將優先級設置為 1,則 CF 堆棧無法部署。這可能與它有關嗎?
# Create a rule on the load balancer for routing traffic to the target group LoadBalancerRule: Type: AWS::ElasticLoadBalancingV2::ListenerRule Properties: Actions: - TargetGroupArn: !Ref 'TargetGroup' Type: 'forward' Conditions: - Field: path-pattern Values: [!Ref 'Path'] ListenerArn: Fn::ImportValue: !Ref LoadBalancerListener Priority: !Ref 'Priority'資源如下所示:
Resources: # The task definition. This is a simple metadata description of what # container to run, and what resource requirements it has. TaskDefinition: Type: AWS::ECS::TaskDefinition Properties: Family: nginx Cpu: 256 Memory: 512 NetworkMode: awsvpc RequiresCompatibilities: - FARGATE ContainerDefinitions: - Name: nginx Cpu: 128 Memory: 256 Image: nginx PortMappings: - ContainerPort: 80 Service: Type: AWS::ECS::Service DependsOn: LoadBalancerRule Properties: ServiceName: !Ref 'ServiceName' Cluster: Fn::ImportValue: !Ref EcsCluster LaunchType: FARGATE DeploymentConfiguration: MaximumPercent: 200 MinimumHealthyPercent: 75 DesiredCount: !Ref 'DesiredCount' NetworkConfiguration: AwsvpcConfiguration: AssignPublicIp: ENABLED SecurityGroups: - !Ref EcsHostSecurityGroup Subnets: - !ImportValue core-vpc-PublicSubnet1AID - !ImportValue core-vpc-PublicSubnet1BID TaskDefinition: !Ref 'TaskDefinition' LoadBalancers: - ContainerName: !Ref 'ServiceName' ContainerPort: 80 TargetGroupArn: !Ref TargetGroup TargetGroup: Type: AWS::ElasticLoadBalancingV2::TargetGroup Properties: HealthCheckIntervalSeconds: 6 HealthCheckPath: / HealthCheckProtocol: HTTP HealthCheckTimeoutSeconds: 5 HealthyThresholdCount: 2 TargetType: ip Name: !Ref 'ServiceName' Port: !Ref 'ContainerPort' Protocol: HTTP UnhealthyThresholdCount: 2 VpcId: !ImportValue core-vpc-VPCID # This security group defines who/where is allowed to access the ECS hosts directly. # By default we're just allowing access from the load balancer. If you want to SSH # into the hosts, or expose non-load balanced services you can open their ports here. EcsHostSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: VpcId: !ImportValue core-vpc-VPCID GroupDescription: Access to the ECS hosts and the tasks/containers that run on them SecurityGroupEgress: - CidrIp: 0.0.0.0/0 IpProtocol: "-1" SecurityGroupIngress: - IpProtocol: tcp FromPort: '443' ToPort: '443' CidrIp: 138.106.0.0/16 # Create a rule on the load balancer for routing traffic to the target group LoadBalancerRule: Type: AWS::ElasticLoadBalancingV2::ListenerRule Properties: Actions: - TargetGroupArn: !Ref 'TargetGroup' Type: 'forward' Conditions: - Field: path-pattern Values: [!Ref 'Path'] ListenerArn: Fn::ImportValue: !Ref LoadBalancerListener Priority: !Ref 'Priority'
您沒有在模板中包含實際的負載均衡器。請包括在內,以獲得完整的答案。
您的問題很可能是您的負載均衡器(很可能在您的子網中具有私有 IP 並與之通信)不允許與您的 ECS 實例通信,因為它們只允許來自
138.106.0.0/16.
對於其他可能面臨同樣問題的人:
您為執行狀況檢查配置的路由可能存在問題。
您配置的路由應該返回一個
success response(status : 200)on GET呼叫。如果
"/"是您為健康檢查配置的路由,請確保您的GET呼叫yourwebsitename.com/返回200狀態碼。同樣,如果
"/health-check"您配置了健康檢查,請確保您的GET呼叫yourwebsitename.com/health-check返回一個200狀態碼。