ECS - 目标类型ip与任务定义中指定的桥接网络模式不兼容
ECS - target type ip is incompatible with the bridge network mode specified in the task definition
问题
尝试使用其目标组使用 IP 作为目标类型的现有 NLB 创建 ECS 服务时,获取 目标类型 ip,与桥接网络模式不兼容 错误。
错误来自 Terraform,因为使用它来创建所有 AWS 资源。
Error: InvalidParameterException: The provided target group arn:aws:elasticloadbalancing:$REGION:$ACCOUNT:targetgroup ... has target type ip,which is incompatible with the bridge network mode specified in the task definition.
如果 Terraform(或其消息)正确,TF_DEBUG output of the Terraform Github issue #11719 似乎表明这是限制。
2020-01-22T20:04:46.819Z [DEBUG] plugin.terraform-provider-aws_v2.45.0_x4: 2020/01/22 20:04:46 [DEBUG] [aws-sdk-go] {"__type":"InvalidParameterException","message":"The provided target group arn:aws:elasticloadbalancing:us-east-1:xxx:targetgroup/llprd20200122052638603300000006/a0a2d775807f6620 has target type ip, which is incompatible with the bridge network mode specified in the task definition."}
问题
请告知这是否是 AWS 的限制。到目前为止,就我查看 AWS 文档而言,没有任何信息表明 IP 目标类型不能用于桥接网络模式。不过,想100%确定。
- ECS Service - Creating a Network Load Balancer - Configure Routing
- For Target type, choose whether to register your targets with an instance ID or an IP address.
Important
If your service's task definition uses the awsvpc network mode (which is required for the Fargate launch type), you must choose ip as the target type, not instance. This is because tasks that use the awsvpc network mode are associated with an elastic network interface, not an Amazon EC2 instance.
You cannot register instances by instance ID if they have the following instance types: C1, CC1, CC2, CG1, CG2, CR1, G1, G2, HI1, HS1, M1, M2, M3, and T1. You can register instances of these types by IP address.
地形
resource "aws_lb_target_group" "this" {
count = length(var.listeners)
name_prefix = "${substr("${var.name}", 0, 6)}"
vpc_id = "${var.vpc_id}"
target_type = "ip"
port = 8080
protocol = "tcp"
...
}
我没有指定network_mode in the aws_ecs_task_definition资源配置,所以使用默认的"bridge"。
TF_DEBUG
...
2020-03-03T18:54:10.301+1100 [DEBUG] plugin.terraform-provider-aws_v2.50.0_x4: 2020/03/03 18:54:10 [DEBUG] [aws-sdk-go] {"__type":"InvalidParameterException","message":"The provided target group arn:aws:elasticloadbalancing:us-east-2:ACCOUNT:targetgroup/****/4689fc19ff99ca57 has target type ip, which is incompatible with the bridge network mode specified in the task definition."}
2020-03-03T18:54:10.301+1100 [DEBUG] plugin.terraform-provider-aws_v2.50.0_x4: 2020/03/03 18:54:10 [DEBUG] [aws-sdk-go] DEBUG: Validate Response ecs/CreateService failed, attempt 0/25, error InvalidParameterException: The provided target group arn:aws:elasticloadbalancing:us-east-2:ACCOUNT:targetgroup/****/4689fc19ff99ca57 has target type ip, which is incompatible with the bridge network mode specified in the task definition.
...
环境
- ECS 类型是 EC2,不是 Fargate
- 在 Ubuntu“18.04.4 LTS(仿生海狸)”上使用 Terraform v0.12.20 运行
如AWS service discovery guidelines中所述,您无法使用 ip 引用具有 bridge 网络模式的 ECS 容器。实际上,您只能为此类服务指定 SRV DNS 记录。
此处的选项是将任务定义网络模式更改为 awsvpc 或将 target_type 更改为 instance。
就我个人而言,我只体验过 awsvpc 网络模式。
我不得不使用 Fargate 将一些 ECS 服务迁移到 ECS EC2 集群。 bridge 网络模式是 必须 因为当我们尝试使用 awsvpc 时,我们只能为每个 EC2 实例放置 3 个容器,因为 awsvpc 网络模式将为每个任务附加一个 ENI(弹性网络接口)。每个 EC2 实例只能有 4 个 ENI(取决于实例类型),因此集群是 over-provisioning 个实例来放置服务任务。
重要:我正在使用 bridge 网络模式和 动态端口 (通过不指定 hostPort 在 containerDefinitions 的 portMappings 部分。
aws_lb_target_group资源配置:
target_type 设置为 instancehealth_check块里面的port参数省略(会自动设置为流量端口)
示例:
resource "aws_lb_target_group" "service_bridge" {
port = 3000 # Service traffic port
protocol = "HTTP"
target_type = "instance"
vpc_id = "vpc-123"
deregistration_delay = 300
health_check {
healthy_threshold = 3
unhealthy_threshold = 3
interval = 30
matcher = "200-299"
path = "/"
protocol = "HTTP"
}
}
目标组将拥有注册了任务但将流量重定向到任务随机分配端口的 EC2 集群实例。
Target Group details(图片link)
Registered targets(图片link)
Health check settings(图片link)
问题
尝试使用其目标组使用 IP 作为目标类型的现有 NLB 创建 ECS 服务时,获取 目标类型 ip,与桥接网络模式不兼容 错误。
错误来自 Terraform,因为使用它来创建所有 AWS 资源。
Error: InvalidParameterException: The provided target group arn:aws:elasticloadbalancing:$REGION:$ACCOUNT:targetgroup ... has target type ip,which is incompatible with the bridge network mode specified in the task definition.
