Amazon-Web-Services

AWS Fargate 任務未通過 ELB 執行狀況檢查

  • November 1, 2019

如何進一步排除故障?我正在嘗試執行一個簡單的 nginx 容器,但負載均衡器抱怨執行狀況檢查失敗並且任務沒有響應其 ip 號,可能是因為負載均衡器出錯。

我在 cloudformation 中將任務的優先級設置為 2。如果我嘗試將優先級設置為 1,則 CF 堆棧無法部署。這可能與它有關嗎?

# Create a rule on the load balancer for routing traffic to the target group
 LoadBalancerRule:
   Type: AWS::ElasticLoadBalancingV2::ListenerRule
   Properties:
     Actions:
       - TargetGroupArn: !Ref 'TargetGroup'
         Type: 'forward'
     Conditions:
       - Field: path-pattern
         Values: [!Ref 'Path']
     ListenerArn: 
       Fn::ImportValue: !Ref LoadBalancerListener
     Priority: !Ref 'Priority'

資源如下所示:

Resources:

 # The task definition. This is a simple metadata description of what
 # container to run, and what resource requirements it has.
 TaskDefinition:
   Type: AWS::ECS::TaskDefinition
   Properties:
     Family: nginx
     Cpu: 256
     Memory: 512
     NetworkMode: awsvpc
     RequiresCompatibilities:
       - FARGATE
     ContainerDefinitions:
       - Name: nginx
         Cpu: 128
         Memory: 256
         Image: nginx
         PortMappings:
           - ContainerPort: 80

 Service:
   Type: AWS::ECS::Service
   DependsOn: LoadBalancerRule
   Properties:
     ServiceName: !Ref 'ServiceName'
     Cluster: 
       Fn::ImportValue: !Ref EcsCluster
     LaunchType: FARGATE
     DeploymentConfiguration:
       MaximumPercent: 200
       MinimumHealthyPercent: 75
     DesiredCount: !Ref 'DesiredCount'
     NetworkConfiguration:
       AwsvpcConfiguration:
         AssignPublicIp: ENABLED
         SecurityGroups: 
           - !Ref EcsHostSecurityGroup
         Subnets:
           - !ImportValue core-vpc-PublicSubnet1AID
           - !ImportValue core-vpc-PublicSubnet1BID
     TaskDefinition: !Ref 'TaskDefinition'
     LoadBalancers:
       - ContainerName: !Ref 'ServiceName'
         ContainerPort: 80
         TargetGroupArn: !Ref TargetGroup

 TargetGroup:
   Type: AWS::ElasticLoadBalancingV2::TargetGroup
   Properties:
     HealthCheckIntervalSeconds: 6
     HealthCheckPath: /
     HealthCheckProtocol: HTTP
     HealthCheckTimeoutSeconds: 5
     HealthyThresholdCount: 2
     TargetType: ip
     Name: !Ref 'ServiceName'
     Port: !Ref 'ContainerPort'
     Protocol: HTTP
     UnhealthyThresholdCount: 2
     VpcId: !ImportValue core-vpc-VPCID



 # This security group defines who/where is allowed to access the ECS hosts directly.
 # By default we're just allowing access from the load balancer.  If you want to SSH
 # into the hosts, or expose non-load balanced services you can open their ports here.
 EcsHostSecurityGroup:
   Type: AWS::EC2::SecurityGroup
   Properties:
     VpcId: !ImportValue core-vpc-VPCID
     GroupDescription: Access to the ECS hosts and the tasks/containers that run on them
     SecurityGroupEgress:
       - CidrIp: 0.0.0.0/0
         IpProtocol: "-1"
     SecurityGroupIngress:
     - IpProtocol: tcp
       FromPort: '443'
       ToPort: '443'
       CidrIp: 138.106.0.0/16

# Create a rule on the load balancer for routing traffic to the target group
 LoadBalancerRule:
   Type: AWS::ElasticLoadBalancingV2::ListenerRule
   Properties:
     Actions:
       - TargetGroupArn: !Ref 'TargetGroup'
         Type: 'forward'
     Conditions:
       - Field: path-pattern
         Values: [!Ref 'Path']
     ListenerArn: 
       Fn::ImportValue: !Ref LoadBalancerListener
     Priority: !Ref 'Priority'

您沒有在模板中包含實際的負載均衡器。請包括在內,以獲得完整的答案。

您的問題很可能是您的負載均衡器(很可能在您的子網中具有私有 IP 並與之通信)不允許與您的 ECS 實例通信,因為它們只允許來自138.106.0.0/16.

對於其他可能面臨同樣問題的人:

您為執行狀況檢查配置的路由可能存在問題。

您配置的路由應該返回一個success response(status : 200)on GET呼叫。

如果"/"是您為健康檢查配置的路由,請確保您的GET呼叫yourwebsitename.com/返回200狀態碼。

同樣,如果"/health-check"您配置了健康檢查,請確保您的GET呼叫yourwebsitename.com/health-check返回一個200狀態碼。

引用自:https://serverfault.com/questions/949675