使用 EC2 而不是 FARGATE 启动类型启动容器

Container launches with EC2 instead of FARGATE launch type

我从头开始写了一个 cloudformation JSON 文件,但看起来有几个问题...

我观察到的基本上是2个问题

首先,我的 ECS 服务是 EC2 启动类型而不是 FARGATE,仪表板显示如下:

Status ACTIVE
Registered container instances 0
Pending tasks count 0 Fargate, 0 EC2
Running tasks count 0 Fargate, 0 EC2
Active service count 0 Fargate, 1 EC2
Draining service count  0 Fargate, 0 EC2

第二个问题是在 cloudformation 本身,它在服务 CREATE_IN_PROGRESS 卡了几个小时,然后它说服务 "cannot be stabilize".

如果我了解 FARGATE 模式启用的内容,我们不需要创建 AutoScalingGroup,也不需要创建 LaunchConfiguration 组件,对吗?

这是我的全部 JSON:

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "test",
  "Resources": {
    "InstanceSecurityGroupOpenWeb": {
      "Type" : "AWS::EC2::SecurityGroup",
      "Properties" : {
        "GroupName" : "test-open-web",
        "GroupDescription" : "Allow http to client host",
        "VpcId" : "vpc-89a8cfef",
        "SecurityGroupIngress" : [{
          "IpProtocol" : "tcp",
          "FromPort" : "80",
          "ToPort" : "80",
          "CidrIp" : "0.0.0.0/0"
        }],
        "SecurityGroupEgress" : [{
          "IpProtocol" : "tcp",
          "FromPort" : "80",
          "ToPort" : "80",
          "CidrIp" : "0.0.0.0/0"
        }]
      }
    },

    "InstanceSecurityGroupOpenFull": {
      "Type" : "AWS::EC2::SecurityGroup",
      "Properties" : {
        "GroupName" : "test-open-full",
        "GroupDescription" : "Allow http to client host",
        "VpcId" : "vpc-89a8cfef",
        "SecurityGroupIngress" : [{
          "IpProtocol" : "tcp",
          "FromPort" : "0",
          "ToPort" : "65535",
          "CidrIp" : "0.0.0.0/0"
        }],
        "SecurityGroupEgress" : [{
          "IpProtocol" : "tcp",
          "FromPort" : "80",
          "ToPort" : "80",
          "CidrIp" : "0.0.0.0/0"
        }]
      }
    },

    "LoadBalancer" : {
      "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer",
      "DependsOn": [
        "InstanceSecurityGroupOpenWeb",
        "InstanceSecurityGroupOpenFull"
      ],
      "Properties": {
        "Name": "testalb",
        "Scheme" : "internal",
        "Subnets" : [
          "subnet-aaaaaaaa",
          "subnet-bbbbbbbb",
          "subnet-cccccccc"
        ],
        "LoadBalancerAttributes" : [
          { "Key" : "idle_timeout.timeout_seconds", "Value" : "50" }
        ],
        "SecurityGroups": [
          { "Ref": "InstanceSecurityGroupOpenWeb" },
          { "Ref" : "InstanceSecurityGroupOpenFull" }
        ]
      }
    },

    "TargetGroup" : {
      "Type" : "AWS::ElasticLoadBalancingV2::TargetGroup",
      "DependsOn": [
        "LoadBalancer"
      ],
      "Properties" : {
        "Name": "web",
        "Port": 3000,
        "TargetType": "ip",
        "Protocol": "HTTP",
        "HealthCheckIntervalSeconds": 30,
        "HealthCheckProtocol": "HTTP",
        "HealthCheckTimeoutSeconds": 10,
        "HealthyThresholdCount": 4,
        "Matcher" : {
          "HttpCode" : "200"
        },
        "TargetGroupAttributes": [{
          "Key": "deregistration_delay.timeout_seconds",
          "Value": "20"
        }],
        "UnhealthyThresholdCount": 3,
        "VpcId": "vpc-aaaaaaaa"
      }
    },

    "LoadBalancerListener": {
      "Type": "AWS::ElasticLoadBalancingV2::Listener",
      "DependsOn": [
        "TargetGroup"
      ],
      "Properties": {
        "DefaultActions": [{
          "Type": "forward",
          "TargetGroupArn": {
            "Ref": "TargetGroup"
          }
        }],
        "LoadBalancerArn": {
          "Ref": "LoadBalancer"
        },
        "Port": 80,
        "Protocol": "HTTP"
      }
    },

    "EcsCluster": {
      "Type": "AWS::ECS::Cluster",
      "DependsOn": [
        "LoadBalancerListener"
      ],
      "Properties": {
        "ClusterName": "test"
      }
    },

    "EcsTaskRole": {
      "Type":"AWS::IAM::Role",
      "Properties":{
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Effect":"Allow",
              "Principal": {
                "Service": [
                  "ecs.amazonaws.com"
                ]
              },
              "Action": [
                "sts:AssumeRole"
              ]
            }
          ]
        },
        "Path":"/",
        "Policies": [
          {
            "PolicyName": "ecs-task",
            "PolicyDocument": {
              "Statement": [
                {
                  "Effect": "Allow",
                  "Action": [
                    "ecr:**",
                  ],
                  "Resource": "*"
                }
              ]
            }
          }
        ]
      }
    },

    "WebServerTaskDefinition": {
      "Type": "AWS::ECS::TaskDefinition",
      "DependsOn": [
        "EcsCluster",
        "EcsTaskRole"
      ],
      "Properties": {
        "ExecutionRoleArn": {
          "Ref": "EcsTaskRole"
        },
        "RequiresCompatibilities": [
          "FARGATE"
        ],
        "NetworkMode": "awsvpc",
        "Cpu": "1024",
        "Memory": "2048",
        "ContainerDefinitions": [
        {
          "Name": "test-web",
          "Image": "xxxxxxxxxxxx.dkr.ecr.us-east-1.amazonaws.com/test-web:latest",
          "Cpu": "1024",
          "Memory": "2048",
          "PortMappings": [
            {
              "ContainerPort": "80",
              "HostPort": "80"
            }
          ],
          "Essential": "true"
        }]
      }
    },

    "EcsService": {
      "Type": "AWS::ECS::Service",
      "DependsOn": [
        "WebServerTaskDefinition"
      ],
      "Properties": {
        "Cluster": {
          "Ref": "EcsCluster"
        },
        "DesiredCount": "1",
        "DeploymentConfiguration": {
          "MaximumPercent": 100,
          "MinimumHealthyPercent": 0
        },
        "LoadBalancers": [
          {
            "ContainerName": "test-web",
            "ContainerPort": "80",
            "TargetGroupArn": {
              "Ref": "TargetGroup"
            }
          }
        ],
        "NetworkConfiguration": {
          "AwsvpcConfiguration": {
            "AssignPublicIp": "DISABLED",
            "SecurityGroups": [
              { "Ref": "InstanceSecurityGroupOpenWeb" },
              { "Ref": "InstanceSecurityGroupOpenFull" }
            ],
            "Subnets": [
              "subnet-aaaaaaaa",
              "subnet-bbbbbbbb",
              "subnet-cccccccc"
            ]
          }
        },
        "TaskDefinition": {
          "Ref": "WebServerTaskDefinition"
        }
      }
    }

  }
}

要使用 FARGATE 启动类型,您需要在 EcsService 中指定 "LaunchType": "FARGATE"。有关详细信息,请参阅 the CloudFormation Documentation