如果 Terraform(或其消息)正确,TF_DEBUG output of the Terraform Github issue #11719 似乎表明这是限制。
2020-01-22T20:04:46.819Z [DEBUG] plugin.terraform-provider-aws_v2.45.0_x4: 2020/01/22 20:04:46 [DEBUG] [aws-sdk-go] {"__type":"InvalidParameterException","message":"The provided target group arn:aws:elasticloadbalancing:us-east-1:xxx:targetgroup/llprd20200122052638603300000006/a0a2d775807f6620 has target type ip, which is incompatible with the bridge network mode specified in the task definition."}
问题
请告知这是否是 AWS 的限制。到目前为止,就我查看 AWS 文档而言,没有任何信息表明 IP 目标类型不能用于桥接网络模式。不过,想100%确定。
- ECS Service - Creating a Network Load Balancer - Configure Routing
- For Target type, choose whether to register your targets with an instance ID or an IP address.
Important
If your service's task definition uses the awsvpc network mode (which is required for the Fargate launch type), you must choose ip as the target type, not instance. This is because tasks that use the awsvpc network mode are associated with an elastic network interface, not an Amazon EC2 instance.
You cannot register instances by instance ID if they have the following instance types: C1, CC1, CC2, CG1, CG2, CR1, G1, G2, HI1, HS1, M1, M2, M3, and T1. You can register instances of these types by IP address.
- For Target type, choose whether to register your targets with an instance ID or an IP address.
地形
resource "aws_lb_target_group" "this" {
count = length(var.listeners)
name_prefix = "${substr("${var.name}", 0, 6)}"
vpc_id = "${var.vpc_id}"
target_type = "ip"
port = 8080
protocol = "tcp"
...
}
我没有指定network_mode in the aws_ecs_task_definition资源配置,所以使用默认的"bridge"。
TF_DEBUG
...
2020-03-03T18:54:10.301+1100 [DEBUG] plugin.terraform-provider-aws_v2.50.0_x4: 2020/03/03 18:54:10 [DEBUG] [aws-sdk-go] {"__type":"InvalidParameterException","message":"The provided target group arn:aws:elasticloadbalancing:us-east-2:ACCOUNT:targetgroup/****/4689fc19ff99ca57 has target type ip, which is incompatible with the bridge network mode specified in the task definition."}
2020-03-03T18:54:10.301+1100 [DEBUG] plugin.terraform-provider-aws_v2.50.0_x4: 2020/03/03 18:54:10 [DEBUG] [aws-sdk-go] DEBUG: Validate Response ecs/CreateService failed, attempt 0/25, error InvalidParameterException: The provided target group arn:aws:elasticloadbalancing:us-east-2:ACCOUNT:targetgroup/****/4689fc19ff99ca57 has target type ip, which is incompatible with the bridge network mode specified in the task definition.
...
环境
- ECS 类型是 EC2,不是 Fargate
- 在 Ubuntu“18.04.4 LTS(仿生海狸)”上使用 Terraform v0.12.20 运行
如AWS service discovery guidelines中所述,您无法使用 ip 引用具有 bridge 网络模式的 ECS 容器。实际上,您只能为此类服务指定 SRV DNS 记录。
此处的选项是将任务定义网络模式更改为 awsvpc 或将 target_type 更改为 instance。
就我个人而言,我只体验过 awsvpc 网络模式。
我不得不使用 Fargate 将一些 ECS 服务迁移到 ECS EC2 集群。 bridge 网络模式是 必须 因为当我们尝试使用 awsvpc 时,我们只能为每个 EC2 实例放置 3 个容器,因为 awsvpc 网络模式将为每个任务附加一个 ENI(弹性网络接口)。每个 EC2 实例只能有 4 个 ENI(取决于实例类型),因此集群是 over-provisioning 个实例来放置服务任务。
重要:我正在使用 bridge 网络模式和 动态端口 (通过不指定 hostPort 在 containerDefinitions 的 portMappings 部分。
aws_lb_target_group资源配置:
target_type设置为instancehealth_check块里面的port参数省略(会自动设置为流量端口)
示例:
resource "aws_lb_target_group" "service_bridge" {
port = 3000 # Service traffic port
protocol = "HTTP"
target_type = "instance"
vpc_id = "vpc-123"
deregistration_delay = 300
health_check {
healthy_threshold = 3
unhealthy_threshold = 3
interval = 30
matcher = "200-299"
path = "/"
protocol = "HTTP"
}
}
目标组将拥有注册了任务但将流量重定向到任务随机分配端口的 EC2 集群实例。
Target Group details(图片link)
Registered targets(图片link)
Health check settings(图片link)