应用程序负载均衡器目标组 Register/Deregister 无限循环
Application Load Balancer Target Group Register/Deregister Infinite Loop
设置
安全组
ALB(入站规则)
HTTPS:443 from 0.0.0.0/0 & ::/0HTTP:80 from 0.0.0.0/0 & ::/0
集群(入站规则)
- 来自 ALB 安全组的所有流量
集群
- 实例是 t2.micro(在启用 public IP 的默认 VPC 下子网
us-east-1<a,b,c> 中只有 运行 1 个实例)
- 客户端 →
0.375 vCPU/0.25 GB, 1 task, bridge network, 0:3000 (host:container)
- 服务器 →
0.25 vCPU/0.25 GB, 2 tasks, bridge network, 0:5000 (host:container)
阿尔伯
- 可用区:
us-east-1<a,b,c>,相同的默认 VPC
- 听众:
HTTP:80 → redirect to HTTPS://#{host}:443/#{path}?#{query}HTTPS:443 (/) → forward to client target groupHTTPS:443 (/api) → forward to server target group
目标群体
- 客户端 → HTTP:3000 默认运行状况检查
HTTP, /, Traffic Port, 5 healthy, 2 unhealthy, 5s timeout, 30s interval, 200 OK
- 服务器 → HTTP:5000 健康检查
HTTP, /api/health, Traffic Port, 5 healthy, 2 unhealthy, 5s timeout, 30s interval, 200 OK
客户端和服务器的 docker 图像都在本地正常工作,客户端服务似乎在 AWS ECS 中运行良好。但是,服务器服务在容器实例的注册和注销(耗尽)之间不断循环,看似 没有 甚至变得不健康
这是我在服务 Deployments and events 选项卡中看到的内容:
5/12/2022, 8:43:04 PM service server registered 2 targets in target-group <...>
5/12/2022, 8:42:54 PM service server has started 2 tasks: task <...> task <...>. <...>
5/12/2022, 8:42:51 PM service server deregistered 1 targets in target-group <...>
5/12/2022, 8:42:51 PM service server has begun draining connections on 1 tasks. <...>
5/12/2022, 8:42:51 PM service server deregistered 1 targets in target-group <...>
5/12/2022, 8:42:17 PM service server registered 2 targets in target-group <...>
5/12/2022, 8:42:07 PM service server has started 2 tasks: task <...> task <...>. <...>
5/12/2022, 8:42:04 PM service server deregistered 1 targets in target-group <...>
5/12/2022, 8:42:04 PM service server has begun draining connections on 1 tasks. <...>
5/12/2022, 8:42:04 PM service server deregistered 1 targets in target-group <...>
有什么想法吗?
在我的任务定义的容器规范中启用 AWS CloudWatch 日志后,我发现问题实际上出在 AWS RDS 实例上。
RDS 实例的 SG 正在接受来自旧集群 SG(不再存在)的流量,这样就清楚了为什么没有执行健康检查并且注册的实例立即耗尽。
设置
安全组
ALB(入站规则)
HTTPS:443 from 0.0.0.0/0 & ::/0HTTP:80 from 0.0.0.0/0 & ::/0
集群(入站规则)
- 来自 ALB 安全组的所有流量
集群
- 实例是 t2.micro(在启用 public IP 的默认 VPC 下子网
us-east-1<a,b,c>中只有 运行 1 个实例) - 客户端 →
0.375 vCPU/0.25 GB, 1 task, bridge network, 0:3000 (host:container) - 服务器 →
0.25 vCPU/0.25 GB, 2 tasks, bridge network, 0:5000 (host:container)
阿尔伯
- 可用区:
us-east-1<a,b,c>,相同的默认 VPC - 听众:
HTTP:80 → redirect to HTTPS://#{host}:443/#{path}?#{query}HTTPS:443 (/) → forward to client target groupHTTPS:443 (/api) → forward to server target group
目标群体
- 客户端 → HTTP:3000 默认运行状况检查
HTTP, /, Traffic Port, 5 healthy, 2 unhealthy, 5s timeout, 30s interval, 200 OK - 服务器 → HTTP:5000 健康检查
HTTP, /api/health, Traffic Port, 5 healthy, 2 unhealthy, 5s timeout, 30s interval, 200 OK
客户端和服务器的 docker 图像都在本地正常工作,客户端服务似乎在 AWS ECS 中运行良好。但是,服务器服务在容器实例的注册和注销(耗尽)之间不断循环,看似 没有 甚至变得不健康
这是我在服务 Deployments and events 选项卡中看到的内容:
5/12/2022, 8:43:04 PM service server registered 2 targets in target-group <...>
5/12/2022, 8:42:54 PM service server has started 2 tasks: task <...> task <...>. <...>
5/12/2022, 8:42:51 PM service server deregistered 1 targets in target-group <...>
5/12/2022, 8:42:51 PM service server has begun draining connections on 1 tasks. <...>
5/12/2022, 8:42:51 PM service server deregistered 1 targets in target-group <...>
5/12/2022, 8:42:17 PM service server registered 2 targets in target-group <...>
5/12/2022, 8:42:07 PM service server has started 2 tasks: task <...> task <...>. <...>
5/12/2022, 8:42:04 PM service server deregistered 1 targets in target-group <...>
5/12/2022, 8:42:04 PM service server has begun draining connections on 1 tasks. <...>
5/12/2022, 8:42:04 PM service server deregistered 1 targets in target-group <...>
有什么想法吗?
在我的任务定义的容器规范中启用 AWS CloudWatch 日志后,我发现问题实际上出在 AWS RDS 实例上。
RDS 实例的 SG 正在接受来自旧集群 SG(不再存在)的流量,这样就清楚了为什么没有执行健康检查并且注册的实例立即耗尽。